Welcome to the new SBIR.gov, to assist in getting you situated with the system, a preview of the new login and registration process is available here. Please reach out to the website support team with any questions via sba.sbir.support@reisystems.com

Company

Portfolio Data

Icon: back arrowBack to Company Search

OBJECTSECURITY LLC

Address

845 15TH ST STE 320
SAN DIEGO, CA, 92101-8046
USA

View website

UEI: QC48DJN27WZ3

Number of Employees: 12

HUBZone Owned: No

Woman Owned: No

Socially and Economically Disadvantaged: No

SBIR/STTR Involvement

Year of first award: 2015

10

Phase I Awards

7

Phase II Awards

70%

Conversion Rate

$1,334,170

Phase I Dollars

$9,063,825

Phase II Dollars

$10,397,996

Total Awarded

Awards

Up to 10 of the most recent awards are being displayed. To view all of this company's awards, visit the Award Data search page.

Seal of the Agency: DOC

Operational Technology Artificial Intelligence - NIST Compliance Tool (OTAI-NCT)

Amount: $106,403   Topic: 3

We propose the Operational Technology (OT) Artificial Intelligence (AI) - NIST Compliance Tool (OTAI-NCT), an innovative solution that addresses critical gaps contributing to major risks in critical infrastructure resilience, national security, and public safety in OT/Industrial Control System (ICS) devices. OTAI-NCT builds on the NIST OT Security Project and Risk Management Frameworks (RMF). OTAI-NCT streamlines vulnerability analysis of OT/ICS devices through automated vulnerability binary code scans from industrial asset owners, device manufacturers, and contributors. OpenAPI integration allows the OT/ICS cybersecurity community (e.g., facility managers, red teams, systems integrators, process managers, network managers, and compliance providers) to integrate existing vulnerability and risk assessment tools into the OTAI-NCT platform to automatically map vulnerability analysis scan results to NIST controls. OTAI-NCT can automatically predict NIST controls from cybersecurity analysis results, perform consensus analysis and historical analysis, improve control mappings, and assess patches and vulnerability assessments. Mapping of mitigations-to-controls would provide OTAI-NCT end-users with intelligent suggestions to address risks without changes to the physical devices. OTAI-NCT bridges the gap among the OT/ICS cybersecurity community by providing a platform to automatically detect, upload, share, aggregate, and analyze OT/ICS cybersecurity compliance issues for remediation in priority of risk to resilience, national security, and public safety.

Tagged as:

SBIR

Phase I

2024

DOC

NIST

Seal of the Agency: DOD

Characterizing 5G Networks (Char5G)

Amount: $999,980   Topic: N212-122

Currently, the Navy does not have a lightweight and reliable system that can perform characterization, integrity checks, vulnerability discovery/detection and verification upon entry into 5G networks in an expeditionary setting (vehicle-mounted), so that users can use these networks safely. Our Phase I research confirmed it is possible to develop a portable, automated, efficient device usable by non-experts (e.g., forward-deployed soldiers) that automatically finds/analyzes 5G networks and provides a simple, actional report. The Navy needs such a device. During Phase I we: confirmed that differences/variances across 5G networks are sufficient to allow characterization, developed an optimized approach for rapid detection of 5G cells in a wide frequency spectrum, developed an optimized approach for raw signal (I/Q) capture, storage, and analysis,  tracked network through a 5G state machine to characterize/fingerprint/analyze networks with UEs, and obtained additional characteristics though probing and attacking. Based on our findings and discussions with stakeholders, we present a long-term solution to characterization of 5G networks with short-, mid-, and long-term deployment potential. Our solution is based on available COTS components combined with advancements to the state-of-the-art in signal detection, acquisition, storage, processing, and analysis leading towards more advanced active scenarios with antenna transmissions.

