DHS’ S&T Directorate Selects Four Firms for Device Firmware Security Research


Kryptowire LLC, Fairfax, Va., SAFARI: Scalable Analysis of Firmware for AndRoid and iOS—Kryptowire was awarded $149,993 to determine the feasibility of a scalable, comprehensive and automated framework to detect firmware-borne threats—malicious and unintentionally insecure—in Android and iOS devices. The framework will encompass three analysis techniques: forced-path execution, static analysis and dynamic analysis across multiple software modules and applications to provide analysis of device firmware across different vendors, operating systems and applications.

RAM Laboratories, Inc., San Diego, California, Automated & Scalable Analysis of Mobile & IoT Device Firmware—RAM Laboratories was awarded $150,000 to prove its concept for Firmalytics, a modular and scalable framework that will automatically analyze firmware for security vulnerabilities, backdoors and malware. As envisioned, the framework also will add the analysis results to a database to support a correlation engine to be used for identifying groups of similar firmware vulnerabilities.

Red Balloon Security, New York, New York, Firmware Automated Analysis at Scale with Testing—Red Balloon was awarded $149,869 to test its proposed Firmware Automated Analysis at Scale with Testing (FAAST) technology. FAAST will be built on top of the company’s Firmware Reverse Analysis Konsole (FRAK) unpacker for unpacking, analyzing, modifying and packaging firmware images. The goal of the project is to demonstrate feasibility of the mobile and embedded firmware analysis automation technology platform.

Sekurity LLC, Jersey City, New Jersey, Principled Security Analysis of the Firmware Binaries via Guaranteed Formal Verification and Scalable Dynamic Monitoring—Sekurity was awarded $149,999 to test the feasibility of its proposed firmware binary security analysis framework (BINNSEC) for mobile and IoT devices. To ensure scalability and usability across different firmware binary formats, BINNSEC will use a combination of advanced binary reverse engineering, malware analysis, programming languages techniques, formal methods and dynamic vulnerability assessment algorithms to generate accurate and human-perceivable reports in a timely manner.




If you can find the web site for Sekurity LLC, please leave a Comment on this blog with an URL.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s