Avoiding malice with linguistics-inspired exploit testing
How to Avoid Malice Using Linguistics-Inspired Exploit Testing
US military analysts can better detect vulnerabilities in new IT devices with the HAMLET tool from Charles River Analytics.
The US military uses countless commodity IT products, such as printers, PCs, and mobile phones. These devices’ components are often built overseas and delivered to the military with little oversight, creating a significant risk of exploitable vulnerabilities.
Under DARPA’s VET program, we developed HAMLET to address this risk. The HAMLET tool analyzes potential vulnerabilities in firmware and other low-level software in IT products to objectively quantify the risks. HAMLET then uses this quantification to create highly optimized test plans to rule out risk as efficiently as possible.
Cyber analysts can use HAMLET’s objective risk assessments to prioritize their analysis, or to guide tabletop exercises.
“Military IT products are vulnerable to adversary cyberattacks; it’s a known industry problem with no easy answer. However, our HAMLET tool helps quantify risks objectively. Our current research into security assessments will be invaluable for the military.”
– Dr. Terry Patten, HAMLET Principal Investigator
HAMLET applies sophisticated linguistic grammars to cyber security to ensure that military devices, such as printers and routers, are safe.
The US military uses countless IT devices that are often built abroad from multiple components with limited oversight, and then shipped to the US. This supply chain can provide multiple opportunities for enemies to insert hidden malicious software. DARPA’s Vetting Commodity IT Software and Firmware (VET) program is addressing this vulnerability.
Identifying and Quantifying Cyber Risk
Under VET, Charles River developed the How to Avoid Malice Using Linguistics-Inspired Exploit Testing (HAMLET) tool. HAMLET identifies potential vulnerabilities, then objectively quantifies the risks. The tool applies advanced analysis techniques adapted from linguistics to represent the attack space and optimize test plans.
The HAMLET tool addresses three key components of the VET program:
- Support knowledge elicitation sessions to identify the kinds of malicious attacks that adversaries can make against commodity IT devices
- Use this knowledge to automatically identify vulnerability combinations or malicious code that might be used by an adversary to attack a particular device and its components
- Develop an efficient test plan that demonstrates the presence or absence of vulnerabilities or malicious code
Adapting Linguistics to Cyber Security
HAMLET borrows techniques from linguistics and applies them to cyber security. Functional linguists perform essentially the same type of hierarchical functional decomposition as security analysts. With their 100-year head start, linguists have developed sophisticated representations that address several critical limitations of current attack trees. HAMLET uses Systemic Functional Grammars as next-generation attack trees to quantify the attack space, and optimize comprehensive test plans.
Advancing New Technology
HAMLET’s test plans minimize the number of required tests and the amount of time expert analysts need to run them. HAMLET provides valuable cyber analysis for commodity devices, but it can also be applied to other applications—HAMLET is being used by AFRL to analyze avionics systems, it being adapted for cyber assessments during the design phase under DARPA’s CASE program and we expect it to transition to SPAWAR for tabletop cyber risk assessments.
Risk/Cost graph for an optimized test plan
HAMLET was highlighted in this Success Story:
Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)