Tagged as:

SBIR

Phase II

2023

DOD

NAVY

Seal of the Agency: DOD

No/Low Code - Application Development Platform (NLC-ADP)

Amount: $173,986   Topic: DTRA222-001

The cybersecurity tool landscape is rapidly expanding and becoming more complex. It is becoming increasingly difficult for organizations to effectively manage all of the cybersecurity tools they utilize. This is due to the growing complexity of network environments, increasingly advanced and frequent attacks, an abundance of information being ingested from cybersecurity tools, and the demand for building correlations between results from various logs and tools. Management of a secure database and its access logs even further complicates risk management, since databases have their own set of cybersecurity challenges that need to be addressed, such as authentication, network and data access controls, data encryption, auditing, vulnerabilities and patches to database software, database compliance, backups, etc. We propose “NLC-ADP” (No/Low-Code – Application Development Platform), an enhancement to an existing no-code or low-code application development platform, tying in AI/ML, database management, and cybersecurity into a single solution and enabling the rapid development of applications for Nuclear Logistics data and systems. Our proposed NLC-ADP solution will ingest and normalize data from databases, cybersecurity tools, local logs, system usage, and system messages and allow for configurations of mitigations, alerts, and system messages and usage. Users will be able to configure mitigations and threat responses based on set limits for threat severities and types. AI/ML will be used to continually improve tool mapping, mitigations, threat responses, and anomalous behavior discovery. We propose a novel system to automatically import, integrate, and map cybersecurity tools and databases into a low-code or no-code platform to automatically identifying cybersecurity risks holistically across multiple tools. Additionally, the proposed solution will be able to detect and report on insider threat behavior. Results will be provided with severity and confidence scores and the ability to sort by importance. NLC-ADP major components include: (1) a tool and database integrator, (2) an AI/ML data preprocessor, (3) a data mapper for tool integrations, (4) an advanced graph database, and (5) an AI/ML engine for analytics, monitoring, predicting and reporting. The resulting product from using our application development platform will be an application or CI/CD plugin for AI/ML monitoring for anomalous behavior or usage on DTRA systems. ObjectSecurity has more than two decades of practical experience in the development, analysis, and risk assessment of trusted complex systems, including model-driven engineering (MDE), which is conceptually related to low/no-code development. We have in-depth practical experiences in the AI/ML and Deep Learning domain including Optical Character Recognition (OCR), achieved through novel AI/ML techniques in cybersecurity systems, such as automated Bill of Materials (BOM) analysis for hardware vulnerability detection.

Tagged as:

SBIR

Phase I

2023

DOD

DTRA

Seal of the Agency: DOD

Third Party Verification of COTS Compliance with Requirements (VeriCoR)

Amount: $1,490,668   Topic: HR001121S0007-08

There is currently an explosion of the adoption of embedded devices (esp. around Internet of Things, IoT). Based on recent incidents related to attacks against industrial sensor and wireless networks, there are concerns about significant risks related to the quality of performance of such devices. Additionally, embedded systems requirements testing is typically currently done at the DevOps stage. However, for purchased third-party COTS devices, the buyer is not part of the DevOps process and is not supported by the testing tool landscape. We propose “VeriCoR” (Third Party Verification of COTS Compliance with Requirements), a solution for automated analysis of embedded devices with support for Human-in-the-Loop (HITL) operation. The goal of the current system is to achieve outstanding levels of coverage for both device specifications and operator usability, with as much automation as possible. At its heart, our system is driven by a novel Domain Specific Language (DSL) which acts as a bridge between the operator and low-level implementation of instruments performing binary analysis. The analysis results from lifting operations where binaries are made available in formats including Intermediate Representation (IR), Intermediate Language (IL), Assembly (ISA), and high-level programming language (C). In these forms, and relative to platforms including Ghidra and S2E, lifted binary becomes available for analysis in static and dynamic forms. We have previously identified the ability for static analysis to meet code quality, code inclusion, and library import quality standards and specifications. We have previously demonstrated these functions to be fully automated with a binary input and explicit specification of strings, patterns, and dates to include as constraints. As a dedicated cybersecurity company, ObjectSecurity has over 20 years’ experience in evaluating static code representations for security-related specifications and 15 years of experience encoding security policies and specifications in middle and high-level Domain Specific Languages (DSLs). Our proposal is intended to analyze COTS testbed devices covering a variety of industrial use cases as previously carried out for Navy and DoD initiatives. We present novel experimentation, testing, and validation methodologies (including using Artificial Intelligence and Machine Learning, AI/ML) that will be incorporated for advanced analysis and feedback features to benefit automation and accuracy of fielded systems. Our solution will support a range of operator expertise, from novice to experts, with dedicated DSL IDE support and reporting features including rendering capabilities to concise textual, verbose/auditable textual, and visual/graphical outputs. Additional features are outlined to support functional prototype development and support for APIs, customizable device specifications, independent validations, and future enhancements

