Policy Guided Isolation and Strategically Shielded Exposure: A Novel Approach to Secure Applications

Award Information
Department of Defense
Air Force
Award Year:
Phase II
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
Intelligent Automation, Inc.
15400 Calhoun Drive, Suite 400, Rockville, MD, -
Hubzone Owned:
Socially and Economically Disadvantaged:
Woman Owned:
Principal Investigator:
Peng Xie
Lead Scientist
(301) 294-5218
Business Contact:
Mark James
Director, Contracts and Proposals
(301) 294-5221
Research Institution:
Purdue University
Dongyan Xu
305 N. University Street
West Lafayette, IN, 47907-2107
(765) 494-6182
Nonprofit college or university
ABSTRACT: It is very challenging to secure applications in today's networked computer systems where applications inherently share various resources and information. In this proposal, we propose a novel approach called policy guided isolation and strategically shielded exposure, to protect applications in network environments. Our approach integrates virtualization technology with the Policy Machine technique to protect the applications. In Phase I, we implement the security-enhanced VM monitor (virtual machine monitor) to enforce the security policies regulating information sharing among processes inside a virtual machine. The experimental results in Phase I show that the security-enhanced VM monitor can effectively prevent information leakage caused by accidents or malware. In Phase II effort, we will extend our phase I work by integrating a light-weight kernel-compatible policy machine and efficient kernel code protection mechanisms with the VM monitor. Moreover, we will refine our process/data coloring technique to allow the VM monitor to more effectively monitor the execution of applications. Furthermore, the extended VM monitor can protect the guest operating system against kernel rootkits. Finally, the proposed techniques will be integrated into a prototype policy programmable VM monitor. BENEFIT: The proposed approach to application protection, policy guided isolation and strategically shielded exposure, provides a feasible solution to protect the applications in a networked environment. The architecture and techniques can be applied to a broad range of military scenarios that involve sensitive information protection including war-time command and control, real-time surveillance network, homeland security, etc. Other potential commercial applications include software industry, banking, law enforcement agency and various civil applications. In essence, the ideas, methods and products resulting from this effort will be applicable to virtually all applications where digital asset protection is needed. The market is quite large and still developing due to the development of computer and software industry. IAI is more than a"think tank", and we have actively pursued with our partners the application of our technologies into actual products. For this proposed effort, in particular, we strongly believe that our work provides the solution needed in practice. It is also reasonable to expect a source of revenue from service contracts related with the actual development of such product for application protection. In addition, IAI will closely work with our partners and collaborator companies such as Raytheon, Lockheed Martin, BAE systems, Boeing, and SAIC to transfer this technology into the military and commercial world.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government