Award: SBIR Phase I for OSD10-IA1

Clear Hat has been awarded a Phase I contract for the topic SBIR topic OSD10-IA1: Countermeasures to Malicious Hardware to Improve Software Protection Systems. This the focus of this topic is “to design and develop non-destructive techniques that detect and respond to malicious hardware/firmware modifications that are made for the purposes of software piracy/data exfiltration, reverse engineering, and malicious alteration of critical software applications and data running on COTS systems or whose security system utilizes COTS parts”

The widespread availability and low cost of COTS software and hardware components has resulted in their deployment across a wide array of critical defense and industry applications ranging from SCADA to DoD weapons systems. Unfortunately, the savings in development and maintenance costs are offset by increased security concerns. Because COTS systems are manufactured and sold by private companies, proprietary designs often render components little more than “black boxes” to the customer. This leaves the customer without access to detailed architectural specifications or source code and little assurance that security has a been a primary consideration during the design and development process. The presence of software or hardware “bugs” is one concern. However, an even more troubling concern, is the potential for intentional, malicious alteration of these COTS hardware / firmware components. The fact that chip fabrication and firmware development are increasingly being outsourced overseas escalates these concerns. When we combine this knowledge with the information that such components are being used in US weapons systems, the problem becomes a national security issue.

The solution to this emerging security issue is likely to be complex and broad in scope. The complexity arises from the size and diversity of the attack surface. This diversity extends in multiple dimensions and includes a wide range of potential attack behaviors, affected hardware, and opportunities for exploitation. For example, an effective solution must consider the detection and prevention of threatening behaviors that can take many forms including software piracy, reverse engineering, denial of service, and data exfiltration. The range of potentially affected hardware / firmware is even more diverse and includes a wide variety of CPUs, chipsets, motherboards, disk drives, and peripheral cards. The fact that these devices are produced by many different manufacturers, based on a variety of proprietary designs, and built using a wide array of low level components makes devising a unified, generic solution extremely difficult. Even beyond all of these considerations, the solution needs to address specific attack vectors and opportunities for malicious exploitation. Unfortunately, malicious hardware / firmware alteration can occur at any point in the engineering process including design, manufacturing, packaging, integration, and during / after deployment.

Despite these technical challenges, security concerns are driving the research and development of innovative techniques designed to detect, prevent, and respond to sophisticated threats in COTS hardware and firmware components. Because of the size and breadth of the attack surface, Clear Hat has proposed to focus their research on malicious firmware alterations of disk based storage devices. To date, there has been very little published research evaluating the feasibility, technical implementation, capabilities, and security implications of malicious disk firmware. Clear Hat will attempt to evaluate these issues in an effort to determine the countermeasures that are likely to be the most effective against COTS disk based attacks.