Tagged as:

SBIR

Phase II

2022

DOD

DARPA

Seal of the Agency: DOD

AI/ML Trust Analysis (AITRUST)

Amount: $999,979   Topic: AF212-D002

Trust and assurance of Artificial Intelligence/Machine Learning (AI/ML) based systems is still, to a large degree, a research topic. Currently, the state of research in trusted AI/ML is far from a state where we can, for example, prove that a non-trivial system behaves exactly as expected or where an AI/ML based system is able to explain, in detail, how it comes to a decision and therefore can fully be trusted. In the proposed work, our goal is to achieve a level of trust similar to standard, algorithmic and programmatic systems based on methods, techniques and tools we can use in practically relevant systems and embedded in the relevant modern development approaches. What we can expect is that AI/ML based systems meet well defined and realistic requirements and provide specific functionality within a given error rate. In the proposed work and as a short-term solution, we want to improve trust in these pattern matching related aspects of our system, which already is a very challenging undertaking. It not only includes specific AI/ML aspects, but also the system architecture as a whole, and its security and safety aspects. We propose to build on and extend our prior work where we mainly have to bring together two main threads: trust analysis and risk management in complex systems, and AI/ML in cybersecurity, in order to build an integrated solution for trust and assurance analysis and management in AI/ML based, complex systems. Our method and tool will be fully integrated into a model based, CI/CD and DevSecOps methodology and process, which we are already internally using for the development of our own systems. Our AITRUST solution has to be platform and system agnostic. This requires a highly flexible and adaptive risk management platform, which can integrate into different application platforms and AI/ML systems, as well as cover cybersecurity and AI/ML trust and risk aspects in an integrated and uniform way. Therefore, instead of building a monolithic trust analysis tool, we propose to apply the DevSecOps/CI/CD concepts to the AITRUST solution itself. We propose to implement the functionality of AITRUST as reusable, containerized microservices and to reuse cybersecurity/AI/ML functionality, both during development and at runtime as much as possible, whether they’re already deployed in legacy systems or a part of applications platforms, containers and systems. This includes exploration, testing and scanning functionality, analysis of explainability and interpretability, and an agile graphical user interface that supports developers at different skill levels. A specific focus of the proposed work are trusted training data and baselines for anomalies detection. Our integrated AITRUST solution and tool will greatly improve the development of trusted AI/ML systems.

Tagged as:

SBIR

Phase II

2022

DOD

USAF

Seal of the Agency: DOD

Mission Based Forecasting Logistics Enterprise Enhancement Platform (MBF-LEEP)

Amount: $149,998   Topic: A214-038

Legacy ERP systems support a very broad range of business operations and present challenges to their modernization. The addition or customization of modern AI/ML and embedded device methodologies to these systems is often difficult or impossible to accomplish. Here, we propose a microservices solution for bridging legacy ERP systems to future operations. We outline a  strategy to develop a Proof of Concept (PoC) application and UI/UX by heavily incorporating our previous works. We present a solution that supports the use of microservices to modernize legacy ERP systems and outline an architecture that may be utilized as the basis for modernizing many various legacy ERP systems. The architecture is composed of components that lead to "deep relation-linking" in a graph database to support advanced AI/ML analysis, including Mission Based Forecasting (MBF). We also present an outline and plan to develop a modern Android mobile client with a flat learning curve. The results of this proposal will yield a Proof of Concept (PoC) and prototype that is available for external evaluation and validation. Although the current proposal is limited to a single use case, we also outline the next steps for advancing the project towards a fielding solution.

