|
- Specware
- project page
- High-Assurance Java Platform
- project page
- High-Assurance Java Card Applets
- project page
- VIBRANCE
- The VIBRANCE (= Vulnerabilities In Bytecode Removed by Analysis, Nuanced Confinement, and divErsification) project aims at constructing a tool that automatically hardens Java bytecode to make it resistant to certain classes of vulnerabilities. VIBRANCE uses static and dynamic analysis to find vulnerable code, run-time confinement to prevent exploits of the vulnerable code, and diversification to increase the difficulty of attacks.
This is a collaborative project with CSAIL (MIT) and Kestrel Technology, LLC.
- CRASH
- High-assurance synthesis of garbage collectors.
- Using Software Generation and Repair for Cyber-Defense
- The overall objective is to develop applications that dynamically recover with immunity from cyber attacks.
Many cyber attacks require detailed knowledge about how an application works, how it consumes resources (such as memory or CPU), how it interacts with other components in its deployment environment (e.g., the operating system or database engines), and how it interacts with the network. For example, a side-channel attack needs to know (or learn) the correlation between an application's externally visible responses and the private data being sought. Detailed knowledge may be acquired by examining source code, when available, or by profiling the application based on the results of inputs designed to reveal the internal structure of the application.
The objective of this effort is to develop coarse-grained synthetic diversity to continually vary the applications structure and its interactions with its environment and the network, and thus make it much harder for an attacker to acquire detailed knowledge and, should an attack succeed, to limit the damage and to transition to a new variant of the application that is immune to the attack.
This project is sponsored by AFRL.
- Back to Top -
-
Home
-
About Kestrel
-
Research Staff
-
Current Projects
-
Project Archive
-
-
Publications
-
Technology Transfer
-
Career Opportunities
-
Contact Kestrel
-
|