Automated Cyber Security
From transforming a weakly-typed language to a strongly-typed language in a 100% automated fashion, to code hardening, to removing dead and redundant code that provides potential inroads for viruses and cyberthreats, TSRI offers a multi-tiered approach to ensuring the security and strength of your code set.
TSRI is the only company that can systematically remediate many classes of cyber security threats and vulnerabilities, without changing the function of the application in question. Following the transformation into modern code, we further strengthen systems by removing cyber security weaknesses and vulnerabilities through the systematic application of refactoring, both automated and semi automated, which can address a wide class of cyber security weaknesses.
Studio® is employed to achieve high levels of automation for the insertion of mitigations, and countermeasures to prevent unauthorized activity as well as to correct weaknesses and vulnerabilities in systems and platforms, both statically as well as dynamically. The toolset is also capable of rapid change and adaptation as new threats and methods are identified. With modifications, JANUS
Studio® has the capability to support continuous automated remediation of cyber threats, weakness, vulnerabilities and detection, as well as dynamic real-time protection against common attack patterns.
The aforementioned cybersecurity objectives can be accomplished with a high degree of precision and accuracy during the software modernization and post-modernization sustainment process. JANUS
Studio® can be enhanced to automatically correct, remediate and harden code, and design and architecture level cybersecurity threats, weaknesses and vulnerabilities. It can be extended to detect threats through the integration and utilization of 3rd party Cybersecurity weakness and threat detection tools. The toolset can dynamically interchange its findings with available secure registries for CWEs, CVEs, and CAPECs. The toolset also challenges vulnerable systems to determine their level of information assurance, and it will protect and harden vulnerable systems by means of automated remediation of the code, design and architecture of the application.
The technical steps to be taken in the automated cybersecurity process are:
- Generate an Application Blueprint® (AB) for the legacy system and legacy system to derive the design and architecture for the system as a whole.
- Analyze legacy system code for vulnerabilities using state-of-the-art cyber security assessment tools, and augment the AB with vulnerability annotations allowing the vulnerabilities to be identified in the legacy code using Object Management Group (OMG) threat assessment models.
- Transform the code of the legacy system to a type-safe modern language using JANUS Studio® code transformation services. Verify the transformed target code has not distorted functional fidelity (using instrumentation to rapidly detect functional deviation between the legacy and the transformed system).
- Generate the Transformation Blueprint® (TB) for the derived target system with derived design and architecture for the modernized system.
- Analyze transformed system code (in Java, C++ or other languages) for vulnerabilities using state-of-the-art Cyber Security assessment tools, and augment the TB with vulnerability annotations allowing these vulnerabilities to be identified in the target code using OMG threat assessment models.
- Verify the transformed target code has not distorted functional fidelity (using instrumentation to rapidly detect functional deviation),
- Develop attack patterns to compromise the legacy and target versions of the system.
- Compare robustness of the legacy and target systems version of the system when subjected to attacks from the attack library.
- Develop and apply refactoring rules as counter measures against cyberattacks.
- Compare the legacy and refactored target versions to assess the robustness of the counter measures.
- Iterate steps 5 through 10, measuring incremental improvement of robustness with each successive refinement cycle.
- Generate a refreshed Transformation Blueprint® augmented with indices that allow comparative measurement of successive generation of robustness enhancements.