Active Defense Against Code Injection Attacks

Award Information
Agency:
Department of Defense
Branch
Office of the Secretary of Defense
Amount:
$99,620.00
Award Year:
2009
Program:
SBIR
Phase:
Phase I
Contract:
FA8650-10-M-1761
Award Id:
91395
Agency Tracking Number:
O092-IA1-1015
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
421 SW Sixth Avenue, Suite 300, Portland, OR, 97204
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
098009918
Principal Investigator:
Louis Testa
Project Lead
(503) 626-6616
louis@galois.com
Business Contact:
Jodee LeRoux
Contracts
(503) 626-6616
jodee@galois.com
Research Institution:
n/a
Abstract
The threat posed by remote cyber attacks has grown every year, with nation state attacks being the hardest to detect and blunt. A common cyber attack method against remote systems is the code injection attack, where the attacker finds flaws in a remote application then forces the application to execute injected code. Code injection attacks can give the attacker unlimited access to the attacked system and thereby an entryway into a secure network. An attacker will often follow this attack by leaving software that will allow for unlimited future access. Code injection attacks can be very difficult to detect, as they often use program flaws not known to the security community. These attacks continue to be developed to get around current defense mechanisms: signature detection and spectrum analysis. A more general approach of identifying and catching these attacks in progress is needed. We propose investigating a code injection attack detector based on abstract interpretation which would catch new types of attacks before they are publicly known. This detector would be combined with an active defense mechanism that could be configured to block the attacks while allowing a security officer to gather information about the attackers'' methods.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government