Tagged as:

SBIR

Phase I

2022

DOD

ARMY

Seal of the Agency: DOD

Characterizing 5G Networks (Char5G)

Amount: $239,988   Topic: N212-122

The USMC, as a forward deployed force of the Navy, will act in areas with 5G networks in places like complex urban and industrial environments. In order to establish full superiority in the electromagnetic spectrum, including 5G networks, the USMC requires a solution to: Determine the detailed, dynamic topology of the 5G network Assess vulnerabilities of the 5G network infrastructure and the connected User Equipment (UE) Assess quality properties, including security Monitor network activities Blacklist system functionality Disrupt network operations We propose a solution, Char5G, characterizing 5G networks at the PHY and MAC layers. Char5G will be implemented as a device meeting the operational requirements of the USMC based on a state-of-the-art Software Defined Radio and a Radio Frequency System on a Chip (RFSoC).  It will support: Determination of the initial 5G network topology Device/architecture identification fingerprinting Passive anomalies detection Active anomalies detection and monitoring Active vulnerabilities scanning Continuous topology and risk monitoring For the development of the Char5G concepts and initial proof of concept, we will start from an open-source implementation of the 5G stack. We will add in-depth debugging and monitoring functionality. This has to cover not only standard 5G functionality, such as cell search, but also a fine-grained analysis of side channel properties such as frequency, timing and jitter, which are useful for device fingerprinting and type identification. It also covers a detailed analysis of the observed data, e.g., for standard compliance. The monitoring functionality is separated into data collection components and data analysis components. We will use rule-based analysis, e.g., for compliance to standards, algorithmic and statistical analysis, e.g., to identify specific timing properties, and AI/ML analysis, e.g., to detect anomalies. We will add advanced fuzzing functionality at all layers, covering both the user and the control plane, and application data and header data, from the PHY/waveform up to the MAC layer, as we have already done for other network protocols. All functionality will be implemented as reusable and flexible microservices, partly integrated into the 5G implementation. For orchestration, we will use our Agile Risk Assessment and Testing (ARAT) system. ARAT supports a fully agile GUI and visualization as well as automated testing capabilities based on scripting (as Smalltalk programs) and AI/ML. In the proposed project, our objective is not to “boil the ocean”, but to keep future developments and requirements in mind. The proposed work is focused at the PHY and MAC layers and does not cover upper layers. We will address other aspects of 5G security in our parallel work with the goal to integrate all threads into an overall 5G security solution, covering the entire 5G system, including UE and infrastructure security.

Tagged as:

SBIR

Phase I

2022

DOD

NAVY

Seal of the Agency: DOD

TAV-SCRAMS

Amount: $1,499,993   Topic: AF212-DCSO1

Many maintenance and supply activities for nuclear weapons (and elsewhere across AF/DoD and wider government) are often still using paper-based, manual products - for debriefing, work order, item replacement, maintenance data management etc. In order to improve supply and maintenance processes (incl. supply chain risk analysis), the Air Force and others need a software tool to automate and optimize these activities. As per the solicitation, the desired digital tool needs to be able to: (1) allow on-site users to view collected and integrated component information after scanning the UII code and to interact with the backend system; (2) gather and integrate significant amounts of infrastructure data continuously from  many sources for supply and maintenance (focused towards the authorization orders and the warfighter); (3) communicate information across weapon platforms and information systems (for both government and contractors); (4) enable data visualization; (5) provide (predictive) data analytics functionality, and; (5) allow users to query and organize data as required to make data-driven decisions based on their role and function across the weapon system. We propose “TAV-SCRAMS”, a software solution consisting of COTS scanner(s), COTS tablet(s) (e.g., Android based), and an Artificial Intelligence & Machine Learning (AI/ML) based SCRM backend. The solution builds upon and extends our SCRAMS supply chain risk software platform and other technology components as a foundation to carry out the proposed R&D. The solution includes specific features for job-site users and for off-site users, minimizing the risk of human error, improving visibility of operations end-to-end, improved cross-organization efficiency etc. AI/ML is a central feature of TAV-SCRAMS in the background processing of enriched data associated to materials, products, and processes including analyzing risks and performing predictive analysis. Furthermore, using AI/ML, TAV-SCRAMS will intelligently and continuously integrate data from various targeted sources and learn the data in supervised, unsupervised, and reinforced AI/ML manners (with human oversight) to manage data-to-data and data-to-users connections, validate data integrity, and communicate results. The proposed system will also apply AI/ML extensively for predictive analysis, risk assessment, and automation features (data ingestion, data integrity, etc.). Our Phase I feasibility study results include risk assessment, predictive analysis with ML, data integration from multiple sources, SCRM, graph DB, scanner and tablet, fine-grained access control etc. In particular, we have developed SCRAMS (Supply Chain Risk Analysis Management Solution, a software product that provides organizations with visibility into their supply chains and automatically identifies supply chain risks (SCR). In the proposed effort we will research and develop a working prototype, and validate the working prototype through experimentation and validation.

