Phase II Amount
$3,974,855
As a consequence of limited domestic agency over the supply-chain for microelectronics, adversaries have many opportunities for adversaries to infect mission critical systems with malicious software and hardware tampers. Therefore, to protect our pilots and their mission, we must develop new security solutions capable of deterring, detecting, and defending against adversarial actions against our technology in a retroactive capacity. Previous methods for detecting compromised avionic hardware rely on monitoring communications between the aircraft flight systems for abnormal activity. In this setup, additional hardware is deployed to listen in on physical data channels, or buses, as a third-party. The thesis behind this solution is that because we cannot fully trust our hardware and software, we may only respond to malicious behavior by first catching it in the act. Unfortunately, this strategy is no longer effective for securing modern war systems. Physical data buses are becoming obsolete, as data peripherals in embedded platforms, such as kneeboards, are increasingly being packaged as highly-integrated systems within multi-core System-on-Chip platforms (SoC). As a result, solutions for catching malicious activity in live hardware that rely on monitoring physically exposed data buses are at risk of being rendered irrelevant. Defending embedded devices from malicious software and hardware tampers requires robust visibility into the underlying system and application level behavior. The solution presented in this proposal addresses this gap with Hardware Augmented Monitoring and Response Platform (HAMR), which retroactively embeds firmware hardening and live hardware attestation capabilities directly into vulnerable avionic systems. This attestation platform is achieved by approaching the problem from two sides - 1) kneeboard software and firmware is first hardened by injecting protections directly into executable binaries, and 2) these injected protections enable an external hardware attestation data channel that has direct visibility into all components within the target embedded system. Live attestation data is consumed during runtime by external hardware to independently monitor and respond to malicious behavior that may have been introduced by an adversarial supply-chain. Thus our solution is uniquely adapted to address a wide range of threats to modern kneeboard technology precisely because the approach is integrated into the kneeboard itself, and requires no supply-chain prerequisites to implement. This proposed Hardware Augmented Monitoring and Response platform is offered as a generalizable solution for executing a variety of attestation strategies. Due to the robust visibility into the kneeboard system offered by our firmware hardening defenses, this solution achieves functional access to all software, firmware, and network data on target kneeboard devices.