RTX BBN Technologies to develop tool that
compartmentalizes software systems to prevent escalation of
cyberattacks
CAMBRIDGE, Mass., Nov. 7, 2024
/PRNewswire/ -- RTX's (NYSE: RTX) BBN Technologies was awarded a
contract to support DARPA's Compartmentalization and Privilege
Management, or CPM, program. The CPM program aims to enhance cyber
resilience by automatically subdividing software systems into
smaller, secure compartments, preventing initial breaches from
escalating into successful cyberattacks while maintaining system
efficiency.
According to the U.S. Government Accountability Office, the U.S.
Department of Defense has experienced more than 12,000 cyber
incidents since 2015. These incidents threaten personal privacy as
well as national security. The most common exploit involves a
hacker gaining access to a system and then taking advantage of
coding errors that allow them to escalate their system privileges
to gain access to sensitive data or to take control of the
system.
Under CPM, BBN is developing the Analysis and Restructuring for
Containment (ARC) tool to thwart unauthorized privilege escalations
and lateral movements within software systems. ARC will be
engineered to automatically analyze large code bases and construct
smaller, secure compartments. By applying the principle of least
privilege at a sub-program level, the tool will ensure that only
the minimum access necessary is granted for code to execute. This
approach to software security will significantly limit the scope of
potential damage in the event of a successful infiltration of the
software.
"Today's complex attack surfaces and increasingly sophisticated
cyberattacks mean that even a single point of vulnerability can
compromise an entire system," said Aaron
Paulos, BBN principal investigator. "Our solution will
enhance the security of critical software systems while preserving
performance, which is essential for maintaining operational
readiness. The goal is to create compartments that isolate risks,
making systems more resistant to cyberattacks."
A key element of the program is the requirement to minimize the
impact of compartmentalization on overall performance while
producing secure, tight compartments. To achieve this, ARC will
generate solutions that balance multiple objectives. For instance,
some parts of software application will require performant access,
while others might introduce significant exposure to risk. The tool
will enable system administrators to selectively apply security
measures to those areas deemed most critical, as a way of managing
the trade-offs between performance and security.
ARC builds on several unique capabilities from BBN's prior work
in cybersecurity and software analysis. The team intends to
integrate capabilities that use:
- Automated program analysis to assess and identify potential
threats in software, ensuring thorough evaluation and
security.
- Verifiable program restructuring to improve security and
controls, including adjustments to memory and function usage.
- Automated reasoning to develop effective security solutions by
exploring different options and balancing performance with risk
management.
The BBN-led team includes Northwestern
University, George Washington
University and Kestrel Institute. Work on the program will
be completed in Cambridge,
Massachusetts; Evanston,
Illinois; Washington, D.C.;
and Palo Alto, California.
This material is based upon work supported by the United States
Air Force and DARPA under contract number FA8750-23-C-B031. Any
opinions, findings, and conclusions or recommendations expressed in
this material are those of the author and do not reflect the views
of the United States Air Force and DARPA.
About RTX BBN Technologies
Founded in 1948, RTX BBN Technologies provides advanced technology
research and development with a focus on national security
priorities. From the ARPANET to the first email, through the first
metro network protected by quantum cryptography, BBN consistently
transitions advanced research to produce innovative solutions for
its customers. BBN takes risks and challenges conventions to create
solutions in analytics and machine intelligence, networks and
sensors, intelligent software and systems, and physical
sciences.
About RTX
With more than 185,000 global employees, RTX pushes the limits
of technology and science to redefine how we connect and protect
our world. Through industry-leading businesses – Collins Aerospace,
Pratt & Whitney, and Raytheon – we are advancing aviation,
engineering integrated defense systems for operational success, and
developing next-generation technology solutions and manufacturing
to help global customers address their most critical
challenges. The company, with 2023 sales of $69 billion, is
headquartered in Arlington, Virginia.
For questions or to schedule an interview, please contact
corporatepr@rtx.com
View original
content:https://www.prnewswire.com/news-releases/darpa-taps-rtx-to-strengthen-cyber-resiliency-302298844.html
SOURCE RTX