USA flag logo/image

An Official Website of the United States Government

End-to-End Network Trust

Award Information

Department of Defense
Air Force
Award ID:
Program Year/Program:
2013 / SBIR
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
16 Cavendish Court LEBANON, NH -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Phase 1
Fiscal Year: 2013
Title: End-to-End Network Trust
Agency / Branch: DOD / USAF
Contract: FA8750-13-C-0180
Award Amount: $141,630.00


ABSTRACT: Network traffic is a critical part of evaluating real-time end-to-end network trust. This project will leverage our mature commercial network traffic analysis system, FlowTraq, to design and implement a powerful new system, which we call FlowTrust, to evaluate real-time trust scores of networked computer systems based on observed network traffic. By the time a network component is identified as having suffered a breach or fault, that component will have interacted with many others in its network. Components not directly compromised by an intrusion may be secondarily compromised by sending sensitive information to a compromised host, being logged into from that host, or by acting on tainted information. Loss of trust can thereby cascade from host to host. Re-establishing end-to-end network trust therefore requires determining the timing, nature, and participants of all suspect communications, to identify and halt compromise cascades as they occur. FlowTrust builds on principles of flow analysis and epidemiology to determine the extent to which a trust breach permeates a network. It accomplishes this by categorizing network sessions according to potential to propagate negative trust, flagging risky communications as they occur, and facilitating fast identification of compromised hosts. BENEFIT: The resulting system will greatly aid in real-time evaluation of end-to-end network trust in a live system, including not only DoD networks, but those of trust-sensitive commercial organizations such as cloud storage, banks, and hospitals. It will be capable of tracking intrusions and potential breaches of data confidentiality and data integrity through multiple network hops, allowing instantaneous assessment of the scope of loss of trust. The principles developed will be applicable to analysis of a wide variety of network systems, including complex hardware, multiple-host software installs, and systems-of-systems. Although FlowTrust will be at its greatest utility as part of a comprehensive end-to-end network trust analysis system, on its own it will be commercially useful in a wide variety of network security applications. A software embodiment of this system will be offered for sale as a tool for live monitoring of intrusions and malware infections, and for sophisticated network forensics, allowing in-depth after-the-fact tracing of security breaches.

Principal Investigator:

Vicnent H. Berk
(603) 727-4477

Business Contact:

Vincent H. Berk
(603) 727-4477
Small Business Information at Submission:

Process Query Systems LLC
16 Cavendish Court LEBANON, NH -

EIN/Tax ID: 203600773
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No