Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious.
In this project you will work on SGX enclaves found in latest Intel Skylake processors.
You will build an in-enclave secured shared memort infrastructure. This will allow two or more enclaves to share memory with explicit API requests that proves this is a valid sharing.
This will enable new capabilities for enclaves to run preivously unavailable applications that requires the usage of shared memory as part of their code base.
What will do and learn in the project?
Ransomware is a type of malware from cryptovirology that blocks the victim’s access to his/her data unless a ransom is paid.
While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
A key observation regarding ransomware activity is that it relies on file modifications to make their data inaccessible to the victim. Therefore, a detection and prevention system may be coupled with the underlying file system to identify potential malicious activity.
CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. 2016 IEEE 36th International Conference on Distributed Computing Systems.
In this project, the students will implement an online detection and prevention system for ransomware, which will apply different heuristics such as entropy of written blocks, truncation of blocks and threshold-based modifications to certain high-priority directories.
If an attack is detected, the system will notify the user and block the operation, therefore, the potential ransomware activity will not be completed.
The students will use FUSE (File system in Userspace) in Linux that allows fast file system prototyping in userspace with traditional and familiar development tools and IDEs.
The students will evaluate their defense system on real applications and real malware in safe sandboxes to identify the accuracy of the different heuristics as well
as the performance impact on file I/O operations while adding the different detection heuristics.
What will you do and learn in the project?
– Read scientific papers and understand the concept of ransomware and detection heuristics.
– Design, implement and test a prototype for online detection of ransomware.
– Evaluate defense accuracy on benign software and real ransomware.
– Operating Systems
– Computer Architecture
– Sufficient programming experience in C/C++.
Status: In Progress