Automated Embedded Vulnerability Identification and Exploitation Mitigation System Using FRAK, Symbiote and Autotomic Binary Structure Randomization

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: D15PC00113
Agency Tracking Number: HSHQDC-14-R-00035-H-SB014.2-002-0011-II
Amount: $754,922.66
Phase: Phase II
Program: SBIR
Solicitation Topic Code: H-SB014.2-002
Solicitation Number: HSHQDC-14-R-00035
Timeline
Solicitation Year: 2014
Award Year: 2015
Award Start Date (Proposal Award Date): 2015-09-04
Award End Date (Contract End Date): 2016-09-18
Small Business Information
336 West 37th Street Suite 1024, Suite 1024, New York, NY, 10018-4592
DUNS: 078682097
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Ang Cui
 CEO
 (646) 573-2547
 a@redballoonsecurity.com
Business Contact
 Calvin Chu
Title: Chief Operating Officer
Phone: (347) 420-2849
Email: c@redballoonsecurity.com
Research Institution
N/A
Abstract
We propose to implement a novel Embedded Live-Hardening framework and associated algorithms to combine the state-of-the-art in static firmware vulnerability analysis and mitigation with a suite of novel dynamic defensive techniques powered by Red Balloon Security's software Symbiote technology. While Symbiotes have traditionally been used directly to enforce dynamic firmware integrity attestation in embedded devices, we propose to design new Symbiote payloads capable of not only dynamic attestation, but live attack forensic data collection, analysis and ultimately, live hardening of vulnerable devices based on forensic data collected by other similar deployed devices. Lastly, we propose to design a comprehensive framework for truly integrating all meta-data collected through both static and dynamic analysis components to continuously, and automatically, identify and mitigate vulnerabilities on all protected devices. Such a framework will allow network defenders to: - Maximize vulnerability identification accuracy while minimizing expert human intervention - Minimize reaction time between threat identification and mitigation deployment for proprietary embedded devices - Maximize forensic data collection capabilities on black-box embedded devices - Minimize downtime of vulnerable and compromised devices while drastically increasing the defenders ability to patch vulnerabilities within embedded devices dynamically - Maximize overall embedded security situational awareness across enterprise-level networks of heterogeneous embedded devices We propose to deliver a phase one report that details the component technology designs and time and cost estimates for a phase two contract to implement, test and evaluate these technologies.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government