You are here

Embedded Computing Systems Runtime Integrity Protection


TECHNOLOGY AREA(S): Space Platforms

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 5.4.c.(8) of the solicitation and within the AF Component-specific instructions. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. Please direct questions to the AF SBIR/STTR Contracting Officer, Ms. Gail Nyikon,

OBJECTIVE: Develop novel runtime integrity protection techniques for embedded real-time computing applications.

DESCRIPTION: The U.S. Department of Defense (DoD) continually designs, acquires, and deploys best-in-class, highly complex and capable embedded systems.

Current embedded system engineering focuses on functional and fault-tolerance requirements that rarely include mission assurance in a cyber-contested environment. As Stuxnet and other custom cyber exploits have proven to the embedded systems community, nations can, have, and will continue to use cyber techniques to achieve their national security objectives, to include delivering combat effects against the highest-value embedded systems.

In most cases, legacy software and software already well in development was not engineered in accordance with state-of-the-art software assurance practices. In general, software already deployed to systems may not deserve the trust or confidence placed in it. Recent studies have shown that legacy software may not be assured to high enough degrees for its mission application. In essence, software produced has historically demonstrated significant weaknesses in security.

Runtime integrity verification techniques are a cyber-defense-in-depth approach to enhancing the mission assurance properties of an embedded computing system. Importantly, unlike theorem provers and other formal verification methods, runtime integrity verification techniques can be effectively employed against software that was not engineered to formal methods requirements. This facilitates more widespread employment in legacy and near-term embedded computing system architectures.

As is the case with contemporary mobile devices, many types of real-time embedded computing systems are severely resource constrained, power limited, and highly latency-sensitive; yet are subject to customized attack types for which signature and heuristic based malware detection approaches afford no meaningful protection. State-of-the-art embedded software and computing architectures have lagged behind enterprise architectures in the deployment of runtime integrity technologies due to a perceived lack of cyber threats and current techniques that are too invasive for computing resource performance constraints.

We seek to mature and deploy novel lightweight runtime integrity protection techniques optimized for this embedded system environment. The developed integrity protection service will advance the state-of-the-art by both preventing the launch of tampered with or modified applications and preventing the proliferation of any out-of-bounds content that is generated by an application.

Phase I demonstrations will be conducted on a commercially available prototype development board in an unclassified environment.

PHASE I: Study and develop a proof-of-concept of an approach for software runtime integrity protection within the context of a selected, resource constrained, real-time embedded computing system.

As a capstone deliverable, demonstrate the proof-of-concept runtime protection technique on an embedded computing system prototype development board.

PHASE II: Adapt, mature, and optimize the runtime integrity protection concept developed in Phase I to an assigned DoD embedded computing system, real-time operating system, and associated mission software (items provided as GFE).

As a capstone deliverable, demonstrate the runtime protection technique as hosted within the provided embedded computing environment

PHASE III DUAL USE APPLICATIONS: Conduct a cyber-vulnerability assessment of the runtime integrity protected embedded system verses an experiment control featuring no runtime protections.

Provide runtime integrity engineering support to government RED team cyber assessment of the runtime integrity protected system architecture.


    • McGraw, Gary. Gary McGraw on software security assurance: Build it in, build it right. [Online] [Cited: 04 10, 2015.]


    • The Science of Mission Assurance. Jabbour, Kamal and Muccio, Sarah. 5, 2011, Journal of Strategic Security, Vol. 4, pp. 61-74.


  • Microsoft Research. Microsoft Research. Code Contracts. [Online] Microsoft. Http://

KEYWORDS: cyber, software assurance, embedded system cyber security, cyber resiliency, root of trust, cyber vulnerability mitigation, runtime security, active cyber defense, software engineering, integrity check, runtime verification, monitoring, fault protection, dynamic analysis, symbolic analysis, trace analysis

  • TPOC-1: Calvin Roman
  • Phone: 575-921-4225
  • Email:
US Flag An Official Website of the United States Government