Welcome to the new SBIR.gov, to assist in getting you situated with the system, a preview of the new login and registration process is available here. Please reach out to the website support team with any questions via sba.sbir.support@reisystems.com

Company

Portfolio Data

Icon: back arrowBack to Company Search

RED BALLOON SECURITY, INC.

Address

639 11TH AVE
NEW YORK, NY, 10036-2003
USA

View website

UEI: M3HHLMBESDY4

Number of Employees: 29

HUBZone Owned: No

Woman Owned: No

Socially and Economically Disadvantaged: No

SBIR/STTR Involvement

Year of first award: 2013

5

Phase I Awards

6

Phase II Awards

120%

Conversion Rate

$622,417

Phase I Dollars

$8,226,168

Phase II Dollars

$8,848,585

Total Awarded

Awards

Up to 10 of the most recent awards are being displayed. To view all of this company's awards, visit the Award Data search page.

Seal of the Agency: DOD

TEAM Integrity: Transparent Enforcement of Automotive Message Integrity

Amount: $172,951   Topic: A22B-T023

The CAN protocol, which serves as the nervous system for most modern automotive vehicles, was not designed with security in mind. Electronic Control Units (ECUs) accept any message on the bus as trusted, leaving them vulnerable for attacks that spoof messages, cause denial of service, or impersonate legitimate devices. In the proposed Transparent Enforcement of Automotive Message Integrity (TEAM Integrity), Red Balloon Security (RBS), Inc. and its subcontractor, Colorado State University (CSU), will implement a no-false-positive Intrusion Detection System (IDS) that has minimal performance overhead and no functional impact. This will be achieved through the introduction of security features and cryptographic authentication capabilities directly in ECU firmware binaries. In particular, TEAM Integrity will introduce Source Address message filtering and Cipher-based Message Authentication Code (CMAC) cryptographic capabilities for CAN/J1939 authentication purposes in the binary firmware of ECUs. This will realize an IDS that operates on data relating to contents of CAN messages, message frequency, and CMAC authentication values. Any detected intrusion will be reported using Parameter Group Numbers (PGNs) for Data Security, Imposter Parameter Group Alert, and Diagnostic Messages as defined in the SAE Recommended Practice J1939-73 Diagnostics. The effort will build on top of proven prior work from RBS and CSU, on the topics of firmware binary modification, and introduction of security features for CAN/J1939 in ECUs, respectively. The proposed security features have been explored by CSU, albeit employing additional hardware modules installed in front of ECUs, making the approach hard to scale and labor-intensive. RBS will leverage the advanced firmware binary analysis and modification/rewriting capabilities of its Open Firmware Reverse Analysis Konsole (OFRAK) framework to incorporate these capabilities directly in ECU firmware binaries. As such, the TEAM Integrity approach facilitates deployment and adoption for existing and new ECUs, as it does not require the introduction of additional hardware components on vehicles or access to the source code of ECU firmware. The resulting security-enabled firmware binaries will be tested on a hardware testbed developed by CSU. The testbed, including a unique research truck (part of the research fleet at CSU), will be used to assess the functionality and performance of RBS-introduced modifications on the baseline functionality of the target ECU device.

Tagged as:

STTR

Phase I

2024

DOD

ARMY

Seal of the Agency: DOD

Hardware Augmented Monitoring & Response (HAMR) Platform

Amount: $3,974,855   Topic: HR0011SB20224-06

As a consequence of limited domestic agency over the supply-chain for microelectronics, adversaries have many opportunities for adversaries to infect mission critical systems with malicious software and hardware tampers. Therefore, to protect our pilots and their mission, we must develop new security solutions capable of deterring, detecting, and defending against adversarial actions against our technology in a retroactive capacity. Previous methods for detecting compromised avionic hardware rely on monitoring communications between the aircraft flight systems for abnormal activity. In this setup, additional hardware is deployed to listen in on physical data channels, or buses, as a third-party. The thesis behind this solution is that because we cannot fully trust our hardware and software, we may only respond to malicious behavior by first catching it in the act. Unfortunately, this strategy is no longer effective for securing modern war systems. Physical data buses are becoming obsolete, as data peripherals in embedded platforms, such as kneeboards, are increasingly being packaged as highly-integrated systems within multi-core System-on-Chip platforms (SoC). As a result, solutions for catching malicious activity in live hardware that rely on monitoring physically exposed data buses are at risk of being rendered irrelevant. Defending embedded devices from malicious software and hardware tampers requires robust visibility into the underlying system and application level behavior. The solution presented in this proposal addresses this gap with Hardware Augmented Monitoring and Response Platform (HAMR), which retroactively embeds firmware hardening and live hardware attestation capabilities directly into vulnerable avionic systems. This attestation platform is achieved by approaching the problem from two sides - 1) kneeboard software and firmware is first hardened by injecting protections directly into executable binaries, and 2) these injected protections enable an external hardware attestation data channel that has direct visibility into all components within the target embedded system. Live attestation data is consumed during runtime by external hardware to independently monitor and respond to malicious behavior that may have been introduced by an adversarial supply-chain. Thus our solution is uniquely adapted to address a wide range of threats to modern kneeboard technology precisely because the approach is integrated into the kneeboard itself, and requires no supply-chain prerequisites to implement. This proposed Hardware Augmented Monitoring and Response platform is offered as a generalizable solution for executing a variety of attestation strategies. Due to the robust visibility into the kneeboard system offered by our firmware hardening defenses, this solution achieves functional access to all software, firmware, and network data on target kneeboard devices.

