SBIR Phase I: Defenses Against Malicious Code

Award Information
Agency: National Science Foundation
Branch: N/A
Contract: 0441562
Agency Tracking Number: 0441562
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Awards Year: 2005
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
317 North Aurora Street, Ithaca, NY, 14850
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 David Melski
 (607) 273-7340
Business Contact
 David Melski
Title: Dr
Phone: (607) 273-7340
Research Institution
This Small Business Innovation Research (SBIR) Phase I project will investigate a new approach to hardening programs against attack. The defense mechanism works by controlling how a process can interact with its environment, making it exceedingly difficult for an attacker to commandeer a system and manipulate it for malicious purposes. The most common propagation methods of worms and viruses will be thwarted. The approach is made possible by recent advances in static program analysis. The technology will enable users to harden programs, even when the source code for some or all of the program's components are unavailable, as is commonly the case with commercial-off-the-shelf (COTS) components. Worms and viruses have plagued information systems for decades. If successful, the system herein will increase network security substantially. Today, it is relatively easy to launch a worm or virus. While no technology can prevent every type of attack, the system will significantly increase the difficulty of launching attacks and eliminate vulnerability to many of the attacks used today. The broad protection it offers will also prevent future types of attacks. Furthermore, the R&D required to develop this technology will result in static program analysis infrastructure that makes it easier to build tools that examine programs. Such tools would work on both source code and program binaries, and could support reverse engineering or audits of programs for vulnerabilities or insider attacks.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government