USA flag logo/image

An Official Website of the United States Government

Automatic Detection and Patching of Vulnerabilities in Embedded Systems

Award Information

Agency:
Department of Defense
Branch:
Defense Advanced Research Projects Agency
Award ID:
Program Year/Program:
2013 / SBIR
Agency Tracking Number:
D131-003-0023
Solicitation Year:
2013
Solicitation Topic Code:
SB131-003
Solicitation Number:
2013.1
Small Business Information
GrammaTech, Inc
531 Esty Street Ithaca, NY 14850-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2013
Title: Automatic Detection and Patching of Vulnerabilities in Embedded Systems
Agency / Branch: DOD / DARPA
Contract: W31P4Q-13-C-0166
Award Amount: $99,949.00
 

Abstract:

Recent studies have shown that embedded systems are extremely vulnerable to security attacks. Some published exploits include remote hijacking of the electronic systems in a modern car and using IP phones and smart televisions to perform covert surveillance of their owners. In this project, we propose a protection system that automatically detects and removes vulnerabilities from embedded software. The system will be based on static rewriting of the software prior to deployment. The rewriting will render the known vulnerabilities unexploitable and will add protections to prevent exploits of undiscovered vulnerabilities. The proposed system will operate directly on software binaries, even in the absence of source code or symbol information. Thus, the system will protect equally well both the newly developed software and legacy software. We will build the system to be easily retargetable to different instruction sets to accommodate a variety of platforms employed in the embedded systems domain. To make sure that added protections do not break the functionality of a program, the proposed system will include a component for verifying that the rewritten program is semantically equivalent to the original program.

Principal Investigator:

Denis Gopan
Senior Scientist
(608) 827-0657
gopan@grammatech.com

Business Contact:

Derek Burrows
General Counsel
(607) 273-7340
dburrows@grammatech.com
Small Business Information at Submission:

GrammaTech, Inc
531 Esty Street Ithaca, NY -

EIN/Tax ID: 161338879
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No