An innovative approach protects closed-source Windows applications against cyber attacks by automatically and transparently re-randomizing sensitive internal data.

MIT Lincoln Laboratory is among the winners of the 2020 Stratus Awards for Cloud Computing. The Business Intelligence Group presented 38 companies, services, and executives with these awards that recognize leaders in cloud-based technology. The Laboratory won for its development of TRACER (Timely Randomization Applied to Commodity Executables at Runtime), software that prevents cyber attackers from remotely attacking Windows applications.

This is a photo of Hamed Okhravi with the Stratus Award trophy.
Hamed Okhravi, project lead for the TRACER cloud-security application, holds the trophy presented to Lincoln Laboratory for this award-winning technology.

Since 2012, the Business Intelligence Group has acknowledged industry leaders with several awards for innovation in technology and services. With the move of so many business and institutional functions to the cloud, the Stratus Awards were initiated to recognize companies and individuals that have enabled effective, secure cloud-based computing.

Maria Jimenez, chief nominations officer of the Business Intelligence Group, said, "We now rely on the cloud for everything from entertainment to productivity, so we are proud to recognize all of our winners. Each and every one is helping in their own way to make our lives richer every day. We are honored and proud to reward these leaders in business."

TRACER addresses a problem inherent in the immensely popular Windows' commodity applications: all installations of these applications look alike so cyber intruders gain the ability to compromise millions of computers simply by "cracking" into one computer. In addition, because more than 90% of desktop computers run Microsoft Windows with closed-source applications, many cyber protections that rely on having the source code available are not applicable for these desktop systems.

The patented TRACER technology re-randomizes sensitive internal data and layout at every output from the application. This continuous re-randomization thwarts attempts to use data leaks to hijack the computer's internals; any information leaked by the application will be stale when attackers attempt to exploit it.

TRACER's R&D was led by Hamed Okhravi of Lincoln Laboratory’s Secure Resilient Systems and Technology Group and included contributions by Jason Martin, David Bigelow, David Perry, Kristin Dahl, Robert Rudd, Thomas Hobson, and William Streilein.

"One of our primary goals for TRACER was to make it as easy to use as possible. The current version requires minimal steps to set up and requires no user interaction during its operation, which we hope facilitates its widespread adoption," Okhravi said.

The software has been made available via a commercial company. For its innovation and potential to revolutionize the cybersecurity field, TRACER was named a 2020 R&D 100 Award winner by R&D World. TRACER was also honored with MIT Lincoln Laboratory's 2019 Best Invention Award.