Winning the 'Race to the Bottom' by Changing the Rules: Inhibiting Malicious Hardware Activation through Attack Incompatibility

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-12-C-1383
Agency Tracking Number: O2-1185
Amount: $993,950.00
Phase: Phase II
Program: SBIR
Awards Year: 2012
Solicitation Year: 2010
Solicitation Topic Code: OSD10-IA1
Solicitation Number: 2010.2
Small Business Information
421 SW Sixth, Suite 300, Portland, OR, -
DUNS: 098009918
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Mark Tullsen
 Principal Investigator
 (503) 808-7159
Business Contact
 Jodee LeRoux
Title: Contracts
Phone: (503) 808-7209
Research Institution
Many hardware trojans depend on (a) the ability of an attacker to have an accurate model of the target system and of key software used on that system and (b) identification of one or more deterministic trigger conditions with low observability (i.e., conditions that evade detection by traditional scan- or ATPG-based testing methodologies but that can be exercised on demand via external stimuli). We call this class of trojans deterministic, externally-triggered (DET) trojans. This work introduces a class of software-based general purpose countermeasures to the DET class of trojans. We propose a tool by which the software engineer can transform the source code of system and application software to automatically obfuscate communication channels. The tool takes as input two things: (a) the source code of communicating software components, and (b) a specification of obfuscating transformations on the communications; from these the tool automatically generates the source code transformed with the obfuscations. The resulting system does not adhere to the behavioral model assumed when building the trojan. Thus an adversary's assault is rendered less effective via"attack incompatibility": trigger conditions have been altered such that the malicious behavior cannot be reliably instigated.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government