ThornedThymus: An Adaptive Immune System for the Software Supply Chain

Domingo Colon | 22-SI-005

Executive Summary

We will develop and demonstrate quantitative and measurable software assurance capabilities that address the integrity gaps present in the complete software acquisition and operations lifecycle. These capabilities will help ensure that software applications perform only the intended functionality and are free from unexpected and unintended behaviors, both those formed by malicious intent and by developer oversight.

Publications, Presentations, and Patents

J. Allen, M. Bielejeski, W. Berrios, R. Verdon, J. Donaldson, and G. Sanders,“Multi-Level Binary Embedding Generation” (Poster Presentation, Malware Technical Exchange Meeting, Livermore, CA, 2023). LLNL-POST-852116.

J. Allen, R. Verdon, and J. Donaldson, “Modern-Scale Datasets for Malicious Behavior Analysis” (Poster Presentation, the Malware Technical Exchange Meeting, Livermore, CA, 2023). LLNL-POST-852070.

J. Bernstein and G. Sanders, "Fuzzing Binaries with the Bradley-Terry Model” (Poster Presentation, the Malware Technical Exchange Meeting, MTEM, Livermore, CA, 2023). LLNL-POST-851659.

M. Hill, E. Kritharakis, and G. Sanders, “Using Graph Neural Network Explainability to Understand Malware” (Poster Presentation, Malware Technical Exchange Meeting, Livermore, CA, 2023). LLNL-POST-852120.

Lawrence Livermore National Laboratory

| 7000 East Avenue • Livermore, CA 94550 | LLNL-WEB-846698

Operated by the Lawrence Livermore National Security, LLC for the Department of Energy's National Nuclear Security Administration Learn about the Department of Energy's Vulnerability Disclosure Program