Brendan Saltaformaggio leads a $10M DARPA-funded effort to update critical defense software.

Brendan Saltaformaggio and Amit Sikder stand and look at a large screen displaying computer code. (Photo: Candler Hobbs)

Brendan Saltaformaggio, left, and Amit Sikder are working on a $10 million DARPA project to unpack legacy software systems, incorporate updates, and redeploy them in weeks or months rather than years. (Photo: Candler Hobbs)

Software updates are a ubiquitous part of our lives.

That’s true at home and at work. And it’s true for the critical systems the U.S. Department of Defense relies on to protect the nation.

Think about all the highly sophisticated systems that power drones or fighter jets or even secure authentication programs. Many of those systems are custom software developed at great expense. Which means updating them isn’t as easy as downloading the latest software patch and clicking “Install.”

It often requires a time-consuming rewrite or reverse engineering process that costs even more time and money. But not if a team of Georgia Tech engineers and cybersecurity researchers are successful. They’re among the teams working to speed up the process with a $10 million Defense Advanced Research Projects Agency (DARPA)-funded effort to unpack these legacy systems, incorporate updates, and redeploy them in weeks or months rather than years.

“The U.S. government has this tremendous problem where they put tons of research and development into cutting edge software, and then two years down the line, it needs to be updated or applied to a new platform or it needs patches. We can’t just go back to the drawing board and rewrite all of our software every few years,” said Brendan Saltaformaggio, an associate professor in the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering (ECE).

That’s more or less how things work now, with government contractors reverse engineering software, figuring out the logic behind it, and making updates. It’s a process that can take years, Saltaformaggio said, “and a lot of times, by the time they do all that, things have continued to improve. They're always behind the eight ball.”

About halfway through the five-year project, the team of Georgia Tech engineers, computer scientists, and cybersecurity researchers has a prototype pipeline that uses Tech-developed software analysis techniques to automate significant portions of the process.

What used to take years happens in weeks, days, or hours, in some cases. And the updated software also is more efficient, according to SCP Research Scientist Amit Sikder.

Amit Sikder and Brendan Saltaformaggio in front of the orange CODA letters outside the CODA Building in Midtown Atlanta. (Photo: Candler Hobbs)

“Were actually reducing the total size of the code base by 60%. And were doing that within 2 1/2 hours to 3 hours,” Sikder said. “So, it is really easy to deploy in real life systems.”

What makes the team’s approach possible is a technique called “distillation.” It’s built on research in Saltaformaggio’s lab called binary analysis that can take the ones and zeroes of a software program — that file with a .exe at the end, which is called a binary executable file — and “distill” the original human-readable software code.

The idea is to capture what the software is actually doing and represent that in a way that researchers and coders can understand, manipulate, and update.

“We lift this binary executable into a HAR, a highly abstract representation. Its essentially a data file that a software engineer or researcher can look at, they can understand what the code does, and they can make changes,” Saltaformaggio said. “You get this HAR into a place that youre happy with, youve added your features, and youre ready to deploy it. Our pipeline reassembles it into another executable binary that can be redeployed in place of the original.”

Along the way, the team’s algorithms comb through the HAR and do things like remove old code that’s no longer necessary.

“A human probably would not even be looking for that, but because the technique itself is doing this distillation, you can leave behind a lot of code you're not going to need going forward,” he said. “You don't want Windows 95 coming along with your Windows 11 installation, right? We can do that process automatically with this distillation pipeline.”

The researchers also built a suite of verification tests to prove the new program functions properly and can safely replace old software in jets, drones, or desktop computers.

Georgia Tech is one of just two teams working on all three areas of DARPAVerified Security and Performance Enhancement of Large Legacy Software (V-SPELLS) program — lifting the software’s functions into a HAR, making updates, and then proving the new program works. They’re collaborating with other teams focused on just one of those areas, too, to improve the overall results.

With the prototype and about three years left on the project, the team is improving usability. Soon, they’ll work with the U.S. Navy on testing the various approaches. Saltaformaggio said it’s still a nascent area of research — “bleeding-edge,” as he put it — but the idea is to give DARPA a robust pool of techniques.

Sikder said their ideas could extend beyond defense software to almost any industry, especially with the rapid development of new kinds of powerful computing hardware.

“You wouldn’t need to actually develop full stack software. You could just use the distillation process, add your new features, and thats it: Its compatible with new hardware,” he said, noting the technique also can help improve security.

“Were actually developing a platform that users can easily change the security properties and make more secure software for everyday use.”

Blank Space (medium)
(text and background only visible when logged in)

Related Content

New Fellowships Support High-Impact Cybersecurity Research

Cohort’s five faculty members will help grow the College’s work in cyber-physical systems security.