SaTC: CORE: Small: Selective Data Protection against Data-oriented and Transient Execution Attacks

The exploitation of software vulnerabilities caused by memory errors has become more challenging due to the deployment of numerous exploit mitigation technologies. Consequently, instead of striving to gain arbitrary code execution capabilities, attackers have turned their attention to the leakage of sensitive process data through memory disclosure vulnerabilities.

To make matters worse, the threat of data leakage has been exacerbated by the recent spate of transient execution attacks, which can leak otherwise inaccessible process data through residual microarchitectural side effects. To defend against the emerging threat of data-oriented attacks, the project will investigate practical selective data protection techniques by focusing on i) enabling developers to protect sensitive data with minimal manual effort; ii) protecting sensitive data against both memory disclosure vulnerabilities and transient execution attacks; and iii) maintaining compatibility with large-scale real-world applications.

The outcomes of the project are expected to improve the state of the art in defenses against data-oriented and transient execution attacks and achieve substantial practical impact by shielding existing vulnerable applications against exploitation, benefiting both end users and security researchers. The project will also provide students the opportunity to conduct research in cybersecurity, and will foster the integration of cybersecurity into high school education through hands-on workshops for students and seminars for science teachers.

To defend against the emerging threats of memory disclosure vulnerabilities and transient execution attacks, the project will investigate selective data protection techniques based on in-memory data encryption, centered around three innovative aspects. First, elevating data protection as a core language feature will enable developers to effortlessly enable in-memory encryption of data they deem critical.

Besides C/C++, the project will also focus on JavaScript and Rust, which, although immune against memory disclosure vulnerabilities, are still prone to transient execution attacks. Second, a hybrid approach that combines static pointer analysis with scoped dynamic data flow tracking will minimize the heavyweight instrumentation required for keeping sensitive data encrypted in memory.

The key insight behind this technique is that the inherent over-approximation of pointer analysis can be ameliorated by relying on lightweight label lookups to determine if potentially sensitive data is actually sensitive. Third, the sensitivity of pointer analysis can be increased in a scalable way by i) introducing a summarization-based context-sensitive heap modeling approach tailored to the extensive use of memory wrappers in popular applications, and ii) selectively increasing sensitivity only at certain parts of the program where it is likely to be beneficial to the overall analysis precision.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.