---------- OSD ----------

47 Phase I Selections from the 07.2 Solicitation

(In Topic Number Order)
Aptima, Inc.
12 Gill Street Suite 1400
Woburn, MA 01801
Phone:
PI:
Topic#:
(781) 496-2476
Robert McCormack
OSD 07-CR1      Awarded: 3/2/2009
Title:E-MEME: Epidemiological Modeling of the Evolution of MEssages
Abstract:Unofficial means of communication, such as internet blogs and forums and word-of- mouth contacts, provide an ideal medium for the spread of ideas within a society. While many of these topics are benign or even beneficial to the population, there are messages which have dangerous and destructive consequences, such as calls for terrorist attacks. The spread of information within a population is in many ways analogous to the spread of disease. The field of mathematical epidemiology provides a vast array of models which can be modified for the current problem. In order to better analyze the dynamics of information propagation, we propose to build the Epidemiological Modeling of the Evolution of MEssages (E-MEME) tool. E-MEME combines statistical language processing technologies to discover latent topics found in website text with epidemiological modeling techniques to understand and predict the means by which messages propagate. E-MEME will give users the ability to analyze the diffusion of topics across internet websites.

Infoscitex Corporation
303 Bear Hill Road
Waltham, MA 02451
Phone:
PI:
Topic#:
(518) 869-6460
Lynn Bardsley
OSD 07-CR1      Awarded: 3/13/2009
Title:Getting the Word Out: Modeling the Propagation of Counter Insurgency Information within a Population
Abstract:Insurgencies have existed throughout history and will continue to provide a problem for our forces abroad, as they are now in the Middle East. Prior measures taken against insurgencies would be intolerable today. As a result, today’s approaches are more based in intelligence than force. This approach of counterinsurgency message dissemination fits that approach. In considering this problem, Infoscitex has developed the concept for a novel solution that will adapt current individual-level epidemiological infectious disease research into models selected to facilitate the identification of possible “information superspreaders”. We believe strongly that the use of probabilistic methods to identify characteristics present in a superspreader will allow the creation of a profile to be cross referenced with known members of a population to facilitate identification of persons of interest. IST has assembled a distinguished team to address this proposal. In conjunction with our research partner, Dr. Sandro Galea, and the support of Boeing IDS, we are proposing a novel and innovative approach to meeting the requirements called for in the solicitation. At the conclusion of Phase II, we will have a prototype version of our product ready for immediate deployment and testing.

Knowledge Based Systems, Inc.
1408 University Drive East
College Station, TX 77840
Phone:
PI:
Topic#:
(979) 260-5274
Arthur Keen
OSD 07-CR1      Awarded: 3/16/2009
Title:Message Epidemiology Resource for Counter insURgencY (MERCURY)
Abstract:Knowledge Based Systems Incorporated (KBSI) proposes Message Epidemiology Resource for Counter insURgencY (MERCURY). MERCURY will provide reliable techniques to optimize influence operations campaigns on insurgencies. Influence operations applied to insurgencies are complicated by the fact that active insurgency participants typically represent a small component of the population (less than 1%). MERCURY will provide computer modeling of the spread of messages that will take into account the full heterogeneity of the host population response and contact rate. MERCURY will additionally identify the “super spreaders” of information in the population in order to accelerate the spread of the message. In the super spreader model relatively few individuals are responsible for most of the transmission. MERCURY will be applied to the dissemination of counterinsurgency messages using super spreaders to achieve more effective and efficient use of information in counter-insurgency operations. MERCURY applies techniques of “Viral marketing” in this approach. MERCURY will focus on developing a solid modeling capability for the phenomena and integrating the capability into operations support systems to enhance the effectiveness of military operations.

Referentia Systems Incorporated
550 Paiea Street Suite #236
Honolulu, HI 96819
Phone:
PI:
Topic#:
(808) 423-1900
Norman Johnson
OSD 07-CR1      Awarded: 3/2/2009
Title:SAGE: Situational Awareness for the GTWO (Getting the Word Out) Environment)
Abstract:New approaches are needed to address situational awareness and analysis in “getting the word out” (GTWO), in support public affairs functions. This proposal initiates R&D to exploit the combination of recent successes of highly-resolved epidemiological simulations and models of group identity and culture – to develop a unique prototype resource for assessing the effectiveness and future of GTWO campaigns. The technical approach is to adpat a mature epi-model to include message passing between individuals associated with identity or cultural groups and predict the degrees of support or opposition by individuals. Uncertainty/sensitivity management and cost-benefit analysis are captured – essential for potential command high-regret decisions. The SAGE resource is a combination of data from obtainable sources, the newly-developed GTWO simulation prototype, and CONOPS. The SAGE resource exploits the observation that the acceptance or rejection of messages are often determined by the association of the message with specific and possibly competing groups, rather than the more complex issue of the content and context of the message. The team includes experts on nationally utilized epi-models and operational cultural identity modeling. The activities also include assessment of development path for deployment in Corps and Theater-level C2 systems.

Systems Analytics
55 Moody Street, Suite 21
Waltham, MA 02453
Phone:
PI:
Topic#:
(781) 398-2233
Elizabeth Newton
OSD 07-CR1      Awarded: 3/2/2009
Title:Getting the Word Out: Modeling the Propagation of Counter Insurgency Information within a Population
Abstract:The purpose of this project is to develop and adapt epidemiological models for the prediction of the propagation of the counterinsurgency message within a population. Of key importance is the incorporation of the influence of individual variation and, in particular, the effect of super-spreaders. Both deterministic compartment models and stochastic network models will be employed. The Phase I objective is to evaluate epidemiologic models for applicability, to identify key social, cultural and behavioral characteristics which will define model parameters, and to assess the availability of data. The Phase II objective is to develop and demonstrate prototype models and to conduct testing to prove feasibility in an operational experiment or training scenario.

Charles River Analytics Inc.
625 Mount Auburn Street
Cambridge, MA 02138
Phone:
PI:
Topic#:
(617) 491-3474
Scott Neal Reilly
OSD 07-CR2      Awarded: 4/23/2009
Title:Virtual Personalities for Online Counterinsurgency (VPOC)
Abstract:Effective U.S. counterinsurgency operations, including counter-recruiting efforts, will need to understand and undermine the narratives that insurgents use for recruiting, support, and fundraising, and replace them with new narratives that encourage peaceful engagement. Current insurgent messages are often propagated through virtual media such as web sites, blogs, and on-line games; counter-insurgency operations will need to respond in these same media. We propose to develop technology for creating Virtual Iconic Presences (VIPs), which are software-based agents that can work individually or in groups to propagate a coherent narrative message that can be widely disseminated through virtual space. We will build VIPs using existing believable agent technology, which has been used previously to create interactive, personality-rich agents for art and entertainment applications. We will draw on a number of natural language understanding and generation technologies to enable VIPs to understand and comment on news feeds and less formal online content. We will also create an interactive narrative planning system that will support the creation of robust and adaptive counter-narrative strategies using VIPs. Finally, we will develop a roadmap for the successful development, evaluation, and deployment of such VIP-based counter-insurgency operations.

