Dynamic Kernel Monitoring for Attack Detection and Mitigation

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-07-M-1233
Agency Tracking Number: O072-I05-1037
Amount: $99,696.00
Phase: Phase I
Program: SBIR
Awards Year: 2007
Solitcitation Year: 2007
Solitcitation Topic Code: OSD07-I05
Solitcitation Number: 2007.2
Small Business Information
COMPUTER MEASUREMENT LABORATORY, LLC
11985 W. Bowmont St., Boise, ID, 83713
Duns: 800427838
Hubzone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 John Munson
 Member
 (509) 330-0455
 jmunson@pullman.com
Business Contact
 Rick Hoover
Title: Member
Phone: (208) 376-6850
Email: rphoover@onewest.net
Research Institution
N/A
Abstract
The activity of an OS kernel may be monitored dynamically in real time. As the kernel executes, the transition among the constituent components of the kernel will follow a predictable pattern representing the normal operation of the kernel. An attack on the operating system will induce a significant and immediately recognizable disturbance in this pattern of normal activity. The Attack Recognition and Mitigation (ARM) will monitor the kernel activity through the use of a security co-processor. This co-processor will operate in parallel with the main CPU to detect changes in the nominal execution patterns of the kernel. When departures from the normal execution patterns are detected, an interrupt on the main CPU can be created which will permit the analysis by a mitigation routine of the currently executing task that created the anomalous kernel activity. The security monitoring system represents a hybrid extension of the operating system kernel with an active security monitor and a software interrupt service routine to analyze and manage the specific nature of the attack on the OS kernel. The primary objective of ARM project is to create the infrastructure for an autonomic kernel protection system and then productize this infrastructure.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government