Detecting Malicious Code In Firmware
Agency / Branch:
DOD / USAF
"Malicious code is code that has been intentionally added to or changed in a software system with the intention of causing harm, or subverting the intended function of the system. Most digital electronic equipment is controlled by firmware. Firmwarepresents a tempting target to an attacker because of its ubiquity, the potential efficacy of an attack, and relatively low investment requirements. Traditional efforts at security analysis have naively assumed that the firmware is in the trusted-computingbase. We propose the development of a tool that uses a deep-structure representation of programs to help statically find occurrences of malicious code in firmware. The tool will be semi-automatic. When suspicious code is found, an analyst can bedirected to its location, and provided with all the available static-analysis information to help make the final determination. The main challenge is to conduct research into techniques for increasing the precision of the dependence graph representationof machine-code programs. This is necessary to reduce the number of false-positive results from the analysis. The tool will have multiple uses in many domains, including program understanding, forensics, assurance and decompilation; and will beapplicable not only to firmware, but also to any machine-code program."
Small Business Information at Submission:
317 N. Aurora Street Ithaca, NY 14850
Number of Employees: