You are here

Trustworthy Execution of Security-Sensitive Code on Un-trusted Systems

Award Information
Agency: Department of Defense
Branch: Army
Contract: W911NF-08-C-0093
Agency Tracking Number: A08A-005-0074
Amount: $99,977.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: A08-T005
Solicitation Number: 2008.A
Timeline
Solicitation Year: 2008
Award Year: 2008
Award Start Date (Proposal Award Date): 2008-07-15
Award End Date (Contract End Date): 2009-01-11
Small Business Information
6009 Brookside Drive
Chevy Chase, MD 20815
United States
DUNS: 188404081
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Virgil Gligor
 President
 (412) 268-9833
 gligor@umd.edu
Business Contact
 Alicia Avery
Title: Business Manager
Phone: (412) 441-0383
Email: liliavery@aol.com
Research Institution
 CARNEGIE MELLON UNIV.
 Cathy Schaefer
 
2111 CIC 4720 Forbes Avenue
Pittsburgh, PA 15213
United States

 (412) 268-4912
 Nonprofit College or University
Abstract

Computing devices are routinely targeted by a wide variety of malware. The presence of exploitable vulnerabilities in computing device software, and the easy availability of know-how and tools for construction of exploit code has made it easy for attackers to introduce malware into computing devices by exploiting software. Since computing devices are routinely used for security-sensitive applications like electronic commerce, command and control systems, and critical infrastructure monitoring and control, malware present on computing devices can potentially compromise sensitive user information, and the privacy and safety of users. To use computing devices with confidence, users thus need an assurance that the software they use on their computing devices executes untampered by malware. Three classes of security-sensitive software best illustrate user-verifiable secure execution in the presence of malware on commercially available platforms: (1) secure remote login, (2) secure signing of critical data, and (3) secure execution of non-circumventable intrusion detection tools. In this STTR, we propose to investigate a technique for user-verifiable execution of security-sensitive code on untrusted platforms in the presence of malware. We also propose to illustrate the use of our technique through the three classes of security applications mentioned above.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government