Malicious Binary Code Automated Response, Forensics and Immunity - Tools and Methods

Award Information
Agency: Department of Defense
Branch: Missile Defense Agency
Contract: HQ0006-04-C-7014
Agency Tracking Number: B041-056-0052
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Awards Year: 2004
Solicitation Year: 2004
Solicitation Topic Code: MDA04-056
Solicitation Number: 2004.1
Small Business Information
190 Green Valley Road, Owens Crossroads, AL, 35763
DUNS: 142295422
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: Y
Principal Investigator
 (256) 656-9652
Business Contact
Title: CEO
Phone: (256) 656-9652
Research Institution
This effort will develop a capability for automated modification of binary code based on canonical algorithm patterns of control flows. Since these methods are based on control flow, they are OS and language independent. The methods offer a path towards building operating systems that are self-repairing and can immunized against malicious behavior. This effort will develop methods to automate insertion of safeguarding breakpoints at potentially malicious code points. When a breakpoint is hit, several options will be automatically made available to computer security network analysts. Algorithm information will be extracted form the breakpoint area of the code and displayed in a syntax-neutral flow graph. The flow graph will offer a real-time visual debugger that can be stepped and interpreted in a `safe' mode to determine methods of attack used by malicious code, contain the code, log its behavior, etc. This will enable both real-time and offline responses to be developed as well as advanced forensics and behavior analysis of malicious binary code. It will develop a technology that can modify and contain bad code in COTS products prior to running within a trusted and secure system.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government