Automatic Detection and Patching of Vulnerabilities in Embedded Systems
Department of Defense
Defense Advanced Research Projects Agency
Agency Tracking Number:
Solicitation Topic Code:
Small Business Information
531 Esty Street, Ithaca, NY, -
Socially and Economically Disadvantaged:
AbstractRecent studies have shown that embedded systems are extremely vulnerable to security attacks. Some published exploits include remote hijacking of the electronic systems in a modern car and using IP phones and smart televisions to perform covert surveillance of their owners. In this project, we propose a protection system that automatically detects and removes vulnerabilities from embedded software. The system will be based on static rewriting of the software prior to deployment. The rewriting will render the known vulnerabilities unexploitable and will add protections to prevent exploits of undiscovered vulnerabilities. The proposed system will operate directly on software binaries, even in the absence of source code or symbol information. Thus, the system will protect equally well both the newly developed software and legacy software. We will build the system to be easily retargetable to different instruction sets to accommodate a variety of platforms employed in the embedded systems domain. To make sure that added protections do not break the functionality of a program, the proposed system will include a component for verifying that the rewritten program is semantically equivalent to the original program.
* information listed above is at the time of submission.