|
Progressive Model Generation for Adaptive Resilient System Software
Navy STTR FY2013.A
| Sol No.: |
Navy STTR FY2013.A |
| Topic No.: |
N13A-T014 |
| Topic Title: |
Progressive Model Generation for Adaptive Resilient System Software |
| Proposal No.: |
N13A-014-0013 |
| Firm: |
GrammaTech, Inc
531 Esty Street
Ithaca, New York 14850 |
| Contact: |
Michael McDougall |
| Phone: |
(607) 273-7340 |
| Web Site: |
www.grammatech.com |
| Abstract: |
Software continues to be a weak link in our critical systems. A prudent operator should employ a defense-in-depth strategy whereby `safe' systems are still monitored to detect breaches and respond to them. Unfortunately, such monitoring is challenging in practice, since there is no universal pattern that characterizes misbehaving software. We will capture an application's intended behavior as it is coded in an IDE. The behavior will be stored as a model, and will be captured using a combination of automatic program analysis and manual tuning. We leverage modeling languages developed at the University of Pennsylvania for the purpose of runtime verification. These languages provide two levels of information: an abstract description of a system's high-level behavior, and a mapping from high-level behavior to the source-level variables and procedures that actually implement the system. These models will supply a runtime monitor with the information needed to both determine when behavior is abnormal and determine what low-level events need to be tracked to observe the critical behavior. |
| Benefits: |
The research project will result in a model generation tool and approach that allows developers to specify a boundary that their application should not cross. Runtime monitors can then enforce that boundary, even if the application has bugs or is compromised. This will allow an extra layer of protection against attack for security-critical systems. In particular, monitors will be able to detect attacks that do not involve unusual system call activity. We expect that the immediate beneficiaries will be the government (especially DoD), financial institutions and other users of systems that require heavy security protection. As runtime monitoring technology becomes a common feature of operating systems, the technology will spread to a wider base of consumers and institutions for whom security is important but do not have the resources to use special runtime environments. |
Return
|