Helix: Transitioning Helix from Research to Practice

Funding Agency: Air Force Research Laboratories, Rome, New York.

Award: $676,878
Dates: 27-FEB-2013 through 26-OCT-2014

Stacks Image 19
Security weaknesses in DoD information systems remain a major challenge for system stakeholders. We have advanced the transition of technology developed under the Helix and PEASOUP projects to protect Air Force systems of interests. The results are expected to be an asset that, if widely deployed by the DoD, would enable a high level of confidence in the security of DoD systems, in particular, confidence that certain classes of critical vulnerabilities were no longer subject to possible exploitation.

Weaknesses in software code (such as memory overwriting errors, fixed-width integer computation errors, input validation oversights, and format string vulnerabilities) remain common. Exploiting these weaknesses, attackers are able to hijack an application's intended control flow to violate security policies (exfiltrating secret data, allowing remote access, bypassing authentication, or eliminating services). To mitigate and defend against attacks that seek to exploit such weaknesses, we have developed the Helix architecture. Helix represents the culmination of over 10 years of R\&D with support from Defense Advanced Research Projects Agency (DARPA), the National Science Foundation (NSF), the Army and the Air Force, and ongoing support from the Intelligence Advanced Research Projects Agency (IARPA).

We have leveraged the opportunity to take the Helix architecture one step closer to deployment in real systems by developing a completely automatic system for securing applications against attack by well-funded, determined malicious adversaries. Helix armors binary programs and protects them from attacks which could arise from the inevitable vulnerabilities that remain after deployment. Source code of the application to be protected is not required nor are any other development artifacts.These features make Helix of particular value for software systems that have to be used but for which no development information is available.

The key security technologies used by Helix are protective transformations and targeted recovery. The protective transformations are applied to application binaries before they are deployed. Conceptually, these transformations are tailor-made, lightweight ``armor'' that prevent an attacker from exploiting residual vulnerabilities in a wide variety of classes. Helix uses novel, fine-grained, high-entropy diversification transformations to prevent an attacker from successfully exploiting vulnerabilities. To prevent attacks from causing the system to act in undesirable ways, such as crashing or performing unintended actions, Helix also provides custom-made, application-specific remediation strategies that may be invoked in the event of an attack.

Helix is implemented using either dynamic binary transformation or static binary rewriting Diversification is applied to the subject binary program prior to deployment. When in use, binary translation ensures that the functionality of the software as seen by the user is identical to the original program. The mechanism of dynamic binary translation is heavily protected against direct attacks. Helix has several major strengths:
  • it is applied to binaries and does not depend on particular languages, compilers, or libraries,
  • it is complementary to other security techniques including inspection, static analysis and testing,
  • it requires no changes to the software development process, and
  • preliminary performance measurements show that the armoring provided by Helix is lightweight incurring modest run-time performance overhead of around 10% for dynamic rewriting and 3% for static rewriting.
Salient features of Helix include applying high-entropy randomization techniques, automated program repairs, leveraging highly-optimized virtual machine technology, and in general, developing a novel framework for program analysis, transformation and composition.

Stacks Image 16