Saturday, March 25, 2023
  • About us
    • Write for us
    • Disclaimer
    • Terms of use
    • Privacy Policy
  • RSS Feeds
  • Advertise with us
  • Contact us
DefenceTalk
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
DefenceTalk
No Result
View All Result

Disrupting exploitable patterns in software to make systems safer

by US Department of Defense
September 24, 2021
in Cybersecurity
2 min read
0
US needs top cyber coordinator, better hacker ‘deterrence’
14
VIEWS

While much attention is paid to detecting and remedying flaws or vulnerabilities in software, the way a system is designed can also create large opportunities for attackers. System designers primarily focus on ensuring a program is adept at executing a specific task, focusing on how a design can best support intended features and behaviors and on how they will be implemented within the design.

Attackers have also discovered that these design structures and implementation behaviors can be repurposed for their own malicious purposes. Unexpected – or emergent – behaviors that these features could exhibit are not often taken into consideration at the time of design.

As a result, attackers often find that they can generate emergent behaviors by using what’s already built into a system, providing a way to exploit flaws that are several layers down. In other words, systems are unknowingly being designed in ways that support adversarial programmability and combinations of features and unprotected abstractions. These amount to embedded exploit execution engines – creating what is colloquially known as “weird machines.”

“When it comes to exploits, the common thinking is that there is a flaw in the program and then there is a crafted input that can trigger the flaw resulting in the program doing something it shouldn’t like crashing or granting privileges to an attacker,” said Sergey Bratus, a program manager in DARPA’s Information Innovation Office (I2O).

“Today, the reality is somewhat different as those existing flaws aren’t immediately exposed, so an attacker needs help getting to them. This help is unwittingly provided by the system’s own features and design. Attackers are able to make use of these features and force them to operate in ways they were never intended to.”

This challenge becomes increasingly problematic when observing a class of systems that rely on similar features. When an attacker discovers an exploit on one system, this can give a big hint on how to find similar exploits for other systems that have been developed independently by different vendors but make use of similar mechanisms. This creates persistent exploitable patterns that can be used across a whole host of programs.

The Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program seeks to give developers a way to understand emergent behaviors and thereby create opportunity to choose abstractions and implementations that limit an attacker’s ability to reuse them for malicious purposes, thus stopping the unintentional creation of weird machines.

HARDEN will explore novel theories and approaches and develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle (SDLC).

Notably, the program aims to create mitigation approaches that go well beyond patching. At present, patches tend to only address a particular exploit and do not disrupt the underlying exploit execution engine residing at the design-level.

HARDEN will also focus on validating the generated approaches by applying broad theories and generic tools to concrete technological use cases of general-purpose integrated software systems. Potential evaluation systems include the Unified Extended Firmware Interface (UEFI) architecture and boot-time chain of trust, as well as integrated software systems from the Air Force and Navy domains, such as pilots’ tablets.

“There are many ways to theorize about addressing these challenges, but the test of the theory is how it will apply to an actual integrated system that we base trust on, or want to base trust on. We want to ensure we’re creating models that will be of actual use to critical defense systems,” noted Bratus.

Tags: crybersecuritydarpasoftware
Previous Post

China’s central bank rules all crypto transactions are illegal

Next Post

US House approves $1 billion for Israel’s Iron Dome

Related Posts

US moves closer to retaliation over hacking as cyber woes grow

White House gives federal agencies 30 days to enforce TikTok ban

March 1, 2023

The White House on Monday gave federal agencies 30 days to purge Chinese-owned video-snippet sharing app TikTok from all government-issued...

If US DoD Wants #ArtificialIntelligence In Its Future, It Must Start Now

AI voice tool ‘misused’ as deepfakes flood web forum

February 1, 2023

A British AI firm said it was rethinking its "safeguards" after its audio tool was used to clone celebrity voices...

Next Post
Raytheon, RAFAEL to establish US-based Iron Dome Weapon System production facility

US House approves $1 billion for Israel's Iron Dome

Latest Defense News

Ahead of talks, North Korea says fired ‘new’ sub-launched missile

North Korea says it tested new underwater nuclear attack ‘drone’

March 24, 2023
China Naval Modernization: Implications for US Navy

Chinese military says ‘warned’ US warship to leave S. China Sea

March 24, 2023
Urban warfare ‘nightmare’ looms if Russia enters Ukraine cities

NATO rejects Russian complaints on UK uranium ammo

March 24, 2023
Russian navy in show of strength with 26 new ships this year

Russian navy ‘repelled’ drone attack on Crimea port

March 23, 2023
Officials provide details on building the Space Force, its structure, and operating imperatives

Reagan’s ‘Star Wars’ at 40: Battle of the satellites

March 23, 2023
China will ‘never commit to abandoning the use of force’ on Taiwan: Xi

China diplomatic offensive lays down new challenge for US

March 22, 2023

Defense Forum Discussions

  • NATO
  • China - Geostrategic & Geopolitical.
  • F-18 Hornet Cobra Warrior mission
  • Taiwan alternative options
  • Brazilian Naval Strength
  • US Navy News and updates
  • Australian Army Discussions and Updates
  • The Russian-Ukrainian War Thread
  • Royal Australian Navy Discussions and Updates 2.0
  • USAF News and Discussion
DefenceTalk

© 2003-2020 DefenceTalk.com

Navigate Site

  • Defence Forum
  • Military Photos
  • RSS Feeds
  • About us
  • Advertise with us
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports

© 2003-2020 DefenceTalk.com