Emerald: Binary Program Randomization

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: HSHQDC-12-C-00025
Agency Tracking Number: DHS SBIR-2012.1-H-SB012.1-002 -0023-I
Amount: $99,988.29
Phase: Phase I
Program: SBIR
Awards Year: 2012
Solicitation Year: 2012
Solicitation Topic Code: H-SB012.1-002
Solicitation Number: DHS SBIR-2012.1
Small Business Information
Ensighta Security, Inc.
2700 Le Conte Ave, Suite 601, Berkeley, CA, 94709-1052
DUNS: 826960671
HUBZone Owned: Y
Woman Owned: Y
Socially and Economically Disadvantaged: N
Principal Investigator
 Jimmy Su
 (510) 846-3909
Business Contact
 Dawn Song
Title: President
Phone: (510) 842-6021
Email: ensighta@gmail.com
Research Institution
In response to SBIR topic H-SB012.1-002, "Moving Target Defense", Ensighta Security Inc proposes to develop a binary program randomization tool based on advanced binary analysis techniques called Emerald. Current computer systems suffer from mono-culture where the same system is deployed identically on many machines. This makes it easy for attackers to replicate attacks across many machines. Binary program randomization can be an effective technique for moving target defense. Emerald will employ state-of-the-art techniques to understand a binary program's code paths and data structures, which allows us to comprehensively randomize the binary program at multiple levels. This will maximize the difficulty randomization provides for attackers as the search space that the attacker has to examine significantly increases. Our technique also minimizes the attack surface as there is no need for either the original un-randomized software, or the randomization software itself, to reside on the end-user's computer, reducing the possibilities for an attacker to disable the randomization process. In terms of commercial uses of this technology, providing an effective binary program randomization tool will be greeted with enthusiasm by potential users while both government and commercial sectors are spending more money on securing their data and infrastructure. We will develop an operationally ready version of Emerald in Phase 2. At the beginning of the Phase 1 project, we will have a TRL of 3. We will have a TRL of 5 at the completion of Phase 1.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government