You are here

IA 2: Intent-Capturing Annotations for Isolation and Assurance

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: W31P4Q-20-C-0052
Agency Tracking Number: D20T-001-0001
Amount: $224,988.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: HR001120S0019-001
Solicitation Number: HR001120S0019.T
Timeline
Solicitation Year: 2020
Award Year: 2020
Award Start Date (Proposal Award Date): 2020-08-17
Award End Date (Contract End Date): 2021-04-05
Small Business Information
3420 Bristol St., Suite 600
Costa Mesa, CA 92626-7133
United States
DUNS: 079422609
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Per Larsen
 plarsen
 (949) 293-7927
 perl@immunant.com
Business Contact
 Per Larsen
Title: plarsen
Phone: (949) 293-7927
Email: perl@immunant.com
Research Institution
 University of California, Irvine
 Natalie Tedford
 
University of California, Irvine
Irvine, CA 92697-1900
United States

 (949) 824-8109
 Nonprofit college or university
Abstract

Software and hardware flaws can be exploited to make programs perform unintended computations or leak sensitive data. We propose to counter these threats by isolating libraries and other program units inside a single process. The developer will insert source-level annotations that i) map code and data units to compartments and ii) capture how each compartment is intended to interact with others, iii) enumerate the privileges required by code in each compartment. We will develop a compartmentalization substrate that enforces the captured intents by i) limiting the control and data flows between compartments to those strictly necessary for the program to operate correctly, and ii) limiting privileges of untrusted compartments. We will use features added to modern processors to make switches between compartments more efficient than context switches between processes while providing comparable isolation and security properties.  We will ensure that the resulting technique will remain compatible with and complement existing defenses thus providing another layer of security that reduces the blast radius of as-of-yet undiscovered vulnerabilities. The technology we develop must be deployable, therefore we will aim for solutions that have negligible performance overheads, make few demands of developers, and remain fully compatible with most if not all existing code.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government