A use-after-free error is a software flaw that potentially allows an attacker to remotely inject malicious software or corrupt memory values. Such attacks can result in the theft of private data, propagation of worms and viruses, or the creation of botnet nodes that can be programmed to spew spam or disrupt Internet traffic. Recently, use-after-free vulnerabilities have been found in crucial software such as Microsoft's Internet Explorer, Adobe Acrobat Reader, and Firefox among others. The goal of the Watchdog project is to devise hardware and software mechanisms to prevent all such vulnerabilities.

To prevent use-after-free vulnerabilities, the researchers will develop hardware for enforcing safe manual memory management, without compromising system performance. They will study a formal model of their designs to establish the correctness of the techniques. The hardware designs will be prototyped using detailed micro-architectural simulations. The researchers will evaluate correctness and performance by using a suite of benchmark tests and off-the-shelf software. The tools and prototypes will be openly distributed for others to build upon, and the research findings will be integrated into the security and hardware courses taught by the researchers. If successful, the technology developed by this research will have significant societal impacts, improving the security of our computing ecosystem by eliminating an important class of vulnerabilities that is actively being exploited to compromise systems and spread malware.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1116682
Program Officer
Sol J. Greenspan
Project Start
Project End
Budget Start
2011-08-01
Budget End
2014-07-31
Support Year
Fiscal Year
2011
Total Cost
$499,961
Indirect Cost
Name
University of Pennsylvania
Department
Type
DUNS #
City
Philadelphia
State
PA
Country
United States
Zip Code
19104