MINESTRONE: Identifying and containing
software vulnerabilities

Description →
Participants →
Publications →
Projects →
News →


MINESTRONE is a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities. Our techniques will protect new software, as well as already deployed (legacy) software by transparently inserting extensive security instrumentation. They will also leverage concurrent program analysis (potentially aided by runtime data gleaned from profiling software) to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement.

MINESTRONE will also use diversification techniques for confinement and fault-tolerance purposes. To minimize performance impact, our project will also leverage multi-core hardware or (when unavailable) remote servers to enable the quick identification of potential compromises.

The developed techniques will require no specific hardware or operating system features, although they will take advantage of such features where available, to improve both runtime performance and vulnerability coverage.

MINESTRONE Architecture
Full size →

Final Project Report:

For more information on MINESTRONE contact any of the project's PIs. For access to software prototypes please contact Prof. Salvatore J. Stolfo.

Latest News

Our paper "ShadowReplica: Efficient Parallelization of Dynamic Data Flow Tracking" is to appear in the 20th ACM Conference on Computer and Communications Security (CCS).
Our paper "Parrot: a Practical Runtime for Deterministic, Stable, and Reliable Threads" is to appear in the 24th ACM Symposium on Operating Systems Principles (SOSP).
Our paper "An Accurate Stack Memory Abstraction and Symbolic Analysis Framework for Executables" is to appear in the 29th IEEE International Conference on Software Maintenance (ICSM).
Our paper "Transparent ROP Exploit Mitigation using Indirect Branch Tracing" is to appear in the 22nd USENIX Security Symposium.
Our paper "MINESTRONE: Testing the SOUP" is to appear in the 6th Workshop on Cyber Security Experimentation and Test (CSET).
This work is supported by the United States Air Force Research Laboratory (AFRL) through Contract FA8650-10-C-7024. Opinions, findings, conclusions and recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Government, or the Air Force.