---------- OSD ----------

69 Phase I Selections from the 03.1 Solicitation

(In Topic Number Order)
ANGEL SECURE NETWORKS, INC.
127 Washington St.
Belmont, MA 02478
Phone:
PI:
Topic#:		 (617) 489-7304
Mr. Fred Hewitt Smith
OSD 03-001       Awarded: 7/23/2003
Title:Preventing Reverse Engineering with a Random Obfuscating Compiler (ROC)
Abstract:We propose to build a Random Obfuscating Compiler (ROC), a tool and a process for systematic research and testing of strategies for protecting software from reverse engineering using differential analysis. The US is at war. Our enemies will strive to reverse engineer valuable legacy software ,in order to eliminate US strategic technological advantages, and sabotage critical system performance. We think the ROC is feasible now. Our investigators, Fred Smith, PI, and Benjamin Smith are experienced developers who have already produced somewhat similar software. They have been developing cyber security technologies which are crucial to countering reverse engineering for the past six years. Fred Smith has expertise in assembler, which is required to manipulate compiled executables and provides unique strategies for defeating differential analysis. The ROC will obfuscate executables and libraries given only the information in the binaries themselves. This technique can be inexpensively and rapidly applied to a large body of legacy software. The ROC will test strategies for detecting debuggers, disassemblers, falsified operating environments, protecting files and memory and obfuscating executables. ROC test results, a UML documented design, and a Phase I prototype will provide a basis for Phase II research on an integrated secure software processing system. The anticipated benefits for DoD are: ú Test results comparing efficacy of various reverse engineering strategies ú Testing of strategies for countering differential analysis of software applicaionts; ú At least one method of rapidly and inexpensively protecting legacy software from reverse engineering by obfuscating executables ú Development of techniques to detect hostile reverse engineering applications such as debuggers and disassemblers ú A method for automatically obfuscating executables, libraries, and other binaries ú Development of techniques to detect hostile reverse engineering applications such as debuggers and disassemblers ú Multiple, overlapping layers of security for critical software applications ú Defense against reverse engineering techniques that we think are presently only theoretical but are feasible ú Defeat side channel attacks ú Methods of authenticating network nodes used for HPC computing ú Capacity to prevent reverse engineering of an obfuscated executable ú Development of random confusion technology Potential commercial applications include: ú Army, Navy, and Air Force, all of which are developing new combat information systems which require protection from reverse engineering ú NASA ú A ROC for securities firms and banks which have an obligation to protect client information from disclosure and lots of legacy software they would like to protect without rewriting ú A ROC for software companies to use against industrial espionage
ARXAN TECHNOLOGIES, INC.
3000 Kent Avenue, Suite D2-100, Purdue Technology
West Lafayette, IN 47906
Phone:
PI:
Topic#:		 (765) 775-1004
Mr. Paul Morissette
OSD 03-001       Selected for Award
Title:Automatically protecting software against "diff" attacks
Abstract:Given two closely related pieces of software X and Y, where Y differs from X through a number of small but important (from a security point of view) modifications that were done to Y, the "diff" attack consists of comparing X and Y so as to pinpoint the fragments of code in which they differ. The differences between X and Y could include, among other things, the fact that Y contains credentials-checking mechanisms that were lacking in X, such as password protection, biometrically-based access controls, challenge-response protocol with a remote server, etc. Pinpointing those differences makes it easier for an attacker to defeat the security-related features of Y that the attacker dislikes (not only credentials-checking, but also integrity-checking and other kinds of policy-enforcement that the attacker wishes to circumvent). Re-writing Y from scratch (rather than modifying X) as a means of increasing the apparent differences between X and Y, especially if done using a different programming language, can be an effective way of thwarting this attack, but it is hugely uneconomical. It is therefore important to develop automated tools that process Y so that even the most sophisticated comparisons between X and Y reveal a large "diff set" between them, i.e., X and Y appear to be largely different even though in functionality they are very similar. The development of such automated tools and techniques is the main thrust of this proposal. Tampering with software presents a significant threat to government institutions and national security as well as to other organizations. A durable yet adaptable solution is needed that protects software platforms deployed inside and outside organizational firewalls. Arxan expects to develop products that will leverage both current and future research and development in the software protection area. Developing tools to thwart the "diff" attack will significantly benefit those firms that wish to deploy multiple versions of the same software.
ATC - NY
33 Thornwood Drive, Suite 500
Ithaca, NY 14850
Phone:
PI:
Topic#:		 (607) 257-1975
Dr. David Guaspari
OSD 03-001       Awarded: 5/16/2003
Title:Dissimulation: A Defense Against Differential Software Analysis
Abstract:Adding protection to fielded software provides an attacker with a point of leverage: By comparing the original code (or executable) with the updated version, an attacker may be able to locate the "protective" modifications and thereby defeat them-even if those modifications succeed in preventing an attacker from reverse-engineering the code. ATC-NY will design and develop tools, called dissimulators, that defend against such attacks. The goal of dissimulation is to make semantically equivalent executions look superficially different (or different executions look superficially the same). As a result, it becomes difficult for automated tools to detect and distinguish those differences that are meaningful. ATC-NY's Dissimulator Tool Suite (DTS) will limit the usefulness of common algorithms that are likely to be the basis of such differential attacks-for example, algorithms that find the least common subsequence of two sequences. Obstructing these algorithms provides some protection against unanticipated attacks. Even if effective forms of protection are developed, differential attacks can nullify them. A defense against differential attacks provides enabling technology for adding protection to the existing military and commercial software base, or for upgrading protections that have been compromised. ATC-NY's Dissimulator Tool Suite will be useful for a variety of applications and will operate on standard computer systems. DTS will also provide defense against differential attack at a lower cost than techniques (such as recoding) that are currently available. We will also work to minimize performance degradation of the application software
REIFER CONSULTANTS, INC.
