Software Protection to Fight through an Attack
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
AbstractNew vulnerabilities and attacks on software applications and the underlying systems are discovered daily. Most security research focuses on detection of attacks--typically, by monitoring the execution of an application and detecting anomalous behavior. Little attention has been paid to how an application should respond to an attack. Generally, it is assumed that the application under attack is terminated and, possibly, restarted. While such a response eliminates the threat of being compromised, it is not appropriate for many types of systems: for safety-critical systems, systems that must remain operational for long periods of time, and systems that use persistent data (such as file systems and databases), rebooting to restore a safe state (even when an attack is detected) is often not an option. We propose a tool that will allow applications to recover from attacks and remain operational. The tool will monitor the execution of a program and, once an attack is detected, will repair the application’s run-time state corrupted by the attack to keep the application operational. As a separate once-per-application task performed offline, the tool will use a combination of advanced dynamic and static program-analysis techniques to learn the invariants necessary for repairing the application’s run-time state.
* information listed above is at the time of submission.