• » AFRL-RomeAir Force Research Laboratory (Rome)
• » AFRL-SPIAir Force Research Laboratory (Wright Paterson)
  Anti-Tamper/Software Protection Initiative (AT-SPI)
• » AFRL-WPAir Force Research Laboratory (Wright Paterson)
• » DARPADefense Advanced Research Projects Agency (DARPA)
• » HSARPADepartment of Homeland Security (DHS)
  Homeland Security Advanced Research Projects Agency (HSARPA)
• » MDAMissile Defense Agency (MDA)
• » NASANational Aeronautics and Space Administration (NASA)
• » NISTNational Institute of Standards and Technology (NIST)
• » NSFNational Science Foundation (NSF)
• » ARMYUnited States Army
• » NAVYUnited States Navy (USN)
• » ONRUnited States Navy (USN)
  Office of Naval Research (ONR)

Run-Time Process Monitoring

Malicious logic may be intentionally inserted into software as is the case with insider attack, or innocent mistakes may open vulnerabilities to worms and the like. We propose a double edged approach to inserting monitoring logic for machine code on all operating systems in order to ensure that: (1) Interactions with the operating system are consistent with the original code, and (2) the interactions with the operating system obey arbitrary security policies that may be specified at will by the user. Approach (1) restricts the program to its intended behavior; this prevents attacks from worms and viruses and offers protection against unanticipated attacks that cause the program to behave in an abhorrent fashion. Approach (2) prevents insider attack by explicitly disallowing malicious behavior that the attacker has managed to insert into the "intended" program behavior.