Countermeasures to Malicious Hardware to Improve Software Protection Systems

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$999,957.00
Award Year:
2012
Program:
SBIR
Phase:
Phase II
Contract:
FA8650-12-C-1382
Agency Tracking Number:
O2-1190
Solicitation Year:
2010
Solicitation Topic Code:
OSD10-IA1
Solicitation Number:
2010.2
Small Business Information
Clear Hat Consulting, Inc.
56 E Pine Street, Suite 300, Orlando, FL, -
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
828284856
Principal Investigator:
Shawn Embleton
Vice President
(407) 841-8320
embleton@clearhatconsulting.com
Business Contact:
Sherri Sparks
President
(407) 841-8320
sparks@clearhatconsulting.com
Research Institution:
Stub




Abstract
The availability and low cost of COTS software and hardware components has resulted in their deployment across a wide array of critical defense and industry applications. Clear Hat focused their Phase 1 effort on developing countermeasures for malicious hard disk firmware. Although we will continue our research and development of technologies designed to ensure the integrity of disk drive firmware, we have chosen to broaden the scope of our Phase 2 effort. Our Phase 2 will also include the development of a host oriented protection architecture designed to address the greater problem concerning how critical software assets running on COTS systems can securely carry out their missions in spite of operating inside hostile hardware environments. Unfortunately, the development of generic, integrity validation techniques for COTS hardware / firmware are still in their infancy. One of the biggest challenges lies in the vast number of different component manufacturers and device types. For example, it is unrealistic in the short-medium term that it will be possible to validate the hardware / firmware for every single COTS component found in a general purpose computer system. It is similarly unrealistic that all of these components will be manufactured in trusted foundries. Therefore, we feel that practical security against an emerging class of hardware and firmware threats must consider both device and host-centric technologies.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government