|
Attack Sensitive Brittle Software
Navy SBIR FY2015.2
| Sol No.: |
Navy SBIR FY2015.2 |
| Topic No.: |
N152-120 |
| Topic Title: |
Attack Sensitive Brittle Software |
| Proposal No.: |
N152-120-0131 |
| Firm: |
BlueRISC Inc
28 Dana Street
Amherst, Massachusetts 1002-2209 |
| Contact: |
Kristopher Carver |
| Phone: |
(413) 359-0599 |
| Abstract: |
BlueRISC�s proposed solution takes the form of a binary-level toolkit whose goal is to create implicitly brittle software with �fast crash� properties. The approach performs static analysis at the binary-level (i.e. no source code required) as well as associated transformations aimed at breaking fundamental assumptions regarding inter-procedural data flow as well as code layout and control-flow. These techniques are coupled with the proposed fast-crash decoy codes and flow check codes which are strategically inserted at places in the binary upon launch to enable timely control-flow change to a handler upon software crash, minimizing the �time-to-crash�. This concept of transforming a binary, both statically as well as dynamically, to implicitly break the assumptions required by an attacker for exploitation and enable a timely, implicit detection is the backbone of the proposed brittle software creation solution. |
| Benefits: |
The proposed Brittle Software toolkit is expected to further the software assurance field in such a way as to provide a state-of-the-art approach to transforming an application, both statically and dynamically, to possess brittle properties with explicit fast-crash support. The project is an ideal fit for BlueRISC and will provide a strong opportunity to not only target security sensitive government systems but to also transition the technology to the commercial sector given the broad applicability of the technology. |
Return
|