Automatic Artificial Diversity for Virtual Machines

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$99,767.00
Award Year:
2010
Program:
SBIR
Phase:
Phase I
Contract:
FA8750-10-C-0096
Award Id:
97186
Agency Tracking Number:
F093-053-1983
Solicitation Year:
n/a
Solicitation Topic Code:
AF 09-053
Solicitation Number:
n/a
Small Business Information
1207 Cole Rd., Orlando, FL, 32803
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
828284856
Principal Investigator:
Sherri Sparks
President
(407) 896-7010
sparks@clearhatconsulting.com
Business Contact:
Sherri Sparks
President
(407) 896-7010
sparks@clearhatconsulting.com
Research Institution:
n/a
Abstract
We propose to apply viral metamorphic transformation techniques to increase code diversification in homogenous virtualized environments. The idea of metamorphic transformation is borrowed from the computer virus world. By applying semantics preserving transformations to its own code, a metamorphic virus aims to create different versions of itself that escape detection by anti-viral software. Ironically, the metamorphic virus shares many of the characteristics that we have identified as desirable for increasing the diversification and resilience of legitimate software against automated attack. Like the virus, we want to reduce the number of identifiable patterns in the system. This is so that we can prevent an attacker's exploit code from using hardcoded offsets or patterns to locate, call, or subvert critical Operating System functions. Also like the virus, we seek to increase the difficulty of program analysis. By applying metamorphic transformations to system code, we can increase the burden on the attacker by requiring advanced capabilities like disassemblers that are impractical or unlikely to fit within most exploit payloads. Finally, because metamorphic transformations can be applied to binary code without affecting its underlying functionality, we anticipate being able to achieve maximum transparancy and interoperability with other, higher level diversification approaches. BENEFIT: A platform for automated diversification will be valuable to the government, especially in the defense sector to improve the resiliency and survivability among homogenous virtualized systems. Defense applications are likely to include peripheral network nodes in command and control centers and high performance computing centers that are exposed to unpredictable hostile threats over the internet. These systems will benefit from technologies designed to reduce susceptibility to automated attacks including viruses, trojans, worms, and botnets. These technologies will also be valuable in the commercial sector. By reducing susceptibility to attacks our solution will help minimize system downtime and translate to increased efficiency and reduced cost for businesses.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government