Patching Legacy Software Vulnerabilities Rapidly in Mission-Critical Systems

The Assured Micropatching (AMP) program seeks to address these challenges and accelerate the process of patching legacy binaries in mission-critical systems and infrastructure. AMP aims to develop tools and methodologies for analyzing, modifying, and fixing legacy software in binary form with the assistance of assured, targeted “micropatches.” Micropatches are small patches that change the binary as little as possible in order to achieve an intended objective while also minimizing the potential side effects of the fix. AMP aims to create breakthrough technologies to reason about these small software fixes and, perhaps most importantly, provide proofs to assure that the system’s original baseline functionality is not lost or altered by the fix.

“Think of how many times you have updated software on your personal device and the update inadvertently caused some of the software to stop working, or worse, “bricked” the device. With current patching approaches, we are not given the assurance that the system will continue working as intended after the fix is applied. Assured Micropatching aims to create and apply fixes in an automated and assured way, giving us a means to expedite the time to test and deploy the patched system from months and years to just days,” said Bratus.

To enable the creation and rapid implementation of assured micropatches, the AMP program will explore novel breakthroughs in binary decompilation and analysis, compiler techniques, and program verification. Today, engineers utilize software decompilers to understand the executable binary, which is a key step in the process of patching legacy software. While helpful, today’s decompilers are largely heuristic and only able to generate a “best guess” at what the original source code may have been like. AMP seeks to develop goal-driven decompilation, which would use existing source code samples, any available knowledge of the original build process, and other historic software artifacts to improve decompilation and direct it towards a specific goal, such as situating a known source code patch. By being able to guide decompilation, an engineer developing a binary micropatch is better able to translate knowledge of flaws from the source code to the binary, accelerating the identification, analysis, and repair of vulnerabilities in the binary.

In addition to goal-driven decompilation, AMP aims to develop “recompilers” that compile the desired source-level change against the existing binary and provide assurances that the intended functionality of the software is maintained after it is patched. Today, it is difficult to analyze changes in the binary as compilers take a clean-sheet approach – throwing out the existing binary and starting from scratch with each analysis. The AMP program will work to develop recompilers that preserve the binary as much as possible when the patch is applied and analyzed. Once a fix is applied, the novel recompilers will analyze the effects to ensure it does not disrupt the baseline functionality of the software.

“To ensure the tools and techniques in development work as intended, AMP will run a number of challenges throughout the life of the program,” DARPA says. “The challenges will explore various cyber-physical mission-critical system use cases, and assess how effective the technologies are at rapidly patching legacy systems.”