USA flag logo/image

An Official Website of the United States Government

Detecting Malicious Code in Firmware

Award Information

Agency:
Department of Defense
Branch:
Air Force
Award ID:
52360
Program Year/Program:
2001 / SBIR
Agency Tracking Number:
011IF-0705
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
GrammaTech, Inc.
531 Esty Street Ithaca, NY 14850-4201
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2001
Title: Detecting Malicious Code in Firmware
Agency / Branch: DOD / USAF
Contract: F30602-01-C-0112
Award Amount: $99,985.00
 

Abstract:

The problem of detecting malicious code has focused until now on techniques that search a program's surface structure representations to find locations where suspicious constructs occur. Such techniques are fundamentally weaker than methods that operateon representations that capture a program's deep semantics. We propose to study the feasibility and plan the development of tools for detecting malicious code that operate on a program's dependence graph. This representation captures a program's essentialsemantics and enables sophisticated semantics-based queries to be posed. Our plan is targeted at semi-automatic solutions for finding occurrences of malicious code in firmware. This work will build on our own dependence-graph based COTS product forprogram understanding named CodeSurfer. We will address the problem of generating dependence graphs from multiple machine languages using generic disassembly and decompilation techniques. We will plan the integration of these tools with CodeSurfer. Wewill develop queries for tell-tale signs of malicious code in firmware, and design a user-interface to help security analysts make the final determination of maliciousness. We will investigate methods for firmware editing to permit implementation ofdamage mitigation strategies. Finally we will develop a set of metrics that can be used to measure the success of our techniques.The proposed system will be of use in the semi-automatic detection of malicious code in firmware and other machine-coderepresentations of programs. This system will be of benefit to companies wishing to show that their firmware implementations are secure, and to others wishing to understand machine-code level programs.

Principal Investigator:

Paul Anderson
Senior Software Engineer
6072737340
paul@grammatech.com

Business Contact:

Ray(Tim) Teitelbaum
Chairman
6072737340
tt@grammatech.com
Small Business Information at Submission:

GRAMMATECH, INC.
317 N. Aurora Street Ithaca, NY 14850

EIN/Tax ID: 161338879
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No