|Acquisition Program: || Objective: ||Develop software protection systems that are difficult to exploit once an adversary gains entry
|| Description: ||State-of-the-art software protection and anti-tamper systems are built based upon three basic tenets: (1) reduce system susceptibilities, (2) move critical information out-of-band to the attacker, and (2) reduce the effectiveness of our adversaries’ capabilities through detection, response and adaptive mechanisms . For the most part, however, computer, sensor, and weapons systems are built using untrusted commercial-off-the-shelf (COTS) parts. Supply chain threats to critical components, such as hardware or firmware Trojans, have invalidated the assumption that we can move our critical software and data “out-of-band” to the adversary, such as in a hypervisor or on “secure” hardware, since the hardware components on which the software ultimately executes is untrusted . Detection techniques currently being researched to address this class of threat, while important and useful, only reduce the likelihood of exploitation, not eliminate it; and it is only a matter of time before those measures fail. In short, the concept of keeping an adversary outside of a protected volume, layer, or device has been completely eroded by supply chain threats. As a result, one must take a long-term strategic view and assume in designing protection systems that an unknown subset of the system on which that software executes (e.g., an integrated circuit, printed circuit board, or subsystem) will eventually be compromised and exploited.
While novel techniques have been proposed for mitigating low-level persistent threats, such as firmware and hardware Trojans in COTS hard disk drives and other peripherals in desktop systems, the typical attack surface of a computer or weapon system is so large that these approaches and concepts, even if successfully applied to these devices, will not scale to protect the entire system. One must, therefore, re-think the fundamental approach to building software protection and anti-tamper systems. The goal of this topic is two-fold. First, minimize exploitation of compromised systems; and second, maintain mission assurance and the protection of the critical intellectual property in the event a subset of the system is exploited.
Desired architectural attributes of the protection system include, but are not limited to, dynamic/maneuverable protections that force the adversary to exploit a moving target; distributed/fractionated metamorphic systems  that force the adversary to attack multiple nodes simultaneously; redundant systems that maintain mission assurance even in the presence of a subset of compromised and exploited end-nodes; heterogeneous systems that force the development of multiple attack delivery methods and payloads; polymorphism that changes the perceived operational environment, and disruptive techniques that break command and control of malicious agents to prevent exploitation.
|| ||PHASE I: 1) Design and architect a software protection system containing one or more of the above-mentioned attributes. Development of a minimal prototype to demonstrate feasibility would be beneficial, but is not required provided sufficient design documentation is made available. 2) Develop metrics and a strategy for measuring the effectiveness of the proposed approach. 3) Produce a detailed research report outlining the design and architecture of the system, as well as the advantages and disadvantages of the proposed approach.
|| ||PHASE II: 1) Based on the results from Phase I, design and implement a fully functioning prototype solution. 2) Provide test and evaluation results that demonstrate the effectiveness of the overall system. 3) Develop a final report completely describing the design and architecture.
|| ||PHASE III|| ||DUAL-USE APPLICATIONS: The technology developed under this research topic will maintain mission assurance in the presence of compromised end-nodes and exploited subsystems. DoD applications that will benefit from this technology include a wide range of embedded, sensor, navigation, avionics, and communication systems. Commercial applications include financial, communication, and SCADA systems. As a result, this technology is vital for both the DoD and commercial organizations.
|| References: ||
 The Three Tenets of Cyber Security, http://spi.dod.mil/tenets.htm
 Iain Sutherland, Gareth Davies, and Andrew Blyth, “Malware and steganography in hard disk firmware,” Journal of Computer Virology, DOI 10.1007/s11416-010-0149-x, http://www.springerlink.com/content/d64241r80qk50824/
 United States Air Force Chief Scientist, “Report on Technology Horizons: A Vision for Air Force Science & Technology during 2010-2030”
|Keywords: ||Cyber resilience, cyber maneuverability, distributed systems, fractionated systems|