SWARM, a System-Wide Application Randomization Mechanism

Period of Performance: 07/31/2015 - 04/30/2016

$150K

Phase 1 SBIR

Recipient Firm

Architecture Technology Corp.
9971 Valley View Road Array
Eden Prairie, MN 55344
Principal Investigator

Abstract

ABSTRACT:System reconnaissance is the typical first step in a targeted attack; the attacker must learn the services available, software used, and operating system configuration in order to determine how to best infiltrate a given system. ?Reconnaissance is then best thwarted by providing false or non-reusable information to an attacker. ?ATC-NY will design and build SWARM, a System-Wide Application Randomization Mechanism, to provide false and non-reusable system information to potential attackers. ?SWARM combines ephemeral virtual machine technology with system-wide Application Binary Interface (ABI) changes, source code and configuration changes, and application-level randomization, giving each system instance a unique set of operating characteristics. ?By evolving systems characteristics over time, SWARM ensures that any information an adversary does have is incorrect by the time he uses it. ?SWARM does this while not impacting normal operations and with little to no performance impact.BENEFIT:SWARM dramatically slows down a potential attacker because he is not able to gain accurate information about host system configuration, and any information he does have will be outdated by the time he can apply it. ?With its automatic build and deployment framework, there is no additional burden on system management personnel to gain this benefit. ?SWARM can benefit network servers as well as desktop workstations. ?In addition to providing anti-reconnaissance measures, SWARMs architecture reduces the persistence of any attacks that do succeed, provides diversity of implementation for survivability and safety, and can also aid in software and protocol testing. ?These benefits apply to both DoD and commercial entities storing sensitive information, including personal health information, accounting data, or trade secrets.