PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB05.2-004
HARDWARE-ASSISTED SYSTEM SECURITY MONITOR

NBCHC060044 0521240
(FY05.2 Phase I)
Kennen Technologies - Secure Security System Monitor

Kennen Technologies, LLC
209 Dartmouth Drive SE
Albuquerque, NM 87102-2219

12/15/2005
to
06/30/2006
$99,490.00

Kennen has a patent pending architecture for a semiconductor device that will execute a model driven instance of an abstract algorithm. This invention is relevant to HSARPA`s HASSM objectives because it will support detection of a variety of threat/intrusion models at wire speed, can be securely isolated from attack, is not vulnerable to buffer overflow, and can provide breakthrough detection acuity. This project proposes to: 1) identify typical threat models, 2) verify (through emulation) that the algorithm will detect threats and the likelihood of Type 1 and Type 2 errors (or modifying the models or algorithm), 3) confirm that a semiconductor implementation in 10 months is feasible, 4) outline the commercialization scheme (for further development in Phase II), 5) design the architecture of a an isolated unassailable coprocessor board, and 6) provide a final report about the project and the expected value to society of the DHS investment in this project.

H-SB05.2-004
HARDWARE-ASSISTED SYSTEM SECURITY MONITOR

NBCHC070016 0522001
(FY05.2 Phase II)
Hardware Assisted Security Platform

Kennen Technologies, LLC
209 Dartmouth Drive SE
Albuquerque, NM 87102-2219

04/15/2007
to
07/14/2009
$744,728.04

Hardware Assisted Security Platform - HASP Brief Technical Abstract of Project The HASP (Hardware Assisted Security Platform) is a multi-purpose high-performance low-cost security engine that can enable significant improvement and innovation in a large variety of current and future security applications. HASP value comes principally from five features: - It can control host access to the network connection -- meaning it can selectively prevent the host from receiving and sending information through the network -- enabling a higher level of security assurance. - It can be impervious to data stream content -- meaning it cannot be compromised by data-stream born attacks, such as buffer overflow -- enabling a higher level of security assurance. - It can accomplish arbitrarily complex signature detection with no effect on pattern detection time -- which means added detection complexity can be employed to reduce false positives and false negatives, to detect increasingly sophisticated attack signatures, to verify the integrity of entire blocks of host code, and to enable new protective and preventive measures -- enabling a higher level of security assurance. - It has a fully scalable and general-purpose pattern detection architecture that can keep pace with increasing stream-speed and pattern-capacity needs -- meaning it can provide a compatible forward migration over time -- reducing the cost of application upgrade and migration and provide more affordable security. - It can be implemented as a stand-alone ASIC/SoC (e.g., on a desktop/server NIC board) or integrated inside the host`s network-interface SoC (e.g., in a laptop/mobile LOM device) -- which means very low cost (under $20 retail possible) , with no trade off in speed or detection-pattern capacity -- providing compelling high-performance security and become ubiquitous in both stationary and mobile computing resources. Certain realities of the current situation shape both the commercialization-enabling activity during Phase 2 and the post-Phase 2 commercialization strategy: - HASP provides a new pattern-detection processor architecture that requires rethinking and reformulation of traditional pattern-detection approaches, and enables new detection approaches impractical with existing processors. Therefore application prototyping that learns how to employ these new capabilities should be instigated and enabled by this Phase 2 project as early as possible. - HASP provides a general-purpose security platform that can facilitate a wide range of end-point security applications such as IDS, IPS, firewall, anti-malware, information leakage prevention, root-kit detection, web-access attacks , and SCADA-controlled equipment protection. Therefore a variety of security application prototyping activities should be instigated and enabled as early as possible. - Lead times for ASIC/SoC devices are in the neighborhood of 18 months. The Phase 2 project will create a development platform for applications that will want to take advantage of ASIC/SoC costs as FPGA costs are generally too high for an affordable end-point HASP Therefore, ASIC/SoC development and commercialization channels must be engaged as early as possible during Phase 2. - Snort is a highly utilized open-source IDS system that benefits from a broad-based collaborative open community actively identifying new-intrusions, and then crafting and disseminating Snort-compatible detection-signatures. HASP can host an improved performance Snort processor for existing signatures, while opening the door to a new class of signatures that takes advantage of the USee complex-pattern capabilities. Therefore work during Phase 2 that guides and engages the Snort community in HASP application and signature development should be instigated and enabled as early as possible. - The DETER laboratory is an effort "to create, maintain, and support a collaborative and vendor-neutral experimental environment for cyber-security research. It is intended to provide a center for interchange and collaboration among security researchers and testbed builders." The nature of the new capabilities offered by HASP should appeal to DETER`s research community and result in innovative applications. Therefore, enabling access to HASP prototypes through the DETER lab should accomplished as early as possible during Phase 2. Proof is in the pudding -- so application must be prototyped during this Phase 2 project that show superior capability. - Get multiple security application suppliers developing prototype applications as early in the project as possible -- on an FPGA-based prototype-development board. - Get a broad variety of multiple application started in prototype, such as IDS/IPS, firewall, extrusion prevention, possession detection, Internet access/content control, etc. Work with established security majors: eg, Cisco, McAfee, and Symantec. They have update and support services in place, market presence, and leading edge performance problems to solve. Microsoft is a new entry in the security application space and a prime candidate to pursue as well -- because of their dominance in related markets and their need to find an entry edge. Seek and engage established NIC/LOM suppliers (eg, Broadcom, Intel). The goal is to have NIC/LOM suppliers include an ASIC/SoC HASP as part of their offering. The strategy relies on their interests in finding new non-commodity-product values, and leverages the natural fit with HASP and the trends toward integrated security functions. The network connection device/card is both the most natural location as well as the most affordable location for HASP capability to reside. This eliminates duplication of network interfacing and traffic normalization, and offers the potential for co-location inside the same SoC chip. NIC/LOM suppliers are already moving into the security application space, and should find the HASP concept both a natural extension of current business strategy and an opportunity to rise above commodity-product status. Also seek and engage ASIC/SOC and multi-core processor suppliers: eg, Intel, AMD, IBM. Though multi-core generally means duplicate general purpose processors, these suppliers also employ "IP core" with special functionality in their multi-core processor chips. The ultimate objective is a multi-purpose security processor integrated with the network interface and populated by applications from a variety of security application vendors. This project lays the foundation for that eventuality by building a functional prototype, engaging application developers, and engaging ASIC/SoC commercialization channels. The project focuses on four goals: 1. Prototyping a HASP implementation on an OTS (off the shelf) FPGA board that paves the way for a production ASIC/SoC implementation. 2. Prototyping a functional application development capability for security applications. 3. Engaging five security application developers in using beta versions of 1 and 2. 4. Engaging ASIC/SoC developers in HASP-device commercialization preparation. 5. Engaging NIC/LOM suppliers in HASP-device commercialization preparation.