CICI: UCSS: Helix++: Securing Open Science Platforms

The Helix++ project’s goal is to use recently developed, promising cybersecurity research results to secure open-science platforms. Securing these open-science platforms is vital because compromise of research infrastructure can have severe consequences, including the delay of critical research, corruption of research results, theft of intellectual property, and exposure of personally identifiable information.

Beyond providing researchers customized, secure packages of widely used open software, the Helix++ project will provide insights and directions for future research and strategies for protecting critical cyber infrastructure. Using two existing operational open-science platforms at the University of Virginia, the project will investigate the interaction of technical and policy issues which are fundamental to infrastructure protection.

The open-source Helix++ project improves the security posture of open science platforms by applying cutting-edge cybersecurity techniques to diversify and harden software automatically. A distinguishing feature of Helix++ is that it does not require source code or build artifacts. It operates directly on software in binary form—even stripped executables and libraries.

This feature is key as rebuilding applications from source is a time-consuming and often frustrating process. Helix++ enables the rapid generation and deployment of secure containers and virtual machines, wherein various applications and libraries are transformed to incorporate the Helix++ protections. Diversification breaks the software monoculture and makes attacks harder to execute as information needed for a successful attack will have changed unpredictably.

Diversification also forces attackers to customize an attack for each target instead of attackers crafting an exploit that works reliably on all similarly configured targets. Hardening directly targets key attack classes. The combination of diversity and hardening provides defense-in-depth, as well as a moving target defense. Helix++ is evaluated on two open science platforms to demonstrate its efficacy and usability.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.