Topic Information Award/Contract Number Proposal Information Company Performance

Automatic Detection and Patching of Vulnerabilities in Embedded Systems

D15PC00113 HSHQDC-14-R-00035-H-SB014.2-002-0011-II
(HSHQDC-14-R-00035 Phase II)
Automated Embedded Vulnerability Identification and Exploitation Mitigation System Using FRAK, Symbiote and Autotomic Binary Structure Randomization

Red Balloon Security
336 West 37th Street Suite 1024
New York, NY 10018-4592


We propose to implement a novel Embedded Live-Hardening framework and associated algorithms to combine the state-of-the-art in static firmware vulnerability analysis and mitigation with a suite of novel dynamic defensive techniques powered by Red Balloon Security's software Symbiote technology. While Symbiotes have traditionally been used directly to enforce dynamic firmware integrity attestation in embedded devices, we propose to design new Symbiote payloads capable of not only dynamic attestation, but live attack forensic data collection, analysis and ultimately, live hardening of vulnerable devices based on forensic data collected by other similar deployed devices. Lastly, we propose to design a comprehensive framework for truly integrating all meta-data collected through both static and dynamic analysis components to continuously, and automatically, identify and mitigate vulnerabilities on all protected devices. Such a framework will allow network defenders to: - Maximize vulnerability identification accuracy while minimizing expert human intervention - Minimize reaction time between threat identification and mitigation deployment for proprietary embedded devices - Maximize forensic data collection capabilities on black-box embedded devices - Minimize downtime of vulnerable and compromised devices while drastically increasing the defenders ability to patch vulnerabilities within embedded devices dynamically - Maximize overall embedded security situational awareness across enterprise-level networks of heterogeneous embedded devices We propose to deliver a phase one report that details the component technology designs and time and cost estimates for a phase two contract to implement, test and evaluate these technologies.