Emerald: Binary Program Randomization
Small Business Information
2700 Le Conte Ave, Suite 601, Berkeley, CA, 94709-1052
AbstractIn response to SBIR topic H-SB012.1-002, "Moving Target Defense", Ensighta Security Inc proposes to develop a binary program randomization tool based on advanced binary analysis techniques called Emerald. Current computer systems suffer from mono-culture where the same system is deployed identically on many machines. This makes it easy for attackers to replicate attacks across many machines. Binary program randomization can be an effective technique for moving target defense. Emerald will employ state-of-the-art techniques to understand a binary program's code paths and data structures, which allows us to comprehensively randomize the binary program at multiple levels. This will maximize the difficulty randomization provides for attackers as the search space that the attacker has to examine significantly increases. Our technique also minimizes the attack surface as there is no need for either the original un-randomized software, or the randomization software itself, to reside on the end-user's computer, reducing the possibilities for an attacker to disable the randomization process. In terms of commercial uses of this technology, providing an effective binary program randomization tool will be greeted with enthusiasm by potential users while both government and commercial sectors are spending more money on securing their data and infrastructure. We will develop an operationally ready version of Emerald in Phase 2. At the beginning of the Phase 1 project, we will have a TRL of 3. We will have a TRL of 5 at the completion of Phase 1.
* information listed above is at the time of submission.