CML proposes to extend its current work in dynamic kernel monitoring for attack recognition and mitigation. The focus of this proposal is on mitigating the effects of an attack on executing software process by an individual user. The object of interest is the mapping of the activity of a user of a software system onto a model of their normal use of this software. In the construction of a mathematical model of certified software activity there two distinct sources of variation in the actual execution vocabulary of the software
Keywords: Dynamic Software Measurement, Software Protection, Software Security