Multi-layer Ever-changing Self-defense Service (MESS)

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: HSHQDC-12-C-00038
Agency Tracking Number: DHS SBIR-2012.1-H-SB012.1-002 -0006-I
Amount: $149,945.52
Phase: Phase I
Program: SBIR
Awards Year: 2012
Solicitation Year: 2012
Solicitation Topic Code: H-SB012.1-002
Solicitation Number: DHS SBIR-2012.1
Small Business Information
Endeavor Systems
1420 Spring Hill Rd, Suite 202, McLean , VA, 22102-3026
DUNS: 118229819
HUBZone Owned: N
Woman Owned: Y
Socially and Economically Disadvantaged: Y
Principal Investigator
 Yusef Pogue
 (571) 267-2921
 yusef.pogue@telesishq.com
Business Contact
 Payal Tak
Title: President and CEO
Phone: (571) 267-2937
Email: Payal.Tak@telesishq.com
Research Institution
N/A
Abstract
IT systems today are static and allow the adversary time to plan and launch attacks. Endeavor proposes to create a Multi-layer, Ever changing, Self-defense Service (MESS) that is both resilient and manageable. MESS significantly hinders an attacker's ability to exploit a target system by removing the static network & system attributes that simplify reconnaissance. It also continuously refreshes the target system to a new virtual instance with a known trusted state and random service attributes. This limited-time-use virtual instance is comprised of a single application and OS combination and significantly reduces system complexity During Phase I, Endeavor will build a prototype demonstrating the operational effectiveness of MESS in defending a web service. We will research the feasibility of secure live handoff of this web service by migrating specific process memory between virtual instances. We will prove that address obfuscation and/or virtual instance randomization through system attribute alteration (memory, credentials, shares, ports, etc.) will offer sufficient moving target defense. Upon successfully completing Phase I, we increase the TRL from 2 to 6. A complete field test ready MESS product will be developed in Phase II. MESS not only allows game changing cyber defense for enterprise systems, but also provides enhanced security to existing cloud computing services by eliminating known risks in virtual infrastructure. Future research could leverage MESS into an adaptive "honey pot" to provide advanced detection of zero day attacks by analyzing the retired image of virtual machine.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government