EPP: Empirical Privilege Profiling for Black-Box Software

Award Information
Agency:
Department of Defense
Branch
Defense Advanced Research Projects Agency
Amount:
$749,845.00
Award Year:
2006
Program:
SBIR
Phase:
Phase II
Contract:
W31P4Q-06-C-0134
Agency Tracking Number:
04SB1-0276
Solicitation Year:
2004
Solicitation Topic Code:
SB041-016
Solicitation Number:
2004.1
Small Business Information
ODYSSEY RESEARCH ASSOC. (FORMERLY AT
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
101321479
Principal Investigator:
Carla Marceau
Senior Principal Scientis
(607) 257-1975
carla@atc-nycorp.com
Business Contact:
Richard Smith
Controller
(607) 257-1975
rick@atc-nycorp.com
Research Institution:
n/a
Abstract
The Principle of Least Privilege says that programs should operate with sufficient privilege to get the job done, but no more, in order to minimize the harm that can be done in case of error. The Empirical Privilege Profiler system (EPP) will collect data about privileges actually exercised by running programs and use that data to create a composite abstract privilege profile for the program. Privilege profiles created by the EPP can be used to guide system administrators in granting program privileges, as well as in intrusion detection, detection of insider misuse, and program development. To create an EPP system, ATC-NY has developed novel technologies for extracting the privileges exercised by programs and for building composite abstract profiles. In Phase II, ATC-NY proposes to integrate those technologies into the prototype of a distributed system that creates composite privilege profiles based on execution of a program at multiple cooperating sites.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government