Topic Information Award/Contract Number Proposal Information Company Performance

Automatic Detection and Patching of Vulnerabilities in Embedded Systems

FA8750-16-C-0062 HSHQDC-14-R-00035-H-SB014.2-002-0015-II
(HSHQDC-14-R-00035 Phase II)
Automatic Detection and Patching of Vulnerabilities in Embedded Systems

Power Fingerprinting, Inc.
1577 Spring Hill Road
Suite #405
Vienna, VA 22182-2223


Embedded devices are vulnerable to cyber attacks and their compromise can severely impair critical infrastructure and mission-critical systems. Power Fingerprinting (PFP) is a novel approach for integrity assessment of critical embedded systems which is capable of detecting malicious intrusions at all levels of the execution stack. PFP is based on fine-grained anomaly detection on the processor's physical side channels such as power consumption or electromagnetic emissions. PFP leverages signal detection and classification principles to provide a quantitative metric of trust. PFP enables security monitoring and integrity assessment on platforms that would otherwise not have the memory or processing resources necessary to do it. In this Phase II project we will develop a commercial prototype of a remote PFP monitor to perform automatic detection and mitigation of exploited vulnerabilities in networked embedded control systems in critical infrastructure. The specific technical objectives include: 1) Leverage current PFP integrity assessment and intrusion detection platforms to create a commercial prototype for automatic detection and patching of exploited vulnerabilities in critical embedded systems. 2) Define and implement flexible mitigation strategies specifically tailored to critical infrastructure to be deployed automatically when an intrusion is detected. 3) Provide analytics on real-time feeds of broad PFP deployments to provide an enterprise level view of security status. The prototype will be validated in two industrial control platforms commonly used in critical infrastructure. A PFP-based automatic vulnerability detection represents a dual-use opportunity with a broad range of applications within the military, the federal government, and several commercial enterprises.