PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB014.2-002
Automatic Detection and Patching of Vulnerabilities in Embedded Systems

HSHQDC-14-C-00056 HSHQDC-14-R-00035-H-SB014.2-002-0004-I
(HSHQDC-14-R-00035 Phase I)
Autonomous Detection and Healing of Silent Vulnerabilities

BlueRISC, Inc.
28 Dana St
Amherst, MA 01002-0000

09/01/2014
to
02/28/2015
$99,999.91

BlueRISC's proposed solution provides a fundamentally new approach to enable autonomous detection of exploitation attempts as well as healing of silent vulnerabilities. It follows a hybrid approach consisting of (i) new static silent vulnerability point and associated path pre-characterization concepts, and (ii) the insertion of minimal and low-overhead runtime support enabled by the vulnerability characterization framework to enable validation, detection and healing at runtime. As opposed to other solutions, which rely on an attacker successfully injecting functionality in order to detect, this solution is also able to detect the exploitation of silent vulnerabilities, which leak information without modifying the system. The solution is CPU and operating system agnostic and thus widely applicable. Initial sectors that will be targeted are the critical infrastructure Energy Sector and the Defense Industrial Base Sector.

H-SB014.2-002
Automatic Detection and Patching of Vulnerabilities in Embedded Systems

D15PC00114 HSHQDC-14-R-00035-H-SB014.2-002-0004-II
(HSHQDC-14-R-00035 Phase II)
Autonomous Detection and Healing of Silent Vulnerabilities

BlueRISC, Inc.
28 Dana St
Amherst, MA 01002-0000

09/09/2015
to
09/23/2017
$749,952.01

BlueRISC's proposed solution provides a fundamentally new approach to enable autonomous detection of exploitation attempts as well as healing of silent vulnerabilities. It follows a hybrid approach consisting of (i) new static silent vulnerability point and associated path pre-characterization concepts, and (ii) the insertion of minimal and low-overhead runtime support enabled by the vulnerability characterization framework to enable validation, detection and healing at runtime. As opposed to other solutions, which rely on an attacker successfully injecting functionality in order to detect, this solution is also able to detect the exploitation of silent vulnerabilities, which leak information without modifying the system. The solution is CPU and operating system agnostic and thus widely applicable. Initial sectors that will be targeted include the critical infrastructure Energy Sector and the Defense Industrial Base Sector.

H-SB014.2-002
Automatic Detection and Patching of Vulnerabilities in Embedded Systems

70RSAT19C00000057 HSHQDC-14-R-00035-H-SB014.2-002-0004-II2
(HSHQDC-14-R-00035 2nd Phase II)
Autonomous Detection and Healing of Silent Vulnerabilities

BlueRISC, Inc.
28 Dana St
Amherst, MA 01002-0000

09/30/2019
to
09/29/2021
$999,995.23

BlueRISC's proposed solution provides a fundamentally new approach to automated embedded software/firmware analysis relying on a novel cross-binary/firmware differential exploitability analysis framework. The solution is able to identify newly added potentially exploitable paths associated with zero/n-day vulnerabilities, characterize new functionality with respect to its potentially malicious nature while also providing reporting and visualization with respect to the updated attack surfaces of the firmware during the software development lifecycle. The solution is CPU and operating system agnostic and thus widely applicable. Initial sectors that will be targeted include government and defense as well as commercial verticals such as the automotive and energy/critical infrastructure industries.

H-SB014.2-004
Radiant Laser Exposure Monitoring for Nominal Hazard Zone (NHZ) Evaluation

HSHQDC-14-C-00060 HSHQDC-14-R-00035-H-SB014.2-004-0001-I
(HSHQDC-14-R-00035 Phase I)
Portable Laser Hazard Identification and Monitoring System

Spire Corporation
One Patriots Park
Bedford, MA 01730-2396

09/09/2014
to
02/28/2015
$99,820.51

Laser beams present potentially serious hazards to the human eye. Retinal damage can occur for laser eye exposure to milliwatts power levels. The purpose of this proposed program is to develop a portable system for detecting and measuring radiant exposure resulting from laser beams, and to determine whether the detected radiant exposure levels exceed established maximum permissible exposure (MPE) limits. Spire will utilize commercially available optical radiation detectors in combination with optical filters and appropriate optics to measure the direction and intensity of incoming laser beams, as well as to determine the spectral content of the laser beams and their temporal and radiant characteristics. These measured values will then be automatically compared to ANSI-established MPE limits so that appropriate warnings, together with summary laser characteristics information can alert personnel in the area. Phase I will demonstrate feasibility by completion of the basic system design, fabrication and laboratory demonstration of the primary system components and initial data accumulation electronics and associated software development. Phase II will implement the system design with the goal of comparing incoming laser radiation characteristics with established MPE limits for the various specified spectral bins. In addition to the obvious military personnel protection applications, potential commercial applications for this laser hazard identification and monitoring system fall into the areas of public transportation (protection of aircraft pilots, train, truck and bus operators, naval and commercial sea vessel personnel,) protection of public safety personnel as well as protection of groups or individuals subject to vandalism laser exposure.

H-SB014.2-004
Radiant Laser Exposure Monitoring for Nominal Hazard Zone (NHZ) Evaluation

HSHQDC-14-C-00061 HSHQDC-14-R-00035-H-SB014.2-004-0004-I
(HSHQDC-14-R-00035 Phase I)
Laser Exposure Measurement Device

OPTRA, Inc
461 Boston Street
Topsfield, MA 01983-1290

09/01/2014
to
02/28/2015
$99,851.01

The widespread use and deployment of laser systems has led to the need for laser exposure measurement systems that operate over wide spectral range and provide sufficient dynamic range to measure exposure relative to maximum permissible exposure (MPE) limits and establish normal hazard zones. OPTRA, Inc. proposes a solution based on the complementary combination of CMOS readout integrated circuitry and diffractive optics to directly measure the laser characteristics and evaluate the exposure with respect to MPE limits established by the ANSI Z136.1 standard. In the Phase I R&D effort, OPTRA, Inc. will develop optical and electronics models, perform tradeoff analyses, predict system performance, and perform a laboratory demonstration to establish the feasibility of the proposed approach to meet the DHS requirements.

H-SB014.2-004
Radiant Laser Exposure Monitoring for Nominal Hazard Zone (NHZ) Evaluation

D15PC00108 HSHQDC-14-R-00035-H-SB014.2-004-0004-II
(HSHQDC-14-R-00035 Phase II)
Laser Exposure Measurement Device

OPTRA, Inc
461 Boston Street
Topsfield, MA 01983-1290

07/24/2015
to
02/07/2017
$754,785.54

The widespread use and deployment of laser systems in the public domain has led to the need for laser exposure measurement systems that operate over wide spectral range and provide sufficient dynamic range to measure exposure relative to maximum permissible exposure (MPE) limits and establish normal hazard zones (NHZ). OPTRA, Inc. proposes a solution based on multiple detector arrays, custom CMOS readout integrated circuitry and diffractive optics to directly measure the laser characteristics and evaluate the exposure with respect to MPE limits established by the ANSI Z136.1 standard and determine NHZ.. In the Phase II R&D effort, OPTRA, Inc. will design, develop, build and test a UV through LWIR laser NHZ measurement system.