Intelligent Automation, Inc.
Home>News>2012>ir Force awards IAI a follow-on contract to develop a novel method for Network Application Security using Policy Guided Isolation and Strategically Shielded Exp

ir Force awards IAI a follow-on contract to develop a novel method for Network Application Security using Policy Guided Isolation and Strategically Shielded Exposure

Securing modern computer systems is challenging since applications share resources and information and are open to outside networks. To address the conflict between application isolation and information sharing, IAI and its collaborator, Purdue University, have been awarded a follow-on contract entitled “Policy Guided Isolation and Strategically Shielded Exposure: A Novel Approach to Secure Applications.” This methodology regulates information sharing mechanisms by combining a Policy Machine (PM) technique with virtualization technology. In the first phase, the security-enhanced virtual machine monitor (VMM) was implemented. The application programs and their operating system (OS), called the guest OS, were run inside a virtual machine (VM). A modified VMM architecture with a hypervisor running directly on top of the hardware platform is used to create VMs outfitted with individual VM Managers. The hypervisor intercepts hardware access requests and system calls from a VM and forwards to the VM Manager, which uses semantics mapping, data/process coloring, and kernel code protection to collect information and monitor the execution of the VM. This security-enhanced VMM was effective in preventing information leakage caused by accidents or malware. In the next phase, a lightweight kernel-compatible PM and efficient kernel code protection mechanisms will be integrated with the VMM to automatically reason over security policies used to regulate information sharing mechanisms in the VM. This policy programmable security-enhanced VMM will enable the system administrator to dynamically update security policies without interrupting the VM’s execution. A configuration interface will allow the system administrator to configure the VMM’s functions and capabilities based on application requirements. The effectiveness of this VMM, which can also protect the guest OS against kernel rootkits, will be demonstrated using real application scenarios.

About IAI:
Intelligent Automation, Inc. (IAI) is a technology innovation company headquartered in Rockville, MD. We specialize in providing advanced technology solutions and R&D services to federal agencies, and corporations throughout the United States and internationally. Leveraging agile R&D processes, a multi-disciplinary collaborative environment, and its substantial intellectual property portfolio, IAI excels in developing concepts into market-focused products and customer-driven solutions. IAI’s core R&D areas include: Air Traffic Management, Big Data and Social Media Analytics, Control and Signal Processing, Cyber Security, Education and Training Technologies, Health Technologies, Modeling and Simulation, Networks and Communications, Robotics, and Sensor Systems. For more information on IAI, please visit

Latest News
© 2008-2016 Intelligent Automation, Inc. | 15400 Calhoun Drive, Suite 190, Rockville, MD 20855 | Phone: 301 294 5200 | Fax: 301 294 5201