Symbiote Technology to Repair Vulnerable Firmware

The goal of our work is to defend (legacy) embedded systems firmware with entirely new defensive capabilities proven up in prior DARPA-sponsored research at Columbia University. We invented the Software Symbiote, a host-based defensive technology that injects intrusion detection functionality within the firmware of a (legacy) embedded system and that senses the unauthorized modification of the device firmware. FRAK, a firmware reverse engineering and analysis console, developed by Red Balloon Security under a prior DARPA Cyber Fast Track SBIR Phase 1 contract, provides the means of injecting protective Symbiote technology into any proprietary firmware. Symbiote payloads are presently designed to perform identification of firmware vulnerabilities immediately upon a successful exploitation and firmware modification. However,"repair payloads"that excise the malicious code deposited by a real attack, and replacement of the vulnerable code segment to avoid re-exploitation in an endless DOS loop are yet to be fully explored and demonstrated. The proposed Phase 1 SBIR work is thus focused on the design and specification of the repair of the exploited firmware and its means of being delivered to arbitrary embedded devices via a FRAK-enabled environment.