Countermeasures to Malicious Hardware to Improve Software Protection Systems
Department of Defense
Agency Tracking Number:
Solicitation Topic Code:
Small Business Information
Clear Hat Consulting, Inc.
1207 Cole Rd., Orlando, FL, 32803
Socially and Economically Disadvantaged:
AbstractSecurity concerns are driving the research and development of innovative techniques designed to detect, prevent, and respond to sophisticated threats in COTS hardware and firmware components. Because of the size and breadth of the attack surface, Clear Hat proposes to limit the scope of their research for this Phase I effort to malicious firmware alterations on disk based storage devices. To date, there has been very little published research evaluating the feasibility, technical implementation, capabilities, and security implications of malicious disk firmware. This is likely due to a lack of publically available documentation about the internal architecture of disk devices as well as a lack of access to functional test cases (e.g. malicious hardware / firmware samples). Clear Hat proposes to take a “hands on” approach to the problem. Using state of the art disk analysis and recovery hardware, Clear Hat will first approach the problem from an offensive angle by attempting to design a disk based Trojan to determine the “real world” capabilities such a trojan would possess. Once these are understood, we will focus on our primary objective of determining the types of practical defenses that are likely to be the most effective against disk based attacks.
* information listed above is at the time of submission.