PhaseSpace Inc.
1937 A Oak Park Blvd.
Pleasant Hill, CA 94523
Phone:
PI:
Topic#:
(510) 638-5035
Kan Anant
OSD 07-CR2      Awarded: 3/13/2009
Title:Reinventing Max Headroom- Virtual Iconic Presence (VIP) for Training and Mission Rehearsal
Abstract:Max Headroom two decades ago captured the imaginations of millions with his energy and the concept of an artificial intelligence (AI) able to communicate and interact with humans. Now we can use technological improvements in AI and computer graphics for movies and games to create an AI character that can be realistically driven by responses to spoken questions and interact with people in a realistic fashion. The Virtual Iconic Presence can be tailored by software and training to represent a wide range of religious, cultural and ethnographic qualities, creating interactive “Icons” with personality, mannerisms and attributes associated with geographic regions, political movements or ethnic populations. This combines techniques from animation, voice recognition, AI, and real time video graphics to create an interactive artificially intelligent virtual presence to support training and mission rehearsal/experimentation areas within the DoD. Tailoring features and speech makes our solution applicable to both training and delivering a message. This same technology could be used for educational purposes. Medical information is better received and retained by being delivered by a face, rather than written instructions especially if the talking head can answer questions.

LOGOS TECHNOLOGIES, INC.
3811 N. Fairfax Drive Suite 100
Arlington, VA 22203
Phone:
PI:
Topic#:
(202) 207-5665
Mr. Robert Grossman
OSD 07-CR3      Awarded: 1/18/2008
Title:Training Leaders and Analysts on Measuring Progress in Conflict Environments (MPICE) Tool
Abstract:This research will develop a capable and flexible approach to training analysts on the MPICE framework and software tool, so that they can better assess Stabilization & Reconstruction Environments. This work will be accomplished in three steps: formulate the training concept and requirements, develop a specific training design that can be implemented in a Phase II effort, and illustrate key elements of this design to show how this training will work and generate value for both analysts and their organizations. This training capability will build on both Aptima experience with mainstream training products, and the MPICE team’s case study efforts and handbook documentation that address user expectations and requirements for the assessment capability. This research is innovative in that it will provide a full capability for social/cultural learning about a particular S&RO environment of interest to interagency operating and academic organizations, combined with a structured assessment process that provides structure and rigor to these large- scale, applied social science problems. This MPICE Training research will also support expected subsequent requirements, such as a flexible scenario editor that can support interagency/command training priorities, and a multiple personnel learning capabilities that will allow for both in place and distributed small group training.

STOTTLER HENKE ASSOC., INC.
951 Mariner's Island Blvd., STE 360
San Mateo, CA 94404
Phone:
PI:
Topic#:
(650) 931-2700
Mr. James C. Ong
OSD 07-CR3      Awarded: 1/4/2008
Title:MPICE Simulation-based Intelligent Tutoring
Abstract:The MPICE metrics framework and analysis software present an opportunity to improve significantly the planning and execution of stability and reconstruction operations in conflict environments. We propose to develop a scenario-based intelligent tutoring system for MPICE. Key elements of our approach include scenario-based, application- level learning, emphasis on systems modeling and reasoning skills, automated assessment and feedback, coaching, capture and evaluation of analysis rationale, and simplified scenario authoring. During Phase I, we will demonstrate the usefulness of the proposed training system by identifying MPICE learning objectives and by describing 8 to 10 complex scenarios. Learning objectives will be based on documented reconstruction principles and conflict situations and on interviews with military planners with recent stability and reconstruction experience. We will demonstrate the instructional effectiveness and feasibility of the training system by developing a limited software prototype and showing this prototype to potential stakeholders to elicit their feedback. We will also specify the design of the system to be developed during Phase II by identifying the software’s user interface, modules, data, algorithms, and internal and external interfaces.

FRONTIER TECHNOLOGY, INC.
75 Aero Camino, Suite A
Goleta, CA 93117
Phone:
PI:
Topic#:
(937) 429-3302
Mr. Sam Boykin
OSD 07-CR4      Awarded: 1/4/2008
Title:MPICE Simulation Tools and Environment
Abstract:As the U.S. Government continues to participate in post-conflict Stabilization and Reconstruction Operations (S&RO) around the globe, the ability to measure outcomes accurately as related to projected goals continues to rise in importance. The US Government employs a metrics tool developed though the Monitoring Progress in Conflict Environments (MPICE) project. The objective of this Phase I SBIR is to provide US military planners/analysts and their USG Interagency partners with additional capability to conduct analysis, establish clear traceability between goals and measures, and ultimately measure progress of stabilization efforts. Seasoned scholar practitioners will also support the refinement of the metrics framework and define attributes and measures associated with social well-being sector. The data fusion framework to link goals to metrics and integrate multiple data sources will be built on an infrastructure initiated by investments from Missile Defense, Air Force and Navy offices to provide robust decision traceability during acquisition decisions. The Phase I program will solidify the Phase II requirements by having selected OSD, S/CRS and multi-national stakeholders interact with the proof-of-concept graphical user interface and supporting database structure to conduct actual progress evaluations. The Phase II program will fully develop a prototype tool and validate its operation and use concept.

LOGOS TECHNOLOGIES, INC.
3811 N. Fairfax Drive Suite 100
Arlington, VA 22203
Phone:
PI:
Topic#:
(202) 207-5665
Mr. Robert Grossman
OSD 07-CR4      Awarded: 1/18/2008
Title:Measuring Progress in Conflict Environments (MPICE) Modeling and Simulation Toolchest and Analysts Work Environment
Abstract:This research will significantly expand the capabilities of the initial Measuring Progress in Conflict Environments (MPICE) tool through development of new features addressing the Social Well-Being sector, data fusion capabilities, connections of assessment outcomes with planning inputs, and linkage of the MPICE framework and tool with relevant modeling and simulation capabilities. This work will build on existing MPICE research efforts and address some of the limitations identified in the initial case studies and analysis work. This effort is highly innovative in that it will create a Social Well-Being sector (the most difficult to define of the five sectors); identify and pursue creative ways to combine the many types and sources of data needed for assessment; create possible outcomes/outputs linkages in these complex S&RO environments; and investigate previously unknown connections between assessment and modeling efforts. The research will leverage several on-going MPICE-relevant projects: the basic MPICE framework, DARPA IBC/COMPOEX modeling efforts, and new Army social/cultural tactical assessment efforts.

