Using Untrusted Software Without Fear: Adve Pursuing New Security Solutions
Imagine being able to download and run software of unknown origin without having to worry about vulnerabilities in it that could be exploited by hostile entities. With the support of a new 4-year, $4.1 million research award from the U.S. IARPA agency, University of Illinois computer science professor Vikram Adve and his team are going to bring us a few important steps closer to that goal. His new project at the Information Trust Institute (ITI), entitled "Secure Virtual Architecture: A Foundation for Integrating Analysis, Confinement, and Diversification," will develop techniques for the effective, automatic mitigation of software vulnerabilities in C/C++ and Java programs.
Existing tools for finding security vulnerabilities in programs typically address only a small fraction of possible vulnerabilities. Moreover, they typically use one strategy (such as offline or “static” analysis, run-time checking, or execution diversification) with no second line of defense if the primary strategy fails. The new project has a much more ambitious goal: to prevent exploits for a wide range of vulnerabilities, and combine all three kinds of strategies in novel ways that work cooperatively to maximize effectiveness. The work will culminate in the production of two new security tools: one for use with programs written in C/C++, and another for Java. The two tools will share many key components. "These tools must be able to operate fully automatically, without programmer intervention," explained Adve, whose primary academic appointment is in the Department of Computer Science. "Moreover, they will have to detect and prevent exploits with very low impact on the performance of the code."
Adve is the Principal Investigator of the new project, which includes leading researchers in the field of programming language techniques for software security from Harvard and Cornell. These researchers bring in complementary expertise in several broad areas of software security, including memory safety, information flow, and code certification.
The work will build on Secure Virtual Architecture (SVA), a system previously developed by Adve and his research group. SVA is a compiler-based virtual machine for commodity operating systems that enhances system security and reliability. It defines a virtual, low-level, typed instruction set suitable for executing all code on a system, including kernel and application code, in order to enforce fine-grained memory safety, control-flow integrity, type safety for a subset of objects, and sound analysis. In Adve's words, "SVA has some unique capabilities, including the ability to do both powerful static analysis and sophisticated run-time code transformations for many different programming languages. These will enable novel approaches to the integration of analysis, confinement, and diversification."
The Intelligence Advanced Research Projects Activity, or IARPA, is in the Office of the U.S. Director of National Intelligence. Its stated mission is to "invest in high-risk/high-payoff research that has the potential to provide our nation with an overwhelming intelligence advantage over future adversaries." IARPA's STONESOUP ("Securely Taking on New Executable Software of Uncertain Provenance") Program, which funded Adve's award, supports development and demonstration of "technology that provides comprehensive, automated techniques that allow end users to safely execute new software of uncertain provenance."