P.O. Box 4046
Torrance, CA 90510
Phone:
PI:
Topic#:		 (310) 530-4493
Mr. Donald J. Reifer
OSD 03-001       Awarded: 7/24/2003
Title:Innovative Differential Analysis Software Protection Aids
Abstract:The goal of this Phase I SBIR effort is to reduce the potential compromise of the protection hooks built into software when programs are updated due to differential analysis. To achieve this goal, RCI proposes to augment its proven software sneak circuit analysis methodology to shore up its strengths and compensate for any weaknesses identified relative to the threat. Augmentation will be accomplished by developing new software sneak circuit seeding algorithms designed specifically to counter the threat. In addition, a keypad relocation scheme will be produced to permit authorized users to remove sneak circuits in the field should they need to perform maintenance actions (i.e., patch, update, etc.). Besides being simple, robust, low cost and able to operate on most standard processors, software sneak circuits have been shown to both minimize performance degradation of real-time software operating in weapon systems and maximize the potential to collect forensic information about the exploiter and the exploitation attempt. To assess potential commercialization of the technology, RCI will conduct an aligned market survey and develop a business plan. They will also plan a technology demonstration should they be awarded a Phase II follow-on effort. Military and commercial software used in banking, gaming and gambling applications needs protection when placed in the field from tampering and exploitation attempts. Providing such protection presents an emerging niche market that is currently lacking tools, training and support. RCI believes that it can penetrate this market and become a leader by developing products and services that fill the current void. Besides providing military and commercial systems with needed protection, RCI believes that it can grow its business and make a profit by commercializing innovations in this marketplace.
RETHER NETWORKS, INC.
99 Mark Tree Road, suite 301
Centereach, NY 11720
Phone:
PI:
Topic#:		 (631) 467-4381
Dr. Tzi-cker Chiueh
OSD 03-001       Awarded: 7/25/2003
Title:Differential Analysis Software Protection
Abstract:An effective attack method against standard software protection mechanisms is differential analysis, which compares multiple versions of the same protected program to identify their differences. If some of these versions are unprotected, the differences identified through differential analysis will reveal the software protection mechanisms used. In this proposal, we have proposed a three-pronged approach to counter software attacks based on differential analysis: (1) A polymorphic whole-program binary encryption tool ensures that different versions of the same program are syntactically different, (2) A metamorphic code decryption engine generator ensures that the decryption engines embedded in the final protected binaries are themselves different from one another without relying code encryption, and (3) Insertion of additional anti-reverse-engineering code into the run-time decryption engine ensures that attackers cannot easily apply commercial user-level debuggers to trace the instruction execution and thus uncover the underlying logic of the run-time decryption engine. There are two commercial endeavors that could potentially benefit greatly from the research and development of the binary program transformation technology described in this project. First, digital content management (DRM) systems can greatly benefit from the software protection provided by the counter-differential-analysis binary transformation technology, because it can prevent users from tampering and thus bypassing the DRM mechanism. Without proper software protection, DRM is essentially useless as a method to secure monetary revenues for digital content owners/providers. Second, the binary program transformation technology developed in this project will also play an important role in hiding the essential intellectual property underlying software programs from users of those systems of which the programs are a component. Examples of such systems include military/defense systems and any high-priced commercial embedded system products that are built on standard off-the-shelf hardware platforms.
TECHNOLOGY INTERNATIONAL, INC.
429 West Airline Highway, Suite S
LaPlace, LA 70068
Phone:
PI:
Topic#:		 (985) 652-1127
Dr. Golden G. Richard, III
OSD 03-001       Awarded: 7/24/2003
Title:Differential Analysis Software Protection
Abstract:This Phase I Small Business Innovation Research Project will examine the technical feasibility of a robust, low cost software differential analysis shield (SoftDASh) that comprises several tools and methodologies for effectively countering differential analysis of application software. SoftDASh components will be optimized to operate on standard processors (e.g., ADM, Intel, Motorola, etc.) used in any computer system and to minimizes performance degradation of the application software. This development is important because differential analysis, a specific type of reverse engineering, can help pinpoint the locations of changes across released versions of software, potentially allowing newly introduced security features to be more easily defeated. The effort will examine various differential analysis techniques and identify the strengths and weaknesses of each technique. Based on that, innovative SoftDASh tools and techniques will be identified to counter those differential analysis techniques, including methods to prevent the use of reverse engineering tools such as debuggers and disassemblers, which aid in determining how software has changed across released versions. From those a set of tools and techniques will be recommended for incorporation into a SoftDASh prototype for demonstration in Phase II. Any computer application where software security is a concern would benefit from the SoftDASh technology, especially when the software is vulnerable to differential analysis. This includes applications software, which undergoes several releases to improve security, to introduce new access control mechanisms, or similar. The SoftDASh tools and technologies would be highly marketable in both the DoD and commercial sectors for protection of high-value software against differential analysis. The SoftDASh technology would also be applicable to any software already in widespread use (DoD or Commercial) where protection is desired for newer versions. The SoftDASh tools would be most beneficial for protection of costly special applications software packages that have limited distribution.
ARCHITECTURE TECHNOLOGY CORP.
9971 Valley View Road
Eden Prairie, MN 55344
Phone:
PI:
Topic#:		 (952) 829-5864
Mr. Matthias H. Wollnick
OSD 03-002       Awarded: 6/16/2003
Title:High Speed Timed Idiosyncratic Signatures
Abstract:High Speed Timed Idiosyncratic Signatures Such an idiosyncratic signature will allow a publisher of software to key the program to certain computers and make moving of such software very difficult. This technology has high applicability for publishers of anti-piracy software as well as to ensure that sensitive software or information will not be moved to another location. This allows an overall increase of security against anyone trying to duplicate software that they are not authorized to do so.
BARRON ASSOC., INC.
1160 Pepsi Place, Suite 300
Charlottesville, VA 22901
Phone:
PI:
Topic#:		 (434) 973-1215
Mr. Carl R. Elks
OSD 03-002       Awarded: 7/23/2003
Title:Idiosyncratic Computer Signatures used for Software Protection
Abstract:The Software Protection Initiative (SPI) calls for an ability to "lock-down or authenticate" a particular application executable to a specific computing platform. Current state of the practice to achieve this capability is to employ (1) electronic licensing protocols, (2) hardware dongles, or (3) disk volume IDs and, more recently, encrypted CPU IDs. All of these methods have their relative advantages and disadvantages, however, each of these used in themselves can be compromised with moderate cracking effort. As a result, there has been interest in the security community recently about the possibility of obtaining high quality idiosyncratic electronic signatures directly from a computing platform. The proposed research will demonstrate an approach to identify and detect such a unique "fingerprint" for individual computers. Rather than rely on a single feature, the proposed system will use sophisticated structure-learning classification algorithms to fuse data from inexpensive sensors to obtain a unique "fingerprint" based on both system and component-level features. The entire system will fit on an inexpensive PCI card, will be robust to slow changes in the signatures due to normal machine wear, and will be significantly more difficult to crack than currently-available methods. The proposed software security product will have significant military and commercial benefit. Mostly importantly, it will provide a level of secure authentication that is not achieved by any security approach currently in common use in a desktop computing environment. A second very important benefit will be the ease of use the proposed device offers. The device will be in standard PCI form factor, which is compatible with a large number of computing platforms. Such cards can be installed in just a few minutes by a person with only modest skill, and once installed are essentially invisible to the user. The inconvenience of an external device, possibly with separate power requirements, is avoided in the proposed product. Finally, when manufactured in modest numbers, the cards will be relatively inexpensive, making the system practical not only for highly secure, high cost systems, but for a wide variety of applications. In particular, we see the system being used not only when security is paramount, but also to protect moderate to high cost software products from piracy.
