Banner
Faculty Recruitment Seminar

Tuesday, July 1, 2008
10:00-11:00AM, ST II, Room 430A

Toward Software Self-Defense

Michael Locasto

PhD, Postdoctoral Fellow
Institute for Security Technology Studies
Dartmouth College

Abstract

Systems that actively diagnose and repair themselves, even when faced with previously unknown failures and attacks, are the holy grail of reliability and security research. Unfortunately, most software protection techniques typically abort a process after an intrusion at-tempt or a fault violates an application's integrity, thus turning an ar-bitrary exploit or failure into a self-induced denial of service attack. In this talk, I will discuss my research on self-healing software --- such systems seek to automatically remedy the effects of a fault or vulnerability so that execution continues safely and maintains system availability.

I will present a novel architecture and self-healing workflow based on extensions to the Clark-Wilson Integrity Model. These extensions define a model for a repair policy language and view an application as a series of transactions that can be speculatively executed subject to a repair policy. These policies contain a collection of constraints that a system leverages to restore integrity while an attack or fault occurs. To demonstrate the feasibility and effectiveness of self-healing, I created a runtime environment that supervises an applica-tion's execution and enforces integrity repair policies in both binary-only and source-available environments.

One important issue that self--healing raises is the question of meas-uring behavioral deviations in software that has been patched or has been subject to a self--healing repair. Self--healing seems risky be-cause it largely bypass the cycle of human-driven patch testing. In particular, it is difficult to predict if a repair will maintain the "normal" behavior of the system. Assuring that post-repair behavior does not deviate from normal behavior is a major challenge to which no satisfactory solutions exist. I will close the talk with an overview of some of my early efforts to address this challenge using measure-ments of machine level intra-procedural control flow.

Speaker Bio

Michael E. Locasto is a Fellow at the Institute for Security Technology Studies (ISTS) at Dartmouth College. He graduated magna cum laude from The College of New Jersey (TCNJ) in May 2002 with a B.Sc. degree in Computer Science. Michael received an MS and PhD in Computer Science from Columbia University. He also served as a CS Department Preceptor during the 2005-2006 academic year. He is interested in exploring methods for applying machine intelligence to a variety of security mechanisms. In particular, he has researched ways to make intrusion defense systems automatic, correct, and adaptive.