cybersecurity

We propose a tool to capture applications requirements with respect to the enforcement of network security policies in an object-oriented design language.  Once a design captures clear, concise, easily understood network requirements new technologies become possible, including network transactions and user-driven policies to remove rarely used network permissions until needed, creating a least privilege in time policy.  Existing security enforcement policies represent a model of all allowable behavior.

Today’s computer systems are under relentless at- tack from cyber attackers armed with sophisticated vulnerabil- ity search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER , an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vulnerabilities. FUZZBUSTER uses a suite of fuzz testing and vulnerability assessment tools to find or verify the existence of vulnerabilities.

This paper describes a novel combination of Java program analysis and automated learning and planning architecture to the domain of Java vulnerability analysis. The key feature of our “HACKAR: Helpful Advice for Code Knowledge and Attack Resilience” system is its ability to analyze Java programs at development-time, identifying vulnerabilities and ways to avoid them. HACKAR uses an improved version of NASA’s Java PathFinder (JPF) to execute Java programs and identify vulnerabilities.

BINSURGEON is a binary rewriting system that enhances stripped binary executables with repairs, defenses, and additional functionality. This involves making space-consuming changes to the program’s control flow graph (CFG), recomputing instruction content, and relocating instructions, all while preserving functionality in the remainder of the program’s control flow. BINSURGEON uses extendable rewrite templates that enable other systems to specify and parameterize program modifications, which allows BINSURGEON to be a fully-automatic component of a larger system.

FUZZBUSTER is a host-based adaptive security system that automatically discovers, refines, and repairs vulnerabilities in hosted applications in order to prevent cyberattacks. FUZZBUSTER must decide when to adapt its applications, when to revoke its previous adaptations, and when to sacrifice functionality to improve security. This requires an adaptation quality metric that captures (1) an application’s susceptibility to cyberattacks and (2) an application’s functionality, since adapting an application affects both of these factors.

Modern cyber attackers use sophisticated, highly-automated vulnerability search and exploit development tools to find new ways to break into target computers. To protect against such threats, we are developing FUZZBUSTER, a host-based adaptive security system that automatically discovers faults in hosted applications and incrementally refines and repairs the underlying vulnerabilities. To perform this self-adaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom and off-the-shelf fuzz-testing tools.

We are developing the FUZZBUSTER system to automatically identify software vulnerabilities and create adaptations that shield or repair those vulnerabilities before attackers can exploit them. Adaptive cybersecurity involves efficiently improv- ing software security to minimize the window of attack, and also preserving software functionality as much as possible. This paper presents new tools that have been integrated into FUZZBUSTER adaptive cybersecurity.

We are developing the FUZZBUSTER system to automatically identify software vulnerabilities and create adaptations that shield or repair those vulnerabilities before attackers can exploit them. FUZZBUSTER’s goal is to minimize the time that vulnerabilities exist, while also preserving software functionality as much as possible. This paper presents new adaptive cybersecurity tools that we have integrated into FUZZBUSTER, as well as new metrics that FUZZBUSTER uses to assess their performance.

Return Oriented Programming (ROP) attacks, in which a cyber attacker crafts an exploit from instruction sequences already contained in a running binary, have become popular and practical. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP attacks.

Keywords: cyber defense, adaptive security, security metrics, filter generation.