Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave...
Transcript of Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave...
![Page 1: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/1.jpg)
[DISTRIBUTION STATEMENT Please copy and paste the appropriate distribution statement into this space.]
Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Three Software Innovations that DoD Needs Now
Jeff Boleng, Sam Procter, Nathan VanHoudnos, Lena Pons, Robert Schiela
![Page 2: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/2.jpg)
2Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Document MarkingsCopyright 2018 Carnegie Mellon University. All Rights Reserved.
This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.
The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation.
NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected].
DM18-0334
![Page 3: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/3.jpg)
3Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Virtual Integration: AADL as a “Single Source of Truth”
Model-Based Engineering for System DesignBuild models of components, combine them into a unified system, and verify that everything fits before the system is built: Integrate-then-Build
Detect Issues Early, Save Money and EffortStudies show most system defects are created early – in the design and architecture stages – but fixed late. Defects caught later are more costly in terms of both budget and schedule overruns.
Multiple Analyses, One ModelA single AADL model can support multiple analyses. Custom analyses are easy to implement, or use outputs of preferred tools to annotate AADL model
Change of Encryption from 128
bit to 256 bit
Higher CPU Demand
Increased Latency
Potential New Hazard
Affects Temporal
Correctness
SAE AS5506 AADL
SAFETY & RELIABILITY
![Page 4: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/4.jpg)
4Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
AADL Success Stories
Wheel Braking System
• Example used in SAE standardization efforts (ARP 4761 & AIR61160)
• AADL source publically available on github
• Used in ongoing safety research
System Architecture Virtual Integration
• “Incremental Validation, Continuous Integration”
• Pays for itself in commercial development
HACMS: Strong Security
• Secure drone and helicopter developed using AADL, seL4 & other tech
• Resistant to weeks of red-team attacks, even with source code
Image adapted from loonwerks.com
![Page 5: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/5.jpg)
5Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Guided Automated Tradespace Exploration
• Prototype connects AADL tooling to visual exploration software
• Any components that can be specified in AADL can be swapped in and analyzed
• Easily extended to include domain-specific analyses
Late
ncy
Cost
![Page 6: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/6.jpg)
6Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Machine Learning for the DoD: MalwareMany suspect files. Manual pairwise analysis is expensive.
![Page 7: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/7.jpg)
7Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Machine Learning for the DoD: MalwareMany suspect files. Statistical visualization lowers costs.
![Page 8: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/8.jpg)
8Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Automated Analysis - Prioritizing Vulnerabilities
Long-term goal: Automated and accurate statistical classifier, intended to efficiently use analyst effort and to remove code flaws
AnalyzerAnalyzer
Analyzer
Codebases
Alerts
Today
Project Goal
Image of woman and laptop from http://www.publicdomainpictures.net/view-image.php?image=47526&picture=woman-and-laptop “Woman And Laptop”
Classification algorithm development using CERT- and collaborator-audited data, that accurately classifies most of the diagnostics as: Expected True Positive (e-TP) or Expected False Positive (e-FP), and the rest as Indeterminate (I)
66 effort days
12,076
45,172
6,361
0
5,000
10,000
15,000
20,000
25,000
30,000
35,000
40,000
45,000
50,000
e-TP e-FP I
3,147
11,772
48,690
0
10,000
20,000
30,000
40,000
50,000
60,000
TP FP Susp
Prioritized, small number of alerts for manual audit
Many alerts left unaudited!
![Page 9: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/9.jpg)
9Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Automated Code Repair
Many violations of rules follow a small number of anti-patterns with corresponding patterns for repair
These can be feasibly recognized by static analysis• printf(attacker_string) printf("%s", attacker_string)
Creating tools to automatically repair these types of defects in source code• Integer Overflows that lead to memory corruption• Inferred memory bounds for reading from reused buffers• Verified memory safety
Constraints• The patched and unpatched program behave identically over the set of all traces that
conform to the rules. (formally proven)• No trace violates the rules. (formally proven)• Repair in way that is plausibly acceptable to the developer.
![Page 10: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/10.jpg)
10Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Data Analysis for the DoD: Information Extraction
Cyber incident tickets are comprised of semi-structured data containing indicators
Traditional indicators like IP address, filename, file hash, email address can be augmented with concepts & relations
![Page 11: Three Software Innovation that DoD Needs Now...• The patched and unpatched program behave identically over the set of all traces that conform to the rules. (formally proven) •](https://reader034.fdocuments.us/reader034/viewer/2022050602/5faa11605c1e582306263f5e/html5/thumbnails/11.jpg)
11Three Software Innovation that DoD Needs Now© 2018 Carnegie Mellon University
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.
Presenters
Robert [email protected]
Lena [email protected]
Nathan [email protected]
Jeff [email protected]