Automatic Generation of Network Element Software (AGNES)

Abstract

PROJECT SUMMARY Automatic Generation of Network Element Software (AGNES) OVERVIEW The Automatic Generation of Network Element Software (AGNES) program proposes to automatically generate network elements that are free from known weaknesses. Using today’s development technologies and processes, it is effectively impossible for human to write software that accounts for the hundreds of known weaknesses – so let computers do it. Let human programmers do the creative work – designing network protocols – using descriptive protocol languages and exploiting network standards. Then, let the computer do the work of generating the network element software using the knowledge base of coding solutions for known weaknesses and applying rigorous, automatic testing to the final product. Free from known weaknesses, AGNES-generated code provides no opening for attack by adversaries’ malware. AGNES will reduce the time required to develop network software modules, reduce the effort required to update software in response to new threats, and result in secure network software. TECHNICAL APPROACH AGNES is a novel system with a new approach to generate network element software that is free of known weaknesses. Our source of knowledge of software weaknesses is the Common Weakness Enumeration (CWE), an open database maintained by the Mitre Corporation based on input from the larger software development community. AGNES works as follows: 1. Software weaknesses are formally specified in a machine-readable format and maintained in a knowledge base. 2. For each weakness, a set of coding rules are developed that will result in code that does not exhibit that weakness. The coding rules are specified in a machine-readable format. 3. Based on an ontology of network elements and software patterns, a developer specifies the design of network element software in a formal representation language. 4. The AGNES Auto-Code Generator (ACG) interprets the design representation and applies the coding rules to generate executable code. PROGRAM PLAN The AGNES team proposes an incremental approach to developing the capability to generate secure network element software. We have structured the proposed program in such a way that each set of evaluations can be used as a Go/No-Go gate – each option is dependent upon quantitatively demonstrated progress. The plan starts off with a base effort (9 months) of proofof- concept, showing auto-generation of the router information protocol (RIP) protocol software, and testing against 25 of the most common and relevant vulnerabilities in the CWE database; Option 1 (12 months) performs a laboratory emulation, demonstrating the full set of RIP protocols; Option 2 (12 months) offers demonstrations in an emulation environment on real tactical radios using the soldier radio waveforms (SRW).

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 12, 2016

Source ID

N000141512509

Entities

Tags