MOBILE-MIND, INC.
400 Talcott Avenue, Building 131 West
Watertown, MA 02472
Phone:
PI:
Topic#:		 (617) 926-6888
Mr. Scott Guthery
OSD 03-002       Awarded: 7/23/2003
Title:Idiosyncratic Computer Signatures Used for Software Protection
Abstract:During Phase I, Mobile-Mind will identify and analyze candidate hardware-generated signatures for software protection purposes. The target solution creates a tight, tamper-resistant binding between a specific software executable and a specific hardware execution platform. Unique, non-cloneable signature properties of the hardware are mixed with the software code and execution stream so that the software will run successfully only on the specific platform. Software binding techniques include cryptographically merging the hardware platform signatures with software computations so that the execution stream and results are valid only when the designated software is run on one specific machine. After establishing the range of feasible hardware signature sources, Mobile-Mind will assess the degree of difficulty of acquiring a consistently identifiable and unique signature from the selected sources, then proceed to test methodologies for establishing an appropriate software-hardware interface. Based on these results, Mobile-Mind will establish the ability of the signature to discriminate among a small number of identical platforms. Finally, Mobile-Mind will propose alternative methods for irrevocably binding the software to the unique signature of the computational platform and will recommend a process for building and testing selected end-to-end solutions that can be implemented as prototypes during Phase II. Successfully binding software execution to a specific computing platform will create a number of immediate security benefits for the Department of Defense, as well as generating significant commercial opportunities for software protection services and products. These benefits are summarized below and discussed in detail in the Commercialization Strategy section. Software Security Benefits úLocks down sensitive software programs and applications to a specific computing platform úEstablishes a hardware barrier against information leakage due to software theft - software will not run independently from the designated hardware platform úEliminates dependence on user-centric software protection routines and anti-theft policies úPotential for associating computer-generated output and results (including applications, data and documents) with the particular platform that created it úPotential for tracking any unauthorized software distribution or downloading back to the source hardware, allowing authorities to identify the source of attempted software theft Hardware Security Benefits úA computer with a unique hardware signature could potentially be configured to reject software that has not been authorized to interface with that signature, preventing users from running software programs not intended for that machine and preventing certain types of malicious software code from damaging that hardware platform. Commercial Applications úCommercial software protection products and services úDigital Rights Management solutions that bind media to its hardware player
SENSCI CORP.
1423 Powhatan Street, Suite 4
Alexandria, VA 22314
Phone:
PI:
Topic#:		 (703) 836-1717
Mr. Norman Beam
OSD 03-002       Awarded: 7/22/2003
Title:Idiosyncratic Computer Signatures used for Software Protection
Abstract:Sensci will research development approaches and designs for a software protection system that relies on the characteristics of idiosyncratic computer signatures. Three candidate signatures types will be evaluated in detail during Phase I including remnant electromagnetic noise characteristics, block maps of magnetic media, and acoustic ?fingerprints?. The feasibility, strengths and weaknesses of each signature method will be examined, including additional hardware and software requirements of the software protection system design. It is anticipated that an software protection system based on idiosyncratic physical signatures will greatly benefit the government?s ability to prevent security breaches of critical system software, especially in environments where other technologies lack robustness, or which fall short of security needs.
ACCORD SOLUTIONS, INC.
3533 Albatross Street
San Diego, CA 92103
Phone:
PI:
Topic#:		 (619) 692-9476
Dr. Carl Murphy
OSD 03-003       Awarded: 7/24/2003
Title:Reconfigurable Processors for Software Protection
Abstract:The CipherProcessor architecture demonstrates reconfigurable opcodes unique to a specific processor or dynamically to a parallel environment and defined uniquely at compile time. Starting from a base of reconfigurable knowledge, Accord Solutions Inc will develop a reference design and demonstrate its viability. It incorporates an effective mechanism for delivery of compiled unique opcode binaries from development centers, with operation in standalone, multiuser and parallel modes. Accord will produce specification and performance projections from the CipherProcessor reference design, targeting advanced reconfigurable FPGAs, matrix driven array processors or System-on-Chip VLIW processors. A Cipherprocessor environment with a complete Fortran/ C++/ C path will be specified. The cost of compromise of the DoD's HPCMP National challenge software may be the cost of war, because application of this technology by enemies could lead to political instability. Less a threat but economically important is commercial software piracy. Protection of critical computational technology areas(CTAs) is thus vital. Cipherprocessor is a reference design that enables our embedded supercomputer products through software protection. In addition, licensing is planned to major processor chip manufacturers.
GATECHANGE TECHNOLOGIES, INC.
115 Research Drive
Bethlehem, PA 18015
Phone:
PI:
Topic#:		 (610) 530-8600
Mr. Robert C. Klein, Jr.
