|Proposal Title:||Automatic Detection and Patching of Vulnerabilities in Embedded Systems|
|Topic Title:||Automatic Detection and Patching of Vulnerabilities in Embedded Systems|
|Organization:||Power Fingerprinting, Inc.|
|Address:||1899 Preston White Dr.
Reston, VA 20191-5435
|Abstract:||Embedded devices are vulnerable to cyber attacks and their compromise can severely impair critical infrastructure and mission-critical systems. Power Fingerprinting (PFP) is a novel approach for integrity assessment of critical embedded systems which is capable of detecting malicious intrusions at all levels of the execution stack. PFP is based on fine-grained anomaly detection on the processor's physical side channels such as power consumption or electromagnetic emissions. PFP leverages signal detection and classification principles to provide a quantitative metric of trust. PFP enables security monitoring and integrity assessment on platforms that would otherwise not have the memory or processing resources necessary to do it. In this Phase II project we will develop a commercial prototype of a remote PFP monitor to perform automatic detection and mitigation of exploited vulnerabilities in networked embedded control systems in critical infrastructure. The specific technical objectives include: 1) Leverage current PFP integrity assessment and intrusion detection platforms to create a commercial prototype for automatic detection and patching of exploited vulnerabilities in critical embedded systems. 2) Define and implement flexible mitigation strategies specifically tailored to critical infrastructure to be deployed automatically when an intrusion is detected. 3) Provide analytics on real-time feeds of broad PFP deployments to provide an enterprise level view of security status. The prototype will be validated in two industrial control platforms commonly used in critical infrastructure. A PFP-based automatic vulnerability detection represents a dual-use opportunity with a broad range of applications within the military, the federal government, and several commercial enterprises.|
|Period of Performance:||01/25/2016 - 01/24/2017|