REVOLVER: Recurrent EVOLution and Verification of Encapsulated Rights

Abstract

Modern software is driven by market demands, typically focusing on growing user bases as fast as possible. Onedetrimental side-effe""ct is bloated software,increasing the potential for security violations with each new feature, most of which is never used by any s"ingle user.Recurrent EVOLution and Verification ofEncapsulated Rights (REVOLVER) is a new approach to modularly decompose and evolve software by exploitingobserved program behavior to automaticallyfind and enforce encapsulation boundaries in bloated and over-p"rivileged code bases. The result is a reduction ofsoftware exploitability. REVOLVER specifically targets evolving software, which i""ncludes online approaches forvalidation and verification of proposed reorganizations, as well as efficient protection mechanisms. A""dditionally,REVOLVER includes a novel framework for mechanically verifying program transformations from low-levelabstractions. Ove""rall, REVOLVER presents a novel approach to modify the way we build secure software, allowingsecurity to be retrofitted to existing" software with formal guarantees.

Document Details

Document Type
DoD Grant Award
Publication Date
Sep 29, 2017
Source ID
N000141712930

Entities

People

  • Stephan Zdancewic

Organizations

  • Office of Naval Research
  • United States Navy
  • University of Pennsylvania

Tags

Fields of Study

  • Computer science
  • Engineering

Readers

  • Marksmanship and Weaponry.
  • Optical Fiber Sensing and Electromagnetic Propagation.
  • Software Engineering.