Wednesday, August 10, 2022
  • About us
    • Write for us
    • Disclaimer
    • Terms of use
    • Privacy Policy
  • RSS Feeds
  • Advertise with us
  • Contact us
DefenceTalk
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
DefenceTalk
No Result
View All Result

Disrupting exploitable patterns in software to make systems safer

by US Department of Defense
September 24, 2021
in Cybersecurity
2 min read
0
US needs top cyber coordinator, better hacker ‘deterrence’
14
VIEWS

While much attention is paid to detecting and remedying flaws or vulnerabilities in software, the way a system is designed can also create large opportunities for attackers. System designers primarily focus on ensuring a program is adept at executing a specific task, focusing on how a design can best support intended features and behaviors and on how they will be implemented within the design.

Attackers have also discovered that these design structures and implementation behaviors can be repurposed for their own malicious purposes. Unexpected – or emergent – behaviors that these features could exhibit are not often taken into consideration at the time of design.

As a result, attackers often find that they can generate emergent behaviors by using what’s already built into a system, providing a way to exploit flaws that are several layers down. In other words, systems are unknowingly being designed in ways that support adversarial programmability and combinations of features and unprotected abstractions. These amount to embedded exploit execution engines – creating what is colloquially known as “weird machines.”

“When it comes to exploits, the common thinking is that there is a flaw in the program and then there is a crafted input that can trigger the flaw resulting in the program doing something it shouldn’t like crashing or granting privileges to an attacker,” said Sergey Bratus, a program manager in DARPA’s Information Innovation Office (I2O).

“Today, the reality is somewhat different as those existing flaws aren’t immediately exposed, so an attacker needs help getting to them. This help is unwittingly provided by the system’s own features and design. Attackers are able to make use of these features and force them to operate in ways they were never intended to.”

This challenge becomes increasingly problematic when observing a class of systems that rely on similar features. When an attacker discovers an exploit on one system, this can give a big hint on how to find similar exploits for other systems that have been developed independently by different vendors but make use of similar mechanisms. This creates persistent exploitable patterns that can be used across a whole host of programs.

The Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program seeks to give developers a way to understand emergent behaviors and thereby create opportunity to choose abstractions and implementations that limit an attacker’s ability to reuse them for malicious purposes, thus stopping the unintentional creation of weird machines.

HARDEN will explore novel theories and approaches and develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle (SDLC).

Notably, the program aims to create mitigation approaches that go well beyond patching. At present, patches tend to only address a particular exploit and do not disrupt the underlying exploit execution engine residing at the design-level.

HARDEN will also focus on validating the generated approaches by applying broad theories and generic tools to concrete technological use cases of general-purpose integrated software systems. Potential evaluation systems include the Unified Extended Firmware Interface (UEFI) architecture and boot-time chain of trust, as well as integrated software systems from the Air Force and Navy domains, such as pilots’ tablets.

“There are many ways to theorize about addressing these challenges, but the test of the theory is how it will apply to an actual integrated system that we base trust on, or want to base trust on. We want to ensure we’re creating models that will be of actual use to critical defense systems,” noted Bratus.

Tags: crybersecuritydarpasoftware
Previous Post

China’s central bank rules all crypto transactions are illegal

Next Post

US House approves $1 billion for Israel’s Iron Dome

Related Posts

US moves closer to retaliation over hacking as cyber woes grow

Finnish parliament website targeted in cyber attack

August 10, 2022

Finland's parliament said Tuesday its website came under cyber attack, as the Nordic country applies for NATO membership following Moscow's...

US DoD Working to Improve Cybersecurity for Its Industrial Base

USCYBERCOM Releases IoCs for Malware Targeting Ukraine

July 21, 2022

FORT GEORGE E. MEADE: In close coordination with the Security Service of Ukraine, USCYBERCOM’s Cyber National Mission Force is disclosing...

Next Post
Raytheon, RAFAEL to establish US-based Iron Dome Weapon System production facility

US House approves $1 billion for Israel's Iron Dome

Latest Defense News

China will ‘take the gloves off’ over Taiwan: media

Taiwan FM says China using drills to ‘prepare for invasion’

August 10, 2022
US moves closer to retaliation over hacking as cyber woes grow

Finnish parliament website targeted in cyber attack

August 10, 2022
People displaced by the fighting in Burma's Laukai approach a rescue convoy

Mounting proof of crimes against humanity in Myanmar: UN probe

August 10, 2022
China’s Taiwan jet incursions at second-highest level in November

Taiwan to hold anti-invasion drills after China exercises

August 8, 2022
Chinese Military Conducts Joint Air-Sea Drill Near Taiwan Island

China holds fresh military drills around Taiwan

August 8, 2022
Taiwan anger over China military drills during virus outbreak

China fires missiles around Taiwan in major military drills

August 4, 2022

Defense Forum Discussions

  • Russia and the West
  • Royal Australian Navy Discussions and Updates 2.0
  • Royal New Zealand Air Force
  • The Russian-Ukrainian War Thread
  • Romania and Vlad the impaler
  • Australian Army Discussions and Updates
  • Middle East Defence & Security
  • Fantasy RAN thread (Carriers only)
  • NATO
  • NZDF General discussion thread
DefenceTalk

© 2003-2020 DefenceTalk.com

Navigate Site

  • Defence Forum
  • Military Photos
  • RSS Feeds
  • About us
  • Advertise with us
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports

© 2003-2020 DefenceTalk.com