Enforcing Access Control in Control Flow of Sensor Applications
MetadataShow full metadata
In this project, the PI studied several exploitation techniques by which an attacker can make self-propagating mal-packets to compromise sensors in a network. To counteract such attacks, the PI developed three defense schemes. Two schemes are based on existing defense techniques: S2Guard based on StackGuard, and S2Shuffle based on code space randomization. The third defense scheme is a novel self-healing scheme that enforces access control in the control flow of sensor applications and recovers the sensor application from compromised tasks when a control flow attack is captured. The scheme embeds randomized marks and access control code at particular locations to detect malicious control flow manipulation, then quickly removes a compromised task from the application and restore the sensor to a normal state. The three defense schemes have been implemented and tested in MICA2 sensors to verify their security and analyze their overhead. The major achievement of the project includes (a) two conference papers accepted in ACM Conference on Wireless Network Security, 2008 and 2009, which is a highly competitive conference with an acceptance rate around 15%; (b) one journal paper submitted to Ad Hoc Networks Journal, Elsevier; (c) one submitted NSF CAREER proposal; (d) one invited research talk at University of Houston. The project also advanced the PI's research with undergraduates. Three undergraduates were involved in this project. Two students co-authored the papers. One student gave a poster talk on the Security Awareness Day at Texas State University-San Marcos. In conclusion, the PI successfully completed the project. All the proposed tasks have been finished and all the proposed objectives have been achieved.