Defense Advanced Research Projects Agency (DARPA)
CRASH Program, Program Manager: Dr. Howard Shrobe
Project Title: “Attacking Time”
Proposal Submitted: Jan 2008.

We propose a radical departure from conventional network defense based on attacking an adversaries timeliness, rather than detecting intrusions. To realize this notion we will explore scalable, resilient operating systems concepts and technologies that aim to increase attacker workload and operate through attacks even if the attacks are never detected. This foundational research will form the basis for a new generation of exascale operating systems that export resilience to large-scale, concurrent DOD applications. To increase attacker workload, we will utilize highly dynamic operating system internals that repeatedly relocate threads and scramble offsets, network addresses, and system parameters. These technologies will present the adversary with a frequently changing, inconsistent picture of DoD missions, network structures, host properties, and attack paths to delay network reconnaissance and compromise. To provide resilience we will devise novel polymorphic regenerative technologies that replicate and migrate threads between processors to prevent the compromise of DoD applications. To maintain redundancy in the face of D5 effects, the technology will automatically re-generate threads on the fly. Automatic methods will be devised to organize and synchronize redundancy across multiple processors and resolve inter-thread communication. Camouflage techniques will be introduced to disguise resilient thread structures so as to appear as common operating system services and applications.

Defense Advanced Research Projects Agency (DARPA)
MRC Program, Program Manager: Dr. Howard Shrobe
Project Title: “Resilient Diffusive Clouds”
Proposal Submitted: July 2011.

We propose to increase attacker workload and provide resilience in clouds and distributed computations through three core technical innovations:

• On-the-fly dynamic replication and regeneration of virtual machines and application processes to provide resilience and limit exposure to vulnerabilities,
• Scalable management of virtual machines and application processes through mathematically rigorous diffusion methods, and
• Dynamic code diversity achieved through compiler, loader and/or run-time techniques, to throttle vulnerability amplification.

These concepts lead to a view of clouds in which vulnerabilities are different at every host, attackers cannot perform reliable surveillance, and attacks are unable to persist on the timescale of military missions. These concepts stand in stark contrast to today’s systems where vulnerabilities are amplified by being present at every host in the cloud, systems are static allowing long-term surveillance, and operating systems are pre-designated and static allowing kernel implants to persist. The work builds upon feasibility studies in distributed systems recently concluded as part of a DARPA seedling effort “Attacking Time”, and will leverage ongoing research that will produce from-scratch, small-footprint, hypervisor and micro-kernel designs under the same effort.