Countermeasures to Malicious Hardware to Improve Software Protection Systems

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-11-M-1056
Agency Tracking Number: O102-IA1-1035
Amount: $97,697.00
Phase: Phase I
Program: SBIR
Awards Year: 2010
Solitcitation Year: 2010
Solitcitation Topic Code: OSD10-IA1
Solitcitation Number: 2010.2
Small Business Information
Clear Hat Consulting, Inc.
1207 Cole Rd., Orlando, FL, 32803
Duns: 828284856
Hubzone Owned: N
Woman Owned: Y
Socially and Economically Disadvantaged: N
Principal Investigator
 Sherri Sparks
 President
 (407) 896-7010
 sparks@clearhatconsulting.com
Business Contact
 Sherri Sparks
Title: President
Phone: (407) 896-7010
Email: sparks@clearhatconsulting.com
Research Institution
N/A
Abstract
Security concerns are driving the research and development of innovative techniques designed to detect, prevent, and respond to sophisticated threats in COTS hardware and firmware components. Because of the size and breadth of the attack surface, Clear Hat proposes to limit the scope of their research for this Phase I effort to malicious firmware alterations on disk based storage devices. To date, there has been very little published research evaluating the feasibility, technical implementation, capabilities, and security implications of malicious disk firmware. This is likely due to a lack of publically available documentation about the internal architecture of disk devices as well as a lack of access to functional test cases (e.g. malicious hardware / firmware samples). Clear Hat proposes to take a “hands on” approach to the problem. Using state of the art disk analysis and recovery hardware, Clear Hat will first approach the problem from an offensive angle by attempting to design a disk based Trojan to determine the “real world” capabilities such a trojan would possess. Once these are understood, we will focus on our primary objective of determining the types of practical defenses that are likely to be the most effective against disk based attacks.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government