Adversaries are outpacing developers in the race to find program vulnerabilities. Where programmers have to find all potential software flaws in their programs and determine whether they are exploitable across all deployments to prevent vulnerabilities, adversaries need only find one software flaw that enables them to achieve their goals in any one deployment. Current techniques to rid programs of vulnerabilities cannot find all such flaws due to the complexity of modern software and their deployments. Rather than proving the absence of flaws, recent vulnerability detection research is exploring more powerful techniques to automate exploit generation. However, such exploit generation often lacks a systematic model of modern and emerging defenses, which may be useful in assessing the utility of defenses. In addition, once an exploit is generated, defenses to prevent that exploit must be added manually to the program. As a result, vulnerability detection does not yet pay enough attention to defenses to assess their effectiveness nor generate additional defenses when necessary. This project proposes a theory and techniques to improve defenses continuously and iteratively to counter threats that cause vulnerabilities. A method is developed that searches programs for security policy violations and extends existing defenses to prevent detected violations automatically. The main insight is to link the threats and defenses of each program into one coherent model, called the Program Threat Graph (PTG), to evaluate proactively whether threats enable adversaries to violate program security policies given current defenses and automate the improvement of defenses to prevent such violations. The project explores how to find security violations given a program's internal and environmental defenses. Security violations are used to generate both targeted defenses and/or systematic defenses to block this exploit efficiently and block potentially unknown exploits that may leverage other flaws under given performance constraints. The goal of this research is to continuously improve defenses against vulnerabilities. The approach discovers security violations given a specification for both current and upcoming defenses, tightening them automatically and recovering from attempted attacks without disrupting program functionality. All tools, benchmarks, and analyses developed during this project are released as open-source. For outreach, the focus is on capture-the-flag competitions and summer software security courses.
SaTC: CORE: Medium: Collaborative: Threat-Aware Defense: Evaluating Threats for Continuous Improvement