SBIR Phase I: Automated Security for the DevOps World

Period of Performance: 07/01/2017 - 03/31/2018

$225K

Phase 1 SBIR

Recipient Firm

Tala Security Inc
1185 Adler Ct Array
Fremont, CA 94536
Firm POC, Principal Investigator

Abstract

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project is to provide robust, automated security protections to enterprise web applications. With the growing threat of attacks at the web application layer, security is a top of mind concern for both the developers and users of web applications. At the same time, defending against these attacks is a resource-intensive, error-prone process that typically is performed manually by specialized web security experts. The project will use application-aware analysis and an innovative information model to automatically build and deploy web security policies on enterprise servers, freeing the enterprise to focus on their core business and reduce the overhead of internal security teams. The project will also use a hybrid static/dynamic analysis to automatically craft server-side and client-side policies using modern web protection mechanisms to give users of web applications confidence that their interactions with a web application will be secure. This approach leverages cutting-edge techniques from program analysis and machine learning, and will advance the state of the art in automated security policy generation. This Small Business Innovation Research (SBIR) Phase I project will explore ways in which automated security policies enact meaningful protection of sensitive resources. Protecting web applications is a challenging research problem in that automated approaches are either biased towards significant false positive rates, in which benign behavior is flagged as malicious, or significant false negative rates, in which malicious activity is not detected. This project aims to resolve this bias using application aware whitelists: the project automatically explores an application's behavior dynamically, and will also statically build a model of that application's purpose. The project is expected to yield two major components: a server-side protection module to isolate and harden sensitive resources on an enterprise deployment, and a client-side protection module to enforce fine-grained policies for users of the enterprise's web applications. The project will involve developing, analyzing, and improving both of these components using large-scale web applications and will integrate the experience and challenges of enterprises with leading web applications.