Advanced Adaptive Application Environment

The A3 (Advanced Adaptive Applications) Environment is developed under the DARPA Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) program. A3 makes network-facing services and applications resilient against zero-day attacks by containerizing the defended application, subjecting its input/output interactions to mandatory mediation, execution introspection, and defensive adaptation.
Apart from the protection and awareness provided bymandatory I/O mediation and execution monitoring, A3 environment records the network inputs, performs periodic checkpointing of the protected application, and offers a laboratory area for replay-based experimentation.
If and when a zero-day successfully penetrates the existing defenses in the network and A3's protective mechanisms and manifests in an undesired condition (detected by deployment specific policy, or reported by human operators), A3 restarts the protected application with a past checkpointed state, and uses the laboratory area for replay-based experiments to: With suitable application and deployment specific definition of unwanted conditions, defined in terms network (e.g., reaching out to specific IP, or a new listening port being open), disk (e.g., rate and volumes of writes), and execution behavior (e.g., abnormal exits, out of character (profile) function or system calls), A3 can automate the entire post-incident workflow starting with detecting the manifestation to installing a valid patch.

Success Stories

Thrusts