Informed System Protection

Sammanfattning: Critical Infrastructure Protection (CIP) and Critical Information Infrastructure Protection (CIIP) are high-priority research areas in several international R&D efforts. There are different types of critical infrastructures, from physical such as the electrical power grid to virtual such as the Internet and other communication networks. For different reasons, such as deregulation and the achievement of increased flexibility, there is a strong trend to open up control and information exchange systems related to critical infrastructures. This creates a situation where the function of a physical infrastructure is dependent on the function of software and networks open to many different actors. Thus, to protect critical infrastructure, the software and networks that process information for these systems must be protected. Traditionally, software systems are protected primarily by means of identifying unwanted elements (a bug, a defect, a vulnerability or a fault depending on terminology) in the source, followed by manual removal of this part in a process which aims to create perfect software. For complex software systems it is hard, if not impossible, to identify every single unwanted element, and unless perfect software can be created, complementary approaches for software protection are required. One such complementary approach is to use additional information about the system, such as information about how the system executes, and to use this information to protect the execution of the system at a later stage. This permits use of non-perfect software in conjunction with critical applications since the second-layer defense can identify and prevent certain unwanted execution. In this thesis we present a methodology to obtain information from executing software that can be used to later protect the execution of that software. We present a set of technical mechanisms which illustrate how such protection can be employed in real executing software, and which address well-known problems such as buffer overflow and format string attacks. We also present an environment which supports the structured experimentation of software execution and protection in order to achieve higher resilience.