Symbiote Technology to Repair Vulnerable Firmware

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: W31P4Q-13-C-0165
Agency Tracking Number: D131-003-0008
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: SB131-003
Solicitation Number: 2013.1
Timeline
Solicitation Year: 2013
Award Year: 2013
Award Start Date (Proposal Award Date): 2013-04-30
Award End Date (Contract End Date): 2014-01-31
Small Business Information
501 W 123rd Street, Apt 8A, New York, NY, -
DUNS: 078682097
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Ang Cui
 President
 (646) 573-2547
 a@redballoonsecurity.com
Business Contact
 Salvatore Stolfo
Title: Director
Phone: (201) 906-3438
Email: s@redballoonsecurity.com
Research Institution
N/A
Abstract
The goal of our work is to defend (legacy) embedded systems firmware with entirely new defensive capabilities proven up in prior DARPA-sponsored research at Columbia University. We invented the Software Symbiote, a host-based defensive technology that injects intrusion detection functionality within the firmware of a (legacy) embedded system and that senses the unauthorized modification of the device firmware. FRAK, a firmware reverse engineering and analysis console, developed by Red Balloon Security under a prior DARPA Cyber Fast Track SBIR Phase 1 contract, provides the means of injecting protective Symbiote technology into any proprietary firmware. Symbiote payloads are presently designed to perform identification of firmware vulnerabilities immediately upon a successful exploitation and firmware modification. However,"repair payloads"that excise the malicious code deposited by a real attack, and replacement of the vulnerable code segment to avoid re-exploitation in an endless DOS loop are yet to be fully explored and demonstrated. The proposed Phase 1 SBIR work is thus focused on the design and specification of the repair of the exploited firmware and its means of being delivered to arbitrary embedded devices via a FRAK-enabled environment.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government