Undergraduate Projects Proposed

OS Services for Trusted Execution Environments

Secured Shared Memory for Enclaves

Intel’s Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious.

References: Intel Software Guard Extensions, Trusted Platform Module

In this project you will work on SGX enclaves found in latest Intel Skylake processors.
You will build an in-enclave secured shared memort infrastructure. This will allow two or more enclaves to share memory with explicit API requests that proves this is a valid sharing.

This will enable new capabilities for enclaves to run preivously unavailable applications that requires the usage of shared memory as part of their code base.

What will do and learn in the project?

  • Work with cutting edge trusted execution technology
  • Learn what are trusted execution environments and prototype on real hardware
  • Read scientific papers on SGX and integrate your prototype into existing framework
  • Learn about enclave development, deal with security and trust issues and solve them with state of the art cryptogrphy frameworks
  • Design and implement secure memory sharing infrastructure for enclaves
  • Find performance bottlenecks and improve system performance.
Supervisor(s):
LabAdmin:
LabAdmin
Hosting Lab:
NSSL
Image for Secured Shared Memory for Enclaves

Ransomware detection system

Background information:

Ransomware is a type of malware from cryptovirology that blocks the victim’s access to his/her data unless a ransom is paid.
While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

A key observation regarding ransomware activity is that it relies on file modifications to make their data inaccessible to the victim. Therefore, a detection and prevention system may be coupled with the underlying file system to identify potential malicious activity.

References:
https://en.wikipedia.org/wiki/Ransomware
https://thezoo.morirt.com/
https://github.com/libfuse/libfuse
CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. 2016 IEEE 36th International Conference on Distributed Computing Systems.

Project description:
In this project, the students will implement an online detection and prevention system for ransomware, which will apply different heuristics such as entropy of written blocks, truncation of blocks and threshold-based modifications to certain high-priority directories.
If an attack is detected, the system will notify the user and block the operation, therefore, the potential ransomware activity will not be completed.

The students will use FUSE (File system in Userspace) in Linux that allows fast file system prototyping in userspace with traditional and familiar development tools and IDEs.
The students will evaluate their defense system on real applications and real malware in safe sandboxes to identify the accuracy of the different heuristics as well
as the performance impact on file I/O operations while adding the different detection heuristics.

What will you do and learn in the project?
– Read scientific papers and understand the concept of ransomware and detection heuristics.
– Design, implement and test a prototype for online detection of ransomware.
– Evaluate defense accuracy on benign software and real ransomware.

Required Knowledge
– Operating Systems
– Computer Architecture
– Sufficient programming experience in C/C++.

Status: In Progress

Supervisor(s):
Meni Orenbach
LabAdmin:
LabAdmin
Hosting Lab:
NSSL
Image for Ransomware detection system