You are here

Versatile Live Patching System (VLPS)

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-14-C-0167
Agency Tracking Number: F141-044-1823
Amount: $150,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: AF141-044
Solicitation Number: 2014.1
Timeline
Solicitation Year: 2014
Award Year: 2014
Award Start Date (Proposal Award Date): 2014-06-24
Award End Date (Contract End Date): 2015-03-24
Small Business Information
MD Suite 400
Rockville, MD 20855-2737
United States
DUNS: 161911532
HUBZone Owned: No
Woman Owned: Yes
Socially and Economically Disadvantaged: No
Principal Investigator
 Nicholas Evancich
 Lead Scientist
 (301) 294-4245
 nevancich@i-a-i.com
Business Contact
 Mark James
Title: Director, Contracts and Proposals
Phone: (301) 294-5221
Email: mjames@i-a-i.com
Research Institution
 Stub
Abstract

ABSTRACT: Patch management is one of the main enabling technologies in maintaining a high degree of security for IT systems. Often the patch requires a higher level of privilege to apply, making the patching operation itself a potential target of exploitation. The update or patch might require a reboot or perceivable system downtime, which becomes an issue for level 1 or 2 mission assurance category systems. Additional patch management software also exposes the patched system to additional risk, which is magnified if that additional software is running at a privileged level. Ideally, the patch or update would be applied by a trusted, privileged entity that is free from tampering or exploitation. Such requirement is particularly desirable in a virtualized hosting environment where virtual machines (VMs) run on top of a hypervisor. To address this critical need, Intelligent Automation Inc. (IAI) proposes to build the Versatile Live Patching System (VLPS). The VLPS patches or updates a target system with new code or data for its software. VLPS can patch two levels of execution: guest kernel and guest applications running in the guest VMs. VLPS is a framework of tools that matches mission patching requirement with a stealthy yet privileged patch deployment approach. BENEFIT: VLPS can be directly applied to the military and security contexts. The ability to live patch a system reduces its downtime and patching at a lower privilege level increases the operation security of the system. Both government and commercial organizations will benefit from the development of VLPS for cyber security and mission / business success reasons. The effective security of Government cyber security development programs is decreased due to the delay in patching systems. Patching of virtual machine is often at a much lower level of compliance due to VM sprawl. VLPS can be applied to any information technology system. Any DoD system using VMs would benefit from VLPS. VLPS has significant commercial potential for applications such as corporate security design, information security, and cloud configurations. End users of VLPS include network security tool providers (e.g., Symantec, McAfee, SourceFire) to minimize the client software required for their patch management systems; information security consulting companies (e.g., NSS Labs) to enhance the introspection services they provide; and large commercial organizations including financial (e.g., Bank of America, Citibank), retail (e.g., Amazon, Overstock), and healthcare (e.g., United Healthcare, Humana).

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government