Program Summary
Our society’s infrastructure is increasingly dependent on software deployed on a wide variety of computing devices other than commodity personal computers, such as industrial equipment, automobiles, and airplanes. Unlike commodity computers that have short upgrade cycles and are easily replaceable in case of failure, these computing devices are intended for longer service, and are hard to replace. Thus, the amount of deployed software that needs to be maintained is continually increasing, while the growing use of telemetry on such devices potentially exposes their software to cyber-attacks. To fix cybersecurity flaws in software, vendors distribute patched versions of the software. Unfortunately, even after a particular flaw has been fully understood, and a remediation approach has been developed and expressed as a source code change in the current version of the software, the ability of vendors to produce patches for all of their deployed devices in a timely, assuredly safe, and scalable manner is limited. Additional challenges arise when the exact source code version has been lost, the process for building the software from source code was not documented, and/or the original software development environment is not available. These limitations and challenges result in mission-critical software going unpatched for months to years, increasing the opportunity for attackers.
The goal of the Assured Micropatching (AMP) program is to create the capability for rapid patching of legacy binaries in mission critical systems, including the cases where the original source code version and/or build process is not available. AMP aims to create new capabilities to analyze, modify, and fix legacy software in binary form, capable of producing assured targeted micropatches for known security flaws in existing binaries. Micropatches change the fewest possible bytes to achieve their objective, which minimizes potential side effects, and should enable proofs that the patches will preserve the original baseline functionality of the system. With these proofs, the time to test and deploy the patched system should be reduced from months to days.
To achieve this goal, the AMP program seeks to address gaps in the current software development paradigm through breakthroughs in and novel approaches to technical challenges, including but not limited to:
- Identifying modular units in executable binary images, and identifying modules’ interfaces, interactions, and linking artifacts to enable subsequent assured relinking and re-integration of patched binary modules;
- Decompiling the executable binary code into forms suitable for automatically situating a patch for a known security flaw existing in the binary;
- Generating minimal-change binary micropatches for existing binary images and for rigorous reasoning about their effects and testing these effects to verify noninterference of the changes with the binary’s baseline functionality; and
- Using available sources of information, such as source code and binary samples, to recover missing relevant parts of the source code and the build process.