SECURBORATION, INC.
695 Sanderling Dr
Indialantic , FL 32903
Phone:
PI:
Topic#:
(321) 591-7371
Mr. Bruce McQueary
OSD 07-CR4      Awarded: 1/10/2008
Title:Measuring Progress in Conflict Environments (MPICE) Modeling and Simulation Toolchest and Analysts Work Environment
Abstract:The 21st century strategic threat triad – failed states, global terrorism, and WMD proliferation – represents the greatest modern day threat. The common factor exacerbating this threat triad is instability. DoD is striving to identify metrics to assess progress towards stability. The Measuring Progress in Conflict Environments (MPICE) program has made gains by structuring stability indicators into five ‘pillars’ and classifying events from a wide range of data sets. While MPICE provides a framework across these pillars and initial data collection and analysis techniques, it currently does not include ‘social well-being’ indicators; state-of-the-art qualitative analysis techniques or integration algorithms; or capability to determine if activities ‘on the ground’ are achieving desired effects. Securboration has teamed with Dr. Eugene Santos from Dartmouth University and Dr. Eunice Santos from Virginia Tech to develop the MPICE Analytical Stability Model (MASM). Advancements by these professors in computational social sciences, coupled with Securboration’s expertise enable our team to supplement MPICE with 1) ‘social-well being’ indicators, 2) a coherent computational model and 3) a formalized model of semantic relationships among stability indicators across pillars. The result will be an MPICE that provides unprecedented insight into stability progress – through detailed understanding forces behind MPICE indicators, including effects from actions by U.S. Government.

APTIMA, INC.
12 Gill Street Suite 1400
Woburn, MA 01801
Phone:
PI:
Topic#:
(781) 496-2452
Dr. Jason Sidman
OSD 07-CR5      Awarded: 1/4/2008
Title:Training Collaboration in Interagency SSTR (TraCIS)
Abstract:There are numerous challenges associated with maintaining high quality performance in complex operational environments. In Stability, Security, Transition, and Reconstruction (SSTR) operations, personnel from different agencies must effectively collaborate despite having different agendas, standard operating procedures, and desired outcomes. Hence, even in SSTR operations, which are fundamentally collaborative, experts in one particular field often have only rudimentary understandings of other fields. As such, they are unaware of what the right questions to ask are, and have little experience finding answers to their questions. What is needed is a common training resource that promotes knowledge-sharing and perspective-taking between multiple agencies involved in SSTR operations. Such a resource could provide scenario-based training based on important historical lessons learned, and allow a diverse group of trainees to explore how these events might have produced different results if handled in different ways. To meet these challenges, we propose developing Training Collaboration in Interagency SSTR (TraCIS), a scenario-based training system that promotes interagency collaboration in SSTR operations. Such a tool goes beyond teaching trainees linear, static rules for behavior in given situations. Rather, the tool will promote a broader thinking process to facilitate interagency collaboration.

ECROSSCULTURE
777 29th Street, Suite 102
Boulder, CO 80303
Phone:
PI:
Topic#:
(303) 544-1978
Dr. Carol Byerly
OSD 07-CR5      Awarded: 1/22/2008
Title:Stability Operations Systems Learning Environment
Abstract:We propose a methodical analysis of SSTR operations since World War II. We will identify training objectives based on a large network of civil affairs officers, interpreters, military intelligence, USAID, State Department, and NGO interviewees currently in use on other projects. We will identify eight events since WW II containing a range of SSTR operations. We'll use these events to analyze various SSTR operations, identify their objectives, implementation, result, and hypothesize alternative outcomes. Finally, we will demonstrate how a proprietary, innovative framework can present past SSTR operations in a compelling format for training students on contemporary and new missions.

STOTTLER HENKE ASSOC., INC.
951 Mariner's Island Blvd., STE 360
San Mateo, CA 94404
Phone:
PI:
Topic#:
(617) 616-1291
Dr. Eric Domeshek
OSD 07-CR5      Awarded: 1/4/2008
Title:SSTR Training Adaptively Based on Lessons from Experience (STABLE)
Abstract:In response to recent events, the U.S. has recognized that it must devote more resources to Stability, Security, Transition and Reconstruction (SSTR) operations. Such operations cannot be carried out by any one department, agency, or organization; they require coordinated efforts within and outside of government. It is a major challenge to get myriad specialists to work effectively together across organizational boundaries, often with little individual experience, and little time to prepare. What is needed is just-in-time experience- based training, informed by the lessons of past SSTR success and failures. Stottler Henke proposes to develop a web-based learning environment for SSTR Training Adaptively Based on Lessons from Experience (STABLE). We will combine team expertise in scenario-based intelligent tutoring systems, electronic case libraries of lessons learned, web-based distance learning, and SSTR operations to produce a novel, effective, and efficient solution. STABLE will include a suite of authoring tools supporting extension of the interlinked training scenario and lessons learned libraries. Overall, it will lower the costs of raising awareness in those tapped for roles in SSTR operations. During Phase I we will gather requirements, identify SSTR cases, lessons, and scenarios, produce a proof-of-concept prototype, and develop a detailed Phase II design and work plan.

CHARLES RIVER ANALYTICS, INC.
625 Mount Auburn Street
Cambridge, MA 02138
Phone:
PI:
Topic#:
(617) 491-3474
Mr. Paul G. Gonsalves
OSD 07-I01      Awarded: 10/31/2007
Title:Reclassification Agent for Information Dissemination Security (RAIDS)
Abstract:We propose to design and demonstrate the feasibility of a Reclassification Agent for Information Dissemination Security (RAIDS) to assist the human review process for multi- level security classifications. RAIDS will suggest an appropriate security classification level (e.g., secret, unclassified) for a derived document obtained via extraction from input documents. Our approach to building RAIDS is to develop a Naïve Bayesian Classifier (NBC) based on training samples of unstructured document portions marked with their classification categories (e.g., military plans, foreign relations, scientific, technical) and associated security levels, where portions in documents include paragraphs, charts, tables, and pictures within the document. The RAIDS agent marks input documents using the trained classifier and then recommends an overall classification level for each derived document along with its confidence on the classification level. We plan to implement a prototype using common services for databases, visualization, and information retrieval available under the existing Service Oriented Architecture (SOA) frameworks. The major benefits of the proposed human-in-the-loop approach are faster document reclassification and avoiding those errors easily overlooked by human eyes. The generic nature of RAIDS provides potential for its transition to existing cross-domain solutions in the field today.