OSD 03-003       Awarded: 7/29/2003
Title:Dynamic Instruction Set Reconfigurable Processor for Software Protection
Abstract:GateChange Technologies, Inc. has performed extensive research on reconfigurable devices and systems. This research has identified the key benefits and fundamental limitations of the existing solutions. GateChange developed the Dynamic Instruction Set Processor (DISP) in response to this research. DISP is an innovative, high-performance reconfigurable architecture that embodies new technology for software security and protection of intellectual property. This Small Business Innovation Research Phase I Project will produce a cycle-accurate simulator and a complete evaluation of DISP for software security, including comparison to extant solutions. DISP thwarts attempts to reverse engineer computer software codes or extract useful information from instruction streams through real-time creation and destruction of highly application specific, arbitrarily wide "virtual-instructions" (v-instructions). The processing elements within DISP are connected in a symmetrical, homogeneous 3-dimensional array. This connection scheme creates a translationally invariant computational fabric, allowing complex, pre-compiled v-instructions to be placed anywhere in the configurable fabric with no limitations. The dynamic instruction set obfuscates code at the machine level and prevents even brute-force hand disassembly of the code. The simulator developed through this program will allow complete benchmarking and characterization of DISP, demonstrating both its performance and its suitability for applications that require the utmost in software security. This SBIR grant will provide proof of concept and validate the Dynamic Instruction Set Processor (DISP) architecture. It will provide a clear indication of DISP's high processing performance and its suitability for applications that require the utmost in software security. The future of computing and communications is clearly wireless, hand-held, anywhere, anytime access. Software security and protection of intellectual property become increasingly important in such an environment. New hand-held multifunction devices will combine functions that are now separate. An example is the recent announcement of cellular phones that include web browsers and digital cameras. Future devices will add functions like GPS, personal video recording/editing, and additional personal entertainment options (MP3, video on-demand). Voice activation will be used for control and voice recognition will add a new level of privacy and security. These "convergence" applications demand the highest levels of performance on a small, low-power, and cost effective device. Through optimized, real-time re-use of physical silicon, the GateChange DISP device will create precisely the logic required for each task at hand in the least amount of silicon area. The intrinsic software security realized through dynamic reconfiguration makes the device attractive for communications and wireless applications, while the low power consumption suits the device for the rapidly expanding wireless and handheld marketspace.
LUNA INNOVATIONS, INC.
2851 Commerce Street
Blacksburg, VA 24060
Phone:
PI:
Topic#:		 (540) 558-1691
Mr. Anthony Spivey
OSD 03-003       Awarded: 8/3/2003
Title:Reconfigurable Processor Technology for Software Protection
Abstract:In today's world, wars can be won and lost through technological espionage as much as on the battlefield. Government computer systems must be safeguarded from computer hackers who seek to steal and undermine software applications. One promising technology for software protection is in reconfigurable processors: CPUs which change their opcodes dynamically. This technology holds the promise of being extremely difficult, if not impossible, to hack. Luna Innovations, along with Virginia Tech's Reconfigurable Computing group, seeks to research and design such a processor. This task will require expertise in hardware and software design as well as a clear understanding of the capabilities and challenges of reconfigurable processors. Luna's expertise in software and hardware design coupled with the Virginia Tech Reconfigurable Computing group's knowledge of processors will lead to a successful design. Reconfigurable processor technology has wide reaching application beyond the government sector. They could be used to safeguard software in business environments to prevent corporate espionage, or anywhere that the safeguarding of software applications is necessary.
QUICKFLEX, INC.
8409 Cambria
Austin, TX 78717
Phone:
PI:
Topic#:		 (512) 255-4794
Mr. Michael Wiles
OSD 03-003       Awarded: 7/30/2003
Title:Q-Crypto Reconfigurable Instruction Set Processor
Abstract:The dramatic improvements in tools to reverse engineer facsimiles of application source code from processor-specific executable files, plus highly subsidized adversarial foreign government-funded organizations using these tools, create threats to vital US government and commercial software. To protect legacy applications and existing systems we propose an add-in solution that requires little modification to existing software code while simultaneously providing for secure future solutions. This addresses OSD's challenges of protecting critical software by providing a reconfigurable instruction set processor to protect software opcodes. The project will build upon the proven concepts of reconfigurable instruction set processor architectures and extend them to include both scrambled and encrypted opcodes. The approach will build upon existing SRAM-based FPGA technologies from QuickFlex and market leader Xilinx to build the Reconfigurable Instruction Set Processor (RISP). Previously traditional processors only executed one instruction set because of the high cost of design and support. Now with these automated tools, large FPGAs, and the unique QuickFlex middleware for managing virtual objects we have the opportunity to produce this processor. These processors may also be extended with instruction sets optimized at the target application to improve performance and reduce added hardware costs. The QuickFlex Q-Crypto Reconfigurable Instruction Set Processor (RISP) will protect critical software intellectual property (IP) from reverse engineering with reconfigurable instructions that create new code each time the software is used. Our RISP solutions will help protect key government and commercial applications from reverse engineering, code manipulation, and attack. The proposed RISP with scrambled opcodes that are encrypted should be of great interest to the government and commercial markets. The ability to provide runtime reconfigurations of software opcode in the hardware coupled with encryption is a significant step forward in the protection of applications. Beyond our nation's key unclassified and classified government infrastructure solutions and specialized military applications, industries that need to protect sensitive non-runtime and runtime software solutions include: various software vendors, banking and financial institutions, e-commerce providers, medical solution providers, and others.
SYSTRAN FEDERAL CORP.
4027 Colonel Glenn Highway, Suite 210
Dayton, OH 45431
Phone:
PI:
Topic#:		 (937) 429-9008
Dr. Joseph Fernando
OSD 03-003       Awarded: 7/21/2003
Title:Reconfigurable Processors for Software Protection
Abstract:Systran Federal Corporation is proposing to solve the software protection problem by developing a reconfigurable processor, in which the opcode instruction set could be changed. We are proposing the development of the tools and the mechanisms that are required for a reconfigurable processor with a variable opcode instruction set, to defeat any effort to reverse engineer the protected software. Each time source code is compiled targeting a system, the software tools, such as, the assembler used to generate the executable code, should know the instruction set that is used in that particular system. When the Field Programmable Gate Array (FPGA) design tools are available the instruction set could be modified and a new instruction set incorporated to the reconfigurable processor. The processor will be embedded in the FPGA such that the pins cannot be accessed using hardware. We are also proposing another method based on encrypting the executable code. In this method, we propose to encrypt the executable code that is targeted to be executed on the reconfigurable processor. The instruction set of the reconfigurable processor would not be reprogrammable. However, the executable code is assumed to be encrypted using a set of keys of a known length. The instructions will be decrypted using the set of keys that is unique to each processor. The decryption module and the set of keys are embedded at design time in the FPGA and are not visible by software. The keys are assumed to be of adequate length such that it will require an enormous amount of time to do a comprehensive analysis when the decryption algorithm is known. The decryption module and the processor would be embedded in the FPGA such that the pins cannot be accessed using hardware. The main benefit of this effort would be that an executable program software could be protected from reverse engineering using a variable opcode instruction set reconfigurable processor.
ARCHITECTURE TECHNOLOGY CORP.
