A lightweight software control system for cyber awareness and security

Designing and building software that is free of defects that can be exploited by malicious adversaries is a difficult task. Despite extensive efforts via the application of formal methods, use of automated software engineering tools, and performing extensive pre-deployment testing, exploitable errors still appear in software. The problem of cyber resilience is further compounded by the growing sophistication of adversaries who can marshal substantial resources to compromise systems. This paper describes a novel, promising approach to improving the resilience of software. The approach is to impose a process-level software control system that continuously monitors an application for signs of attack or failure and responds accordingly. The system uses software dynamic translation to seamlessly insert arbitrary sensors and actuators into an executing binary. The control system employs the sensors to detect attacks and the actuators to effect an appropriate response. Using this approach, several novel monitoring and response systems have been developed. The paper describes our light-weight process-level software control system, our experience using it to increase the resilience of systems, and discusses future research directions for extending and enhancing this powerful approach to achieving cyber awareness and resilience.