Software Protection to Deter Malicious Forensic Data Collection and Exploitation
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
AbstractDistributing applications across networks brings both new power and new risks. Mission-critical applications are increasingly spread over national or global networks to enable information gathering and sharing on an unprecedented scale. The Global Information Grid envisions diverse end-to-end information flows to enhance military effectiveness. While this large-scale information sharing promises new efficiencies, endpoints in these networks must be armored against attacks that exploit their new autonomy. Distributed applications must cope with the possibility that some network endpoints have been compromised and are gathering forensic data for malicious ends. We propose mimicry protection as a technique to make safety-critical applications indistinguishable from low-security applications for observers using forensic tools. This technique leverages techniques for automatically creating mimicry attacks that elude intrusion detection systems. By adapting mimicry techniques in the literature, we can offer mimicry protection that allows a security-critical application to mimic uninteresting applications, eluding all but the most intrusive and expensive forensic measures.
* information listed above is at the time of submission.