This project addresses cyber security from a programming language perspective. Of the five most used programming languages today, three (including the most used language C) lead to programs that are highly susceptible to cyber-attacks. The goal is to establish software diversity as a viable cyber defense approach, to be used in concert with other defenses. Commercializing this team's research may have the effect of changing both the way that software is distributed as well as many of the assumptions and models underlying current threats to deployed software.
This team?s 'multi-compiler approach' may provide solutions for many security problems. The multi-compiler approach provides automatic hardening of binaries before they are distributed to end users. The use of hardened binaries does not remove the need to fix security vulnerabilities by patching the source code and distributing software. However, it makes it substantially harder for attackers to exploit vulnerabilities. This solution may appeal to a broad spectrum of customers: software vendors as well as large institutions such as the US government. This team's project aims to commercialize automated software diversification mechanisms, providing a solution that can scale both to potentially millions of users (i.e., millions of distinctly different software versions) as well as very large programs, including even operating systems. To this end, they plan to provide the variation mechanism through a "cloud computing" service in which subsequent requesters download different unique variants of the same software, rather than identical binaries. In addition, this team is also working on making their solution almost completely transparent to developers by "normalizing" error reports that flow back from users. .
