Software is now a critical part of our national security infrastructure. Critical DOD software systems that are compromised can put lives in jeopardy. With the threat of the insertion of unauthorized or malicious logic into critical software systems the ability to detect and expose such code is a significant concern. Any software that performs any function whether malicious or not is only useful when it interacts with the `outside-world'. A compromised program's best chance at exhibiting malicious behavior is through such outside-world interactions as well. Since most software where malicious behavior is a significant concern runs on structured environments such as commercial or publicly available operating systems (OS), this proposal presents methods to monitor software that interacts with the outside world via OS system calls and library interfaces. Methods and tools are described that allow the activity of programs to be monitored, statistics gathered, patterns of use gathered, usage patterns monitored, abnormal behavior detected, and reactive security measures initiated. Tools are also identified to assist in this process.
Keywords: Malicious And Erroneous Logic Detection, Attack Analysis Tools, Security Rule Generation Tools, Protection Method Insertion Tools, Software Application Self-Monitoring
