How much research has been done/published in self-aware programs like this? Even on a smaller scale, it'd would seem particularly useful to have programs watch themselves for attack and self-repair.
Depending on how A3 works, or something like it would work, I wonder at the level of increased complexity in not only building the "EMT" services in a way to notice something is wrong and to fix it, but building it in a way where those services compare the intent of the program against the actual program and identify ways to improve it.
In the general case, if you have deployed software which has to work in the face of an arbitrary, integrity damaging attack, you're going to lose.
That's because the attackers get to test their arbitrary code execution against your widely deployed countermeasure (e.g. AV with heuristics, EMET, whatever) until they win. You are the Maginot Line, and they are XYZ.
Funnily enough though, security through obscurity / unusual security measures do beat a lot of canned attacks.
Regehr does cool work on software validation though - it might do what it says. I hope he jumps into this thread and tells us what's actually up :)
I don't know about giving up, but it is very much cat and mouse. Over a long enough timeline, the bad guys will generally score, prompting another round of counter-measures.
So, it's not that the defenses can't possibly work. It's actually that they do, until they don't.
Pretty vague - it stops 'unusual activity'. How is that defined? What if I actually mean to do some unusual activity? This technique has specific application, and its not for a busy server undergoing frequent configuration. Might work fine in production (until you want to update production; then it undoes your changes?)
Depending on how A3 works, or something like it would work, I wonder at the level of increased complexity in not only building the "EMT" services in a way to notice something is wrong and to fix it, but building it in a way where those services compare the intent of the program against the actual program and identify ways to improve it.