9971 Valley View Road
Eden Prairie, MN 55344
Phone:
PI:
Topic#:		 (952) 829-5864
Mr. Kevin S. Millikin
OSD 03-004       Awarded: 5/16/2003
Title:Automatic Generation of Embedded Interpreters for Software Protection
Abstract:We begin with the observation that table interpretation, or embedded interpreters, is an effective technique for software reverse engineering protection. The scientific literature does not indicate any attempt to address the technical problems required to implement table interpretation as a general automatic software protection technique. We propose an architecture that is capable of automatically generating a specification of an abstract machine, randomly permuted along several axes. Preexisting binary programs are then translated to programs for the abstract machine, either by a hand coded translator, or by an automatically generated translator. We propose to build a hand-coded embedded interpreter implementation as a proof of concept of the feasibility of the approach, and as a demonstration of the runtime slowdown involved. This architecture will allow engineers to automatically employ a technique that is recognized as highly effective by the obfuscation community. The end product will be an automatic obfuscation module that can automatically perform the transformation, subject to as much control over the parameterization of the embedded interpreter as the user desires.
EXCEPTIONAL SOFTWARE STRATEGIES, INC.
849 International Drive, Suite 310
Linthicum, MD 21090
Phone:
PI:
Topic#:		 (410) 694-0240
Mr. Robert Seger
OSD 03-004       Awarded: 8/3/2003
Title:Protecting Software Binaries from Reverse Engineering
Abstract:This proposal is to create an application that protects software binaries from reverse engineering. The goal of phase I is to develop a design by which such an application can be created in phase II. By carefully studying current reverse engineering techniques, along with current software protection schemes, we will be able to identify strong protections and create dynamic new ones to be used in a Constantly Altering Guarded Environment (CAGE). CAGE will be a second-generation, mutating, software protection application. It will strategically employ techniques for defending precompiled binaries from reverse engineering in such a manner as to have no logical weaknesses, and no single point of failure. CAGE will dynamically alter its protection on two distinct levels: with every execution of the protected binary and every compile of CAGE itself. This two-tiered mutation will prevent both specific breaches in protection, and any development of a general tool for breaching its protection. As CAGE will be deployable on any Windows 16- or 32-bit application, the potential market for it is considerable. Its applications range from protecting proprietary and government sensitive algorithms to reviving the shareware community.
GRAMMATECH, INC.
317 N. Aurora Street
Ithaca, NY 14850
Phone:
PI:
Topic#:		 (607) 273-7340
Dr. David Melski
OSD 03-004       Awarded: 7/23/2003
Title:Defenses against Reverse Engineering
Abstract:Existing software systems face the threat of reverse engineering. Given enough time and resources, a determined hacker can recover the design of a software program by examining its binary. The consequences of this can be dramatic: the hacker may gain unauthorized access to sensitive computer systems, allowing him to wreak untold havoc. At worst, this may allow him to compromise national security, or to perpetrate a terrorist attack. A more common result is for the hacker to "crack" software protection, thereby enabling illegal and widespread dissemination of the intellectual property rights found in, or protected by, the hacked software. During Phase I, GrammaTech will investigate tools and techniques for reverse engineering, investigate innovative defenses that prevent reverse engineering, and design a tool that will add protection against reverse engineering to a software binary. To accomplish these tasks, GrammaTech will draw on its expertise in static analysis, expertise in dynamic analysis, and experience building code understanding tools for C/C++ and x86 assembly. The commercial potential for strong software protection is huge. Software companies lose billions of dollars to software piracy. Furthermore, techniques and tools that offer protection against reverse engineering would be invaluable for increasing the security of software systems. Thus, there are both DoD and commercial applications. Any software application with security, or digital-rights management concerns needs the software protection our tool will provide.
IP VIGIL
777 29th Street, Suite 201
Boulder, CO 80303
Phone:
PI:
Topic#:		 (303) 544-1978
Mr. Mark Yager
OSD 03-004       Awarded: 8/4/2003
Title:Onion Layered Protections
Abstract:Valuable DoD codes are not threated by sleep and date deprived teenage crackers... instead, they will be attacked by tiger teams of cryptographers, mathematicians, and coders. Clearly, state-of-the-art techniques are needed. We propose multi-layered, tailorable combinations of anti-debugging, obfuscation, and cryptographic protections. Commercial software vendors are estimated to lose $14B a year to piracy. This effort will result in sophisticated, integrated techniques for protecting the US software industry.
KESTREL TECHNOLOGY LLC
3260 Hillview Ave.
Palo Alto, CA 94304
Phone:
PI:
Topic#:		 (650) 320-8888
Dr. Eric Bush
OSD 03-004       Awarded: 7/23/2003
Title:Protecting Software Binaries from Reverse Engineering
Abstract:In the context of the Software Protection Initiative, Binary Obfuscation is a technique for transforming existing software binaries into behaviorally equivalent programs that are difficult for an adversary to reverse engineer. Obfuscation is the the most widely applicable protection technique for defeating reverse engineering because its protections operate even when an adversary knows the target operating system and processor, and has uncontrolled access to a static copy of the binary. Existing approaches to obfuscation are targeted at obscuring the algorithmic structure of the implementation of software in order to impede the abstraction of this structure by a reverse engineer. Such structural obfuscation techniques are largely impotent in the face of a new approach to reverse engineering, what we call Model Theoretic Reverse Engineering (MTRE), that relies only on the symbolically interpreted input/output behavior of the target software, ignoring its implementation structure. The model theoretic approach represents both a promising technology for benign uses of reverse engineering and a largely uncovered liability for the prevention of hostile reverse engineering. It involves the (abstract) interpretation of the target binary to produce models of the program's input/output, which are then fed to an inductive synthesizer to reconstruct a concise specification in logic of the original program. Although the application of this inductive synthesis technology to reverse engineering is somewhat novel, the technology itself is quite well known and has been broadly developed for uses in software construction, program debugging, and program analysis over the last decade. Its inevitable use in reverse engineering will effectively wipe out the protections offered by most current binary obfuscation techniques. We propose to study the model theoretic approach to reverse engineering to isolate the kinds of obfuscations that might disrupt or impede re-synthesis of program specifications by behavioral interpretation. These obfuscations will be different in kind from those currently used to disrupt structural reverse engineering. We also expect to advance the feasibility of benign uses of this technology for applications where reverse engineering is desirable. Anticipated Benefits We anticipate that our research will uncover practical limitations of inductive re-synthesis that can be exploited to protect software binaries from MTRE. Such results should be directly relevant to Defense Agency programs for protecting binaries under the Software Protection Initiative, since they cover a class of reverse engineering techniques not yet addressed in the literature, but immune to most published obfuscation techniques. These results should also be beneficial to business and industry in the protection of Java Class Files from reverse engineering. We also expect that our research will be beneficial for benign uses of reverse engineering, where the recovery of program specifications is needed to enable reimplementation and integration of legacy systems. The dual use of this technology in support of reverse engineering should be naturally disjoint with its use in preventing it, because the kind of program obfuscations needed to impede model synthesis are not likely to occur in the normal case of program development, including performance optimization. Potential Commercial Applications Post phase II commercialization of the research proposed here would most naturally be in the form of custom development contracts with specific DoD clients to develop binary obfuscation techniques for specific processor and operating system environments, and perhaps specific application domains. We would also anticipate the use of this technology in engagements involving enhancement, integration or re-implementation of existing software through reverse engineering, or verification/certification of properties of existing software through reverse engineering, in both DoD and business markets.
