1. Field
The present application relates generally to systems, methods, and media for software automated remediation of faults and attacks.
2. Background Art
Software faults and vulnerabilities continue to present significant obstacles to achieving reliable and secure software. Most software applications lack the ability to repair themselves during an attack, especially when attacks are delivered through previously unseen inputs or exploit previously unknown vulnerabilities. Computer defense systems detect several types of malicious behavior that can compromise the security and trust of a computer system, and most commonly crash the process that they protect as part of their response to these attacks.
Self-healing software involves the creation of systems capable of automatic remediation of faults and attacks. In addition to detecting and defeating an attack, self-healing systems seek to correct the integrity of the computation itself. Self-healing counter-measures serve as a first line of defense, while a slower but potentially more complete human-driven response takes place. The workflow of most self-healing mechanisms involves recognizing a threat or an attack, orienting the system to the threat by analyzing it, adapting to the threat by constructing appropriate fixes or changes in the system state, and finally responding to the threat by verifying and deploying those adaptations.
Techniques that employ self-healing mechanisms face a few obstacles before they can be deployed to protect and repair legacy systems, production applications, and Commercial Off-The-Shelf (COTS) software. For example, an obstacle preventing this deployment is when the self-healing system makes changes to the application's source code. Moreover, another obstacle is presented when the semantics of program execution are not maintained close to the original intent of the application's author. Additionally, self-healing systems not compatible with applications that communicate with external entities beyond the control or logical boundary of the self-healing system cannot be widely deployed. Finally, it is important for systems to employ detection mechanisms that can indicate when to supervise and heal the application's execution.