Secure Software Components Leveraging the seL4 Microkernel

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: D15PC00175
Agency Tracking Number: D2-1447
Amount: $1,499,156.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: SB151-003
Solicitation Number: 2015.1
Timeline
Solicitation Year: 2015
Award Year: 2015
Award Start Date (Proposal Award Date): 2015-09-09
Award End Date (Contract End Date): 2018-10-13
Small Business Information
Suite 400, Utica, NY, 13501
DUNS: 621349406
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Stuart Card
 (315) 793-0248
 Stu.Card@critical.com
Business Contact
 Mr. David Schroeder
Phone: (315) 793-0248
Email: Dave.Schroeder@critical.com
Research Institution
N/A
Abstract
The overall objective of this topic is to build applications that expand the ecosystem of secure software components around the seL4 operating system microkernel. The CTI/SU teams interpretation of this is broad, including an application primarily as a demonstration of the utility of a more fundamental expansion of the ecosystem: to release to the community, as open source, a minimized Trusted Computing Base (TCB) that strongly isolates VMs, supports capability based security and computer resource management, is amenable to independent formal verification and penetration testing, has been formally verified and penetration tested at least once, and facilitates mixed proof / factored security arguments where components vary in their trustworthiness and pedigree. The objective of Phase II is to develop secure software components together with a demonstration application, on top of seL4. The secure software components will be the Syracuse Assured Boot Loader Executive (SABLE) and the Genode operating system framework. The demonstration application will be the Geographically Aware & Target Secure Information Dissemination (GATSID) pub-sub-query DDS. The real impact is that developers are enabled to construct explicitly mixed-trust systems on a trustworthy base and administrators are enabled to assess objectively the trust they should repose in such systems.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government