MINESTRONE: Identifying and containing
software vulnerabilities

 MINESTRONE logo
 
Description →
Participants →
Publications →
Projects →
News →
 
AFRL

Description

MINESTRONE is a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities. Our techniques will protect new software, as well as already deployed (legacy) software by transparently inserting extensive security instrumentation. They will also leverage concurrent program analysis (potentially aided by runtime data gleaned from profiling software) to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement.

MINESTRONE will also use diversification techniques for confinement and fault-tolerance purposes. To minimize performance impact, our project will also leverage multi-core hardware or (when unavailable) remote servers to enable the quick identification of potential compromises.

The developed techniques will require no specific hardware or operating system features, although they will take advantage of such features where available, to improve both runtime performance and vulnerability coverage.

MINESTRONE Architecture
Full size →

Contact:
For more information on MINESTRONE contact any of the project's PIs.

Latest News
06/08/13
Our paper "Expression Reduction from Programs in a Symbolic Binary Executor" is to appear in the 19th International SPIN Symposium on Model Checking of Software.
04/27/13
Our paper "Transparent ROP Exploit Mitigation using Indirect Branch Tracing" is to appear in the 22nd USENIX Security Symposium.
11/04/12
Our paper "Verifying Systems Rules Using Rule-Directed Symbolic Execution" is to appear in the 18th International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS).
08/17/12
Our paper "Self-healing Multitier Architectures Using Cascading Rescue Points" is to appear in the 2012 Annual Computer Security Applications Conference (ACSAC).
07/10/12
Our paper "Adaptive Defenses for Commodity Software through Virtual Application Partitioning" is to appear in the 19th ACM Conference on Computer and Communications Security (CCS).
This work is supported by the United States Air Force Research Laboratory (AFRL) through Contract FA8650-10-C-7024. Opinions, findings, conclusions and recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Government, or the Air Force.
© Georgios Portokalidis, Columbia University
Clipart © 2003-2008 Princeton University, Farlex Inc.