Windows app-security tool moves from lab to market
IT managers have long sought an easy way to broadly secure Windows applications. Now government-developed software that prevents the most common control-hijacking attacks against widely used applications like browsers, business tools and document readers has been licensed by a private cybersecurity company and will soon be offered as part of an enterprise security suite.
Timely Randomization Applied to Commodity Executables at Runtime (TRACER) is transitioning from the MIT Lincoln Laboratory -- the Defense Department's research and development center -- to the commercial marketplace under the Department of Homeland Security Science and Technology Directorate’s Transition to Practice program. TTP helps commercialize promising technologies from federal laboratories, federally funded research and development centers and universities.
TRACER is easy to install, seamless to operate and "does not interfere with normal maintenance, patching, software inventory, or debugging facilities of an enterprise network," MIT News reported. "And, perhaps most importantly to companies, TRACER does not require access to the source code or modification of the Windows operating system."
TRACER works by automatically re-randomizing applications’ sensitive internal data and layout every time output is generated. Rather than employing a one-time randomization technique that hackers can subvert, "TRACER renders leaked information stale and resists attacks that can otherwise bypass randomization defenses," MIT officials said.
Since its launch in 2012, the TTP program has transitioned more than a dozen federally funded cybersecurity technologies to the private sector and helped create several cybersecurity startups.
Connect with the GCN staff on Twitter @GCNtech.