N102-184 TITLE: Isolation Techniques for Untrusted Software

TECHNOLOGY AREAS: Information Systems

ACQUISITION PROGRAM: JPEO JTRS ACAT I

OBJECTIVE: Develop technique(s) to protect an embedded computing platform from malware contained in a large open source or commercial software package. The protection shall be achieved without adversely impacting either the performance or resource usage of the computational platform. The technique(s) should not require specialized hardware devices or architecture, as it is desired to provide enhanced security to fielded platforms.

DESCRIPTION: Open source software has rapidly advanced information collaboration and sharing. Even commercial software packages can contain open source or other software of unknown trust. It would be cost-prohibitive to replicate the functionality provided by millions of lines of untrusted software. (Consider trustworthiness in this context to include security, privacy, reliability, and safety.) Execution of this software on private, commercial, and government computing platforms represents risk because there is potential for malware to be clandestinely hidden within these large software compositions. The malware's impact can range from denial of service of the application and other users of computing platform to covert transmissions and receptions of the network connected to the computing platform. The more malicious malware can jeopardize the integrity of users and any applications on the computing platform or possibly even those connected via the network. Research has been done for type-safe programming which allows for fine grained data sharing on Java but is not applicable to C/C++ code.

The goal is to provide isolation between the untrusted software and other applications executing upon the host computing platform. Current technology includes secure partitioning, provided natively through the operating system or a hypervisor. This provides adequate containment of an application although trusted data guards must be provided to the partitions containing untrusted software. Other technologies offer isolation of applications from the operating system but does not provide multiple level of security needed by more advanced computing platforms. Techniques which use the substitution of a completely new operating system or separation kernel are not desirable as it often entails cost and schedule over runs.

Another possibility is a virtual machine executing upon the native operating system to provide isolation and security for untrusted software. Although perhaps more costly in computing resources, it might have advantages for retrofitting existing platforms with increased computational security. Other approaches are possible as well and should be evaluated.

PHASE I: Current computer security technology does not provided for proper hosting of untrusted software. Propose strategies and techniques to protect computing platform resources from undesired or malicious behavior. Provide mathematical model and simulate the protection of the proposed isolation product as well as portability of the product. If secure partitions are identified as part of the isolation technique, document strategies for construction and implementations of data guards between partitions.

PHASE II: Create a software test bench for demonstration of the isolation product. Prototype the isolation product and deploy it on the test bench. Demonstrate the performance of the isolation product with a large open source project such as the Apache web server. An independent test organization should be contracted to test isolation by introducing malware into the open source software. Prepare a final report detailing the test results and the merits of the isolation techniques.

PHASE III: Refine the isolation product based upon testing results from Phase II. If enhancements require hardware implementation, collaborate with a hardware manufacturer for inclusion of the new features into the platform or processing unit. If the techniques involve software-based isolation, formalize a software product providing these new capabilities.

PRIVATE SECTOR COMMERCIAL POTENTIAL/DUAL-USE APPLICATIONS:
Almost every computing platform in private households, including electronic book readers, cell phones, etc., incorporate some untrusted software. Protection of the computing platform and its resources is a fundamental security issue for private citizens and local governments.

REFERENCES:
(1) James F. Mason, Kenn R. Luecke and Jahn A. Luke Device drivers in time and space partitioned operating systems, MILCOM 2008 - IEEE Military Communications Conference, vol. 27, no. 1, November 2008, pp. 1180 � 1186.

(2) Thomas H. Morris and V. S. S. Nair Secure context switch for private computing on public platforms, GLOBECOM 2008 - IEEE Global Telecommunications Conference, vol. 27, no. 1, November 2008, pp. 2159 � 2163.

(3) Dilip Krishnaswamy, Robert N. Hasbun and John P. Brizek Secure manageable mobile handset platform architectures, IEEE Communications Magazine, vol. 44, no. 9, September 2006, pp. 158 - 165

(4) Umesh Shankar and David Wagner Preventing secret leakage from fork(): Securing privilege-separated applications, ICC 2006 - IEEE International Conference on Communications, no. 1, June 2006, pp. 2253 � 2260.

(5) David C. Vallese Guidelines for reference monitors in embedded INFOSEC applications, MILCOM 2007 - IEEE Military Communications Conference, no. 1, October 2007, pp. 482 � 488.

KEYWORDS: software isolation; separation kernel; software security; software; JTRS

** TOPIC AUTHOR (TPOC) **

DoD Notice:   Between April 21 and May 19, 2010, you may talk directly with the Topic Authors to ask technical questions about the topics. For reasons of competitive fairness, direct communication between proposers and topic authors is not allowed starting May 19, 2010, when DoD begins accepting proposals for this solicitation.

However, proposers may still submit written questions about solicitation topics through the DoD's SBIR/STTR Interactive Topic Information System (SITIS), in which the questioner and respondent remain anonymous and all questions and answers are posted electronically for general viewing until the solicitation closes. All proposers are advised to monitor SITIS (10.2 Q&A) during the solicitation period for questions and answers, and other significant information, relevant to the SBIR 10.2 topic under which they are proposing.

If you have general questions about DoD SBIR program, please contact the DoD SBIR Help Desk at (866) 724-7457 or email weblink.