text-only page produced automatically by LIFT Text Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation
Search  
Awards
design element
Search Awards
Recent Awards
Presidential and Honorary Awards
About Awards
How to Manage Your Award
Grant Policy Manual
Grant General Conditions
Cooperative Agreement Conditions
Special Conditions
Federal Demonstration Partnership
Policy Office Website


Award Abstract #0430425
CT:Securing Untrusted Software with Interposition


NSF Org: CNS
Division of Computer and Network Systems
divider line
divider line
Initial Amendment Date: September 20, 2004
divider line
Latest Amendment Date: September 15, 2005
divider line
Award Number: 0430425
divider line
Award Instrument: Continuing grant
divider line
Program Manager: Karl N. Levitt
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
divider line
Start Date: September 15, 2004
divider line
Expires: May 31, 2006 (Estimated)
divider line
Awarded Amount to Date: $1300000
divider line
Investigator(s): David Mazieres dm-mail-support2@scs.stanford.edu (Principal Investigator)
M. Frans Kaashoek (Co-Principal Investigator)
Robert Morris (Co-Principal Investigator)
Edward Kohler (Co-Principal Investigator)
divider line
Sponsor: New York University
70 WASHINGTON SQUARE S
NEW YORK, NY 10012 212/998-2121
divider line
NSF Program(s): ,
ITR-CYBERTRUST,
CYBER TRUST
divider line
Field Application(s): 0000912 Computer Science
divider line
Program Reference Code(s): HPCC,9218,7254
divider line
Program Element Code(s): V842,T221,7456,7371

ABSTRACT

Proposal: NSF-0430425

Title: Securing Untrusted Software with Interposition

PI: David Mazieres

Abstract

The principles for building secure computer systems have been known for decades. Yet violating them---by assuming elevated privilege, for example---makes application development so much easier on conventional operating systems that it's doubtful the principles will ever be broadly followed there. This research program investigates a new operating system design, Asbestos, that allows applications to be completely secured by third parties, such as system administrators, without help from application authors themselves. The fundamental Asbestos security primitive is interposition, whereby programs can easily interpose upon, monitor, and control any or all interactions between an application and the rest of the system. Unlike previous systems, this includes interactions with other applications as well as system services. Interposers correspond to security policies, or per-application firewalls. They can block or virtualize undesired accesses, so that legacy applications that demand inappropriately high privilege can run in a less-privileged setting. Design challenges include making system interactions easy for interposers to understand, and developing a convenient library of security policies built from interposition components. A successful Asbestos design has the potential to significantly improve the security of critical systems, even those running insecure applications. Source code will be released publicly under an open-source license.

 

Please report errors in award information by writing to: awardsearch@nsf.gov.

 

 
Print this page
Back to Top of page
  Web Policies and Important Links | Privacy | FOIA | Help | Contact NSF | Contact Web Master | SiteMap  
National Science Foundation
The National Science Foundation, 4201 Wilson Boulevard, Arlington, Virginia 22230, USA
Tel: (703) 292-5111, FIRS: (800) 877-8339 | TDD: (800) 281-8749
Last Updated:
April 2, 2007
Text Only


Last Updated:April 2, 2007