DAHLGREN, Va. As software systems become more commonplace and increasingly complex, so does the need to ensure they are secure and operating efficiently. A team of student engineers at Virginia Tech are investigating ways to mitigate cyber vulnerabilities and verify that defense measures do not interfere with a systems functional ability.
Professor Binoy Ravindrans team of undergraduate and graduate students are entering the final year of their Naval Engineering Education Consortium (NEEC) effort in partnership with Naval Surface Warfare Center Dahlgren Division (NSWCDD).
Through NEEC, warfare centers partner with academia, utilizing the brightest minds of today in tackling some of the most pressing challenges of tomorrow. Ravindrans NEEC project is comprised of five distinct mini-projects that all serve one ultimate goal deliver effective, secure software solutions.
Most NEEC projects are proposed by researchers and accepted by their technical counterparts at a warfare center. NSWCDD Warfare Control and Integration Department Head Dr. John Seel proposed the projects main focuses to Ravindran, making this particular NEEC investigation unique.
One tried and true method of improving software security is reordering components of the software in a way that allows the software to perform the same action as before, but in a different way. This method is referred to as software diversification or "scrambling."
"Dr. Seel asked me if we could find some solutions that verify that scrambled code and non-scrambled code are performing with the same functionality, said Ravindran. Say a contractor is delivering an updated combat system with a scrambled version of code that is meant to be more secure. With the technique that one student researcher is developing, Dr. Seel would then be able to verify that the two versions of the code are indeed doing the same thing."
This verification technique is still in its early stages of development. Should it mature, however, the technique could evolve into a polished software structure with a definite positive impact on the systems delivered to the warfighter."Formal verification techniques are very relevant to the Navy as they enable us to prove that software meets our requirements and is secure before we install the software on an operational asset, said Seel. That in turn provides a more secure ship with higher availability and lower cyber risks to the fleet."
Another core investigation of the NEEC project dives into ways to improve the security of known vulnerabilities of the Linux operating system in device drivers. Device drivers, usually developed by thirdparty organizations, provide the critical functionality of interfacing with external devices but often are not developed with the necessary security and privacy best practices. By continuously randomizing the drivers location in the systems memory, the aim is to mitigate risk.
This three-year NEEC project is one of eight active projects partnering with NSWCDD, two of which are based at Virginia Tech. Through successful research partnerships like these, NEEC affords the warfare center access to top talent and exposes students to a potential path to working in the Department of Defense."Working with Virginia Tech and Dr. Ravindrans team is excellent," said Seel. "The students have done a terrific job on research leading to state-of-the-art advances and excellent publications. The teams are motivated and provide us an excellent place to recruit new talent for the Navy."