KOLAKA NO`EAU, INC.
P.O. Box 667, 11-3811 11th St
Volcano, HI 96785
Phone:
PI:
Topic#:		 (626) 305-7369
Mr. Randy Brumbaugh
OSD 03-004       Awarded: 7/24/2003
Title:Fragmentation and Distributed Execution for Protection Against Reverse Engineering
Abstract:This innovation is a software interpretation of the ancient technique of authentication by breaking a coin or shell into two jagged halves. Later, aligning the halves exactly verifies the identity of the bearers. A similar approach can be applied to protecting binary versions of software: The binary sequence of instructions is "broken" into two or more fragments. To execute the fragmented code, each fragment is executed simultaneously by an element of a synchronized, distributed virtual machine. The VM elements, when properly synchronized, emulate the behavior of the original code executed on a single machine. The approach frustrates reverse-engineering efforts because none of the virtual machines has access to the complete set of binary instructions, and each code fragment will not execute or offer complete information about the design or algorithms. The need for improvement in software security is a major issue identified by government and industry. Much of the value in software is in the underlying algorithms and techniques which may be compromised by reverse engineering distributed binaries. In many cases these algorithms represent valuable trade secrets, classified information or are sensitive and must be protected. The ability to distribute executable software with less risk of compromising secrets will be valuable to almost every organization which creates or uses software. This technology also has applications to digital asset management-controlling distribution and viewing of copyrighted media.
ATC - NY
33 Thornwood Drive, Suite 500
Ithaca, NY 14850
Phone:
PI:
Topic#:		 (607) 257-1975
Ms. Carla Marceau
OSD 03-005       Awarded: 5/16/2003
Title:TSPI: Transparent Software Protection Infrastructure
Abstract:Software theft causes tremendous financial losses to software companies. Theft of trade secrets and critical national security information embedded in software can lead to further financial losses or even jeopardize national security. Various techniques have been developed to protect software after its release. However, hackers can break in and steal software directly from the development site. To protect against such losses, ATC-NY proposes to develop a Transparent Software Protection Infrastructure (TSPI) for protecting software under development. A Protected File System stores the code in encrypted form to protect it from unauthorized access. TSPI enables developers to access the encrypted code using normal development system interfaces, but will prevent developers from making ill-advised shortcuts and mistakes that could inadvertently expose the source code to thieves. A strong emphasis on usability will ensure that developers are not hampered in their work. To minimize unnecessary access to protected code, TSPI will incorporate a fine-grained access control mechanism, reflecting the software development workflow. It will also provide checks on external code being added to the protected environment, as well as the ability to release completed code in a controlled manner. TSPI will sharply reduce the risk that software will be stolen from the development environment. It will encrypt software to ensure that thieves who break into the development system cannot steal it. It will prevent developers from inadvertently exposing the software to potential thieves. By logging developer activities, it will provide strong incentives for developers to follow software protection policies. Our wrapper approach to implementation will enable TSPI to be quickly adapted to multiple development environments. Thus, developers will not have to abandon their current environment in order to gain TSPI's advantages. Further, maintenance is expected to be minimal, since TSPI does not depend on the development system, but on its use of the underlying platform.
INTELLIGENT SYSTEMS TECHNOLOGY, INC.
2800 28th Street, Suite 306
Santa Monica, CA 90405
Phone:
PI:
Topic#:		 (310) 581-5442
Dr. Azad M. Madni
OSD 03-005       Awarded: 7/25/2003
Title:Application SentinelT: Tool Suite for Software Protection During Development
Abstract:With recent events on the political scene, the DoD's Software Protection Initiative (SPI) is committed to developing tools and methods for "securing" the software development environment by adding capabilities that provide systemic protection of intellectual property that are key to national security. "Protecting software during the development stage while enabling use by appropriate parties" is a critical theme of the SPI. With this overarching goal in mind, the DoD is interested in protecting both binary and source code against theft and piracy. To this end, the DoD is interested in preserving and documenting the version history (i.e., pedigree) of application software and maintaining a systematic record of all who accessed the evolving code during the entire development process. Furthermore, the DoD is interested in ensuring that an application is protected from inadvertent distribution and reuse of its components. Phase I of this effort is concerned with the identification of an innovative methodology and tool suite that achieves these objectives individually or collectively. Protection of high value software and anti-piracy assurance will assure the security of the nation and the protection of intellectual property of commercial enterprises. This software tool suite would be highly marketable in the DoD through SPI as well as in the commercial arena to major software vendors, aerospace companies, and all organizations interested in protecting and maintaining control of their intellectual property.
IP VIGIL
777 29th Street, Suite 201
Boulder, CO 80303
Phone:
PI:
Topic#:		 (303) 544-1978
Mr. Mark Yager
OSD 03-005       Awarded: 7/30/2003
Title:State-of-the-Art Innovations To Protect Against Theft, Viruses, and Malware
Abstract:We propose a suite of tools to: Prevent theft via automatic encryption and password entry; Use an application's pedigree to identify vulnerabilities, recommend protections, and prevent unauthorized execution; Automatically scan for viruses, worms, and trojan horses; Detect malicious components via invisible fingerprints and covert biometrics. These tools are language and OS independent. Protection against theft and malware is a growing problem for software development. No commercial applications exist which protect the unique issues confronting source, objects, and executables in a nascent application. Our approach applies systemic protection to software development and more broadly to intellectual property.
BUSEK CO., INC.
