The article title is bad and misleading. Here is what DARPA (not the US) is looking for:
A system to analyze legacy binary applications and "slice" out the functional components allowing them to be encapsulated and run separately as part of new more secure systems. It is assumed that the source code for the legacy system was lost long ago.
Specifically Darpa is looking for :
- Automatically analyzing and identifying binary executable functional components.
- Automatically slicing and extracting identified binary functional components into reusable programming modules, including defined inputs and outputs.
eg. performing a "projection" of the program. removing all instructions not related to calculating the inputs to the functional component. This is also sometimes called dependence analysis or taint analysis and has ~30-40 years of research. see: Frank Tip, “A survey of program slicing techniques,” Journal of programming languages, vol. 3, 1995, p. 121–189.
- Combining static and dynamic binary analysis to increase understanding and function of binary executables.
- Exploring formal verification methods to prove functional component properties.
- Developing intermediate representation language to support program slicing.
- Developing core technology to enable exploration and research for the BET program.
and there are many other companies to benefit from this. reminds me a bit when i needed to reverse engineer a sourceless binary and write a wrapper to its important parts.
I'm sure a lot of source does get saved. Nevertheless, if your task were to secure legacy government systems as quickly and strongly as possible, you're going to pray for a breakthrough like this. It's not practical to walk up to a PC and, even with full authorization, dig up all the source code to the software that's running on it.
Even then, some things really are more noticeable by looking at the executable and often this is the side the attacker will be looking at. If you don't have the same or better capabilities than your adversary to analyze this side of it, you're effectively blind to your backside.
A decade or two ago, someone proved that it was impossible to accurately separate code from data in general x86 (and then made a tool that sort of almost worked as best he could, with something like 99% accuracy). Does it scare anyone else that we are apparently in the position of putting forward grants to solve known-impossible problems? :(
Sounds like an exciting way to drag old working binaries into the modern age, but how will they overcome dynamically linked libraries? Wouldn't they basically just be reimplementing WINE? How old are these apps? Ada? Fortran? Cobol? Win32? Maybe I'm just very ignorant on this subject.
I imagine a lot of work will involve simulating the execution environment. A WINE-like infrastructure might be a component of that, but I also hear about people doing this type of thing at the virtual machine level.
I would imagine that improved reverse engineering techniques would also help to dissect botnets, viruses, P2P networks, and other sorts of obfuscated software.
I'd rather believe that than believe that the DoD has lost a significant portion of its code base for its critical applications.
A better way to encapsulate and componentize older binary-only software is to create VM for them. VM is so prevalent these days. It's much easier to build a VM for older software than reverse engineering the old software.
A system to analyze legacy binary applications and "slice" out the functional components allowing them to be encapsulated and run separately as part of new more secure systems. It is assumed that the source code for the legacy system was lost long ago.
Specifically Darpa is looking for :
- Automatically analyzing and identifying binary executable functional components.
- Automatically slicing and extracting identified binary functional components into reusable programming modules, including defined inputs and outputs.
eg. performing a "projection" of the program. removing all instructions not related to calculating the inputs to the functional component. This is also sometimes called dependence analysis or taint analysis and has ~30-40 years of research. see: Frank Tip, “A survey of program slicing techniques,” Journal of programming languages, vol. 3, 1995, p. 121–189.
- Combining static and dynamic binary analysis to increase understanding and function of binary executables.
- Exploring formal verification methods to prove functional component properties.
- Developing intermediate representation language to support program slicing.
- Developing core technology to enable exploration and research for the BET program.