Non-bypassable Kernel Services for Execution SecurityΒΆ

Society is dependent on many engineered systems whose increasing complexity and inter-connectedness have, in turn, increased their vulnerability to adversarial attacks. In many of these systems, protecting the execution of their computations is as crucial as ensuring the security of their data.

This research investigates how to maintain survivable operation of such systems, even in the face of invasive attacks where computations are intentionally subverted to interfere with other computations’ execution constraints. The goal of this research is to develop new techniques for isolating the effects of interactions among computations through specific resources in these systems, including: flexible specification and rigorous enforcement of computations’ execution constraints; explicit control of all OS kernel components under a single scheduler; detailed on-line monitoring of computations and their supporting OS kernel components; automated learning to discover previously unknown interactions among computations; and formal modeling and verification of computations, execution constraints, and system components and resources.

The expected benefits of this project include: a novel approach to non-bypassable isolation of computations from the effects of adversarial attack in which isolation can be enforced flexibly according to the system-specific execution constraints that must be satisfied; a high quality open-source software implementation of kernel-level scheduling and monitoring services that provide and measure such non-bypassable isolation; new formal models, analyses, and methodologies for verifiably correct configuration and management of those services; and empirical studies of the services’ ability to protect computations from interference under a wide range of adversarial attacks.

The main page for this project is at:

NSF Support

This research is supported by the National Science Foundation, grant CNS-0716740.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Previous topic

Projects Using KUSP

Next topic

Semantic Domain Integration for Embedded and Hybrid Systems

This Page