Project Details
Description
In recent years, code-injection attacks have become one of the most
common forms of attack on modern computer systems. At a high level,
code-injection attacks on network services (e.g. file sharing and
webservers) and client-based programs (e.g., browsers and document
viewers) enable redirection of the flow of execution in the vulnerable
program to arbitrary code, called shellcode, which is provided as part
of the attack. The injected code often enables unauthorized control of
system resources, applications, and data. The key to detecting these
attacks lies in accurately discovering the presence of the shellcode
being injected into the vulnerable program.
The intent of this research is to design, implement, and deploy a new
framework, called ShellOS, that continuously analyzes network streams
or program buffers to detect the presence of executable code that may
be harmful. The proposed approach addresses the shortcomings of
current dynamic analysis techniques that use software-based CPU
emulation for detecting shellcode. Unlike previous approaches, this approach takes
advantage of hardware virtualization to allow for more efficient and
accurate inspection of buffers by directly executing instruction
sequences on the CPU. In doing so, this project enables more scalable
techniques for protecting cyberinfrastructure against code injection
attacks. Where possible, the project also plans to release anonymized forms of
detected attacks. The availability of such data can play a significant
role in fostering collaboration and ensuring U.S. technical leadership
in network security research. The tools created as part of this
project will be made available to the broader research community under
an open source license.
| Status | Finished |
|---|---|
| Effective start/end date | 1/8/11 → 31/1/17 |
| Links | https://www.nsf.gov/awardsearch/showAward?AWD_ID=1127361 |
Funding
- National Science Foundation: US$1,148,611.00
ASJC Scopus Subject Areas
- Computer Science(all)