Software Hardening

Recent studies have shown that embedded systems are extremely vulnerable to security attacks. Some published exploits include remote hijacking of the electronic systems in a modern car and using IP phones and smart televisions to perform covert surveillance of their owners.

In this project, we are developing a protection system that automatically detects and removes vulnerabilities from embedded software. The system will be based on static rewriting of the software prior to deployment. The rewriting will render the known vulnerabilities unexploitable and will add protections to prevent exploits of undiscovered vulnerabilities.

The system will operate directly on software binaries, even in the absence of source code or symbol information. Thus, the system will protect equally well both the newly developed software and legacy software. We will build the system to be easily retargetable to different instruction sets to accommodate a variety of platforms employed in the embedded systems domain. To make sure that added protections do not break the functionality of a program, the system will include a component for verifying that the rewritten program is semantically equivalent to the original program.

Sponsored by:

The U.S. Defense Advanced Research Projects Agency (DARPA)

The CFAR (Cyber Fault-Tolerant Attack Recovery) project combines advanced binary analysis and transformation technology with new approaches to binary diversification. Software diversification creates small variations in a programs implementation to thwart potential attacks yet maintain its original functionality. The resulting technology seeks to allow a system to understand when one of the program variants has been compromised.

Subcontractors New York University and the University of Iowa will assist GrammaTech in developing algorithms that will ensure that the automatically-created variants function in the same way.

Sponsored by:

The U.S. Defense Advanced Research Projects Agency (DARPA)

In the Cyber Grand Challenge, over 30 teams from around the world are competing to develop a security system capable of automatically defending against cyber-attacks as fast as they are launched. GrammaTech is part of a smaller group of 7 teams selected to receive funding from DARPA to develop automated network defense technology for the challenge.

The Cyber Grand Challenge is aimed at solving a major cyber-security issue that we are starting to face with alarming frequency – the reliance on expert programmers to uncover and repair weaknesses in an attacked system. Repairing weaknesses only after the system has been attacked, and after hackers have fully taken advantage of these weaknesses to steal data or otherwise impact processes, is dangerous for any system.

GrammaTech is working to solve this problem, while collaborating with the University of Virginia. Our system will provide automatic and adaptive protection of a network service (implemented as an x86 binary) and automatically evaluate network defenses by generating proofs of vulnerability. The system includes breakthrough technology for automated analysis, repair, and protection of binaries and an autonomous cyber reasoning component that dynamically adapts, adjusting resource allocation in response to evolving circumstances.

The system will leverage many innovative technologies previously developed by GrammaTech Research, including: CodeSonar’s binary analysis technology, PEASOUP, and Neptune.

Sponsored by:

The U.S. Defense Advanced Research Projects Agency (DARPA)

Cyber physical systems are ubiquitous in the modern world – they control transportation, energy, military, medical, and manufacturing infrastructures. Cyber resiliency remains a problem in these systems that rely on both functional and real-time specifications to meet physical, and often safety-critical, goals. In this project, we are developing a system that integrates existing software strengthening tools (e.g., automated program repair and software hardening) with practical static real-time specification checking to enhance the functional robustness of the target systems while ensuring continued schedulability and real-time specification adherence.

The underlying techniques will benefit in two main ways. First, the scalability and extensibility of static runtime calculation and consequently will improve upon state-of-the-art software strengthening techniques (in terms of program validation and performance), thus expanding their applicability to operate on the targeted cyber physical systems. Second, the resulting framework will help to guard against both known and unknown vulnerabilities in these critical systems while accounting for schedulability, thus enhancing their cyber resiliency in practice.

As the size and complexity of systems increase, so does the software maintenance burden; the proposed framework will reduce the human burden associated with finding and patching vulnerabilities in systems with real-time and physical goals. We expect that the immediate beneficiaries will be numerous, including, for instance, government agencies, automotive and aerospace manufacturers, and tele-communications and energy providers.

Sponsored by:

The U.S. Navy

Modern software is typically produced using home-grown or third-party libraries and pre-existing components. Consequently, a finished executable often contains unneeded code, duplicate defensive checks, and extra layers of procedure calls. Such bloat contributes to excess memory footprint, slower performance, and security vulnerabilities (by hosting more return-oriented-programming gadgets an attacker can hijack).

The Layer Collapsing project is devising and prototyping techniques to substantially improve the performance, size, and robustness of binary executables. We are using static and dynamic binary program analysis techniques to perform whole-program optimization directly on compiled programs: specializing library subroutines, removing redundant argument checking and interface layers, eliminating dead code, and improving computational efficiency. A tool that successfully implements this goal will dramatically improve the way software is developed and deployed, providing new optimizations available late in the development process or even by the end user.

Sponsored by:

The U.S. Office of Naval Research (ONR)

Trusted Platform Module (TPM) devices provide the core root of trust for modern computer systems. These devices are used for secure, trusted, and measured boot approaches as well as to secure data for user applications such as Microsoft's Bitlocker technology. However, more and more systems are now virtualized in the cloud. Currently, hypervisor technologies either do not provide guests with the needed TPM functionality, or provide a limited and insecure virtual TPM approach. GrammaTech proposes the development of a secured virtual TPM server technology, which can be leveraged by all hypervisor systems to provide guests with virtual TPM instances. The approach will leverage hardware-enforced isolation mechanisms and the physical TPM of the system to ensure guests have exclusive access to an assigned virtual TPM. In addition, by creating an interface for QEMU, many common hypervisors will be immediately able to leverage the technology. During this development, GrammaTech will be seeking to combine this technology with both existing hypervisors and GrammaTech's own secure hypervisor technology. Our approach has the advantage of the flexibility to be applied anywhere, while providing a new level of security to the virtual TPM.

GrammaTech will provide a virtual TPM server technology be added to most virtualization systems. The benefits of our approach are adaptability and security. The developed technology will be applied to both existing hypervisor solutions and GrammaTech's secure hypervisor solution, to provide additional security capabilities to guests of cloud systems. This will enable new security measures to be taken to protect guest systems, including secure boot and measured root of trust for users of cloud technology.

Sponsored by

The U.S. Air Force