SPECIAL NOTICE
A -- Collaborative R&D Opportunity: Integrity Levels: A New Paradigm for Protecting Computing Systems
- Notice Date
- 5/12/2014
- Notice Type
- Special Notice
- NAICS
- 541712
— Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
- Contracting Office
- Department of Energy, Sandia Corp. (DOE Contractor), Sandia National Laboratories, PO Box 5800, MS: 0115, Albuquerque, New Mexico, 87185
- ZIP Code
- 87185
- Solicitation Number
- 14_411
- Archive Date
- 7/27/2014
- Point of Contact
- Sandia CRADA Team,
- E-Mail Address
-
CRADA@sandia.gov
(CRADA@sandia.gov)
- Small Business Set-Aside
- N/A
- Description
- Background Information: As the field of determined and increasingly sophisticated adversaries multiplies, the required integrity of deployed computing devices magnifies. Given the ubiquitous connectivity, substantial storage, and accessibility, the increased reliance on computer platforms make them a substantial target for attackers. While computer systems require patches to fix newly discovered vulnerabilities, undiscovered vulnerabilities potentially remain. Signature-based schemes seek to detect malware with a known signature or digital fingerprint. Signature-less schemes seek to detect anomalies within the computer system by understanding normal behavior. Both architectures are typically built on top of existing solutions or paradigms. These solutions tend to utilize mechanisms that operate within the OS. If the OS becomes compromised, these mechanisms may be vulnerable to deactivation. Sandia proposes a new approach to designing computer systems that inherently decouples the function of the computer system from its security specification. While most solutions tend to focus on prevention and detection, our framework looks to alter behavior based on compromise. The proposed approach leverages a three- pronged design methodology. First, a model is composed that separates computer operations into four distinct domains. Second, architectural requirements for a feasible implementation are stated. Last, a policy specification of the system to mitigate anomalies of security concern by navigating between integrity levels is described. This innovative paradigm can use existing technologies in a novel manner to determine the integrity level of the system. Based on the integrity level, the system may behave differently and/or limit access to data available. Integrity levels work for both traditional and non-traditional computing environments given the appropriate model, architecture, and policy. Furthermore, the approach does not directly compete with any current solutions and can potentially integrate with existing solutions to facilitate an integrity level-designed system. Opportunity Description: Sandia is seeking a Cooperative Research and Development Agreement (CRADA) with an industrial partner interested in the joint development and eventual deployment of this novel approach. Collaborative work aimed at advancing this concept from TRL 3 to TRL 6-7 may include: 1.Refining the API and turning the codebase into a library that can be used by any hypervisor on different traditional architectures. 2.Refining the taxonomy to allow more flexibility of stating acceptable states and/or conditions of the functional domain. 3.Enabling a consistent methodology for integrity level development of existing and new application spaces 4.Enabling distinct integrity levels for distinct elements in the functional domains 5.Developing prototypes on ARM Trustzone TM SoCs and/or Intel TXT/SGX processors and SoCs Sandia invites interested parties to provide a detailed description of relevant background, experience, expertise, and capabilities that could be brought into a collaborative partnership with Sandia. Responses should address the following: 1.Description of experience, expertise, and capabilities with ARM Trustzone TM platforms or Intel TXT/SGX 2.Description of experience, expertise, and capabilities with kernel development 3.Description of experience, expertise, and capabilities with toolchain, API, and standard methodology development 4.Description of experience, expertise, and capabilities with different hypervisors (preferably Type-I hypervisors) 5.Description of experience, expertise, and capabilities with non-traditional computing environments 6.Ability to take technology from TRL 3 to TRL 6 or 7. 7.Description of past or current experience partnering with R&D organizations such as Federally Funded Research and Development Centers (FFRDCs). The ideal partner will be able to contribute a minimum of $400K per year for 2 - 4 years. Amounts below the specified merit will be considered after reviewing appropriate justification and capability support. In addition, Sandia will evaluate responses against the following criteria, pursuant to Sandia's technology transfer mission: 1.How will the respondent deploy the technology for the benefit of the U.S. public good? 2.How will the respondent's deployment of the technology benefit U.S. economic competitiveness? Interested parties that meet the criteria outlined above are invited to respond. Responses should be emailed to Sandia's CRADA team at CRADA@sandia.gov. Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. (SAND2014-3988P) Keywords: integrity, computing, system, security, behavior, compromise, paradigm
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DOE/SNL/SN/14_411/listing.html)
- Record
- SN03363097-W 20140514/140512233933-c3a209a14b7b564d091efd03128a7751 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |