Multi-layer Ever-changing Self-defense Service (MESS)
Department of Homeland Security
Agency Tracking Number:
DHS SBIR-2012.1-H-SB012.1-002 -0006-I
Solicitation Topic Code:
Small Business Information
1420 Spring Hill Rd, Suite 202, McLean, VA, 22102-3026
Socially and Economically Disadvantaged:
AbstractIT systems today are static and allow the adversary time to plan and launch attacks. Endeavor proposes to create a Multi-layer, Ever changing, Selfdefense Service (MESS) that is both resilient and manageable. MESS significantly hinders an attacker's ability to exploit a target system by removing the static network & system attributes that simplify reconnaissance. It also continuously refreshes the target system to a new virtual instance with a known trusted state and random service attributes. This limited-time-use virtual instance is comprised of a single application and OS combination and significantly reduces system complexity During Phase I, Endeavor will build a prototype demonstrating the operational effectiveness of MESS in defending a web service. We will research the feasibility of secure live handoff of this web service by migrating specific process memory between virtual instances. We will prove that address obfuscation and/or virtual instance randomization through system attribute alteration (memory, credentials, shares, ports, etc.) will offer sufficient moving target defense. Upon successfully completing Phase I, we increase the TRL from 2 to 6. A complete field test ready MESS product will be developed in Phase II. MESS not only allows game changing cyber defense for enterprise systems, but also provides enhanced security to existing cloud computing services by eliminating known risks in virtual infrastructure. Future research could leverage MESS into an adaptive "honey pot" to provide advanced detection of zero day attacks by analyzing the retired image of virtual machine.
* information listed above is at the time of submission.