Policy Guided Isolation and Strategically Shielded Exposure: A Novel Approach to Secure Applications

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-12-C-0273
Agency Tracking Number: F10B-T18-0228
Amount: $750,000.00
Phase: Phase II
Program: STTR
Awards Year: 2012
Solicitation Year: 2010
Solicitation Topic Code: AF10-BT18
Solicitation Number: 2010.B
Small Business Information
Intelligent Automation, Inc.
15400 Calhoun Drive, Suite 400, Rockville, MD, -
DUNS: 161911532
HUBZone Owned: N
Woman Owned: Y
Socially and Economically Disadvantaged: N
Principal Investigator
 Peng Xie
 Lead Scientist
 (301) 294-5218
Business Contact
 Mark James
Title: Director, Contracts and Proposals
Phone: (301) 294-5221
Email: mjames@i-a-i.com
Research Institution
 Purdue University
 Dongyan Xu
 305 N. University Street
West Lafayette, IN, 47907-2107
 (765) 494-6182
 Nonprofit college or university
ABSTRACT: It is very challenging to secure applications in today's networked computer systems where applications inherently share various resources and information. In this proposal, we propose a novel approach called policy guided isolation and strategically shielded exposure, to protect applications in network environments. Our approach integrates virtualization technology with the Policy Machine technique to protect the applications. In Phase I, we implement the security-enhanced VM monitor (virtual machine monitor) to enforce the security policies regulating information sharing among processes inside a virtual machine. The experimental results in Phase I show that the security-enhanced VM monitor can effectively prevent information leakage caused by accidents or malware. In Phase II effort, we will extend our phase I work by integrating a light-weight kernel-compatible policy machine and efficient kernel code protection mechanisms with the VM monitor. Moreover, we will refine our process/data coloring technique to allow the VM monitor to more effectively monitor the execution of applications. Furthermore, the extended VM monitor can protect the guest operating system against kernel rootkits. Finally, the proposed techniques will be integrated into a prototype policy programmable VM monitor. BENEFIT: The proposed approach to application protection, policy guided isolation and strategically shielded exposure, provides a feasible solution to protect the applications in a networked environment. The architecture and techniques can be applied to a broad range of military scenarios that involve sensitive information protection including war-time command and control, real-time surveillance network, homeland security, etc. Other potential commercial applications include software industry, banking, law enforcement agency and various civil applications. In essence, the ideas, methods and products resulting from this effort will be applicable to virtually all applications where digital asset protection is needed. The market is quite large and still developing due to the development of computer and software industry. IAI is more than a"think tank", and we have actively pursued with our partners the application of our technologies into actual products. For this proposed effort, in particular, we strongly believe that our work provides the solution needed in practice. It is also reasonable to expect a source of revenue from service contracts related with the actual development of such product for application protection. In addition, IAI will closely work with our partners and collaborator companies such as Raytheon, Lockheed Martin, BAE systems, Boeing, and SAIC to transfer this technology into the military and commercial world.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government