vArmor: Identifying and Guarding Security-Critical Data in COTS Applications

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: 140D6318C0080
Agency Tracking Number: D173-003-0041
Amount: $149,496.80
Phase: Phase I
Program: SBIR
Solicitation Topic Code: SB173-003
Solicitation Number: 2017.3
Solicitation Year: 2017
Award Year: 2018
Award Start Date (Proposal Award Date): 2018-03-29
Award End Date (Contract End Date): 2019-03-25
Small Business Information
104 S. Estes Dr., Chapel Hill, NC, 27514
DUNS: 080078085
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Kevin Valakuzhy
 (704) 936-6721
Business Contact
 Kevin Snow
Phone: (919) 458-8002
Research Institution
Over a decade ago, security practitioners highlighted threats posed by memory corruption exploits subverting systems through manipulation of security-critical non-control-datawithout ever corrupting application control-flow. Since that demonstration, however, the full power of data-oriented attacks went largely unnoticed until very recently. One reason for this recent emergence is that exploitation of critical software (e.g., browsers, document-viewers, webservers) is getting harder due to widespread deployment of mitigations such as Data-Execution Prevention (DEP), Address-Space Layout Randomization (ASLR) and Control-Flow Integrity (CFI). Exploitation in face of DEP forces adversaries to rely on finding clever ways to chain together small instruction snippets (gadgets) to implement malicious logic, while bypassing ASLR requires disclosure of memory to identify those gadgets. With the deployment of CFI (e.g., CFGuard) in modern systems, however, sequencing gadgets is increasingly difficult. Not surprisingly, attacks simply evolved to instead make better use of memory disclosures (and modifications) by leaking security-sensitive data (e.g. HeartBleed) or modifying security-critical data (e.g., disabling DEP or browser same-origin policies). This trend will only get worse if strong protections are not put in place for guarding data in commodity closed-source software. We propose using recent advances in binary analysis to adapt source-based sandboxing to closed-source applications.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government