Automatic Detection and Patching of Vulnerabilities in Embedded Systems

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: W31P4Q-13-C-0166
Agency Tracking Number: D131-003-0023
Amount: $99,949.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: SB131-003
Solicitation Number: 2013.1
Solicitation Year: 2013
Award Year: 2013
Award Start Date (Proposal Award Date): 2013-06-17
Award End Date (Contract End Date): 2014-03-16
Small Business Information
531 Esty Street, Ithaca, NY, -
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Denis Gopan
 Senior Scientist
 (608) 827-0657
Business Contact
 Derek Burrows
Title: General Counsel
Phone: (607) 273-7340
Research Institution
Recent studies have shown that embedded systems are extremely vulnerable to security attacks. Some published exploits include remote hijacking of the electronic systems in a modern car and using IP phones and smart televisions to perform covert surveillance of their owners. In this project, we propose a protection system that automatically detects and removes vulnerabilities from embedded software. The system will be based on static rewriting of the software prior to deployment. The rewriting will render the known vulnerabilities unexploitable and will add protections to prevent exploits of undiscovered vulnerabilities. The proposed system will operate directly on software binaries, even in the absence of source code or symbol information. Thus, the system will protect equally well both the newly developed software and legacy software. We will build the system to be easily retargetable to different instruction sets to accommodate a variety of platforms employed in the embedded systems domain. To make sure that added protections do not break the functionality of a program, the proposed system will include a component for verifying that the rewritten program is semantically equivalent to the original program.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government