Stealthy MOnitoring KErnel (SMOKE)
Intrusion detection and prevention systems capable of defending production systems depend on a monitoring kernel capable of providing complete, accurate, real-time data regarding the execution state of the system. Existing solutions lack the adaptability, scalability or low observability necessary to protect the millions of embedded systems, desktops and servers used by the DoD. By leveraging second-generation hardware virtualization and management technologies, Adventium's Stealthy MOnitoring KErnel (SMOKE) will provide a stealthy, evolvable, low-overhead monitoring kernel. By focusing on exposing data acquisition capabilities with low observability, SMOKE provides a more assurable foundation for development of advanced intrusion detection, intrusion prevention and malware analysis capabilities. Since SMOKE builds upon technology already built into modern chipsets coupled with enterprise-ready VMM technology, it will be suitable for large-scale deployment on desktops and servers. Furthermore, SMOKE provides defense-in-depth and enables cross-view validation. This Phase I SBIR will demonstrate technical feasibility of SMOKE and will lay the foundation for future Phase II implementation efforts by conducting observability, overhead and threat assessments. SMOKE will be immediately applicable in a broad range of IDS/IPS applications and complements Adventium's on-going efforts to develop high-assurance VMM-based CDS and host monitoring solutions.
Small Business Information at Submission:
Adventium Enterprises, LLC
111 Third Ave. S., Suite 100 Minneapolis, MN -
Number of Employees: