USA flag logo/image

An Official Website of the United States Government

Automatic Artificial Diversity for Virtual Machines

Award Information

Department of Defense
Award ID:
Program Year/Program:
2011 / SBIR
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
GrammaTech, Inc
531 Esty Street Ithaca, NY 14850-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Phase 2
Fiscal Year: 2011
Title: Automatic Artificial Diversity for Virtual Machines
Agency: DOD
Contract: FA8750-11-C-0197
Award Amount: $750,000.00


ABSTRACT: We propose to introduce artificial diversity to each installation of a standard platform by running the system using a combination of hardware virtualization and software dynamic translation. Automatic, transparent diversification offers powerful protection for systems that would otherwise remain homogenous. Code exploits are usually highly dependent on the details of the software and the vulnerability they target. Diversification ensures that those details change from one instance to the next, thereby requiring that a customized exploit be developed for each machine, frequently an insurmountable challenge for the attacker. Diversification is also attractive because it offers some protection against unknown attack vectors and methodologies. Our approach applies diversification to kernel code, application code, and interactions between processes. BENEFIT: Standardization of computer platforms is an important tool for improving security. Up to 80% of the vulnerabilities that are exploited during penetration testing of government networks result from misconfigured software. Standardized platforms allow security experts to ensure that these vulnerabilities are closed. Unfortunately, wide distribution of a standard platform also means wide distribution of any vulnerability in that platform. While adoption of a standard platform may be the only hope an enterprise has of managing and avoiding known vulnerabilities, it also dramatically increases the potential damage from exploits of newly discovered vulnerabilities: a novel attack may subvert or disable all standardized machines. Our approach to artificial diversity will enable the security benefits of a standardized computing platform without the coincident standardization of security vulnerabilities.

Principal Investigator:

David Melski
VP of Research
(607) 273-7340

Business Contact:

Ray Teitelbaum
(607) 273-7340
Small Business Information at Submission:

GrammaTech, Inc
317 N. Aurora Street Ithaca, NY -

EIN/Tax ID: 161338879
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No