Enabling national security through advanced software analysis and understanding
Software has found its way into nearly every aspect of society, including household appliances, consumer electronics, industrial control systems, and self-driving vehicles. Consequently, protecting life, welfare, and liberty now requires answering many critical questions about software security. Answering these security "mission" questions requires understanding software, including its purpose, its capabilities, its flaws, its communication, or how it processes and stores data. As software continues to grow larger, more complex, and more widespread, our ability to answer such important questions in a timely way is falling behind.
Today, to achieve such understanding of security-critical, third-party software, we rely predominantly on the ability of reverse engineering experts to manually answer a variety of questions for every software system of interest. This approach often requires heroic human effort that nevertheless fails to meet current needs and will never scale to meet future needs. The result is an emerging crisis: a massive and expanding gap between the security mission questions we must answer about software and our capabilities to answer them.
We need a national-scale effort to develop reusable software analysis capabilities that scale to realistic mission questions and apply across mission boundaries rather than the limited, isolated one-off approaches we have today. Human analysts must be able to quickly and effectively leverage a growing ecosystem of interconnected tools to solve our many mission questions. Ideally, the tool ecosystem would accommodate rapid integration of new analysis components and the specialization of existing components to new software analysis tasks.
Sandia National Laboratories has established the Rapid Analysis of Mission Software Systems (RAMSeS) initiative which seeks to understand how existing capabilities in software analysis, human factors, reverse engineering, formal methods, data science, and high-performance computing can be enhanced and combined to provide human analysts with an ecosystem of automated or semi-automated software analysis tools to rapidly answer new mission questions about third-party software. Focusing on static analysis of binary programs, we are attempting to identify reusable software analysis components that advance our ability to reason about software, to automate useful aspects of the software analysis process, and to integrate new methodologies and capabilities into a working ecosystem of tools and experts. We aim to integrate existing tools where possible, adapt tools when modest modifications will enable them to interoperate, and implement missing capability when necessary.
We plan to expand and change our research areas over time to aid our pursuit of a practical software analysis ecosystem that helps human analysts answer real questions about a wide range of real software.
The scale of the problem calls for a multi-faceted, collaborative effort and we sincerely hope that many software analysis and mission communities will join us in this grand endeavor.