ENKIA CORP.
817 West Peachtree St. Suite 915
Atlanta, GA 30308
Phone:
PI:
Topic#:
(866) 468-8882
Dr. Badri Lokanathan
OSD 07-I01      Awarded: 10/29/2007
Title:Information Dissemination Agent (IDA)
Abstract:While recent efforts in cross-domain information sharing have developed platforms and infrastructure for information sharing, they do not address issues of human-system interactions within the framework of existing information creation, visualization and communication environments. This project will focus on developing front-ends to information sharing services and support tools, assisting analysts in identifying information that is relevant and shareable across domains having different security classifications. The objective is to create a standard environment for information reclassification that leverages state of the art content-based information analysis capabilities such as intelligent information sharing assistant (IISA) currently under development at Enkia. Enkia proposes an interactive environment for semi-manual and automatic “information review” that can help analysts: (i) identify documents that should/shouldn’t be shared, given the topical relevance of those parts to the users and task context, (ii) identify parts of documents that should/should not be shared, based on security level of the domain and potential users, and (iii) manage published information and tracking release within different domains. Enkia's approach will help cooperating groups share information in a standard operational setting, thereby eliminating the need for training on non-standard reclassification processes.

STOTTLER HENKE ASSOC., INC.
951 Mariner's Island Blvd., STE 360
San Mateo, CA 94404
Phone:
PI:
Topic#:
(206) 545-1478
Mr. Eugene Creswick
OSD 07-I01      Awarded: 10/29/2007
Title:An integrated approach to document regrading with classification assistants
Abstract:Stottler Henke proposes InfoAssist, an integrated, unobtrusive and networked approach to document classification and dissemination. This system will enable document authors and reviewers to make use of the release and publication history of all content in a particular document when assigning security classifications. Authors will benefit from integrated tracking of a document’s classification while they combine content from multiple sources, all without modification to their existing workflow. Clear descriptions of the classification decisions made by the system will help reviewers choose optimal classification levels to enable dissemination without compromising security. Furthermore, InfoAssist will provide reviewers with the ability to encode and adjust classification policy through a rule-based system. These rules are composed of simple descriptive statements that are made executable through the incorporation of state of the art text and natural language processing techniques. InfoAssist will offer multiple deployment options: The authoring and reviewing tools are separable and will run independently or connected through an InfoAssist server. Additionally, multiple servers can cooperate to track document content and classifications across security boundaries or within large organizations. This allows InfoAssist to be gradually adopted in any environment with varying degrees of connectivity or differing levels of inter- and intra-organization cooperation.

DATA FUSION CORP.
10190 Bannock Street Suite 246
Northglenn, CO 80260
Phone:
PI:
Topic#:
(720) 872-2145
Mr. James M. Davis
OSD 07-I02      Awarded: 11/2/2007
Title:Cross Platform Digital Rights Management (CP-DRM) System
Abstract:It is widely believed that the general problem of horizontal integration among US Government agencies has not been adequately solved to date. Many barriers exist that have historically resisted a viable solution, including the “stove pipe” architectures of various agencies, the lack of overarching and compatible security policies, new needs for wider dissemination of information extending beyond the typical DoD boundaries, and the lack of a new information sharing paradigm that can address the technical complexities inherent in the horizontal communication among local, state, and federal government agencies. The proposed solution described herein puts forth a new information sharing paradigm, adapting a number of existing security and digital rights technologies with proprietary elements to accomplish fine-grained control and tracking of sensitive digital assets. Moreover, we propose to adapt the NSA-sponsored Content Based Information Security cryptographic algorithms to provide cross-platform, multi-level security capability to our initial architecture.

PIKEWERKS CORP.
105 A Church Street
Madison, AL 35758
Phone:
PI:
Topic#:
(256) 325-0010
Mr. Irby Thompson
OSD 07-I02      Awarded: 10/29/2007
Title:Cross Platform Digital Rights Management (CP-DRM) System
Abstract:The explosive growth of digital storage, transport, and processing technologies has allowed for enormous advances in the way that information is created, accessed, and disseminated. Unfortunately, data protection standards have failed to keep pace with advances in the digital revolution. With an increasing significance placed on proprietary and sensitive information stored within electronic data files, both Government and private sector entities are searching for innovative methods to combat inappropriate disclosure of proprietary information. Pikewerks proposes to use proven cryptographic techniques, secure design principles, and innovative software enforcement mechanisms for the purpose of controlling information access and data flow within networked computer environments. The inner-workings of this technology will not require any modifications to existing application software, file formats, or user operations – instead a small, high- performance kernel module will transparently encrypt and decrypt files in memory as they are read, modified, and written back to disk. Further control and enforcement of data rights, such as the ability to copy, print, modify, or otherwise manipulate protected information, will also be provided. The successful development of a comprehensive, but non-intrusive, Cross-Platform Digital Rights Management solution will provide a common DRM standard for use throughout the Department of Defense or Corporate Enterprise.

TRIDENT SYSTEMS, INC.
10201 Lee Highway Suite 300
Fairfax, VA 22030
Phone:
PI:
Topic#:
(919) 388-1261
Ms. Anna Monastyrsky
OSD 07-I02      Awarded: 10/29/2007
Title:Cross Platform Digital Rights Management (CP-DRM) System
Abstract:A fundamental goal for Cross-Platform Digital Rights Management (CP-DRM) is to allow data owner to control the flow of sensitive digital information even after it’s been released. The Original Classifying Authorities (OCA) should have options on how to protect their digital information and have the ability to track the material when distributed by the receiver. Trident System proposes to leverage the emerging DRM standards to develop a unified architecture for CP-DRM. It will provide OCA with abilities to retain control over the digital information even after the information has been disseminated. One of the key concepts of the proposed solution is the use of Reference Monitor (RM) for enabling decision and enforcement functions. A RM is a part of trusted computing base, always running, tamper-resistant, and cannot be bypassed. The proposed architecture provides two-tier controls: client-side RM (CRM) and server-side RM (SRM). A SRM resides within server environment and mediates all access to digital objects. A CRM resides in the client environment and controls access to and usage of digital objects. This makes it possible to support the flexible policy definition when general polices are controlled by a SRM and finer-control on the digital object will be done by CRM.

AVENDA SYSTEMS
2855 Kifer Rd, Suite #102
Santa Clara, CA 95051
Phone:
PI:
Topic#:
(408) 748-1993
Mr. Krishna Prabhakar
OSD 07-I03      Awarded: 9/19/2007
Title:Anti-Forensics based Security Against Piracy (ASAP)
Abstract:Avenda Systems recognizes the need for solutions that provide a significant deterrent to attackers wishing to pirate applications in order to execute those applications remotely. Avenda proposes to research and build an effective countermeasure to software piracy and reverse engineering using the various anti-forensics techniques. The proposed solution has some special out-of-band features that makes copying/cloning applications computationally hard. It covers feature gaps in current products that target software piracy prevention. Avenda Systems has the expertise to develop a practical and highly effective solution to address many available opportunities in this area. The technologies employed in this product are practical and innovative and have not been implemented in commercially available comparable products. Research and analysis in Phase I will provide the knowledge and foundation for building a complete solution in Phase II, and a commercially viable product in Phase III.

