Fecha de publicación:
28/02/2019
Fuente: WIPO "royal booby"
This disclosure provides for rapid deployments of application-level deceptions (i.e., booby traps) to implant cyber deceptions into running legacy applications both on production and decoy systems, with no downtime and minimal performance overhead compared with the original application. An application-level booby trap is a piece of code injected into an application, and which provides an active defense or deception in response to an attack. A booby trap does not influence program execution under normal operation, and preferably elicits a response that can be defined by a security analyst. In operation, a booby trap is compiled into a bitcode using a patch synthesis process, and it is then injected into a running application, where it is compiled further into machine code, and linked directly with the existing application constructs. The original function also is modified with a function trampoline, and subsequent calls to the original function are then directed to the new function. As easily as a deception (provided by the booby trap) can be deployed, it can be removed easily, thereby leaving no trace in the application.