You are here

Preventing Program Hijacking via Static and Dynamic Analyses

Award Information
Agency: Department of Defense
Branch: Office of the Secretary of Defense
Contract: N00014-14-C-0197
Agency Tracking Number: O2-1379
Amount: $863,602.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: OSD11-IA5
Solicitation Number: 2011.3
Solicitation Year: 2011
Award Year: 2014
Award Start Date (Proposal Award Date): 2014-05-23
Award End Date (Contract End Date): 2016-05-23
Small Business Information
2040 Tremont Rd
Charlottesville, VA 22911-8653
United States
DUNS: 000000000
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Clark Coleman
 (434) 284-3002
Business Contact
 Jack Davidson
Phone: (434) 242-4280
Research Institution

To hijack the execution of a program, an attacker must overwrite the value of a return address or a function pointer (broadly defined). To prevent program hijacking, our product will provide a layered defense of these two targets, including deterministic and randomization defenses, with the ability in many cases to continue execution after a hijacking attempt is prevented. Our product toolkit includes static analysis of the program binary to be protected (no source code required) and dynamic monitoring using virtual machine technology after deployment. The randomization defense can be used to provide artificial software diversity.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government