Award: SBIR Phase I for OSD09-IA1

Clear Hat has been awarded a Phase I contract for SBIR topic OSD09-IA1: Real-time Adversarial Characterization and Adaptive Software Protection Countermeasures. In our Phase I effort, we will address the need for adaptive software protection technologies that promote computer system survivability. Application protection technologies that also promote computer system survivability have become increasingly necessary in both the defense and commercial sectors. We define the term survivability as the capability of a system to fulfill its mission in the presence of attacks, failure, or accidents. Properties that increase survivability include resistance to attacks, the recognition of attacks and resulting damage, the recovery of essential services following an attack, and the ability to adapt in a way that minimizes damage from future attacks.

There are a variety of factors driving demand for technologies that increase survivability. The biggest of these relate to increases in cyber warfare and targeted attacks. For example, in 2008 the US China Economic and Security Review Commission noted that "China has recognized the importance of cyber operations as a tool of warfare [1]." They further stated that China is targeting U.S. government and commercial computers and have developed cyber espionage capabilities so advanced that the U.S. "may be unable to counteract or even detect the efforts." Companies are also not immune to targeted cyber attacks. For example, the 10 most prominent U.S. defense companies, including Raytheon, Lockheed Martin, Boeing, and Northrop Grumman have all been victims of cyber espionage. Even non security companies like Intel and Google have reported being targeted by hackers during 2010 [2]. Because targeted attacks are often sophisticated and rely upon undisclosed 0-day vulnerabilities, traditional detection and prevention measures are often inadequate. This is driving a need for newer, more advanced technologies.

Intrusion response mechanisms for survivable systems share several properties with the human immune system. First, the intrusion response system needs to respond to attacks in a way that protects the computer system from invasion by stealthy malware. This is similar to the function of the human immune system which responds to protect us from invasion by pathogens like viruses and bacteria. Secondly, both systems need mechanisms for distinguishing between self and non self. They also both need mechanisms for detecting damage to themselves. Perhapse most importantly, they need to perform all of these tasks with an absolute minimum of false positives and negatives. Finally, both systems have to maintain stability in highly complex, changing environments. In general, the human immune system performs better at all of these tasks than any current computer security system. For these reasons, we have chosen to look to the biological immune system for inspiration in designing a cyber immune system based response mechanism. For these reasons, we have chosen to look to the biological immune system for inspiration in designing am adaptive cyber attack response mechanism. If successful, the protected system will remain operational and uncompromised for longer periods of time than would otherwise be possible.

[1] Chinese Cyber Attacks on Rise: US Report. www.defensenews.com/story
[2] U.S. Cybersecurity Bill Targets Industry Wide Cooperation www.cybersecuritymarket.com