We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCorbin Agar
Modified about 1 year ago
© 2009 Pikewerks Corporation UNCLASSIFIED Pikewerks Overview for CDCA April 24 th, 2009 Irby Thompson, Vice President
© 2009 Pikewerks Corporation UNCLASSIFIED The Company Mission: Encourage a creative research and development environment that fosters the production of innovative software security technologies Technology Focus: Become a demonstrated leader in the security industry by providing state-of-the-art cyber security, information operations, software anti-tamper, anti-piracy, forensics, and information assurance solutions
© 2009 Pikewerks Corporation UNCLASSIFIED Corporate Woman-owned small business located in Huntsville, AL Self-funded, no outside investment or venture capital 30 employees, 27 of which are engineers/developers –Roots in intelligence community, significant operational experience –Skilled in the architecture, design, and development of software security, anti- tamper technologies, forensics, information assurance, and information operations –Projecting 50+ in months Creative and innovative team –100% Track record with Phase I to Phase II technology transfer & development –All Phase II efforts beyond 1 st year of development have been commercialized Currently operating at the Secret in Huntsville, AL and Washington, DC
© 2009 Pikewerks Corporation UNCLASSIFIED Technology Advanced Research & Development 1)Electronic Armor®: Kernel-based Software Protection Cryptographic Coprocessor Software Partitioning Real Time EA (RedHawk and VxWorks) 2)Binary Fortress™: Hypervisor-based Software Protection 3)Second Look™ Live Memory Forensics Red-team Instrumentation & Counterintelligence (CI) Scan Agent 4)Akita™: Software Situational Awareness 5)Self-healing and Active Defense Research & Development 6)Anti-forensic Research & Development 7)Cross-platform Digital Rights Management 8)Network Watermarking Information Operations Tools & Techniques Early Stage Research & Development 1)Secure and Covert Loading Phase I 2)IPV4 to IPV6 Phase I 3)Missile Defense Agency Anti-Tamper Phase I
© 2009 Pikewerks Corporation UNCLASSIFIED Products Electronic Armor 1)EA for Unix/Linux Individual Executable up to Full System Cryptographic Coprocessor Software Partitioning Real Time EA (RedHawk and VxWorks) 2)EA for Windows Binary Fortress 3)EA : Aware Situational Awareness - Environmental Based Key Generation 4)TBD Self-healing and Active Defense Cross-platform Digital Rights Management Network Watermarking Second Look 1)Live Memory Analysis 2)Red Team Instrumentation 3)Counter Intelligence (CI) Scan Agent 4)Persistent Forensics Tool 5)Windows Live Memory Analysis
© 2009 Pikewerks Corporation UNCLASSIFIED Specialized R&D Efforts Information Operations –Classified Mobile devices –Windows Mobile 5/6 –Linux/Symbian/Palm –Data collection, protection, and situational awareness Miscellaneous –Reverse engineering and red teaming –Anti-tamper –Active defense
© 2009 Pikewerks Corporation UNCLASSIFIED Opportunities Technology Licensing: Adoption of Pikewerks R&D as a layer into your programs and initiatives –Electronic Armor® –Second Look™ –Other Products/Tools/Capabilities Future R&D: Team with Pikewerks to create the next generation of information assurance, anti-tamper, information operations, and forensics solutions –SBIRs –BAAs –Other Sponsored R&D –IR&D efforts
© 2008 Pikewerks Corporation QUESTIONS? Thank You!
© 2009 Pikewerks Corporation UNCLASSIFIED Electronic Armor ® “Designed to protect software applications from reverse engineering, tamper, theft, and unauthorized execution” Features –Application source code is NOT needed, protects standard executables, shared libraries, and full systems –Operates at the kernel-level; preventing attacks from even privileged insiders –Little to no impact of application performance Benefits –Protected applications are encrypted on disk and while in system memory –Copying, debugging, tracing, tampering and dumping of protected application prevented –Applications are cryptographically ‘tied’ to the specific deployment machine
© 2009 Pikewerks Corporation UNCLASSIFIED EA Components Packaging Utility: Encrypts and transforms binaries, shared libraries, scripts, data, or entire Operating Systems (OS) distributions Execution Enabler: Processes and executes the protected applications during system operation Kernel Sealer Verifies and maintains the integrity of the OS kernel from malicious attack
© 2009 Pikewerks Corporation UNCLASSIFIED Binary Fortress Custom Hypervisor-based Software Protection –Extends kernel protection approach to a privilege level below the Operating System –Operates on hardware platforms that support Intel VT-x –Provides secure data and key storage, decryption, and partial out-out-of-band execution –Secure against kernel attacks –Twelve months of R&D –Final release 4Q 2009 –Early adopters received an advanced release 1Q 2009
© 2009 Pikewerks Corporation UNCLASSIFIED Situational Awareness Establishes a digital fingerprint of live system Monitors and analyzes system /environmental conditions –Advanced Configuration and Power Interface (ACPI) –Hard disk SMART statistics –User and system information –Network topology –Geographic location (GPS) Detect changes in the operating environment –Take appropriate defensive/offensive actions to protect sensitive applications on the system Forces the attacker to the field to find key material Final release 4Q 2009 Early adopters will receive an advanced release 2Q 2009 Specific user Specific host Network location Geographic location