11 Tech Circle
Natick, MA 01760
Phone:
PI:
Topic#:		 (508) 655-5565
Dr. James Szabo
OSD 03-006       Awarded: 5/20/2003
Title:Low Mass 20 kW Hall Thruster
Abstract:To meet DoD requirements for high power Hall thruster technologies that significantly improve operating characteristics and reduce life cycle costs, Busek proposes to develop a very low-mass, 20-kW class Hall thruster suitable for a wide range of missions in Earth orbit. The design benefits from a unique magnetic circuit. The predicted mass of the magnetic structure and coil is about half that of a conventional design. Thrust efficiencies in excess of 65% are predicted. Electromagnetic emissions may also be low. The design is especially suitable for clustering because of the proposed magnetic arrangement. In Phase I, Busek will generate mechanical drawings, build a 20-kW prototype, measure its magnetic field on the bench, and measure the thrust it produces at nominal operating conditions. In the first half of Phase II, the lab prototype will be subjected to a more extensive series of tests to demonstrate bimodal capabilities. Plasma simulations and erosion measurements would validate the predicted lifetime, which is >10,000 hours. Plume testing would include measurements of ion current, ion energy distribution, and doubly charged ions. In the second half of Phase II, an engineering model low-mass 20-kW will be developed, tested, and delivered. The Phase I program will give Busek an extremely low mass, long life axisymmetric Hall thruster suitable for operation alone or for clustering. Once developed into a flight thruster, this can be marketed commercially for all types of high power EP missions involving station-keeping, repositioning, and orbit transfer. Busek plans to develop the engineering model into a commercial product. The low mass of this thruster with respect to other designs will make it the product of choice for high power missions experiencing mass constraints. The thruster can function alone or in a simple cluster. Reasonably sized clusters could fulfill mission needs anywhere from 20-kW to 200-kW. DoD applications such as space based radar and a space tug would directly benefit. Fast orbit transfer of high-power communications and surveillance satellites would also be enabled. NASA planners envision many missions requiring high Isp propulsion systems rated at hundreds of kilowatts and even megawatts. For these missions, long lifetime is crucial. Due to ground testing constraints, spacecraft architectures, and reliability and redundancy issues, a multiple thruster approach makes sense. The lightweight, 20-kW thruster will be ideal for many of these missions, such as a NEP system for missions to the outer planets, LEO to GEO transfer of "Sun Tower" components, a space tugboat to ferry satellites from LEO to GEO, and International Space Station reboost.
BUSEK CO., INC.
11 Tech Circle
Natick, MA 01760
Phone:
PI:
Topic#:		 (508) 655-5565
Dr. James Szabo
OSD 03-006       Awarded: 5/20/2003
Title:Bimodal Bismuth Vapor Hall Thruster
Abstract:Busek proposes to develop a high power, bismuth vapor Hall thruster for bimodal and high thrust missions. Published Soviet data lists experimental thrust efficiencies of 75-80%. Maximum thrust to power may be 70% greater than possible with xenon. Thrust to thruster mass is also higher and mission enabling high thrust, Isp~1000 sec operating points are possible. Fuel efficient Isp~2500 sec operating points are also possible. A more tenuous charge exchange plasma should decrease discharge chamber erosion, increasing total impulse (longer lifetime), and mitigating spacecraft interactions. A high-power system could be tested in existing facilities, minimizing ground test costs; water cooled panels could condense the Bi, eliminating requirements for new, multi-million dollar cryogenic facilities. Challenges include possible spacecraft contamination issues and more complicated propellant handling, although propellant storage will be compact. In Phase I, Busek will design a Bi Hall thruster and propellant feed system. We will analyze the design using our in-house suite of numerical models. Accumulation of Bi on heated and cooled surfaces will be tested under vacuum. Spacecraft interactions will be studied in cooperation with The Aerospace Corporation. In Phase II, Busek will design, build, and test a sub-scale thruster. We will also design a full-scale thruster. The development of a high thrust, bimodal bismuth Hall thruster represents a significant opportunity for Busek to capture the market for high thrust electric propulsion missions. Xenon Hall thrusters are typically used for station-keeping, re-positioning, and orbit transfer. But in many applications, one would like a Hall thruster with a lower specific impulse than possible with Xe to get a higher thrust to power ratio, even at the cost of using more fuel. With limited power available, mission requirements for trip time, in particular, are much better met by bimodal bismuth thrusters. Bismuth Hall thrusters will have higher thrust to power, higher thrust to thruster mass, higher total impulse, and cheaper ground test costs than Xe thruster alternatives. Likely DoD applications include fast repositioning of surveillance and communications satellites, orbit insertion, and a space tug. High power communication satellites may also use Bi thrusters for station-keeping, pending interactions issues. NASA applications include Nuclear Electric Propulsion (NEP), space station re-boost, and boosting elements of a space solar collection satellite from LEO to GEO. For NASA and commercial applications, the cheapness of the raw propellant will be an additional benefit. The solid propellant feed system will have its own commercial applications; a host of other solid propellants could conceivably be used in Hall thrusters and other plasma devices for material processing applications.
MICROCOATING TECHNOLOGIES, INC.
5315 Peachtree Industrial Blvd.
Atlanta, GA 30341
Phone:
PI:
Topic#:		 (678) 287-2407
Dr. Jan Hwang
OSD 03-006       Awarded: 5/6/2003
Title:High Power Hall Thruster Technology Development
Abstract:MicroCoating Technologies, Inc. (MCT), with Aerojet, proposes to develop high field strength dielectric thin films for high power Hall thrusters that will directly and significantly enhance the thrust-to-thruster mass to power ratios. By utilizing its proprietary Combustion Chemical Vapor Deposition (CCVD) process, unique flexibility will be achieved in economically depositing on large areas of rolled metals and irregularly shaped surface cores. In the Phase I, MCT will demonstrate this capability by depositing materials such as alumina, boron nitride, aluminum nitride, silicon nitride as dense thin films on metal foil substrates with excellent thickness uniformity (and pinhole free), high adhesion, dielectric properties, planarity and superior thermal shock capability. The Phase II development will end with the delivery to the Air Force of an economic Hall thruster operating at 20kW with a 50% mass reduction compared to current methods of manufacturing, which will enable significant application in space. This deposition technology will allow innovation in the development of revolutionary Hall thrusters that will be the desired positioning system then for most DOD and commercial space applications. In addition to military space applications, the product has direct application in the microelectronics and the power electronics industry, which desires high field strength insulators with reasonable thermal conductivity. The worldwide market for the power electronics industry is estimated at over $2 billion for the current year and growing due to the drive for higher efficiencies.