INDEPENDENT SECURITY EVALUATORS
810 Wyman Park Dr. Suite 180A
Baltimore, MD 21211
Phone:
PI:
Topic#:
(443) 320-4281
Dr. Adam Stubblefield
OSD 07-I03      Awarded: 9/19/2007
Title:Using a Minimal Hypervisor to Protect Sensitive Algorithms and Keys from Reverse Engineering
Abstract:We propose a protection mechanism for sensitive algorithms and cryptographic keys on potentially vulnerable networked computers. We utilize an extremely minimal hypervisor, stored in a computer's BIOS along with the code or keys to be protected, to launch a single instance of the Linux operating system. For efficiency and simplicity, the operating system is given nearly full direct access to the computer's hardware with the exception of the BIOS and memory reserved for the hypervisor. The hypervisor only allows Linux black box access to the protected code through a hypercall interface. This prevents even an attacker who has obtained administrative access from copying the code off of the computer for reverse engineering or maintaining access to the cryptographic keys once the attack is discovered.

INFOSCITEX CORP.
303 Bear Hill Road
Waltham, MA 02451
Phone:
PI:
Topic#:
(518) 869-6460
Mr. Linus Sherrill
OSD 07-I03      Awarded: 9/24/2007
Title:Anti-Forensics as a Countermeasure to Software Piracy and Reverse Engineering
Abstract:The main aim of our work is to develop a process and techniques that prevent or delay software piracy and reverse engineering. The Jekyll approach hides the target application in one or more common utility applications or libraries (cover files) making the target application hard to identify, locate and reverse engineer. The programs are combined in a fine-grained manner that provides a high level of obfuscation while retaining the full functionality of both applications. The Jekyll tool kit can spread portions of the target application throughout multiple cover files further increasing the difficulty of locating the target application. IST has assembled a distinguished team to address this proposal. In conjunction with our consultants we are proposing a novel and innovative approach to meeting the requirements called for in the solicitation. At the conclusion of Phase II, we plan to have a pre-production version of our product ready for immediate deployment in selected applications.

PIKEWERKS CORP.
105 A Church Street
Madison, AL 35758
Phone:
PI:
Topic#:
(256) 325-0010
Mr. Irby Thompson
OSD 07-I03      Awarded: 9/10/2007
Title:Anti-Forensics as a Countermeasure to Software Piracy and Reverse Engineering
Abstract:The ability to protect computer software against malicious attacks originating from an equal or greater privilege level remains exceedingly difficult even in "best case" operational scenarios. During situations such as this, the predominant tools for thwarting reverse-engineering and piracy efforts involve obfuscation, deception, misdirection, and functional compartmentalization. Anti-Forensics is the art and practice of obscuring data storage, transmission, and execution in such a way that it remains hidden from even a professional, dedicated examiner. Traditionally, Anti-Forensic techniques have been used by hackers and other blackhat types to keep their offensive tools hidden from forensic investigators. Anti-Forensic methodologies, however, can also be adopted for defensive purposes. In particular, Anti-Forensic techniques have the ability to greatly increase the level of effort required to reverse-engineer a software protection scheme. Pikewerks proposes to examine and implement methods and mechanisms to ensure the confidentiality and integrity of executable code, data, and cryptographic materials through all stages of operation: at rest, in transit, and during execution. This research and development effort will be performed in conjunction with Luna Innovations.

AFCO SYSTEMS DEVELOPMENT, INC.
200 Finn Court
Farmingdale, NY 11735
Phone:
PI:
Topic#:
(631) 424-3935
Mr. Godfrey Vassallo
OSD 07-I04      Awarded: 10/23/2007
Title:System Self-Protection and Autonomic Response for Hardware Based Software Protection
Abstract:AFCO Systems Development’s (ASD’s) solution will protect a host system by using various autonomic techniques. These techniques will resist, detect, respond, and where possible, repair the damage caused by an adversary. Current technology does not provide the type of protection that is necessary against an attacker with virtually infinite personnel and resources. Protection needs to be assured not only if an attacker tries to compromise the system remotely, but also if the attacker has possession of the actual hardware. A physical penetration attack, where the attacker probes the circuit will be thwarted by having a grid of non-metallic conductors that will detect probing. Attacks using radiation or changing temperature will be detected through the use of radiation and temperature sensors. All of the anti-tampering responses will be hardware based because software is too slow. The team is qualified to accomplish this task because of its experience in working with secure coprocessors and embedded systems.

BLUERISC, INC.
28 Dana Street
Amherst, MA 01002
Phone:
PI:
Topic#:
(413) 549-0599
Mr. Kristopher Carver
OSD 07-I04      Awarded: 10/23/2007
Title:System Self-Protection and Autonomic Response for Hardware Based Software Protection
Abstract:In this project, we propose a solution to protect the communication between COTS processors and hardware protection devices (HPDs) in hardware-assisted software protection schemes. In addition, we develop mechanisms to detect tampering, provide appropriate responses and in some cases heal the application in that context. First, we propose to decouple the transmission of encrypted software snippets from (the timing of) their use in the application. The anti-tamper solution is based on embedding special- purpose Guard Snippets into the application. The Guard Snippets are tied together with the other snippets in a dependence graph and would monitor tampering such as replay attacks, removal of snippets, and integrity violation. Finally, we present a solution to heal attacks that would involve removing the snippet-based protection mechanisms. We propose the heal an application by accessing its virtual memory. The snippets themselves would carry the information that is needed to rebuild the application’s protection.

LUNA INNOVATIONS, INC.
1703 S Jefferson Street, SW Suite 400
Roanoke, VA 24016
Phone:
PI:
Topic#:
(540) 769-8482
Ms. Alexandra Poetter
OSD 07-I04      Awarded: 10/29/2007
Title:Co-Processor Secure Software Platform Link Security
Abstract:The art and science of software reverse engineering have matured to the point that their methods, tools, and philosophies are well defined and commonly known. Robust fault injection, debugger, disassembly, and de-compilation tools are available to assist efforts to reveal the details of software intellectual property and steal once-secret code and data. As unacceptable as this is the commercial sector, the importance of defeating such practices becomes magnified when protecting trusted DoD systems and information responsible for maintaining technological superiority on the battlefield. Luna Innovations Incorporated proposes to protect the communications link between Luna’s Secure Software Platform (SSP) and a COTS processor. Through the use of innovative anti- tamper techniques, we will provide protection from, detection of, and response to attacks between Luna’s hardware-based software protection platform and the protected application on a microprocessor. By leveraging the advantages of a hardware-assisted approach – better performance, better security, and reduced overall complexity – Luna expects to create a solution that significantly increases the required cost and time for a software reverse engineering effort.

