SBIR Phase I: Defenses Against Malicious Code

Award Information
Agency:
National Science Foundation
Branch
n/a
Amount:
$100,000.00
Award Year:
2005
Program:
SBIR
Phase:
Phase I
Contract:
0441562
Award Id:
74494
Agency Tracking Number:
0441562
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
317 North Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
n/a
Principal Investigator:
David Melski
Dr
(607) 273-7340
melski@grammatech.com
Business Contact:
David Melski
Dr
(607) 273-7340
melski@grammatech.com
Research Institution:
n/a
Abstract
This Small Business Innovation Research (SBIR) Phase I project will investigate a new approach to hardening programs against attack. The defense mechanism works by controlling how a process can interact with its environment, making it exceedingly difficult for an attacker to commandeer a system and manipulate it for malicious purposes. The most common propagation methods of worms and viruses will be thwarted. The approach is made possible by recent advances in static program analysis. The technology will enable users to harden programs, even when the source code for some or all of the program's components are unavailable, as is commonly the case with commercial-off-the-shelf (COTS) components. Worms and viruses have plagued information systems for decades. If successful, the system herein will increase network security substantially. Today, it is relatively easy to launch a worm or virus. While no technology can prevent every type of attack, the system will significantly increase the difficulty of launching attacks and eliminate vulnerability to many of the attacks used today. The broad protection it offers will also prevent future types of attacks. Furthermore, the R&D required to develop this technology will result in static program analysis infrastructure that makes it easier to build tools that examine programs. Such tools would work on both source code and program binaries, and could support reverse engineering or audits of programs for vulnerabilities or insider attacks.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government