It is widely believed that the greatest threat to computer security today is not cryptographic weakness but rather flawed software design and implementation, and weakness in protecting information within software and hardware. This research proposes to develop the area of software security - protecting functional objects from vulnerabilities by means of fully automated software and hardware transformations. The approaches proposed in this research attempt to build a novel and theoretically sound foundation to this field.
First, this research considers the broad area of software transformations to counteract security vulnerabilities caused by flaws ("bugs") in software. In particular, this project will develop theoretical foundations and tools for preventing attacks which exploit flaws to gain control of remote systems. More generally, this research will aim to classify the security that computationally limited software transformations can provide.
Second, this research considers the question of software and hardware privacy -- how to ensure that an adversary cannot learn important secrets by examining software or hardware. In this case, this research will study transformations such that, when the attacker gains access to the transformed software or hardware, it cannot learn specific secrets embedded in the original software or hardware, such as cryptographic keys or potentially even secret algorithmic techniques. This research will propose such transformations for hardware and software under various assumptions, and seek to determine when such protection is impossible.