QUICKFLEX, INC.
8401 N. New Braunfels Suite 324
San Antonio, TX 78209
Phone:
PI:
Topic#:
(210) 824-2348
Dr. Steven P. Smith
OSD 07-I04      Awarded: 10/29/2007
Title:COTS Intelligent Network (COSIN)
Abstract:The proposed COTS Intelligent Network (COSIN) will be a new, innovative security appliance, or optional PCI-X card, that will detect, defend against, and respond autonomically to tamper events, including address bus leakage, message packet capture, data copying, denial-of-service, man-in-the-middle, node capture, and attacks-by-root. Networks and attacks have become exponentially more complicated, while demand for high performance computing increases exponentially. COSIN will be automated, secure, and scalable, will manage complexity for users, but impose no performance penalty. The proposing team of QuickFlex, with Phase II Plus-up funding, and ANGEL Secure Networks each has SBIR funded technologies that are or are near prototype. The COSIN security appliance will require totally new technology that builds on the strengths of each to attain automated autonomic responses in a variety of computing environments, ranging from laboratories to power plants to battlefields, where high levels of security are essential to national security. QuickFlex and ANGEL have a combined forty years of networking, hardware, and software development expertise, and believe COSIN is feasible now. Phase I will go from initial system design to proof-of-concept demonstration, with a goal for achieving TRL 5-6 in Phase II and TRL 7-8 in Phase III, leading to full commercialization of COSIN.

COMPUTER MEASUREMENT LABORATORY, LLC
11985 W. Bowmont St.
Boise, ID 83713
Phone:
PI:
Topic#:
(509) 330-0455
Dr. John Munson
OSD 07-I05      Awarded: 9/24/2007
Title:Dynamic Kernel Monitoring for Attack Detection and Mitigation
Abstract:The activity of an OS kernel may be monitored dynamically in real time. As the kernel executes, the transition among the constituent components of the kernel will follow a predictable pattern representing the normal operation of the kernel. An attack on the operating system will induce a significant and immediately recognizable disturbance in this pattern of normal activity. The Attack Recognition and Mitigation (ARM) will monitor the kernel activity through the use of a security co-processor. This co-processor will operate in parallel with the main CPU to detect changes in the nominal execution patterns of the kernel. When departures from the normal execution patterns are detected, an interrupt on the main CPU can be created which will permit the analysis by a mitigation routine of the currently executing task that created the anomalous kernel activity. The security monitoring system represents a hybrid extension of the operating system kernel with an active security monitor and a software interrupt service routine to analyze and manage the specific nature of the attack on the OS kernel. The primary objective of ARM project is to create the infrastructure for an autonomic kernel protection system and then productize this infrastructure.

EROS GROUP, LLC THE
66 Painters Mill Rd, Suite 2
Owings Mills, MD 21117
Phone:
PI:
Topic#:
(410) 927-1719
Dr. Jonathan S. Shapiro
OSD 07-I05      Awarded: 9/25/2007
Title:SHARP: Secure Hypervisor with Autonomic Recovery
Abstract:Develop the most cost effective, power efficient, high performance, highly secure, scalable, architecture to take advantage of the billion transistor chip while improving programmability & RAS.

PIKEWERKS CORP.
105 A Church Street
Madison, AL 35758
Phone:
PI:
Topic#:
(256) 325-0010
Mr. Ryan Knotts
OSD 07-I05      Awarded: 9/10/2007
Title:Autonomic Kernel Protections to Reduce Attack Susceptibility
Abstract:Rootkits can be classified into four common variations: user-level, kernel-level, device- level and “other-level”. Each differs in the level of complexity and ease of detection. Rootkit detection is not a new challenge and has been demonstrated for user and kernel- level rootkits using a number of freely available tools. The real challenge though is to repair the compromised system; to do so a defender must act as fast, or even faster, than the attacker. Past research, which Pikewerks will build upon, demonstrates that this can be accomplished. The challenge is in placing the protection mechanism(s) out-of- band. To accomplish this, Pikewerks will take advantage of it’s own proprietary techniques and input from a strategic partner, The Johns Hopkins University Applied Physics Laboratory, to ensure that the protection schemes analyzed and recommended are out-of-band and safe from attackers. The proposed research and analysis will yield several prototypes capable of providing autonomic kernel protection through self-healing in an effort to reduce attack susceptibility.

PROCESS QUERY SYSTEMS LLC
8 Algonquin Trail
Etna, NH 03750
Phone:
PI:
Topic#:
(603) 369-1133
Dr. George Cybenko
OSD 07-I05      Awarded: 9/25/2007
Title:PQS-Based Autonomic Kernel Protections to Reduce Attack Susceptibility
Abstract:This project proposes the initial design and development of the Integrated Advanced Wideband Autonomic Computing System (IAWACS) technology. IAWACS will integrate sensors, algorithms and software components for self-monitoring, self-recovery and self-protection across application, operating system kernel, virtual machine and hardware levels of DOD critical systems. By analogy with the traditional Airborne Warning and Control System (AWACS), IAWACS will provide situational awareness and control in the Software Protection battlespace, namely the extended environment in which critical DOD applications and data exist and operate. The extended environment includes the operating system kernel, other applications and any virtual machine environment in which an application is executing.

INTELLIGENT AUTOMATION, INC.
15400 Calhoun Drive Suite 400
Rockville, MD 20855
Phone:
PI:
Topic#:
(301) 294-5250
Dr. Leonard Haynes
OSD 07-I06      Awarded: 10/29/2007
Title:Securing MANET Databases Using Metadata and Context Information
Abstract:Existing commercial database security products can effectively operate in a static environment; however, they cannot guarantee to provide the same level database security in highly mobile environments such as Mobile Ad-Hoc Networks (MANET). MANET has no fixed infrastructure due to the mobility of the nodes, and it is difficult to reuse centralized security services as in wired networks. It is critical to provide distributed security services (e.g., key management, authentication, access control) for MANET databases. In this proposal, Intelligent Automation, Inc. (IAI) and its subcontractor, Professor Le Gruenwald, propose a secure MANET database system using metadata and context information for cross domain controls. First, we propose a context-based security model to model the context data and measure context based security policies. Second, we propose a metadata-based mandatory access control mechanism to achieve multiple security level across different security domains. Third, we propose a novel key establishment approach to authenticate mobile nodes using multi-path RF signal.

TRIDENT SYSTEMS, INC.
10201 Lee Highway Suite 300
Fairfax, VA 22030
Phone:
PI:
Topic#:
(919) 388-1262
Mr. Michael Blake
OSD 07-I06      Awarded: 10/29/2007
Title:Data Base Security mechanisms for Mobile Ad-Hoc Networks (MANETS)
Abstract:One aspect of the GIG, namely, Mobile ad-hoc networks (MANETS) present significant issues. Often, intermittent connectivity and mobility changes the network topology in such a way that the routing of information to a destination is not guaranteed to follow the same path. This is particularly difficult for centralized resources including databases, which provide a common mechanism to store and share information. Also, many networks services, including security, rely on centralized servers. Wireless devices such as Personal Digital Assistants (PDAs) that are used in MANETS have very limited power. These wireless devices typically have reduced computational power in order to prolong battery life. Encryption solutions need to be secure enough to protect the information without requiring too much computational power. Trident Systems proposes to design a database security model based on our experience with the GeoWiReM protocol and CG cross-domain XML security technology. Additionally, we propose to leverage current and emerging technology, such as Binary XML, to reduce the amount of bandwidth required to send information over the network and reduce the amount of computation power required to process the information. Finally, we plan to model the performance of database security solutions over MANETS.

