Evolvable Software Workbench for Avionics Cyber Security

TECH FOCUS AREAS: Cybersecurity; Autonomy; Artificial Intelligence/Machine Learning TECHNOLOGY AREAS: Sensors OBJECTIVE: This topic seeks to develop and explore a software evolution workbench to remove malware from software/firmware, improve detection algorithms and malware understanding, and develop the means to provide software diversity to mitigate cyber-attacks. DESCRIPTION: The ability to prevent, detect, and respond to avionics supply chain attacks and measure the effectiveness of existing cyber defense solutions remains an unsolved problem. Recent Solarwinds supply chain attacks compromising numerous U.S. government agencies highlight the impact of such a threat and the pressing, paramount need to develop solutions removing or detecting and responding to malware implanted in legitimate software and firmware. Several research efforts have proposed a variety of evolutionary approaches to address this problem. For example, [1] argues introducing artificial software diversity into a potentially targeted program significantly decreases the probability of compromise since the evolved implementation is unknown to the attacker. In [2], a thorough survey of demonstrations where several attacks are mitigated using an automated software diversity approach is presented. The literature also includes optimizing the evolutionary process by identifying the target of diversification (e.g., instructions, basic blocks, loops) and the stage in the software life cycle for which diversification occurs (e.g., installation, loading, execution, updating) [2]. Many of the methods in the literature make use of Genetic Programming (GP) to carry out the evolutionary process [3,4]. In addition, software evolution has been used to automatically generate bug fixes [5]. Evolutionary-based diversification has therefore proven to be a useful tool in mitigating various attacks by attempting to create immune variations of programs and/or patching vulnerabilities. However, current evolutionary approaches are very inefficient as they produce non-functional mutations, not only due to the randomness in the approach but also brittleness of the computer language being evolved. In fact, 99.7% of all software mutations are found to be non-beneficial, making evolvability in existing languages computationally burdensome and very limited in producing acceptable results [6]. The goal of this topic is to develop and explore an evolvable software language and methodologies to overcome the above limitations. Specifically, this topic will focus in developing a methodology that yields fully executable programs and the means to yield the desired program functionality. The workbench will be used to 1) generate novel malware samples to evaluate and measure the effectiveness of avionics malware detection solutions against quantifiable metrics, 2) enhance existing malware detection tools, and 3) provide the means to eliminate supply chain malware by deliberately evolving the targeted legitimate software so as to evolve out any Trojan that may reside within that software. Additional requirements for malware generation include the ability of the evolved software to pass regression tests of the original program, avoid detection, and have the desired mission impact based on a user-configurable fitness function. PHASE I: Phase I efforts will develop a software evolution workbench preliminary prototype demonstrating ability to evolve programs satisfying syntactic and semantic constraints. Use of government materials, equipment and facilities are not required for this research effort. Deliverables for this phase include developed software i.e., evolvable software workbench, and manual/documentation. PHASE II: Extend the workbench developed in Phase I to demonstrate that it can efficiently and effectively both generate novel malware that meets the above requirements and remove Trojans from legitimate software applications. Deliverables for the second phase include software of the comprehensive workbench, the generated malware samples, the successful demonstration of evolving out a Trojan from a legitimate application and corresponding documentation. PHASE III DUAL USE APPLICATIONS: The final product will include a two-way automated translator that can ingest programs into the evolvable workbench and the evolved program can be translated back to the original instruction set architecture (e.g., 32-bit generation Intel microprocessor architecture [x86], Advanced Reduced Instruction Set Computing Machines [ARM]). Military applications include both manned and unmanned aerial vehicles, and advanced sensor systems. Commercial applications include embedded systems such as autonomous driving vehicles and Supervisory Control and Data Acquisition (SCADA) systems. REFERENCES: 1. F. Cohen. Operating system protection through program evolution. Computers and Security, 12(6):565 584, Oct. 1993; 2. P. Larsen, A. Homescu, S. Brunthaler, M. Franz, SoK: Automated Software Diversity , 2014 IEEE Symposium on Security and Privacy; 3. J. R. Koza, Genetic programming as a means for programming computers by natural selection, Statistics and computing, vol. 4, no. 2, pp. 87 112, 1994. 4. E. K. Burke, S. Gustafson, and G. Kendall, Diversity in genetic programming: an analysis of measures and correlation with fitness, IEEE Transactions on Evolutionary Computation, vol. 8, no. 1, pp. 47 62, Feb. 2004; 5. C. L. Goues, T. Nguyen, S. Forrest, W. Weimer, GenProg: A Generic Method for Automatic Software Repair, IEEE Transactions on Software Engineering, Volume: 38, Issue: 1, Jan.-Feb. 2012; 6. C. Ofria, C. Adami, T. C. Collier, Design of Evolvable Computer Languages , IEEE Transactions on Evolutionary Computation 6(4):420 - 424 September 2002. KEYWORDS: Malware Detection and Response; Evolutionary Computing; Genetic Algorithms; Evolvable Software; Avionics Cyber Security