Print Print  
Award Information
Proposal Number: 0522001
Proposal Title: Hardware Assisted Security Platform
Topic Number: H-SB05.2-004
Phase: Phase II
Topic Title: HARDWARE-ASSISTED SYSTEM SECURITY MONITOR
Organization: Kennen Technologies, LLC
Address: 209 Dartmouth Drive SE
Albuquerque, NM 87102-2219  
Abstract: Hardware Assisted Security Platform - HASP Brief Technical Abstract of Project The HASP (Hardware Assisted Security Platform) is a multi-purpose high-performance low-cost security engine that can enable significant improvement and innovation in a large variety of current and future security applications. HASP value comes principally from five features: - It can control host access to the network connection -- meaning it can selectively prevent the host from receiving and sending information through the network -- enabling a higher level of security assurance. - It can be impervious to data stream content -- meaning it cannot be compromised by data-stream born attacks, such as buffer overflow -- enabling a higher level of security assurance. - It can accomplish arbitrarily complex signature detection with no effect on pattern detection time -- which means added detection complexity can be employed to reduce false positives and false negatives, to detect increasingly sophisticated attack signatures, to verify the integrity of entire blocks of host code, and to enable new protective and preventive measures -- enabling a higher level of security assurance. - It has a fully scalable and general-purpose pattern detection architecture that can keep pace with increasing stream-speed and pattern-capacity needs -- meaning it can provide a compatible forward migration over time -- reducing the cost of application upgrade and migration and provide more affordable security. - It can be implemented as a stand-alone ASIC/SoC (e.g., on a desktop/server NIC board) or integrated inside the host`s network-interface SoC (e.g., in a laptop/mobile LOM device) -- which means very low cost (under $20 retail possible) , with no trade off in speed or detection-pattern capacity -- providing compelling high-performance security and become ubiquitous in both stationary and mobile computing resources. Certain realities of the current situation shape both the commercialization-enabling activity during Phase 2 and the post-Phase 2 commercialization strategy: - HASP provides a new pattern-detection processor architecture that requires rethinking and reformulation of traditional pattern-detection approaches, and enables new detection approaches impractical with existing processors. Therefore application prototyping that learns how to employ these new capabilities should be instigated and enabled by this Phase 2 project as early as possible. - HASP provides a general-purpose security platform that can facilitate a wide range of end-point security applications such as IDS, IPS, firewall, anti-malware, information leakage prevention, root-kit detection, web-access attacks , and SCADA-controlled equipment protection. Therefore a variety of security application prototyping activities should be instigated and enabled as early as possible. - Lead times for ASIC/SoC devices are in the neighborhood of 18 months. The Phase 2 project will create a development platform for applications that will want to take advantage of ASIC/SoC costs as FPGA costs are generally too high for an affordable end-point HASP Therefore, ASIC/SoC development and commercialization channels must be engaged as early as possible during Phase 2. - Snort is a highly utilized open-source IDS system that benefits from a broad-based collaborative open community actively identifying new-intrusions, and then crafting and disseminating Snort-compatible detection-signatures. HASP can host an improved performance Snort processor for existing signatures, while opening the door to a new class of signatures that takes advantage of the USee complex-pattern capabilities. Therefore work during Phase 2 that guides and engages the Snort community in HASP application and signature development should be instigated and enabled as early as possible. - The DETER laboratory is an effort "to create, maintain, and support a collaborative and vendor-neutral experimental environment for cyber-security research. It is intended to provide a center for interchange and collaboration among security researchers and testbed builders." The nature of the new capabilities offered by HASP should appeal to DETER`s research community and result in innovative applications. Therefore, enabling access to HASP prototypes through the DETER lab should accomplished as early as possible during Phase 2. Proof is in the pudding -- so application must be prototyped during this Phase 2 project that show superior capability. - Get multiple security application suppliers developing prototype applications as early in the project as possible -- on an FPGA-based prototype-development board. - Get a broad variety of multiple application started in prototype, such as IDS/IPS, firewall, extrusion prevention, possession detection, Internet access/content control, etc. Work with established security majors: eg, Cisco, McAfee, and Symantec. They have update and support services in place, market presence, and leading edge performance problems to solve. Microsoft is a new entry in the security application space and a prime candidate to pursue as well -- because of their dominance in related markets and their need to find an entry edge. Seek and engage established NIC/LOM suppliers (eg, Broadcom, Intel). The goal is to have NIC/LOM suppliers include an ASIC/SoC HASP as part of their offering. The strategy relies on their interests in finding new non-commodity-product values, and leverages the natural fit with HASP and the trends toward integrated security functions. The network connection device/card is both the most natural location as well as the most affordable location for HASP capability to reside. This eliminates duplication of network interfacing and traffic normalization, and offers the potential for co-location inside the same SoC chip. NIC/LOM suppliers are already moving into the security application space, and should find the HASP concept both a natural extension of current business strategy and an opportunity to rise above commodity-product status. Also seek and engage ASIC/SOC and multi-core processor suppliers: eg, Intel, AMD, IBM. Though multi-core generally means duplicate general purpose processors, these suppliers also employ "IP core" with special functionality in their multi-core processor chips. The ultimate objective is a multi-purpose security processor integrated with the network interface and populated by applications from a variety of security application vendors. This project lays the foundation for that eventuality by building a functional prototype, engaging application developers, and engaging ASIC/SoC commercialization channels. The project focuses on four goals: 1. Prototyping a HASP implementation on an OTS (off the shelf) FPGA board that paves the way for a production ASIC/SoC implementation. 2. Prototyping a functional application development capability for security applications. 3. Engaging five security application developers in using beta versions of 1 and 2. 4. Engaging ASIC/SoC developers in HASP-device commercialization preparation. 5. Engaging NIC/LOM suppliers in HASP-device commercialization preparation.
Award/Contract Number: NBCHC070016
Period of Performance: 04/15/2007 - 07/14/2009
Award/Contract Value: $744,728.04
Award/Obligated Amount: $744,728.04