ARTCAT (Autonomic Response To Cyber-Attack) is a defense-in-depth solution that monitors running applications and ensures they act as expected. At the core of ARTCAT are specifications that describe correct behavior for individual applications. These are automatically mined from correct program executions, with optional human input. When a program violates a specification, ARTCAT mitigates the problem with an automatic response. Response capabilities range from fast, simple fixes at the time and location of the error, to process-level actions and long-term repairs directed by a Reasoning Engine.
The full ARTCAT system includes:
Modern runtime security solutions in the same space include Security Information and Event Management (SIEM) and Runtime Application Self-Protection (RASP) systems. State-of-the-art tools focus on observable artifacts (e.g., network traffic and program output), which facilitates wide deployment but limits the scope of offered protections. ARTCAT is capable of deep program state introspection, allowing customization of monitors and protections. In addition, because ARTCAT specifies and allows only correct behavior, it protects against both known and unknown attacks.
The video below is a presentation of Tiffin and mgen, core technologies underlying ARTCAT and other GrammaTech autonomic projects. The presentation was originally given at the HCSS 2022 conference.
This material is based upon work supported by the Navy and the Office of Naval Research under Contract(s) No. N68335-19-C-0200, N00014-15-C-0126 and N00014-14-C-0261. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Navy or the Office of Naval Research.