Public reporting burden for this collection of information is estimated to average 1 hour per response, incuding the time for reviewing instructions, searching eidsting dam sources, gathering and maintaining the data needed and corpleting and revewing this collection of information. Send comments regarding this burden estimate or any other aspect d this collection of information, including suggestion; for reducing this burden to Department of Defense, Washington Headquarters Services, Directoratefor Information Operations and Rsporta (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlngton, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS.
REPORT DATE (DD-MM-YYYY)2 Report developed under STTR contract for topic OSD06-SP2. AppMon represents a novel approach to monitoring the behavior of not-yettrusted applications that avoids the disadvantages of current approaches. It is based on a self-customizing monitor that constrains the application's use of computer resources. A self-customizing monitor learns how the application normally uses computer resources and does not interfere with normal use. However, when the application uses resources in an unusual way, AppMon prevents potentially harmful accesses. Self-customizing monitors satisfy three important requirements on application security monitors. First, the application can be run immediately without testing or training. Second, customization is automatic, so only minimal demands are made on the user and system administrator. Finally, the self-customizing monitors are applicable to a wide variety of applications, including those that read and write files, read and write registry keys, invoke other processes, and use the Internet.