SBIR Phase I: Rendering Malware Benign

SBIR 第一阶段：将恶意软件渲染为良性

• 批准号: 2051257
• 负责人: Homayoon Tajalli
• 金额: $ 25.44万
• 依托单位: ONSYSTEM LOGIC, LLC
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-06-15 至 2022-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2051257&HistoricalAwards=false
• 关键词: SBIR; Phase; Rendering; Malware; Benign

The broader impact of this Small Business Innovation Research (SBIR) Phase 1 project will result from providing organizations and software developers the best available protection against harmful malware and application flaws in completely standalone and air-gapped environments. In cybersecurity, applications are now the new perimeter and have become the last frontier in malware protection, which is where all current endpoint security products are routinely turned off or otherwise bypassed by attackers. The Phase 1 project focuses on stopping and/or detecting hidden malware regardless of how it gets into an application or how it changes its behavior inside an application. The Phase 1 project result overcomes the fundamental technical flaw in current solutions – attempting to enforce least privilege mechanisms from outside applications – by delivering a solution that operates within the application where it can see and act upon malicious code. The solution will protect individual data and corporate assets in all types of organizations, including organizations running operational technology vulnerable to cyberattacks. Wide adoption will boost application and endpoint security, significantly reducing the worldwide problem posed by the continuing rise in successful malware attacks.This Small Business Innovation Research (SBIR) Phase I project seeks to address the core technical challenge associated with the development of an enforcement engine for implementing all current least privilege mechanisms on various operating systems inside applications. The challenge is to construct both the algorithms and the engine to recognize and protect against modern malware misusing the dynamic code privileges of applications. As proof that this protection is needed is the near 100% incidence of all recent, successful malware attacks that were all designed to take advantage of this specific vulnerability of current antivirus software. The first and most immediate application of this new technology, which is the subject of the phase I project, is to define the use of dynamic code in each application as a privilege, learn if and where within its code an application uses this privilege, and enforce it once the behavior has been learned. The outcomes from Phase 1 will result in a software solution that can produce in real time a map of how any healthy program uses dynamic code and stop any attempt by malware to subvert that process.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该小型企业创新研究 (SBIR) 第一阶段项目的更广泛影响将来自于为组织和软件开发人员提供最佳的可用保护，以防止在完全独立和气隙环境中的有害恶意软件和应用程序缺陷。在网络安全中，应用程序现已成为新的边界，并已成为恶意软件防护的最后前沿，这是所有当前端点安全产品通常被攻击者关闭或以其他方式绕过的地方。第一阶段项目的重点是阻止和/或检测隐藏的恶意软件，无论它如何进入应用程序或如何改变其在应用程序内的行为。第一阶段项目的结果克服了当前解决方案中的基本技术缺陷——试图从外部应用程序强制执行最小权限机制——通过提供在应用程序内运行的解决方案，可以看到恶意代码并对其采取行动。该解决方案将保护所有类型组织中的个人数据和企业资产，包括运行易受网络攻击的运营技术的组织。广泛采用将提高应用程序和端点安全性，显着减少因成功的恶意软件攻击持续增加而造成的全球性问题。这个小型企业创新研究 (SBIR) 第一阶段项目旨在解决与开发执行引擎相关的核心技术挑战，以在应用程序内的各种操作系统上实施所有当前的最小权限机制。面临的挑战是构建算法和引擎来识别和防止现代恶意软件滥用应用程序的动态代码特权。最近所有成功的恶意软件攻击的发生率接近 100%，这些攻击都是为了利用当前防病毒软件的这一特定漏洞而设计的，这证明了这种保护是必要的。这项新技术的第一个也是最直接的应用是第一阶段项目的主题，是将每个应用程序中动态代码的使用定义为一种特权，了解应用程序在其代码中是否以及在何处使用此特权，并在了解该行为后强制执行。第一阶段的成果将产生一个软件解决方案，该解决方案可以实时生成任何健康程序如何使用动态代码的地图，并阻止恶意软件破坏该过程的任何尝试。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。