Timely Randomization Applied to Commodity Executables at Runtime (TRACER)
Established in 1963, the R&D 100 Awards is the only S&T (science and technology) awards competition that recognizes new commercial products, technologies, and materials for their technological significance that are available for sale or license. The R&D 100 Awards, celebrating the program's 60th Anniversary this year, has long been a benchmark of excellence for industry sectors as diverse as telecommunications, high-energy physics, software, manufacturing, and biotechnology. This 2022 R&D 100 winner is listed below, along with its respective category.
Category: Software/Services
Developers: MIT Lincoln Laboratory
United States
Product Description:Sophisticated, modern cyberattacks that hijack the control of a machine remotely heavily rely on the static and homogeneous nature of computer systems. Researchers at MIT Lincoln Laboratory developed Timely Randomization Applied to Commodity Executables at Runtime TRACER, a patented technology to prevent such attacks in closed-source commodity applications running on top of Windows operating system by automatically and transparently randomizing their key internal data and layout. Since vulnerable applications can leak how their internals have been randomized, it is crucial to continuously re-randomize these values. A time-based re-randomization would still be vulnerable because the leakage and the attack can happen within a short period of time. As such, TRACER implements an output-based re-randomization strategy to thwart a potential attacker. With this re-randomization strategy, any information leaked by the application will be stale when attackers attempt to exploit it. TRACER is lightweight, seamless to use and easy to install. It is sold as part of a security suite by Polyverse and is the recipient of MIT Lincoln Laboratory's 2019 Best Invention Award.
Developers: MIT Lincoln Laboratory
United States
Product Description:Sophisticated, modern cyberattacks that hijack the control of a machine remotely heavily rely on the static and homogeneous nature of computer systems. Researchers at MIT Lincoln Laboratory developed Timely Randomization Applied to Commodity Executables at Runtime TRACER, a patented technology to prevent such attacks in closed-source commodity applications running on top of Windows operating system by automatically and transparently randomizing their key internal data and layout. Since vulnerable applications can leak how their internals have been randomized, it is crucial to continuously re-randomize these values. A time-based re-randomization would still be vulnerable because the leakage and the attack can happen within a short period of time. As such, TRACER implements an output-based re-randomization strategy to thwart a potential attacker. With this re-randomization strategy, any information leaked by the application will be stale when attackers attempt to exploit it. TRACER is lightweight, seamless to use and easy to install. It is sold as part of a security suite by Polyverse and is the recipient of MIT Lincoln Laboratory's 2019 Best Invention Award.
TRACER Package Content