Program Summary
The Department of Defense (DoD) has a critical need to deny cyber attackers the capability to execute unintended, yet robust and often unobservable computations on DoD systems and critical infrastructure systems. Empirically, modern exploitation methods rely on long chains of emergent behaviors of the target’s unprotected computational abstractions, where attackers leverage one combination of abstractions to create an ephemeral state in which the next set of unprotected abstractions is exposed, until the goals of exploitation are achieved. Counterintuitively, instead of being brittle and easily disrupted, these chains are robust and portable between implementations independently created by different vendors. This phenomenon is colloquially described as “weird machines”—well-defined, robust, and abstract-able engines of emergent execution (EE) and adversarial programmability. These machines are often unintentionally programmed into the target and are merely unlocked for an attacker’s use through coding flaws.
The Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program will explore novel theories and approaches, and seeks to develop practical tools to anticipate, isolate, and mitigate emergent behaviors in computing systems throughout the entire software development lifecycle. HARDEN aims to radically improve security outcomes in software for integrated systems by creating novel tools, metadata, and instrumentation for emergent computation. It also seeks to efficiently mitigate exploitation of software abstractions and protect intended abstractions from adversarial reuse. The goal is to integrate those capabilities into the standard processes of the software development lifecycle.
Additional information is available in the HARDEN Program Announcement.