Tagged as:

SBIR

Phase II

2021

DOD

USAF

Seal of the Agency: DHS

MoSRA: Modular Software Risk Assessment

Amount: $149,976   Topic: DHS211-007

The objective of the solicitation is to develop a commercial capability and product to analyze compiled binary executables of Windows applications, that can detect and report embedded software library information in multi-faceted software packages. The libraries are shared, for example as Windows .dll files, or are directly linked into static binaries, and are not available as source code. Normally, the binary is also stripped, all symbol information is removed. This means that software users in most cases do not know on which libraries (including version information) their applications are based on. We propose a product for supply chain risk management and provenance of binary applications. It shall process binary applications and the libraries they use, shall generate similarity graphs and reports of libraries. Our technical approach is based on a binary similarities analysis between pairs of functions, using a graph database. First of all, we split the binary to analyze into individual functions, and then calculate, in an optimized way, a similarity index between pairs of the functions in the binary and functions we already have in the graph database, from previous analysis.The similarity indices are stored the database, and as result we now can calculate full software provenance graphs of the analyzed binaries and libraries, including version history graphs of the individual libraries. The graphs are visualized, for example the libraries used by an application can be shown, and reports of applications and referenced libraries are generated.

Tagged as:

SBIR

Phase I

2021

DHS

Seal of the Agency: DOD

TIS: Trusted Sensor Integration

Amount: $140,000   Topic: N20A-T011

Condition-based maintenance plus (CBM+), and cyber-physical systems (CPS) in general, depend on correct sensor data for analysis, decision making and control loops. If the sensor data that arrives at the point of processing is not correct, or more accurate, is outside its accepted error range, then any further processing will be incorrect as well. This could result in, in the case of CBM+, not detecting indicators of failing, e.g. of vibrations or noise. It could also be an incorrect input to a control loop, leading to destruction of a system. The challenge includes correctness of measurement, but also the integrity of communication between sensor and e.g. a Programmable Logic Controller (PLC) or another processing system. In our previous work in cyber-physical systems, e.g. in Supervisory Control and Data Acquisition (SCADA) or Industrial Control Systems (ICS), we have already identified the correctness of sensor data, in security terms their integrity, as major issue, and started work to detect spoof and faked sensor data at the processing device. We propose to build both analytical/statistical and Machine Learning (ML) based models of the static and dynamic behavior of individual sensors and systems. We propose for example to model the dynamic response of a sensor, because the input signal is transformed to the output signal with a specific noise, delay and hysteresis. In other words, we use the imperfections of the sensor in translating the physical input to a numeric output to derive a fingerprint. Unfortunately, we have seen in our previous work that this is not enough. A single sensor always has to be considered in the context of the system as a whole, under non-stable environmental influence. First of all, looking only at the sensor characteristics is not sufficient to decide whether the measurement itself is sound from a physical point of view. In addition, there is a difference between a laboratory environment for sensor fingerprinting and an operational environment, e.g. in temperature and vibrations spectrum. Therefore, we need to model the system as a whole. For modeling both individual sensors and sensors in a system, we propose to use analytical approaches like Matlab/Simulink or OpenModelica, and, complementary, Machine Learning (ML), incl. Recurrent Neural Networks (RNN). We expect that ML will be especially useful for sensor fingerprinting and system models detecting deviations in sensor signals, while analytical models will better allow to analyze the connection of a sensor and an engine. For practical model building in Phase I, we propose to stimulate a simple cyber-physical system, e.g. an engine, to measure the sensor output, and to feed both stimulation signals and sensor outputs into an RNN. The realistic training here depends on the realistic stimulation. We especially expect that it will not be possible to build a complete repository of failures, instead, we will define a failure as a deviation from expected behavior.

Tagged as:

STTR

Phase I

2020

DOD

NAVY