The overall objective is to develop applications that dynamically recover with
immunity from cyber attacks.
Many cyber attacks require detailed knowledge about how an application works,
how it consumes resources (such as memory or CPU), how it interacts with other
components in its deployment environment (e.g., the operating system or database
engines), and how it interacts with the network. For example, a side-channel
attack needs to know (or learn) the correlation between an application’s
externally visible responses and the private data being sought. Detailed
knowledge may be acquired by examining source code, when available, or by
profiling the application based on the results of inputs designed to reveal the
internal structure of the application.
The objective of this effort is to develop coarse-grained synthetic diversity to
continually vary the applications structure and its interactions with its
environment and the network, and thus make it much harder for an attacker to
acquire detailed knowledge and, should an attack succeed, to limit the damage
and to transition to a new variant of the application that is immune to the
This project is sponsored by AFRL.