USA flag logo/image

An Official Website of the United States Government

Securing Applications by Limiting Exposure

Award Information

Agency:
Department of Defense
Branch:
Air Force
Award ID:
Program Year/Program:
2011 / STTR
Agency Tracking Number:
F10B-T18-0188
Solicitation Year:
2010
Solicitation Topic Code:
AF10-BT18
Solicitation Number:
2010.B
Small Business Information
ALTUSYS CORP.
P O Box 1274 Princeton, NJ -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2011
Title: Securing Applications by Limiting Exposure
Agency / Branch: DOD / USAF
Contract: FA8750-11-C-0138
Award Amount: $99,999.00
 

Abstract:

ABSTRACT: This proposal details an ambitious effort to develop Virtualization-based secure application Containers and Controlled Communication System (VC3S). The VC3S provides secure application/module isolation, mediation of inter-application/module communication, as well as dynamic/intelligent exposure to the Internet. The proposed approach is three-pronged and enables the application of the principle of least privilege in commercial off-the-shelf systems (COTS). 1) Secure VM-based containers provide isolation among complex applications and/or modules from each other in order to reduce their exposure to attacks. 2) High-performance cross-domain (inter-VM) communication channels to support (a) direct VM-to-VM (V2V) communication among VMs that execute trusted/certified components and (b) monitored and mediated indirect V2V communication between one or more untrusted components to tightly control the interaction between untrusted components. 3) Policy control framework that dynamically and intelligently provides tight control over inter-application communication as well as limits the exposure of applications to the Internet. Policy control framework achieves this goal by user-intent and application monitoring, generating application and inter-application behavior profiles and by deriving dynamic and intelligent access control policies based on available behavior profiles including user intent concept at runtime. Support for multi-layer security is integrated in the VC3S architecture. BENEFIT: As a result of the advancements the proposed effort will make in the area of secure application virtualization, the developed VC3S will have significant benefits and commercial potential. Specifically, the military and civilians have become more dependent on information, and hence on information technology, intrusions and extrusions have become a significant threat to mission success, civilian infrastructure, and civilian enterprise success. The proposed effort will develop new directions in providing security against such attacks, and hence will have significant benefit for military and civilian information systems. Consequently, the systems developed under this effort have tremendous commercial potential. The first generation VC3S will be a software-based product to provide 1) secure application/module isolation, 2) mediation of inter-application/module communication, and 3) dynamic/intelligent exposure to the Internet. Software will further integrate events and log messages available from COTS products to strengthen dynamic behavior collection and to provide extremely accurate security policy generation. We plan partnership with various application vendors to provide customized and multi-level-security for those applications. The second generation product suite has two thrusts. First thrust will modify open-source hypervisors and work with partners to modify proprietary hypervisors. Second thrust will develop security suite that is compatible with these modified hypervisors. As a result, the complete solution is independent of the hypervisor.

Principal Investigator:

Khushboo Shah
Senior Research Scientist
(609) 651-4500
khushboo@altusystems.com

Business Contact:

John Buford
President
(609) 651-4500
buford@altusystems.com
Small Business Information at Submission:

Altusys Corp
P O Box 1274 Princeton, NJ 08542-

EIN/Tax ID: 810627388
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Research Institution Information:
SUNY Binghamton
Research Foundation of SUNY
PO Box 6000
Binghamton, NY 13902-
Contact: Mary J. Sager
Contact Phone: (607) 777-6136