Safeguarded, Hypervisor-based Installation of Highly Trusted Security Updates (SHIH-TSU)

Period of Performance: 09/30/2015 - 09/29/2017

$750K

Phase 2 SBIR

Recipient Firm

Assured Information Security, Inc.
153 Brooks Road
Rome, NY 13441
Firm POC
Principal Investigator

Abstract

ABSTRACT:The objective of SHIH-TSU is to develop and commercialize a hypervisor-based patch management system. The capability is to support enterprise virtualization solutions, automatic updating, security update testing, facilitate the installation and management of Windows updates, and be able to update arbitrary, user-defined software. SHIH-TSU will extend the research performed in SHIH-TSU Phase I in order to create a product that supports the application and management of a wide variety of software updates while increasing the feature set to include automatic testing of updates. This effort will continue to leverage the IntroVirt? hypervisor (and supporting libraries) as the platform on which the SHIH-TSU tools operate. Since IntroVirt? is built on the Xen hypervisor, SHIH-TSU will maximize compatibility with many of the most widely utilized enterprise virtualization solutions and cloud computing platforms, thus significantly aiding the commercialization and marketing efforts relating to the resulting capability. BENEFIT:SHIH-TSU is intended to resolve the limitations of the centralized update server paradigm. This paradigm has been the de facto networking model for the previous 10 plus years and has been only moderately effective at preventing system compromises. This paradigm suffers from certain drawbacks that, until recently, have been without resolve. First, the central update server paradigm requires redundant network communications as each machine negotiates its own connection to the server and downloads the updates individually. Second, the update server cannot push updates to machines with misconfigurations or an inability to communicate over the network. Finally, update servers have no ability to protect the update process on each host from interference due to other misconfigurations, malfunctioning software, or malicious code running in the OS.