Dependability and Security Research Group

Welcome to the Dependability and Security Research Group

For any given software vulnerability, the lengthy time window from initial bug report to widespread patch deployment puts cybersecurity analysts at a significant disadvantage. In many cases a race ensues between miscreants intending to exploit the vulnerability and analysts who must assess, remediate, test, and deploy a patch before significant damage can be done. Experts follow a process that involves sophisticated reasoning followed by manual creation of each security signature and software patch — an artisanal approach that can require months and many dollars. This approach has resulted in an environment of ubiquitous software insecurity that favors attackers over defenders.

To help overcome these challenges, DARPA has launched the Cyber Grand Challenge: a competition that seeks to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. By acting at machine speed and scale, these technologies may someday overturn today's attacker-dominated status quo.

Our research group has teamed up with GrammaTech to participate in the DARPA Cyber Grand Challenge.

The goal of PEASOUP (Preventing Exploits Against Software Of Uncertain Provenance) is to develop and demonstrate technology that provides comprehensive, automated techniques that allow end users to safely execute software binaries of uncertain provenance.

PEASOUP uses advanced automated software analysis techniques to identify vulnerabilities or to assure their absence; it combines the analysis with methods for confining software execution so that identified weaknesses cannot be exploited; and it diversifies software components so any residual vulnerabilities will be more difficult for attackers to discover or exploit. The combination of these techniques can provide true defense-in-depth against attempts to exploit vulnerable software binaries.

The band-aid approach to protecting information systems via patching is widely considered to be inadequate. Even approaches that incorporate intrusion detection and tolerance have proven ineffective against determined and well-funded attackers who have at their disposal a growing arsenal of evasive, stealthy, adaptive, polymorphic and metamorphic attacks. A fundamental problem with current defenses is that they do not redress the asymmetry between attackers and defenders, changing the target system only slowly and reactively in response to attacks.

The Helix self-regenerative architecture, on the other hand, begins with a combination of defense mechanisms that is both highly effective and metamorphic, thereby presenting attackers with a continuously changing attack surface, i.e., a metamorphic shield, that is altered routinely and as attacks progress. An attack that manages to overcome these defenses is then faced with the Helix innate response mechanism which creates a more aggressive system metamorphosis. This metamorphosis seeks to contain the effects of the attack and to reconfigure to provide rapid recovery and continued service. Finally, the Helix adaptive response mechanism examines the basic application system design at the level of its implementation and effects repairs that will ensure that future attacks of the same or similar form will be deflected, either by removing the path to vulnerabilities or the vulnerabilities themselves.

Additional research projects can be found here

The Dependability and Security Research Group is led by Dr. Jack Davidson and Dr. John Knight.