Automatic Artificial Diversity for Virtual Machines

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-11-C-0197
Agency Tracking Number: F093-053-1797
Amount: $750,000.00
Phase: Phase II
Program: SBIR
Awards Year: 2011
Solicitation Year: 2009
Solicitation Topic Code: AF093-053
Solicitation Number: 2009.3
Small Business Information
317 N. Aurora Street, Ithaca, NY, -
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 David Melski
 VP of Research
 (607) 273-7340
Business Contact
 Ray Teitelbaum
Title: CEO
Phone: (607) 273-7340
Research Institution
ABSTRACT: We propose to introduce artificial diversity to each installation of a standard platform by running the system using a combination of hardware virtualization and software dynamic translation. Automatic, transparent diversification offers powerful protection for systems that would otherwise remain homogenous. Code exploits are usually highly dependent on the details of the software and the vulnerability they target. Diversification ensures that those details change from one instance to the next, thereby requiring that a customized exploit be developed for each machine, frequently an insurmountable challenge for the attacker. Diversification is also attractive because it offers some protection against unknown attack vectors and methodologies. Our approach applies diversification to kernel code, application code, and interactions between processes. BENEFIT: Standardization of computer platforms is an important tool for improving security. Up to 80% of the vulnerabilities that are exploited during penetration testing of government networks result from misconfigured software. Standardized platforms allow security experts to ensure that these vulnerabilities are closed. Unfortunately, wide distribution of a standard platform also means wide distribution of any vulnerability in that platform. While adoption of a standard platform may be the only hope an enterprise has of managing and avoiding known vulnerabilities, it also dramatically increases the potential damage from exploits of newly discovered vulnerabilities: a novel attack may subvert or disable all standardized machines. Our approach to artificial diversity will enable the security benefits of a standardized computing platform without the coincident standardization of security vulnerabilities.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government