PIKEWERKS CORP.
105 A Church Street
Madison, AL 35758
Phone:
PI:
Topic#:
(256) 325-0010
Ms. Sandy Ring
OSD 07-I07      Awarded: 11/2/2007
Title:Data Authentication and Dissemination using Watermarking for Net-Centric Operations
Abstract:There are many applications for a net-centric data dissemination and authentication capability, which utilizes emerging steganography and watermarking technology in addition to traditional encryption, hashing, and time stamping techniques. The Global Information Grid (GIG) would benefit greatly from such a utility, as the information, applications, and processing power being distributed have varying classification levels. It is of the utmost importance that this data be protected from unauthorized use, disclosure, modification, and destruction. A compromise of the abovementioned data could seriously damage national security. If such a compromise does occur, it must be identified immediately, to prevent the further loss of classified information and (potentially) lives. Currently, mainstream net-centric data assurance and authentication technology relies heavily on the use of encryption and cryptographically secure hashing algorithms. These methods, while effective, could be greatly improved by the use of watermarking/steganography techniques. The proposed research and analysis will yield a prototype capable of using advanced watermarking and data hiding techniques to disseminate and authenticate data as it traverses a computer network.

WETSTONE TECHNOLOGIES, INC.
17 Main Street Suite 237
Cortland, NY 13045
Phone:
PI:
Topic#:
(727) 480-2839
Mr. Michael Duren
OSD 07-I07      Awarded: 10/29/2007
Title:Data Authentication and Dissemination using Watermarking for Net-Centric Operations
Abstract:The Global Information Grid will require new IA technologies to be developed before it can reach its full potential and before the complete IA architecture can be realized. Existing security technologies and standards are inherently loosely coupled with the information they protect. There exists a temporal constraint on the extent to which data can be protected since, at some point, sensitive or protected content will be stored, viewed, or processed when it is outside of the protective boundaries of encryption, signing, and other security mechanisms. We propose to deploy watermarking technologies to the Information Assurance domain in order to tightly couple security attributes with data. Our approach is to adapt existing watermarking algorithms such that they can be deployed within an enterprise system to fulfill integrity, authentication, and non-repudiation services. It is envisaged that using watermarks to bind security services to data will extend the Information Assurance capabilities of a system beyond what is current deployed today.

21ST CENTURY TECHNOLOGIES, INC.
4515 Seton Center Parkway Suite 320
Austin, TX 78759
Phone:
PI:
Topic#:
(512) 342-0010
Mr. Stephen Hilderbrand
OSD 07-I08      Awarded: 10/31/2007
Title:Global Information Grid Automated Document Classification and Summarization System
Abstract:Warfighters, policymakers, and support personnel are quickly overwhelmed by the vast amount of information that must be examined and sorted for sensitive content. This presents a need for an enterprise-wide software solution to perform automated classification, distillation, and reclassification for secure information assurance on the Global Information Grid (GIG) without compromising “need to know.” To solve this problem, 21st Century Technologies, Inc. (21CT) proposes the development of GIGADOCS (Global Information Grid Automated Document Classification and Summarization System), a secure classification regrading and summarization system scalable to networks of the size and complexity of the GIG. 21CT’s solution combines emerging research in natural language processing with existing 21CT technologies to deliver to the customer powerful document classification, summarization, and reclassification engines.

3 SIGMA RESEARCH, INC.
503 S. River Oaks Dr.
Indialantic, FL 32903
Phone:
PI:
Topic#:
(321) 674-9267
Mr. James Dike
OSD 07-I08      Awarded: 10/29/2007
Title:Secure Information Assurance in a Global Information Grid Framework
Abstract:3 Sigma Research proposes an innovative approach to develop an enterprise-wide software solution to security classification re-grading that facilitates secure information assurance in a Global Information Grid (GIG) framework. Our Packaged ONtology Certificate (PONC) Investigation (PONC-I) explores the concept for an enterprise information architecture that makes use of a PONC to extend automated, appropriate, “need-to-know” access controls all the way to the edge of the enterprise. Our innovative approach considers the whole enterprise combining the power of ontology-based reasoning components in scalable information assurance architecture to address automated information security re-grading needs in a dynamic operational environment. The approach also addresses the problems involved in migrating data in existing repositories to take advantage of our concept. The result of our research provides the groundwork for moving current dynamic edge resources into a secure, dynamic, and robust network-centric environment to support the warfighter.

KNOWLEDGE BASED SYSTEMS, INC.
1408 University Drive East
College Station, TX 77840
Phone:
PI:
Topic#:
(979) 260-5274
Dr. Arthur Keen
OSD 07-I08      Awarded: 10/29/2007
Title:The Secure NeTcentric INformation Assurance cLassifyer (SENTINEL)
Abstract:KBSI proposes the Secure NeTcentric INformation Assurance cLassifyer (SENTINEL), a distributed semantic and data-driven security classifier that has the ability to semantically classify, manage and filter Cross-Domain Solution (CDS) content. The proposed design would integrate ontology-assisted semantic reasoning, natural language processing, and rule based expert systems to facilitate a robust, cost-effective CDS security clearance guard. The main result of this project would be the research and design of a CDS security clearance guard that is able to securely manage the data from different classifications while preventing ‘bleed off’ of data into improper security levels and users. The guard will allow for lower clearance users to access information that is filtered to match their security clearance. Similarly, the guard will allow data from all security levels to be managed such that higher levels can access lower security data without the data intermixing or lower levels having access to the higher level systems.

EROS GROUP, LLC THE
66 Painters Mill Rd, Suite 2
Owings Mills, MD 21117
Phone:
PI:
Topic#:
(443) 927-1719
Dr. Jonathan S. Shapiro
OSD 07-I09      Awarded: 6/1/2008
Title:FOESA: Framework for Open Exploratory Static Analysis
Abstract:We extend an open source static analysis framework to incorporate a range of exploratory static analysis methods, including code slicing zero/non-zero testing, and value flow analysis. We extend the same infrastructure to support embedding of properties within the program and automated checking of those properties using model checking. Key novelties of this proposal is user-driven combination of techniques and an open source result.

