Robust, Assured Diversity for Software Systems (RADSS)

The DARPA CFAR program seeks revolutionary breakthroughs in defensive cyber techniques that protect existing and future software systems in both military and civilian contexts – without requiring changes to the concept of operations of these systems. The program is based on the introduction of diversity into the software ecosystem, providing protection via variation and unpredictability in much the same way that genetic variation among populations acts as a natural check against the proliferation of disease. Furthermore, by running multiple diverse variants of a piece of software, differences in behavior can be used to detect and recover from attacks.

RADSS aims to automate the creation of such software variants and prove their correctness and security. The project is based on years of research into software diversity and multi-variant execution, and aims to advance the state of the art by addressing five key research challenges. These challenges are: (i) establishing trust in the system and the diversified variants, (ii) defending against new kinds of attacks, (iii) enabling smooth recovery in case of attack, (iv) extending diversity-based defenses to programs available only in binary form, and (v) extending multi-variant defenses to multi-threaded and self-modifying (e.g., just-in-time compiled) programs.

• To establish trust in the system, RADSS seeks to use state-of-the-art equivalence checking technology to both prove that variants behave the same when operating within normal parameters and to prove that variants exhibit detectable differences when under attack.
• To defend against new attack types, RADSS aims to use fine-grained control-flow monitoring, control-flow integrity, and a constantly-evolving defense technique we call dynamic diversity.
• To enable smooth recovery in the case of compromise or failure of a variant, we aim to utilize novel methods of marshaling state that can be used to initialize a new variant with information from uncompromised variants.
• To extend diversity-based defenses to programs available only in binary form, RADSS seeks to go beyond the current state-of-the-art in simple, non-intrusive tweaks by reconstructing high-level program abstractions and altering diversity techniques to be tolerant of the partial information that such reconstruction efforts typically yield. This would enable “source only” diversification techniques to be applied at the binary level.

As part of RADSS, we also aim to conduct new fundamental research directed at extending multi-variant defenses to multi-threaded applications that are meant to be run on several processors in parallel and to programs that are (at least partially) compiled at run time. These are challenging problems that are beyond the scope of currently available solutions. RADSS is a collaboration led by Galois that also includes Trail of Bits, Immunant, and University of California, Irvine.