We propose a tool to capture applications requirements with respect to the enforcement of network security policies in an object-oriented design language. Once a design captures clear, concise, easily understood network requirements new technologies become possible, including network transactions and user-driven policies to remove rarely used network permissions until needed, creating a least privilege in time policy. Existing security enforcement policies represent a model of all allowable behavior.
We are developing the FUZZBUSTER system to automatically identify software vulnerabilities and create adaptations that shield or repair those vulnerabilities before attackers can exploit them. Adaptive cybersecurity involves efficiently improv- ing software security to minimize the window of attack, and also preserving software functionality as much as possible. This paper presents new tools that have been integrated into FUZZBUSTER adaptive cybersecurity.
Keywords: cyber defense, adaptive security, security metrics, filter generation.