Covert Loading and Execution of Software Protections to Reduce Adversarial Detection

Award Information
Agency:
Department of Defense
Amount:
$750,000.00
Program:
SBIR
Contract:
FA8650-10-C-1752
Solitcitation Year:
2008
Solicitation Number:
2008.1
Branch:
Air Force
Award Year:
2010
Phase:
Phase II
Agency Tracking Number:
O081-IA2-1145
Solicitation Topic Code:
OSD08-IA2
Small Business Information
GrammaTech, Inc
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
603978321
Principal Investigator
 Thomas Johnson
 Software Engineer
 (607) 273-7340
 tjohnson@grammatech.com
Business Contact
 Ray Teitelbaum
Title: CEO
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
N/A
Abstract
A number of software defenses exist that frustrate attempts to examine or tamper with a protected application. However, if an attacker arrives before these defenses are initialized, then they can observe the defenses as they are setup, gaining great insight into how the protections can be subverted. There is a sort of “who came first” game played between the protected application and the attacker. Attackers are unlikely to approach the defenses head-on. A key weak point is during installation and deployment of the defenses. This opening must be prevented. During Phase I, GrammaTech investigated techniques that enhance existing defenses by protecting the loading phase of a sensitive application. Our approach is based on leveraging existing technology in new ways. Specifically, we combine two techniques, VM migration and kernel blending. VM migration boots the sensitive application and its defenses in a trusted environment and only then ships them to the hostile platform. Kernel blending eliminates the boundary between the sensitive application and the operating system, preventing many avenues of attack.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government