USA flag logo/image

An Official Website of the United States Government

Dynamic Kernel Monitoring for Attack Detection and Mitigation

Award Information

Agency:
Department of Defense
Branch:
Office of the Secretary of Defense
Award ID:
83155
Program Year/Program:
2007 / SBIR
Agency Tracking Number:
O072-I05-1037
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
Computer Measurement Laboratory, Inc.
128 E Pine Avenue Meridian, ID 83642-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2007
Title: Dynamic Kernel Monitoring for Attack Detection and Mitigation
Agency / Branch: DOD / OSD
Contract: FA8650-07-M-1233
Award Amount: $99,696.00
 

Abstract:

The activity of an OS kernel may be monitored dynamically in real time. As the kernel executes, the transition among the constituent components of the kernel will follow a predictable pattern representing the normal operation of the kernel. An attack on the operating system will induce a significant and immediately recognizable disturbance in this pattern of normal activity. The Attack Recognition and Mitigation (ARM) will monitor the kernel activity through the use of a security co-processor. This co-processor will operate in parallel with the main CPU to detect changes in the nominal execution patterns of the kernel. When departures from the normal execution patterns are detected, an interrupt on the main CPU can be created which will permit the analysis by a mitigation routine of the currently executing task that created the anomalous kernel activity. The security monitoring system represents a hybrid extension of the operating system kernel with an active security monitor and a software interrupt service routine to analyze and manage the specific nature of the attack on the OS kernel. The primary objective of ARM project is to create the infrastructure for an autonomic kernel protection system and then productize this infrastructure.

Principal Investigator:

John Munson
Member
5093300455
jmunson@pullman.com

Business Contact:

Rick Hoover
Member
2083766850
rphoover@onewest.net
Small Business Information at Submission:

COMPUTER MEASUREMENT LABORATORY, LLC
11985 W. Bowmont St. Boise, ID 83713

EIN/Tax ID: 260201639
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No