Security vulnerabilities in a program can lead to severe damage. The best solution to these problems is to change programming practices. However, this may not be practical due to the expense involved. This can be addressed by program-based security mechanisms which either fix the damage caused by an attack or detect the attack and kill the program. These mechanisms adjust some part of the system environment (such libraries, or the OS) or adjust the compiler to add code to the final executable.
While many such mechanisms exist, testing of these mechanisms is often poor because vulnerabilities involve the uncommon case. As such, security mechanisms are usually tested by applying the mechanism to a program with a known exploit. Thus, the mechanism is tested in a specific instance rather than in a general fashion.
Our research focuses upon building a framework to allow for the automated and general testing of program-based security mechanisms. The framework is built upon dynamic compilers. The testing procedure within the framework is to apply the mechanism to any program and then run the program as would normally be done. During execution, the framework dynamically inserts attacks to demonstrate the effectiveness of the mechanism. Furthermore, the framework may allow for the quick prototyping of new solutions.
Faculty: Dr. Lori Pollock
Former Ph.D. Student: Ben Breech
Former Undergraduate: Mike Tegtmeyer