Kernel-mode Software Protection to Prevent Piracy, Reverse Engineering, and Tampering of End-Node Applications

Period of Performance: 04/24/2008 - 04/24/2010

$750K

Phase 2 SBIR

Recipient Firm

Ashton Security Laboratories, LLC
12530 Rock Ridge Road
Herndon, VA 20170
Principal Investigator

Abstract

We propose to further the development of a secure integrity monitor for PCs. Its feasibility was determined in Phase I. It uses the System Management Mode of the Intel Pentium architecture (including compatible chips from AMD) to protect itself from tampering or interference by malicious software that is running in kernel mode, such as root-kits. It uses a statistical approach to malicious software detection that is asymmetrical in that it requires more effort from attackers to counter all of its potential protection mechanisms that it is required to actually execute.