Software Assurance Testing

To control the costs of software development for critical applications, organizations are turning to external sub-contractors and COTS software. However, the uncertain pedigree of purchased software and the lack of auditable source code leads to the possible presence of exploitable vulnerabilities and malicious code that represent unacceptable security risks. To mitigate this threat, ATC-NY is developing the EXploit And Malware INcubator (EXAMIN), a tool to assist in the safe triggering and detection of stealthy malicious code and vulnerabilities in binaries prior to deployment.

EXAMIN consists of two main components:

1. an isolated sandbox built using a network of virtual machines (VMs) that is capable of closely simulating deployment environments, and
2. an instrumentation system that monitors and records an executable's activity inside the sandbox.

The instrumentation employs VM introspection, an emerging technology for analyzing the internal state of a VM from the host system. Introspection provides a higher level of assurance security monitoring than existing host-based systems.

EXAMIN will greatly improve assurance levels for both producers and consumers of security-sensitive software.