Autonomous Detection and Healing of Silent Vulnerabilities

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: D15PC00114
Agency Tracking Number: HSHQDC-14-R-00035-H-SB014.2-002-0004-II
Amount: $749,952.01
Phase: Phase II
Program: SBIR
Solicitation Topic Code: H-SB014.2-002
Solicitation Number: HSHQDC-14-R-00035
Timeline
Solicitation Year: 2014
Award Year: 2015
Award Start Date (Proposal Award Date): 2015-09-09
Award End Date (Contract End Date): 2017-09-23
Small Business Information
28 Dana St, Amherst, MA, 01002-0000
DUNS: 102221665
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Jeffry Gummeson
 Senior Security Architect
 (413) 359-0599
 jeff@bluerisc.com
Business Contact
 Sylvia Moritz
Title: VP of Finance & Operations
Phone: (617) 517-6324
Email: sylvia@bluerisc.com
Research Institution
N/A
Abstract
BlueRISC's proposed solution provides a fundamentally new approach to enable autonomous detection of exploitation attempts as well as healing of silent vulnerabilities. It follows a hybrid approach consisting of (i) new static silent vulnerability point and associated path pre-characterization concepts, and (ii) the insertion of minimal and low-overhead runtime support enabled by the vulnerability characterization framework to enable validation, detection and healing at runtime. As opposed to other solutions, which rely on an attacker successfully injecting functionality in order to detect, this solution is also able to detect the exploitation of silent vulnerabilities, which leak information without modifying the system. The solution is CPU and operating system agnostic and thus widely applicable. Initial sectors that will be targeted include the critical infrastructure Energy Sector and the Defense Industrial Base Sector.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government