Software is vulnerable to cyber threats due to defects of design, development, and deployment. One of the many challenges posed by current software is balancing security and cost. In most cases the deployment and maintenance cost of software has trumped the cost of presenting widespread security vulnerabilities. This situation has given adversaries an enormous asymmetric advantage.
For a sophisticated adversary, crippling entire computer networks with a single exploit might be easy, but cleaning up after such an attack is usually very difficult. Software used to be shipped and installed manually, ensuring that a particular version of software was retained for years. Now, deployed software relies on semi-automated methods of obtaining updates and patches to address newly discovered software defects and vulnerabilities.
An observation evident to a biologist is that monocultures are inherently vulnerable; yet, software monocultures seem to be the norm.
The elimination of software monocultures would provide greater resilience against various cyberthreats and increase the cost for attackers executing computer intrusions.
Organizational Relevance
The broad impact of zero-day exploits (an attack on a previously unknown software vulnerability for which there is no patch or fix) is possible because of a reliance on software monocultures, where a single version of software is distributed and deployed across an organization. Mass deployment of identical software results in mass exploitation of systems. From an adversary’s perspective, the value of a zero-day exploit is determined by the extent that some software is broadly deployed. In military parlance, a software monoculture is a force-multiplier for the enemy.
SSC Pacific’s Technological Solution
Stochastic Compiler Hacks as Software Immunization Mechanisms (SCHSIM) focuses on disrupting attacks that rely on these software monocultures. The technologies developed by the SCHSIM project diminish or remove the asymmetric advantage by creating artificial, or simulated, software diversity.
The SCHSIM project is focused on a set of “moving target defense” techniques known as randomized multi-compiling. These techniques allow for the creation of unique binaries of each program on each computer, which minimizes an attacker's knowledge of individual computer systems.
SSC Pacific is exploring many moving target defenses and assessing their applicability for Navy and government networks. Moving target defenses, such as those researched in the SCHSIM project, are a radical departure from previous defensive tactics. With these new defense techniques, the DoD and military organizations will be able to expend less of their resources to protect systems and recover from widespread disruption.
In particular, SSC Pacific researchers are working to prevent return-to-library (libc), return-oriented-programming (ROP), and other similar code-reuse attacks. By using clever randomization techniques within existing software compilers, researchers can emulate a diverse software ecology in which the latent “immunity” of software to various attacks is non-identical. As in any ecology, the more diverse the members, the greater the chances are for the success of a species.
The real game-changers from the warfighter’s perspective involve software resilience. A system that is compromised may be offline for hours or days. Many of the techniques being examined in the SCHSIM effort would enable seamless recovery. Some of the techniques being developed by SSC Pacific collaborators suggest that in some cases we may be able to recover from an attack even before an attacker is aware their attack was thwarted.
Collaborators at the University of California at Irvine (UC Irvine) have developed a technique for “booby-trapping” randomized programs. This allows the program to work normally, but to catch intruders in the act. It may also allow fast, focused responses to very specific attacks. This response could be as simple as enabling the exploited program to recover to a known good state. It might also better enable the use of active responses against attackers.
In some ways, SCHSIM enables anti-access area denial (A2AD) for the cyber domain. SCHSIM aligns perfectly with SSC Pacific’s mission by developing technologies to ensure information dominance in the cyber domain.
SCHSIM represents one of the cyber research and development efforts at SSC Pacific, an area the U.S. Navy needs to expand to be prepared for information battlefields of the future.
SSC Pacific is collaborating with research groups at UC Irvine's Secure Software Systems Lab and the University of New Mexico. It is also actively collaborating with national laboratories and government agencies.
The technical aspects of SCHSIM are challenging, but achievable. The biggest technical challenge will be constructing a cost-effective and secure method for delivering multi-compiled binaries. SSC Pacific will need to restructure its software distribution mechanisms to support distribution of randomized programs. To address these challenges, SSC Pacific will need to employ cloud-computing technologies and to enlist the help of software vendors and distributors.
Software diversity contends with the historic direction of centralization and standardized control. Many computer security systems require that software be distributed as identical binaries. These systems would need to be replaced or completely overhauled to enable validation and verification of diversified software applications. New policies will be needed to guide software acquisition, design, development, testing, certification, and deployment.
The Way Ahead
The struggle with new vulnerabilities and exploits will continue until software is made more secure. SSC Pacific researchers are demonstrating new ways of protecting software from many sophisticated types of attack. This added security can be gained without modification to existing operating systems or software functionality.
By randomizing the internal executable code deployed for each executable software instance, attackers would have less information about which instances are vulnerable to attack, known code-reuse attacks would be nearly impossible, and computer systems would be less vulnerable to a wide class of vulnerabilities.
The Space and Naval Warfare Systems Center Pacific provides the U.S. Navy and military with essential capabilities in the areas of command and control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR). SSC Pacific provides the full spectrum of C4ISR capabilities from basic research and prototype development, to extensive test and evaluation services, through systems engineering and integration, to installation and life-cycle support of fielded systems. SSC Pacific is a recognized leader in the cyber domain and for autonomous unmanned systems, and is providing the technological and engineering support critical to ensuring the Navy’s information dominance.