METSS CORP.
300 Westdale Avenue
Westerville, OH 43082
Phone:
PI:
Topic#:		 (614) 797-2200
Dr. Richard S. Sapienza
OSD 03-007       Awarded: 5/30/2003
Title:Decomposition Characterization and Optimization for Monopropulsion Systems for Spacecraft
Abstract:This program seeks to develop a means of initiating a repeatable, reliable exothermic decomposition of USAF developed high performance Hydroxyl Ammonium Nitrate (HAN) based monopropellants, over a range of demanding mission duty cycles with short delay times and predictable performance over long storage times. Catalysts do not have the high temperature or oxidation resistance required by these USAF developed HAN based monopropellants to support the program objectives. However, these materials should be susceptible to initiation, or self-sustained energy release, when present in sufficient quantities and exposed to stimuli such as heat, shock, friction, chemical incompatibility, or electrostatic discharge. Under the proposed program, METSS proposes to conduct a study to develop an initiator/sensitizer for HAN based monopropellants by exploiting the exothermic decomposition properties of the amine nitrates. Furthermore, METSS will demonstrate that the formulations synthesized under this program will decompose HAN at concentrations of 2-5%. Chemicals dispersed with the fuel will react with one another or the fuel over a nozzle structural surface generating heat from the reaction sufficient to either start or speed up the monopropellant decomposition reaction. The chemical initiator composition will be selected for specific characteristics: high thermal stability, fast response, sustained thermal output, and high short-term peak energy. Specifically, the work will emphasize the pre-existing technologies of azo polymer initiators and the reduction of nitrate by an added reducing agent, and recent developments that can convert nitrate in water into environmentally benign gaseous nitrogen. METSS believes that high activity, low cost initiators can be developed using this approach that will decompose the HAN fuel. This project will demonstrate a complete, cost effective technology. In addition to military interests, there is a wide range of commercial uses for HAN, ranging from pharmaceutical products to re-processing nuclear fuels. A versatile chemical, HAN can also be used as an oxidizer or reducing agent in applications such as photographic developing, semiconductor manufacturing and as a high performance fuel additive, propellant or gas generator for mining, boring and other operations. The use of existing commercially available processing equipment and the existing commercial market make the transition of this methodology into the commercial environment technically and financially feasible.
SIENNA TECHNOLOGIES, INC.
19501 144th Avenue NE, Suite F-500
Woodinville, WA 98072
Phone:
PI:
Topic#:		 (425) 485-7272
Dr. Ender Savrun
OSD 03-007       Awarded: 5/30/2003
Title:Laser Ignition of HAN-Based Monopropellants
Abstract:This SBIR program will demonstrate the potential of laser ignition to initiate decomposition of the USAF developed HAN-based monopropellants. The interaction of a series of HAN-based monopropellants with electromagnetic radiation over 0.2 microns to 11.0 microns will be characterized to identify the laser wavelength for maximum absorption. Laser ignition experiments in the wavelength region of maximum absorption will be performed to establish a relationship between laser power requirement and sample volume for ignition for a given monopropellant. The developed laser ignition technology for HAN-based monopropellants will provide an enabling technology for many military and commercial applications. The commercial applications include communications and imaging satellites, companions to large satellites to provide surveillance and inspection capabilities such as to monitor and assure proper deployment of solar panels.
SIENNA TECHNOLOGIES, INC.
19501 144th Avenue NE, Suite F-500
Woodinville, WA 98072
Phone:
PI:
Topic#:		 (425) 485-7272
Dr. Ender Savrun
OSD 03-007       Awarded: 5/30/2003
Title:Microwave Ignition of HAN-Based Monopropellants
Abstract:This SBIR program will demonstrate the potential of microwave dielectric heating to ignite the USAF developed HAN-based monopropellants. Complex permittivity measurements on a series of HAN-based monopropellants will be carried out to identify the frequency region for maximum microwave absorption. Microwave dielectric heating experiments in the frequency region of maximum absorption will be performed to establish a relationship between microwave power requirement and sample volume for ignition for a given monopropellant. The developed microwave ignition technology for HAN-based monopropellants will provide an enabling technology for many military and commercial applications. The commercial applications include communications and imaging satellites, companions to large satellites to provide surveillance and inspection capabilities such as to monitor and assure proper deployment of solar panels.
ULTRAMET
12173 Montague Street
Pacoima, CA 91331
Phone:
PI:
Topic#:		 (818) 899-0236
Dr. Arthur J. Fortini
OSD 03-007       Awarded: 6/16/2003
Title:Catalytic Ignition System for Advanced Boost-Phase Intercept Applications
Abstract:Phase III IHPRPT goals call for a 70% increase in density Isp for monopropellant systems. Advanced HAN-based monopropellants such as AF-m315 have the potential not only to exceed this goal, but also to exceed the density Isp of NTO/MMH. But before such propellants can be commercialized, a reliable ignition system must be developed. While a heated bed of Shell-405 catalyst can ignite the propellant, the catalyst support is unable to survive for more than a few seconds. A reliable catalytic ignition system is thus a required, enabling technology. Development of such a catalyst will enable performance increases well beyond the IHPRPT goals. By some estimates, the performance increase can be as high as 78% or even 80%, and would hence be ideal for the most demanding applications. Ultramet has completed several projects directed toward the development of a catalytic ignition system for HAN-based monopropellants, and many key developments have been made. Ultramet has previously demonstrated room temperature exothermic activity (<25 C onset temperature) with several different catalyst/propellant combinations, and extremely fast activity in spot plate testing with others. The most reactive catalysts at room temperature were those that did not utilize a platinum group metal. Ultramet has also identified and/or synthesized high surface area, high melting point, oxidation-resistant support materials with surface areas in excess of 2800 m2/cm3 and melting points in excess of 2750 C. This compares very favorably with the support used for Shell-405, which has a surface area of only ~800 m2/cm3 and decomposes to alpha-Al2O3 at ~1100 C. In this project, Ultramet will take the knowledge gained in the previous work and combine it into a catalyst/support combination wherein the support is catalytically active and can assist in decomposing the propellant if/when the overlying catalyst (e.g. iridium) is chemically etched and removed from the support. The goal will be to reliably ignite HAN-based monopropellants at low temperature using a catalyst that can tolerate prolonged time at operating temperature. The proposed technology will make the use of advanced, environmentally friendly, high-performance monopropellants a