An Official Website of the United States Government
Efficient Code Certification for Open Firmware
- Small Business Information
-
Woman-Owned: NoMinority-Owned: NoHUBZone-Owned: No
- Phase 2
-
Fiscal Year: 2001Title: Efficient Code Certification for Open FirmwareAgency / Branch: DOD / DARPAContract: DAAH0102CR080Award Amount: $374,994.00
Abstract:
Maliciously constructed boot firmware is a threat to our information infrastructure that has largely been ignored. Boot firmware controls the power-up procedure initializing a computer's hardware and loading its run-time system. This code, embedded inall third-party peripheral devices, can easily be corrupted and then exploited to undermine security engineering at the operating system, protocol, application, or enterprise levels. Authentication techniques (e.g., digital signatures) provide limitedprotection by ensuring the provenance of the firmware. This Phase II effort will develop and implement an alternative technique, Efficient Code Certification (ECC), that can establish the trustworthiness of code regardless of its origin. Our BootSafeverifier, based on ECC, will verify the safety of all boot firmware (before it is run) every time a system is booted. This verification relies on a certifying compiler that produces particularly well-structured code, so that a verifier can analyze itstatically. The user need only trust the verifier, a program that can be persuasively validated by inspection. By applying ECC to boot firmware based on the widely used Open Firmware standard (IEEE-1275) we can provide an effective countermeasure topotentially devastating attacks.Small Business Information at Submission:ODYSSEY RESEARCH ASSOC., INC.
33 Thornwood Drive Ithaca, NY 14850EIN/Tax ID: 161549760DUNS: N/ANumber of Employees:Woman-Owned: NoMinority-Owned: NoHUBZone-Owned: No
Award Information
|
Agency: Department of Defense |
Branch: Defense Advanced Research Projects Agency |
Award ID: 55463 |
Program Year/Program: 2001 / SBIR |
|
Agency Tracking Number: 00SB2-0073 |
Solicitation Year: N/A |
Solicitation Topic Code: N/A |
Solicitation Number: N/A |