Software Protection to Deter Malicious Forensic Data Collection and Exploitation

Award Information
Agency:
Department of Defense
Branch:
Air Force
Amount:
$99,999.00
Award Year:
2007
Program:
SBIR
Phase:
Phase I
Contract:
FA8650-07-M-8120
Agency Tracking Number:
O063-IA9-1258
Solicitation Year:
2006
Solicitation Topic Code:
OSD06-IA9
Solicitation Number:
2006.3
Small Business Information
GRAMMATECH, INC.
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator
 Michael McDougall
 Senior Scientist
 (607) 273-7340
 mcdougall@grammatech.com
Business Contact
 Ray Teitelbaum
Title: CEO
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
N/A
Abstract
Distributing applications across networks brings both new power and new risks. Mission-critical applications are increasingly spread over national or global networks to enable information gathering and sharing on an unprecedented scale. The Global Information Grid envisions diverse end-to-end information flows to enhance military effectiveness. While this large-scale information sharing promises new efficiencies, endpoints in these networks must be armored against attacks that exploit their new autonomy. Distributed applications must cope with the possibility that some network endpoints have been compromised and are gathering forensic data for malicious ends. We propose mimicry protection as a technique to make safety-critical applications indistinguishable from low-security applications for observers using forensic tools. This technique leverages techniques for automatically creating mimicry attacks that elude intrusion detection systems. By adapting mimicry techniques in the literature, we can offer mimicry protection that allows a security-critical application to mimic uninteresting applications, eluding all but the most intrusive and expensive forensic measures.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government