Trustworthy Systems from UN-trusted component AMalgamations
The TSUNAMi center focuses on software and system security. The center examines how trustworthy software can be built from commercial off-the-shelf (COTS) software components via ingenious combinations of analysis, testing, verification, hardening, isolation and system design. The proposed technologies can used in myriad ways - for building trustworthy software systems, for post-mortem analysis of malicious software, or for security assessment of specific software components. The center received a funding of $6.1M from National Research Foundation in October 2014 for a period of five years.
Our goal is to help develop trustworthy Intel x86 platforms with strong security guarantees. We feel that existing piecemeal techniques --- virtualization, isolation, formal methods and cryptography --- are limited and suffer from several challenges, such as scalability and undue assumptions. Instead, we take a pragmatic approach to constructing trustworthy systems from un-trusted COTS components. We propose novel solutions for large-scale vulnerability discovery / detection in un-trusted COTS components, hardening of COTS software to enforce control and data-flow properties, verifiable inter-component communication, and sensitive data protection. Our solutions can be used for analysis of un-trusted software, as well for trustworthy system construction.
We envision translation in collaboration with our industry partners ST, Symantec and NEC. We also plan to collaborate extensively with government agencies like DSTA to help address their operational needs, via the point technologies developed in the project. In particular, our proposed technologies can help the agencies to procure software after assessing the risks, and can help enforce desired properties on procured software.