You are here

EPP: Empirical Privilege Profiling for Black-Box Software

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: W31P4Q-06-C-0134
Agency Tracking Number: 04SB1-0276
Amount: $749,845.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: SB041-016
Solicitation Number: 2004.1
Solicitation Year: 2004
Award Year: 2006
Award Start Date (Proposal Award Date): 2006-01-26
Award End Date (Contract End Date): 2008-04-30
Small Business Information
33 Thornwood Drive, Suite 500
Ithaca, NY 14850
United States
DUNS: 101321479
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Carla Marceau
 Senior Principal Scientis
 (607) 257-1975
Business Contact
 Richard Smith
Title: Controller
Phone: (607) 257-1975
Research Institution

The Principle of Least Privilege says that programs should operate with sufficient privilege to get the job done, but no more, in order to minimize the harm that can be done in case of error. The Empirical Privilege Profiler system (EPP) will collect data about privileges actually exercised by running programs and use that data to create a composite abstract privilege profile for the program. Privilege profiles created by the EPP can be used to guide system administrators in granting program privileges, as well as in intrusion detection, detection of insider misuse, and program development. To create an EPP system, ATC-NY has developed novel technologies for extracting the privileges exercised by programs and for building composite abstract profiles. In Phase II, ATC-NY proposes to integrate those technologies into the prototype of a distributed system that creates composite privilege profiles based on execution of a program at multiple cooperating sites.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government