DARPA wants to overhaul legacy software to stop cyber-attackers in their tracks when they penetrate a system.
For a cyber-attack to be successful, one must conduct a sequence of exploits to move from the initial system access, through privilege escalation and lateral motion steps, until reaching the ultimate target. The SolarWinds attack started by compromising the email account of a SolarWinds employee. This foothold was followed by other exploits to access SolarWinds’ development environment and insert a backdoor into the SolarWinds product, ultimately compromising over 18,000 organizations.
Early sailing ships were similarly vulnerable because they were built without watertight compartments and a single leak had the potential to compromise the entire vessel. Eventually, watertight compartment technology became the norm in ship building, preventing a single leak from spreading throughout the ship. DARPA is pursuing an approach to cyber resilience that would subdivide software systems into smaller, secure compartments that prevent an initial attempt at penetration from becoming a successful attack.
With processor hardware enhancements, fine-grained software compartmentalization would not significantly impact the system’s speed and efficiency. The challenge, however, is in the billions of lines of existing software, all of which would be impossibly time-consuming to rewrite in safer programming languages.
Through its new Compartmentalization and Privilege Management (CPM) program, the agency is seeking proposals to develop tools that can automatically restructure a software system into many small “compartments,” each with a specific function and operating with the least privilege necessary to achieve its goals. Systems running software with least privilege compartments would be much more resistant to cyber attackers.
“Legacy systems over their lifetimes tend to become more unstructured and consequently less compartmentalized,” said Dr. Howard Shrobe, DARPA’s CPM program manager in the Information Innovation Office. “Our goal is to transform existing systems into resilient ones that prevent most cyber-attack campaigns from succeeding even if an adversary gains a foothold.”
Shrobe explained that while there is growing commercial interest in compartmentalization, fine-grained compartmentalization has been limited in application to non-critical, low volume systems due to the high cost and risk of introducing novel technologies to large-scale, high-volume systems.
“Successful CPM research will demonstrate the analysis and enforcement technologies necessary for compartmentalization of large-scale systems with high confidence and low development effort,” said Shrobe. “This work should create sufficient confidence for commercial entities to make the investments necessary for large-scale adoption.”
Though CPM will focus on securing the vulnerable legacy code base, resulting solutions should also apply to new software.
CPM is a four-year program with two phases. Phase 1 will focus on technology development, specifically using the Linux operating system as the test and evaluation suite. Phase 2 will focus on demonstrating scalable capabilities on open-source systems representative of classes of computation important to the Department of Defense.