A $3.15 million award from the Office of Naval Research will fund a three-year “Attack Surface Reduction for Binary Programs” grant.
The Office of Naval Research recently awarded $3.15 million to Chancellor’s Professor of Computer Science Michael Franz for a three-year grant, “Attack Surface Reduction for Binary Programs.” Specifically, $2.33 million will go to UC Irvine, and the remaining funds will go to Dr. Herbert Bos, a collaborator on the project at Vrije Universiteit Amsterdam. The goal is to increase software security by first stripping programs down to the basics and then rigorously analyzing and optimizing what is left. As Franz explains, “The attack surface describes all the different places that you have to defend, and if you have a smaller program, there’s less to defend.”
The problem, says Franz, is that “most programs are ridiculously large and complicated.” They have grown over many years, and software publishers rarely remove anything; instead, they pile on additional functionality to ensure the product satisfies all potential consumers. Franz explains that this increases the likelihood of bugs and that all of this superfluous software also costs memory, disk space and download time, so there’s no advantage for the average consumer. Furthermore, “security incidents are often triggered by a very obscure part of a program that hardly anyone ever uses,” says Franz. With this grant, he thus aims to explore how you can take a program and very aggressively prune away all the things that nobody uses. If the resulting program is small enough, it can then be analyzed for bugs and optimized further in ways that would not have been possible with the original, larger application.
Another part of the problem is figuring out what to do if a user subsequently tries to access any of the stripped-away functionality. “We need techniques for gracefully recovering from that,” says Franz. Possible options include displaying a dialogue that tells users that the desired functionality is currently unavailable but could be added back in overnight and accessed the next morning. This might work in many situations, but “it might not be a legitimate solution on a Navy destroyer,” says Franz. An alternative way of handling such situations would be to keep the original “full” program around and briefly switch to it in order to cover any “missing” functionality. Because the original program isn’t as secure or efficient, Franz explains that they would run it inside a “sandbox isolation chamber” and would try to use it as little as possible. Then, the next time a new version of the “pruned” program was generated, it would integrate all of those “missing” parts so that, after a few iterations, one would wind up with a stable version of the program that includes all regularly used functionality.
“We’re trying to create the best of both worlds,” says Franz, ultimately making increased security seamless for software users while simultaneously “tackling the software bloat that has taken hold all over the industry.”
– Shani Murray