Security through Component-based Isolation Framework (SCIF)

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$740,254.00
Award Year:
2012
Program:
STTR
Phase:
Phase II
Contract:
FA8750-12-C-0250
Award Id:
n/a
Agency Tracking Number:
F10B-T18-0055
Solicitation Year:
2010
Solicitation Topic Code:
AF10-BT18
Solicitation Number:
2010.B
Small Business Information
MA, Cambridge, MA, 02138-4555
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
115243701
Principal Investigator:
Curt Wu
Chief Software Engineer
(617) 491-3474
cwu@cra.com
Business Contact:
Mark Felix
Contracts Manager
(617) 491-3474
mfelix@cra.com
Research Institution:
Boston University
David Berndt
25 Buick Street
Boston, MA, 02215-
(617) 353-0265
Nonprofit college or university
Abstract
ABSTRACT: Networked PCs are critical to the success of data-driven missions, and the complex software they execute is both the source of their power and their primary vulnerability. Applications and services are often composed of multiple software components developed by different vendors or open source communitiesany of which may introduce a vulnerability. To help minimize the damage of potential exploitation of such vulnerabilities, data must not be allowed to flow freely between all components running on a system. To improve application security and minimize damage done by malicious or faulty code, we propose to design and develop a multikernel OS, which will provide a hardware-based memory isolation scheme that allows fine-grained control over data flow between OS components. Our lightweight virtualization solution provides component isolation and fault recovery without the overhead associated with more traditional heavyweight virtualization approaches. The multikernel will distribute components among sandboxed kernels with an efficient heuristic algorithm that balances isolation and performance. Faulty sandboxed kernels will be dynamically recoverable without a full system reboot. Finally, we will design techniques to proactively detect components at risk of fault, so they can be highlighted for extra attention. BENEFIT: We expect the full-scope multikernel OS to have immediate and tangible benefit for a number of military computing systems. In particular, the framework will help networked systems fight through cyber attacks. The technologies developed under this effort will enhance the effectiveness of existing secure OS tools by incorporating the component-based isolation techniques. The multikernel OS will also be the basis for a secure and predictable next-generation OS with commercial and military applications.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government