Securing Applications by Limiting Exposure

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$99,999.00
Award Year:
2011
Program:
STTR
Phase:
Phase I
Contract:
FA8750-11-C-0138
Award Id:
n/a
Agency Tracking Number:
F10B-T18-0188
Solicitation Year:
2010
Solicitation Topic Code:
AF10-BT18
Solicitation Number:
2010.B
Small Business Information
P O Box 1274, Princeton, NJ, 08542-
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
135270473
Principal Investigator:
KhushbooShah
Senior Research Scientist
(609) 651-4500
khushboo@altusystems.com
Business Contact:
JohnBuford
President
(609) 651-4500
buford@altusystems.com
Research Institute:
SUNY Binghamton
Mary J Sager
Research Foundation of SUNY
PO Box 6000
Binghamton, NY, 13902-
(607) 777-6136

Abstract
ABSTRACT: This proposal details an ambitious effort to develop Virtualization-based secure application Containers and Controlled Communication System (VC3S). The VC3S provides secure application/module isolation, mediation of inter-application/module communication, as well as dynamic/intelligent exposure to the Internet. The proposed approach is three-pronged and enables the application of the principle of least privilege in commercial off-the-shelf systems (COTS). 1) Secure VM-based containers provide isolation among complex applications and/or modules from each other in order to reduce their exposure to attacks. 2) High-performance cross-domain (inter-VM) communication channels to support (a) direct VM-to-VM (V2V) communication among VMs that execute trusted/certified components and (b) monitored and mediated indirect V2V communication between one or more untrusted components to tightly control the interaction between untrusted components. 3) Policy control framework that dynamically and intelligently provides tight control over inter-application communication as well as limits the exposure of applications to the Internet. Policy control framework achieves this goal by user-intent and application monitoring, generating application and inter-application behavior profiles and by deriving dynamic and intelligent access control policies based on available behavior profiles including user intent concept at runtime. Support for multi-layer security is integrated in the VC3S architecture. BENEFIT: As a result of the advancements the proposed effort will make in the area of secure application virtualization, the developed VC3S will have significant benefits and commercial potential. Specifically, the military and civilians have become more dependent on information, and hence on information technology, intrusions and extrusions have become a significant threat to mission success, civilian infrastructure, and civilian enterprise success. The proposed effort will develop new directions in providing security against such attacks, and hence will have significant benefit for military and civilian information systems. Consequently, the systems developed under this effort have tremendous commercial potential. The first generation VC3S will be a software-based product to provide 1) secure application/module isolation, 2) mediation of inter-application/module communication, and 3) dynamic/intelligent exposure to the Internet. Software will further integrate events and log messages available from COTS products to strengthen dynamic behavior collection and to provide extremely accurate security policy generation. We plan partnership with various application vendors to provide customized and multi-level-security for those applications. The second generation product suite has two thrusts. First thrust will modify open-source hypervisors and work with partners to modify proprietary hypervisors. Second thrust will develop security suite that is compatible with these modified hypervisors. As a result, the complete solution is independent of the hypervisor.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government