Automatic Detection and Patching of Vulnerabilities in Embedded Systems

Award Information
Agency:
Department of Defense
Branch:
Defense Advanced Research Projects Agency
Amount:
$99,949.00
Award Year:
2013
Program:
SBIR
Phase:
Phase I
Contract:
W31P4Q-13-C-0166
Agency Tracking Number:
D131-003-0023
Solicitation Year:
2013
Solicitation Topic Code:
SB131-003
Solicitation Number:
2013.1
Small Business Information
GrammaTech, Inc
531 Esty Street, Ithaca, NY, -
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator
 Denis Gopan
 Senior Scientist
 (608) 827-0657
 gopan@grammatech.com
Business Contact
 Derek Burrows
Title: General Counsel
Phone: (607) 273-7340
Email: dburrows@grammatech.com
Research Institution
N/A
Abstract
Recent studies have shown that embedded systems are extremely vulnerable to security attacks. Some published exploits include remote hijacking of the electronic systems in a modern car and using IP phones and smart televisions to perform covert surveillance of their owners. In this project, we propose a protection system that automatically detects and removes vulnerabilities from embedded software. The system will be based on static rewriting of the software prior to deployment. The rewriting will render the known vulnerabilities unexploitable and will add protections to prevent exploits of undiscovered vulnerabilities. The proposed system will operate directly on software binaries, even in the absence of source code or symbol information. Thus, the system will protect equally well both the newly developed software and legacy software. We will build the system to be easily retargetable to different instruction sets to accommodate a variety of platforms employed in the embedded systems domain. To make sure that added protections do not break the functionality of a program, the proposed system will include a component for verifying that the rewritten program is semantically equivalent to the original program.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government