You are here

Emerald: Binary Program Randomization

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: HSHQDC-12-C-00025
Agency Tracking Number: DHS SBIR-2012.1-H-SB012.1-002 -0023-I
Amount: $99,988.29
Phase: Phase I
Program: SBIR
Solicitation Topic Code: H-SB012.1-002
Solicitation Number: DHS SBIR-2012.1
Solicitation Year: 2012
Award Year: 2012
Award Start Date (Proposal Award Date): 2012-06-01
Award End Date (Contract End Date): 2012-12-03
Small Business Information
2700 Le Conte Ave, Suite 601
Berkeley, CA 94709-1052
United States
DUNS: 826960671
HUBZone Owned: Yes
Woman Owned: Yes
Socially and Economically Disadvantaged: No
Principal Investigator
 Jimmy Su
 (510) 846-3909
Business Contact
 Dawn Song
Title: President
Phone: (510) 842-6021
Research Institution

In response to SBIR topic H-SB012.1-002, "Moving Target Defense", Ensighta Security Inc proposes to develop a binary program randomization tool based on advanced binary analysis techniques called Emerald. Current computer systems suffer from mono-culture where the same system is deployed identically on many machines. This makes it easy for attackers to replicate attacks across many machines. Binary program randomization can be an effective technique for moving target defense. Emerald will employ state-of-the-art techniques to understand a binary program's code paths and data structures, which allows us to comprehensively randomize the binary program at multiple levels. This will maximize the difficulty randomization provides for attackers as the search space that the attacker has to examine
significantly increases. Our technique also minimizes the attack surface as there is no need for either the original un-randomized software, or the randomization software itself, to reside on the end-user's computer, reducing the possibilities for an attacker to disable the randomization process. In terms of commercial uses of this technology, providing an effective binary program randomization tool will be greeted with enthusiasm by potential users while both government and commercial sectors are spending more money on securing their data and infrastructure. We will develop an operationally ready version of Emerald in Phase 2. At the beginning of the Phase 1 project, we will have a TRL of 3. We will have a TRL of 5 at the completion of Phase 1.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government