By Topic

A lightweight software control system for cyber awareness and security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

7 Author(s)
Michele Co ; Department of Computer Science, University of Virginia, Charlottesville, 22904 U.S.A. ; Clark L. Coleman ; Jack W. Davidson ; Sudeep Ghosh
more authors

Designing and building software that is free of defects that can be exploited by malicious adversaries is a difficult task. Despite extensive efforts via the application of formal methods, use of automated software engineering tools, and performing extensive pre-deployment testing, exploitable errors still appear in software. The problem of cyber resilience is further compounded by the growing sophistication of adversaries who can marshal substantial resources to compromise systems. This paper describes a novel, promising approach to improving the resilience of software. The approach is to impose a process-level software control system that continuously monitors an application for signs of attack or failure and responds accordingly. The system uses software dynamic translation to seamlessly insert arbitrary sensors and actuators into an executing binary. The control system employs the sensors to detect attacks and the actuators to effect an appropriate response. Using this approach, several novel monitoring and response systems have been developed. The paper describes our light-weight process-level software control system, our experience using it to increase the resilience of systems, and discusses future research directions for extending and enhancing this powerful approach to achieving cyber awareness and resilience.

Published in:

Resilient Control Systems, 2009. ISRCS '09. 2nd International Symposium on

Date of Conference:

11-13 Aug. 2009