DACET: Data Acquisition through Compositional Executable Transformations
Small Business Information
421 SW Sixth, Suite 300, Portland, OR, -
AbstractLow-overhead, real-time data acquisition of executing software is the last line of defense against malicious cyber attacks. A monitoring approach cannot depend on access to source code, as the code may be proprietary and recompilation is too time-intensive. Rather, we propose to monitor the binary executables themselves. Our solution is called DACET: Data Acquisition through Compositional Executable Transformations. DACET is a framework for composing monitoring specifications. DACET instruments binaries at load-time (or earlier) with monitors. The monitors are specified by a monitoring policy. A novel aspect of DACET is that it transforms binaries into LLVM (Low Level Virtual Machine) code, a high-level typed architecture-independent assembly language. The monitors are instrumented into the LLVM, and then machine code is re-generated. LLVM already has associated with it numerous open-source static and dynamic analysis tools and generates highly-optimized machine code. Furthermore, DACET will include a static execution time predictor to help the user determine the performance penalty of implementing the monitoring policy. DACET is a software-only tool with no hardware dependencies but can be made more efficient with hardware extensions.
* information listed above is at the time of submission.