Vibrance

Team:

• Kestrel Institute (prime)
  • Alessandro Coglio (PI)
  • Marcel Becker
  • Stephen Fitzpatrick
  • Limei Gilham
  • Cordell Green
  • Eric McCarthy
• Kestrel Technology
• CSAIL MIT

The VIBRANCE (= vulnerabilities in bytecode removed by analysis, nuanced confinement, and diversification) tool automatically hardens Java bytecode to make it resistant to certain classes of vulnerabilities. VIBRANCE uses static and dynamic analysis to find vulnerable code, run-time confinement to prevent exploits of the vulnerable code, and diversification to increase the difficulty of attacks.

Additional information:

• A one-page summary.
• A summary presentation.
• A demonstration video.
• The project’s final report.

Publications

AutoRand: Automatic Keyword Randomization to Prevent Injection Attacks
Jeff Perkins, Jordan Eikenberry, Alessandro Coglio, Daniel Willenson, Stelios Sidiroglou-Douskos, and Martin Rinard
July 2016
13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
{Description of an approach to automatically harden Java applications against injection attacks by randomizing the injectable keywords within the application.}