GRAMMATECH, INC.
317 N. Aurora Street
Ithaca, NY 14850
Phone:
PI:
Topic#:
(607) 273-7340
Dr. Paul Anderson
OSD 07-I09      Awarded: 6/3/2008
Title:Deep Understanding of Complex High-Assurance Hypervisor Source Code
Abstract:Hypervisors offer a virtualization platform that is cost effective and attractive from a security point of view because guest operating systems are independent of each other. However, these claims of independence must be certified before it is permitted to use a hypervisor in a security-critical environment. The cost to perform a Common Criteria security evaluation of such low-level system code is very high, and the complexity of the code often thwarts automated tools that could help. We propose to work on advanced static analysis techniques to help reduce this cost by providing user interfaces that aid a user gain understanding of the functionality of the code. When risky features are identified, the hypervisor can be refactored to remove them. The same static analysis techniques can be used to help assess the impact of the refactoring on the remainder of the code. These techniques will include advanced versions of program slicing and chopping, and software model checking. Variations of more superficial techniques will also be explored. The work will build on our existing static analysis platform. We will work closely with the customer and with existing customers involved in performing such certifications.

LUNA INNOVATIONS, INC.
1703 S Jefferson Street, SW Suite 400
Roanoke, VA 24016
Phone:
PI:
Topic#:
(540) 769-8400
Mr. Daniel Gall
OSD 07-I09      Awarded: 6/3/2008
Title:Mixed Semiformal and Formal Modeling of Hypervisor Source Code for Security Property Understanding
Abstract:Luna Innovations Incorporated will work as part of the Naval Research Laboratory’s hypervisor agile development team to advance the state of open source hypervisors. Namely, we will design, develop, and integrate a blend of semiformal and formal open source modeling tools for the purpose of understanding and verifying important security properties of both open source hypervisors and cross domain systems built upon them. All tools we develop or features we add will be open source and we will collaborate with NRL’s other contractor partners.

ADVENTIUM ENTERPRISES, LLC
111 Third Ave. S., Suite 100
Minneapolis, MN 55401
Phone:
PI:
Topic#:
(651) 295-7126
Mr. Todd Carpenter
OSD 07-I10      Awarded: 6/3/2008
Title:Mixed Criticality, Assured, Real-Time (MiCART) VMM
Abstract:Without strong temporal and spatial separation guarantees provided by the underlying system, integrated mixed critical applications require verification and validation of all their hosted applications at the highest level of criticality. Since the early 1990s, time and space partitioning in commercial avionics has drastically reduced the certification burden on the lower-criticality applications. These systems, however, do not inherently support safe and secure operations in the presence of intentional and malicious threats. Furthermore, these custom real-time operating systems constrain application architecture options, so non-real-time applications pay a development and runtime penalty to operate in these environments. This effort will develop a Mixed Criticality, Assured, Real-Time (MiCART) hypervisor or virtual machine monitor (VMM) that enables the above integration benefits across more application domains than supported by current systems, while reducing the corresponding development, rehosting, verification and validation, and certification costs. By executing applications in MiCART guest partitions, they can run in their current host environments (minimizing changes needed) with MiCART providing the necessary time & space partitioning among mixed criticality, multi-domain environments. In addition to real- time requirements, MiCART will support fault-tolerance, including fault detection, isolation, mitigation, and recovery.

BARRON ASSOC., INC.
1410 Sachem Place Suite 202
Charlottesville, VA 22901
Phone:
PI:
Topic#:
(434) 973-1215
Dr. John D. Schierman
OSD 07-I10      Awarded: 6/3/2008
Title:Secure, Fault-Tolerance in Xen for Partitioned, Mixed-Criticality Applications
Abstract:There is a need for a computing infrastructure that supports the power, weight, security, and certification requirements of the growing UAV community. To address this need, Barron Associates will develop a fault-tolerant platform, suitable for eventual certification, providing security and time/space/resource partitioning for mixed-criticality applications developed for multiple, different operating systems. Xen, a Virtual Machine Monitor, will provide the base for the proposed architecture. To Xen, Barron Associates will add real- time scheduling, hypervisor fault tolerance, and application fault tolerance. As real-time scheduling and hypervisor fault tolerance are expected to pose little technical risk, this proposal focuses on application fault tolerance, which represents a complex space of trade offs between: reliability; availability; response time after failure; application modification cost; guest OS modification cost; hardware cost; and security. Barron Associates will explore this space and develop a framework with which system designers can reason consistently about the trade offs that must be made, allowing a better fit between application requirements, fault tolerance, and system resource utilization. To show that the design space is valid and applicable, Barron Associates will sample the design space, proposing candidate designs and will demonstrate candidate safety-critical applications, showing that the designs support the requirements of realistic applications.

ADVENTIUM ENTERPRISES, LLC
111 Third Ave. S., Suite 100
Minneapolis, MN 55401
Phone:
PI:
Topic#:
(612) 817-2525
Mr. Charles Payne
OSD 07-I11      Awarded: 6/3/2008
Title:Xenon-Based, Host Resident, Assured CDS (XEBHRA CDS)
Abstract:Today, multi-domain information sharing relies on relatively static, single domain networks connected by highly assured guards, or cross domain solutions (CDS), that are trusted to move information securely between domains. To provide mobility, however, future net- centric operations require a different paradigm that moves away from current topology centric solutions. The Xenon-Based, Host Resident, Assured (XEBHRA) Cross Domain Solution (CDS) leverages the highly assured, secure Xenon hypervisor to isolate security domains from each other on an end-user's host and restrict interactions among those partitions to only those authorized. The XEBHRA CDS will reside in its own partition(s), will provide policy-based information sharing between the single domain partitions on the host, and will be controlled by a centralized, redundant, off-host management system. The innovation is to enable end-users who require cross-domain access to quickly move information between domains and, moreover, continue to operate across domains during periods when network connectivity has deteriorated or been lost completely. This functionality will be provided on the user’s device with a lower overall assurance cost than current CDS offerings.

LUNA INNOVATIONS, INC.
1703 S Jefferson Street, SW Suite 400
Roanoke, VA 24016
Phone:
PI:
Topic#:
(540) 769-8400
Mr. Daniel Gall
OSD 07-I11      Awarded: 6/3/2008
Title:Robust Cross Domain Solution for Hypervisor Environments
Abstract:Luna Innovations research engineers will work as a part of the Navy Research Laboratory hypervisor agile development team to develop a system that applies artificial intelligence (AI) along with static checking to provide assured sanitization in a Cross- Domain Solution (CDS). The proposed design will implement a symphony of AI techniques, led by an agent / machine learning shadow that parallels each user as they work and conducts the transition of data between domains. Above the user/desktop level, yet still utilizing desktop processor resources across a monitoring network, will be distributed trend analysis and other AIs for analyzing the activities of social networks of users. Automated CAO intervention requests will be made for unresolvable data. Transfer will be tabled pending review. We will develop a policy tool to enable broad adoption across agencies with different security policies. The focus of the effort will be on realizing a high level of assurance for information passing between security levels, realizing accountability, and providing a high resolution enterprise-wide data emissions profile, while being as unobtrusive as possible. Essentially, we will provide a controlled environment in which we can trust authorized users to decide which data to transition and yet monitor them for malicious behavior.