Our society’s infrastructure is increasingly dependent on software deployed on a wide variety of computing devices other than commodity personal computers, such as industrial equipment, automobiles, and airplanes. Unlike commodity computers that have short upgrade cycles and are easily replaceable in case of failure, these computing devices are intended for longer service, and are hard to replace. Thus, the amount of deployed software that needs to be maintained is continually increasing, while the growing use of telemetry on such devices potentially exposes their software to cyber-attacks. To fix cybersecurity flaws in software, vendors distribute patched versions of the software. Unfortunately, even after a particular flaw has been fully understood, and a remediation approach has been developed and expressed as a source code change in the current version of the software, the ability of vendors to produce patches for all of their deployed devices in a timely, assuredly safe, and scalable manner is limited. Additional challenges arise when the exact source code version has been lost, the process for building the software from source code was not documented, and/or the original software development environment is not available. These limitations and challenges result in mission-critical software going unpatched for months to years, increasing the opportunity for attackers.
The goal of the Assured Micropatching (AMP) program is to create the capability for rapid patching of legacy binaries in mission critical systems, including the cases where the original source code version and/or build process is not available. AMP aims to create new capabilities to analyze, modify, and fix legacy software in binary form, capable of producing assured targeted micropatches for known security flaws in existing binaries. Micropatches change the fewest possible bytes to achieve their objective, which minimizes potential side effects, and should enable proofs that the patches will preserve the original baseline functionality of the system. With these proofs, the time to test and deploy the patched system should be reduced from months to days.
To achieve this goal, the AMP program seeks to address gaps in the current software development paradigm through breakthroughs in and novel approaches to technical challenges, including but not limited to:
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue