

Self-repairing software tackles malware - lbenes
http://www.sciencedaily.com/releases/2014/11/141113140011.htm

======
mattlutze
How much research has been done/published in self-aware programs like this?
Even on a smaller scale, it'd would seem particularly useful to have programs
watch themselves for attack and self-repair.

Depending on how A3 works, or something like it would work, I wonder at the
level of increased complexity in not only building the "EMT" services in a way
to notice something is wrong and to fix it, but building it in a way where
those services compare the intent of the program against the actual program
and identify ways to improve it.

~~~
xyzzy123
In the general case, if you have deployed software which has to work in the
face of an arbitrary, integrity damaging attack, you're going to lose.

That's because the attackers get to test their arbitrary code execution
against your widely deployed countermeasure (e.g. AV with heuristics, EMET,
whatever) until they win. You are the Maginot Line, and they are XYZ.

Funnily enough though, security through obscurity / unusual security measures
do beat a lot of canned attacks.

Regehr does cool work on software validation though - it might do what it
says. I hope he jumps into this thread and tells us what's actually up :)

~~~
JoeAltmaier
That sounds like giving up - no well-known defense can possibly work. So the
attackers always win? I don't believe it.

~~~
unclebucknasty
I don't know about giving up, but it is very much cat and mouse. Over a long
enough timeline, the bad guys will generally score, prompting another round of
counter-measures.

So, it's not that the defenses can't possibly work. It's actually that they
do, until they don't.

------
JoeAltmaier
Pretty vague - it stops 'unusual activity'. How is that defined? What if I
actually mean to do some unusual activity? This technique has specific
application, and its not for a busy server undergoing frequent configuration.
Might work fine in production (until you want to update production; then it
undoes your changes?)

------
saneem
>The A3 software is open source, meaning it is free for anyone to use

It would be interesting to look at. Links?

~~~
eli173
Looks like what's publicly available can be found here:

[https://www.flux.utah.edu/project/a3](https://www.flux.utah.edu/project/a3)

