The US Defense Advanced Research Projects Agency (DARPA) has contracted RTX’s BBN Technologies to develop a tool to boost its digital defenses.
The contract supports DARPA’s Compartmentalization and Privilege Management (CPM) program, which aims to prevent the escalation of initial cyber threats into a full-blown attack while maintaining system efficiency.
BBN supports this goal through its development of the Analysis and Restructuring for Containment (ARC) tool, which hinders threats’ escalation and lateral movement within the software system.
By applying the principle of least privilege at a subprogram level, the tool automatically analyzes large amounts of code and divides that into smaller, secure sections.
Doing this limits cyber attacks and damage to a specific compartment instead of allowing them to spread throughout the whole system.
Additionally, ARC will create solutions to maintain a balance between efficient performance and security.
For example, some parts may need to work or respond quickly while others may be at risk of cyber attacks. ARC’s solution is to help system administrators selectively apply security measures in critical areas.
The tool also builds on special features from BBN’s related work in the past, such as automated program analysis, verifiable program restructuring, and automated reasoning.
“Today’s complex attack surfaces and increasingly sophisticated cyberattacks mean that even a single point of vulnerability can compromise an entire system,” BBN principal investigator Aaron Paulos pointed out.
“Our solution will enhance the security of critical software systems while preserving performance, which is essential for maintaining operational readiness. The goal is to create compartments that isolate risks, making systems more resistant to cyberattacks.”
