FALCON: Modeling, Detecting, and Defending against Concurrency Attacks


Grant Data
Project Title
FALCON: Modeling, Detecting, and Defending against Concurrency Attacks
Principal Investigator
Dr Cui, Heming   (Principal investigator)
Duration
36
Start Date
2016-09-01
Completion Date
2019-08-31
Amount
618470
Conference Title
Presentation Title
Keywords
Software security, Concurrency bugs, Program slicing, State machine replication, Multithreading
Discipline
Software
Panel
Engineering (E)
Sponsor
RGC Early Career Scheme (ECS)
HKU Project Code
27200916
Grant Type
Early Career Scheme (ECS)
Funding Year
2016/2017
Status
On-going
Objectives
1 To develop a general, rigorous concurrency attack model]. We will conduct an extensive study on real-world multithreaded programs, summarize general elements on how concurrency bugs propagate to attacks, and leverage our expertise on precise program analysis methods to develop the first concurrency attack model; 2 To construct a systematic concurrency attack detection approach]. With the concurrency attack model, we will construct an approach to detect as many as concurrency attacks for the software testing phase. This approach will leverage recent automated program analysis techniques to identify concurrency bugs in program source code and vulnerable instructions these bugs may propagate to; 3 To build a runtime defense infrastructure]. To defend against concurrency attacks that may be missed by detection tools, we will build a defense infrastructure for the software deployment phase. This infrastructure will leverage recent advanced replication techniques to tolerate concurrency attacks and checkpoint techniques to recover program execution state (e.g., memory and files) from attacks.