Progressive Model Generation for Adaptive Resilient System Software

Period of Performance: 09/28/2015 - 03/28/2017

$498K

Phase 2 STTR

Recipient Firm

Grammatech, Inc.
531 Esty Street Array
Ithaca, NY 14850
Principal Investigator

Research Institution

University of Pennsylvania
3330 Walnut Street, Levine hal
Philadelphia, PA 19104
Institution POC

Abstract

Software provides critical functionality to the DoD, as well as to the communications, banking, and logistics industries we rely on. Runtime monitoring is now routinely applied to quickly identify and limit attacks. However, monitors have difficulty distinguishing good behavior from bad because intended application behavior varies widely. This proposal describes SMAC (Scenario-based Modeling & Checking), a tool for collecting models of intended behavior that will inform a runtime monitor.SMAC is a suite of tools designed to facilitate creation of models in SMEDL (Scenario-based Meta-Event Description Language). In Phase I, we developed SMEDL as a special-purpose language for capturing high-level security policies (or models of behavior). Phase I also resulted in a design for tools to create, edit and automatically generate SMEDL. SMEDL models can then be used to configure an existing runtime monitor technology. Phase II will implement this design, resulting in a complete framework for supplementing normal application development with fine-grain secure runtime monitoring.