Autonomous Detection and Healing of Silent Vulnerabilities

Award Information

Agency: Department of Homeland Security

Branch: N/A

Contract: D15PC00114

Agency Tracking Number: HSHQDC-14-R-00035-H-SB014.2-002-0004-II

Amount: $749,952.01

Phase: Phase II

Program: SBIR

Solicitation Topic Code: H-SB014.2-002

Solicitation Number: HSHQDC-14-R-00035

Timeline

Solicitation Year: 2014

Award Year: 2015

Award Start Date (Proposal Award Date): 2015-09-09

Award End Date (Contract End Date): 2017-09-23

Small Business Information

BlueRISC Inc

28 Dana St, Amherst, MA, 01002-0000

DUNS: 102221665

HUBZone Owned: N

Woman Owned: N

Socially and Economically Disadvantaged: N

Principal Investigator

Name: Jeffry Gummeson
Title: Senior Security Architect
Phone: (413) 359-0599
Email: jeff@bluerisc.com

Business Contact

Name: Sylvia Moritz
Title: VP of Finance & Operations
Phone: (617) 517-6324
Email: sylvia@bluerisc.com

Research Institution

N/A

Abstract

BlueRISC's proposed solution provides a fundamentally new approach to enable autonomous detection of exploitation attempts as well as healing of silent vulnerabilities. It follows a hybrid approach consisting of (i) new static silent vulnerability point and associated path pre-characterization concepts, and (ii) the insertion of minimal and low-overhead runtime support enabled by the vulnerability characterization framework to enable validation, detection and healing at runtime. As opposed to other solutions, which rely on an attacker successfully injecting functionality in order to detect, this solution is also able to detect the exploitation of silent vulnerabilities, which leak information without modifying the system. The solution is CPU and operating system agnostic and thus widely applicable. Initial sectors that will be targeted include the critical infrastructure Energy Sector and the Defense Industrial Base Sector.

* Information listed above is at the time of submission. *