Computational tools for analyzing and detecting software supply chain attacks
Renseignements sur le financement
Natural Sciences and Engineering Research Council of Canada
- Type de subvention: Subventions de recherche et développement coopérative
- Années: 2015/16 à 2017/18
- Financement total: $175,643
Université de Toronto
Aucun chercheur n’a été trouvé.
Software supply chain attacks -- attacks where malware is covertly inserted into reputable and otherwise benign software somewhere in the chain between development and final use by the customer have become a growing concern. With the potential to affect enterprises, public organizations and individual users, supply chain attacks are a threat to users of every kind. Traditional defenses, such as anti-virus scanners are largely ineffective as the malware deposited by these attacks are often custom crafted and can be stealthily embedded in code that is normally highly trusted by the end user. In this collaborative project, we will address this threat by investigating and designing new code analysis techniques that can detect and identify software supply chain attacks. Traditional malware detection techniques needed to be cheap enough to run on each machine, limiting them to fairly cheap syntactic, signature-based detection mechanisms that did little to try to understand the behavior of the code it was scanning. However, the large amounts of easily available parallel computing power found in cloud computing services, combined with the broad availability of fast network connectivity, motivates an approach where code analysis techniques can be applied centrally and then the results are disseminated to all end hosts. This opens the door to very computationally intensive, but powerful static and dynamic analysis techniques which, instead of merely seeking to detect if the code matches some a previously known signature, seeks instead to understand and analyze the potential behavior of an untrusted piece of software to see if it harbors any malicious intent.