Information Assurance & Anti-Tamper
Protection of our network infrastructure and assets is critical amidst todayís cyber threats that attempt to destroy and degrade network applications. RAM Laboratories engineers and scientists are addressing these threats by developing cutting edge information assurance and anti-tamper technologies that target a wide-variety of information domains.
Forensic Memory Analysis
Detection of Malicious Intruders
Detection of Anomalies in Remote Sensor Data Streams
Secure Monitoring Agents
Hardware Assisted Anti-Tamper Solutions
- Missile Defense Agency (MDA)
- Army Missile Research and Development Engineering Center (AMRDEC)
- Air Force Research Laboratory (AFRL)
- Army Research Office (ARO)
Information Assurance: Our staff has developed a variety of technologies that perform forensic memory analysis, provide application security, secure virtual machine and cloud computing environments, detect malicious intruders, and identify anomalous data. Our solutions can be tailored to our customerís message structure, network requirements, applications, and data models. Specific innovations include:
- Forensic Memory Analysis
- Application Security
- Secure Virtualization
- Anomaly Detection for Detecting Malicious Intruders
- Detecting Anomalies in Remote Sensor Data Streams
Forensic Memory Analysis: RAM Laboratories is developing techniques that provide forensic memory analysis of volatile memory for virtual machine environments. The technology, part of our Virtualized Security Solution, builds on the higher level semanitc knowledge provided by FMA sensors to generate rules and compare real-time data to generated rules in a timely fashion. The FMA techniques are used to generate SNORT capable rulesets for protecting the target network.
Application Security: RAM Laboratories is developing a multiple stage application security tool to assist in the development and deployment of software application. The technology generates abstract syntax trees and models application control flow graphs that are subsequently used to capture vulnerablities for the target software application. On-line monitoring techniques are then used to capture attack vectors and correlate those approaches to known vulnerabilities.
Secure Virtualization: RAM Laboratories is developing techniques to provide information and security for virtualized environments. Our approaches focus on out-of-band techniques that users operating in a guest virtual machine cannot subvert. Our technology focuses on monitoring, storage, notifications and alerts and response techniques that protect the target VM.
Detection of Malicious Intruders: Our staff is developing an anomaly detection approach that identifies malicious intruders on private networks. The approach employs a multi-level fusion methodology that detects, aggregates, tracks, and characterizes potential threats to the network. The system uses soft-computing (neural networks and hybrid neural networks) approaches to detect anomalies in both user signatures and system calls for individual platforms, aggregates and tracks detections and compares detection tracks against those typical of user roles (represented as fuzzy sets in a rule database).
Detection of Anomalies in Remote Sensor Data Streams: RAM Laboratories engineers are developing technologies to detect anomalies within remote sensor data streams, particularly remote sensors (satellites, desert-based sensors, etc.) where maintenance may be non-trivial. Our approach focuses on the use of neural networks, innovative data representations to signifcantly improve neural network training and maintenance time, and the use of hybrid architectures to increase accuracy and reduce the number of false positive detections.
Anti-Tamper: Anti-tamper technologies are essential when protecting critical technologies in remote or challenged environments, or when addressing the assurance of critical computer codes. Anti-tamper techniques range from those thwarting the reverse engineering of software deployed on operational platforms, to out-of-band hardware solutions that protect mission critical applications and data at U.S. or coalition facilities. Key anti-tamper innovations include:
- Software obfuscation that prevents reverse engineering of code
- Secure monitoring agents that monitor critical processes
- Hardware assisted anti-tamper solutions
Software Obfuscation: RAM Laboratories is developing software obfuscation technologies that can be used to rewrite applications as they are executed. By constantly rewriting executables as the application runs, our approach thwarts the use of debug technologies and software based reverse engineering solutions.
Secure Monitoring Agents: A key criteria in ensuring that software cannot be reverse engineered is the use of sentinels to monitor the critical software application. Current sentinel technology can be defeated by a well funded adversary (enough time and money) by addressing each sentinel one-at-a-time and observing the communication between the agents. Our research has investigated secure shared memory approaches for addressing this problem.
Hardware Assisted Anti-Tamper Solutions: Out-of-band hardware is needed to protect critical codes and data on processing platforms, even in fairly secure settings. Use of such out-of-band hardware allows network administrators to store secure, reliable, tamper-proof versions of an application or data on a platform at a location that cannot be reached via network access. Our Trusted Platform Security Manager (TPSM) development is targeting a solution that allows administrators to raise notification upon the alteration of protected data, or even automatically replace protected data/applications with a known, safe, version when attempts to alter the information are made.