Computing legacy software behavior to understand functionality and security properties: an IBM/370 demonstration

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address current cyber threats. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation on a demonstration project to compute behavior of legacy IBM Assembly code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities for code modernization. This paper reports on the first phase, to define functional semantics for IBM instructions and conduct behavior computation experiments.