Compartmentalization and Privilege Management (CPM)
Abstract
The Compartmentalization and Privilege Management (CPM) program will develop new system frameworks, architectures, and tooling to provide fine grained, least privileged, compartmentalization that enables prevention and containment of cyber attacks. Today's information systems are structured around a monolithic core (the kernel) that operates within a single protection domain at a single high privilege level. This monolithic kernel contains many separate components, but because there are no protection boundaries between these components, a single compromise anywhere in the system allows attackers effectively unlimited access through an extended sequence of exploits and steps of privilege escalation and lateral motion. CPM will develop technologies and tools to automatically compartmentalize large legacy software systems, and processor architectures and system software that enforce a compartment and privilege level regime. CPM tools and architectures will prevent initial penetrations from propagating into successful cyber attacks.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2024
- Source ID
- 0de637d5e399eb95e21ba51f94017e8c