Active Software Defense to Reduce Threat Capability Effectiveness
Small Business Information
2200 Kraft Drive, Suite 1200 R, Blacksburg, VA, -
Carlos Aguayo Gonzalez
AbstractPerimeter and passive cyber defenses must be complemented with an active defense mechanism to elevate the risks, or costs, a potential attacker must face. The effectiveness of an active defense mechanism is ultimately limited by its ability to detect threats fast, accurately, and reliably. For this Phase I project, we propose to determine the feasibility of creating an active defense solution based on a novel integrity assessment approach called power fingerprinting (PFP). PFP is capable of detecting integrity violations and malicious intrusions with extreme accuracy and speed, even at the lowest levels of the software stack. The proposed solution includes effective mechanisms to gather intelligence, deny access to peripherals, and even reset the processor to prevent an attacker from stealing information or install a back door. For Phase I, we will develop a PFP monitor for an embedded Android platform, validate the different active responses and countermeasures, and develop a general mechanism to interpret response policies. We will evaluate the performance of the complete system in terms of probability of threat detection, probability of false alarm, and response effectiveness in different attack scenarios and blind tests.
* information listed above is at the time of submission.