FALCON: Modeling, Detecting, and Defending against Concurrency Attacks
Dr Cui, Heming (Principal investigator)
Software security, Concurrency bugs, Program slicing, State machine replication, Multithreading
RGC Early Career Scheme (ECS)
HKU Project Code
Early Career Scheme (ECS)
1 To develop a general, rigorous concurrency attack model]. We will conduct an extensive study on real-world multithreaded programs, summarize general elements on how concurrency bugs propagate to attacks, and leverage our expertise on precise program analysis methods to develop the first concurrency attack model; 2 To construct a systematic concurrency attack detection approach]. With the concurrency attack model, we will construct an approach to detect as many as concurrency attacks for the software testing phase. This approach will leverage recent automated program analysis techniques to identify concurrency bugs in program source code and vulnerable instructions these bugs may propagate to; 3 To build a runtime defense infrastructure]. To defend against concurrency attacks that may be missed by detection tools, we will build a defense infrastructure for the software deployment phase. This infrastructure will leverage recent advanced replication techniques to tolerate concurrency attacks and checkpoint techniques to recover program execution state (e.g., memory and files) from attacks.