You are here

Enhancing System Software Resiliency via Function-Level Artificial Diversity

Description:

OBJECTIVE: Develop function (component) level artificial diversity in a computing system, and evaluate its capability and performance. DESCRIPTION: To achieve information dominance, the Navy requires information assurance within its information infrastructures. Today"s networked computer systems are exposed to compromises, creating potential for system and application damage which impact performance. It is important that our computing systems successfully operate in a condition where they are constantly being probed and attacked. In this environment, a strategy for system recovery by replacing a damaged component with its uncompromised version is not a good option, since it will soon be compromised again by the persistent attack. Replacing a damaged component with a functionally similar one, but with a distinct implementation, as prescribed by artificial diversity approach, is a better choice. This STTR topic is a building block for a larger autonomic system capable of self-healing and graceful-degradation for mission assurance. The goal for this STTR topic is to develop function level artificial diversity and evaluate its capability and performance. The emphasis is on supporting automated system reasoning for controlling diversity, determining configurations and enabling problem analysis along with the required infrastructure to guarantee performance and adapting to threat environment. It is expected that the configuration control mechanism provides interface (hooks), for later improvement in the algorithm for system reasoning. The goal for the overhead associated with supporting artificial diversity and system reasoning at function level is 15 percent or less. Compromise and damage detection, as well as breach analysis are complementary, but are not within the scope of this topic. For the purpose of this solicitation, detections can be assumed, and fixes are the response. Artificial diversity at function level implies that there are (multiple) redundant or overlapped and distinct implementations for a particular module/functionality. These modules similar functionalities but of diverse expressions are readily interchangeable. Artificial diversity at function level can be used to either limit the potential contamination from a breach within a pool/cluster of computing system, and/or to enhance the response time of a self-healing system. In a self-healing system, it is desirable that the reconstituted system is no longer vulnerable to the initial breach after recovery/reconstitution. The availability of artificial diversity enhances the system"s recovery/reconstitution. The availability of redundant and distinct implementations ready for temporary (or permanent) deployment can significantly shorten recovery time, and thus may hide or buy time for a time consuming breach analysis. Function-level diversity applied to a cluster of computing system, means that each individual diversified computing system will have its own configuration of set of modules/functions, distinct to its peers. A cluster of diversified computing systems will have a diverse set of vulnerabilities, hence limits the propagation of a particular security breach, targeting a certain set of vulnerabilities. The manifestation of function diversity may include, but is not limited to, diversity in the execution environment, such as C-based implementation, java-based implementation, python-based implementation, etc., or abstract-interpretation [3] and mutation-operator [3] methods or calling arguments"sequence diversity [2]. Other methods for artificial diversity such as instruction set diversity [4][5], and labeled instruction randomization [2] require the use of emulator or hardware support, and are not of interest in this STTR topic. Genesis [2] is an example of a system that provides artificial diversity based on virtual machine. It employs two artificial diversity techniques, calling (arguments") sequence diversity (CSD) and (labeled) instruction set randomization (ISR). It has proven effective against code injection and return to libc attacks and it has survived"Red Teaming"exercises. Its use of binary rewriting and virtual machine has a total overhead of over 70 percent, and does not provide any system reasoning capability. One of the goals for this STTR is to provide system reasoning and substantially reducing the overhead, while maintaining performance. PHASE I: Develop overall system design and approach that includes specification for enabling function (component) level artificial diversity in a computing system, with support for system"s reasoning. Demonstrate the functionality and efficacy of proposed approach on a pared down open source operating system. PHASE II: Develop and demonstrate a prototype system in a realistic environment. Conduct testing to prove resiliency, practicability, and performance of the function-level artificial diversity in preserving the operation of a computing system and a computing system cluster under attack. PHASE III DUAL USE APPLICATION: This system could be used in a broad range of information security products within the military, as well as in civilian enterprise applications. The technologies developed in this STTR will be beneficial in providing additional resiliency to networked enterprise computing system against malwares and intrusions. REFERENCES: 1. H.E. Shrobe, et.al., AWDRAT: A cognitive middleware system for information survivability, AI Magazine, Vol.28, No. 3, Fall 2007. 2. D. Williams, et.al., Security through diversity, leveraging virtual machine technology, IEEE Security & Privacy, Jan./Feb. 2009, pp.26-33. 3. C.C. Michael, et.al., Two systems for Automatic Software Diversification, DARPA Information Survivability Conference & Exposition, Vol. 2, Jan. 2000. 4. G.S. Kc, A.D. Keromytis, and V. Prevelakis,"Countering Code-Injection Attacks with Instruction-Set Randomization,"10th ACM Conference on Computer and Communications Security (CCS), Oct. 27-31, Washington DC, USA, 2003 5. E.G. Berantes, et.al.,"Ramdomized instruction set emulation to disrupt binary code injection attacks", 10th ACM Conference on Computer and Communications Security (CCS), Oct. 27-31, Washington DC, USA, 2003
US Flag An Official Website of the United States Government