Software Protection to Fight through an Attack

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$100,000.00
Award Year:
2009
Program:
SBIR
Phase:
Phase I
Contract:
FA8650-10-M-1769
Agency Tracking Number:
O092-IA3-1105
Solicitation Year:
2009
Solicitation Topic Code:
OSD09-IA3
Solicitation Number:
2009.2
Small Business Information
GrammaTech, Inc
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator:
Alexey Loginov
Senior Scientist
(607) 273-7340
alexey@grammatech.com
Business Contact:
Ray Teitelbaum
CEO
(607) 273-7340
tt@grammatech.com
Research Institution:
n/a
Abstract
New vulnerabilities and attacks on software applications and the underlying systems are discovered daily. Most security research focuses on detection of attacks--typically, by monitoring the execution of an application and detecting anomalous behavior. Little attention has been paid to how an application should respond to an attack. Generally, it is assumed that the application under attack is terminated and, possibly, restarted. While such a response eliminates the threat of being compromised, it is not appropriate for many types of systems: for safety-critical systems, systems that must remain operational for long periods of time, and systems that use persistent data (such as file systems and databases), rebooting to restore a safe state (even when an attack is detected) is often not an option. We propose a tool that will allow applications to recover from attacks and remain operational. The tool will monitor the execution of a program and, once an attack is detected, will repair the application’s run-time state corrupted by the attack to keep the application operational. As a separate once-per-application task performed offline, the tool will use a combination of advanced dynamic and static program-analysis techniques to learn the invariants necessary for repairing the application’s run-time state.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government