© 2009 Pikewerks Corporation UNCLASSIFIED Second Look™ Forensics Wide range of target sources –Live systems (/dev/mem, firewire, etc) –Snapshots raw physical memory dumps hibernated system images Kernel memory analysis –Detects hidden modules –Detects hidden processes –Verifies integrity of the kernel and modules –Discovers discrepancies in resources –Identifies potential rootkit patch points Support for interactive debugging and reverse engineering Soon to be expanded to incorporate the Pikewerks custom hypervisor 16 Months of R&D (TRL 5) Related enhancement and Phase III activities –Counterintelligence Scan Agent –BIOS integrity verification –Red Team Instrumentation –Persistent memory forensics
© 2009 Pikewerks Corporation UNCLASSIFIED CI Scan Agent Extension of Second Look™ forensics R&D Agent for counter-intelligence investigations and espionage discovery Stealthy, software-based memory collection and analysis Automated detection and alerting of advanced computer espionage techniques Centralized data collection & storage Cross-host comparison and analysis Reporting & alert generation ***System*** PIKEWERK Windows XP Professional, X86 Service Pack 2 (build 2600) Number of processors 2 Page size 4096 ***End System*** ***Process*** Base Size Module Name 804D \WINDOWS\system32\ntkrnlpa.exe 806E \WINDOWS\system32\hal.dll ***End Process*** ***Network*** Active Connections TCP :epmap :26743 LISTENING TCP :microsoft-ds :24804 LISTENING TCP : :39070 LISTENING IPv4 Statistics Packets Received = ***End Network*** ***User*** Administrator Administrator, password does not expire billy Administrator, password does not expire ***End User*** ***IDT*** IDT INT gate (32bit) 0x (module \WINDOWS\system32\ntkrnlpa.exe) IDT INT gate (32bit) 0x c (module \WINDOWS\system32\ntkrnlpa.exe) ***End IDT*** ***Hypervisor*** OS Running within Virtual PC: no ***End Hypervisor***
© 2009 Pikewerks Corporation UNCLASSIFIED Red Team Instrumentation Extension of the Second Look™ forensics R&D Record and analyze actions taken by a Red Team in near real time Collection of assessment data to evaluate protection and attack tools Eight months of R&D Host running a debugger Virtual machine running protected software Gumstix American Arium debugger Debugging station Remote attacker
© 2009 Pikewerks Corporation UNCLASSIFIED Autonomic Healing Distributed Host Healing and Active Defense –System discovery, monitoring, healing and defense –Forces attackers to reach all machines at once –Networks work together to defeat exploitation attempts including reverse engineering attacks, viruses, and rootkits Application Self-healing and Active Defense –Extends software protection –Performs checksums of the protected applications –Replaces modified application segments with clean copies –Can dynamically change the behavior of a tampered application to perform penalties or adapt decoys for specific attack scenarios System Management Mode (SMM) monitor –Custom AMI/Award/Phoenix BIOS enhancement Small form factor FPGA uses Direct Memory Access (DMA) –Continual off-host monitoring and repair of memory –Can be used to remove/inject key material Six months of R&D
© 2009 Pikewerks Corporation UNCLASSIFIED Anti-Forensic Technologies
© 2009 Pikewerks Corporation UNCLASSIFIED Network Watermarking Transparent authentication of network traffic integrity for the Global Information Grid (GIG) Invisible watermarking of digital data for dissemination and authentication Host-based network driver and Single Board Computer (SBC) bump-in-wire bridge to apply and authenticate machine-specific watermarks to incoming and outgoing network traffic streams Final release 1Q 2010 Seeking deployment scenarios Physical AT wrap enclosure
© 2009 Pikewerks Corporation UNCLASSIFIED Data Rights Enforcement “Cross-Platform Digital Rights Management” Encrypts and Protects Data Files –Disposable Public-Key Cryptography provides forward-security of documents –Ideal for multi-level security of data –Ongoing integration with existing / adopted pedigree system Controls Operating System Capabilities –Data Rights Enforcement Module restricts the unauthorized ability to copy, print, redistribute protected data Provides Key Escrow –Rights Management Server allows for ongoing control and auditing of data access
Module 14: Configuring Server Security Compliance.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D FIS Distinguished Professor of Computer Science School of Computing, UNF.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
To provide the world with a next generation storage platform for unstructured data, enabling deployment of mobile applications, virtualization solutions,
Module 6: Designing Security for Network Hosts. Overview Creating a Security Plan for Network Hosts Creating a Design for the Security of Network Hosts.
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Week #7 Objectives: Secure Windows 7 Desktop Overview of Security Management in Windows 7 Secure a Windows 7 Client Computer by Using Group Policy Secure.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Information Systems Security Computer System Life Cycle Security.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
This document is the intellectual property of Acer Inc. and may not be used, reproduced, modified, or re-utilized in any way without permission by Acer.
Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Module 7: Fundamentals of Administering Windows Server 2008.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Hands-On Microsoft Windows Server 2008 Chapter 3 Configuring the Windows Server 2008 Environment.
Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.
Case for Server Virtualization. Content Why virtualize? Business value of virtualization Virtualization technologies & Hyper-V overview Management and.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Module 10: Windows Firewall and Caching Fundamentals.
The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Norman SecureSurf Protect your users when surfing the Internet.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
© 2017 SlidePlayer.com Inc. All rights reserved.