Tagged as:

SBIR

Phase II

2022

DOD

DARPA

Seal of the Agency: DOD

Symbiote Integration for Satellite Ground Station Infrastructure

Amount: $749,901   Topic: AF203-DCSO1

  We believe that firmware level host-based defense is the most practical and important layer of defense for the large numbers of embedded devices found throughout the Satellite Control Network (SCN) especially ground stations. Properly layered host-based

Tagged as:

SBIR

Phase II

2021

DOD

USAF

Seal of the Agency: DHS

Firmware Automated Analysis at Scale with Testing

Amount: $999,797   Topic: H-SB018.1-008

The firmware running on mobile, embedded, and Internet of things devices is often treated as a blackbox by organizations. These firmware images can contain a myriad of n-day vulnerabilities, both malicious and unintentional backdoors, and other unwanted functionality. Unfortunately, analyzing these firmware images is a difficult and time-consuming task as each firmware can be packed with layers of compression and obfuscation along with specialized operating systems and filesystems. We propose Firmware Automated Analysis at Scale with Testing (FAAST), a technology built on top of Red Balloon Security's FRAK technology, a proprietary framework for unpacking, analyzing, modifying, and packing firmware images. FAAST will integrate additional specialized FRAK analyzers and utilize FRAK's client server architecture to automatically unpack and analyze firmware images returning human and machine readable reports back to the user.

Tagged as:

SBIR

Phase II

2019

DHS

Seal of the Agency: DOD

Identification and Modification of Features in Embedded Devices

Amount: $999,936   Topic: SB014.2-002

Unlike conventional computers, the embedded computers found in vehicles, routers and other Internet of Things devices lack the capability to have their software remotely updated. Vulnerabilities discovered in such devices remain unpatched, creating a large and growing attack surface. We propose to address this limitation in our Identification and Modification of Features in Embedded Devices (IMFED) framework. IMFED will reduce the functionality and complexity of COTS embedded device firmware to a minimal set required to support specific mission requirements. IMFEDs core technology is a flexible and finely granular method to identify, add, modify, or remove features in embedded device firmware. This core will be enabled by a feasibility study exploring the practicality of a new approach, hybrid emulation, for analyzing and debugging embedded device modifications.

Tagged as:

SBIR

Phase II

2018

DOD

DARPA

Seal of the Agency: DHS

Firmware Automated Analysis at Scale with Testing

Amount: $149,969   Topic: H-SB018.1-008

The firmware running on mobile, embedded, and Internet of things devices is often treated as a blackbox by organizations. These firmware images can contain a myriad of n-day vulnerabilities, both malicious and unintentional backdoors, and other unwanted functionality. Unfortunately, analyzing these firmware images is a difficult and time-consuming task as each firmware can be packed with layers of compression and obfuscation along with specialized operating systems and filesystems. We propose Firmware Automated Analysis at Scale with Testing (FAAST), a technology built on top of Red Balloon Security's FRAK technology, a proprietary framework for unpacking, analyzing, modifying, and packing firmware images. FAAST will integrate additional specialized FRAK analyzers and utilize FRAK's client server architecture to automatically unpack and analyze firmware images returning human and machine readable reports back to the user.

Tagged as:

SBIR

Phase I

2018

DHS

Seal of the Agency: DHS

Hybrid Prediction for Embedded Malware

Amount: $746,756   Topic: H-SB016.1-003

Predicting malware trends and designing defenses to defeat the next generation of malware is difficult but necessary in order to significantly increase the cost to attackers of developing malware and executing successful attacks. Without such malware trend predictions, we will continually be defending against yesterday's attacks and will remain unprepared for new threats. Embedded devices are becoming the next target for attackers as traditional workstations and servers become more secure. We will create a hybrid approach toward embedded device malware trend prediction. Our approach targets both long-term malware trend prediction utilizing attack graphs and short-term approaches monitoring malware and capturing forensic data to provide real-time predictions. A hybrid of short-term and long-term approaches offers many benefits. Captured samples would confirm or better inform the long-term predictions of what evasions and attack paths malware uses. Long-term predictions would enable advanced defenses to be prepared to capture malware samples. Our hybridized predictive malware trending scheme will significantly increase situational awareness into both short-term and long-term attack trends. Furthermore, our output will enhance embedded attack incidence response capabilities at an enterprise level and predict future attack trends at both tactical and strategic time scales.

Tagged as:

SBIR

Phase II

2017

DHS

Seal of the Agency: DHS

Hybrid Prediction for Embedded Malware

Amount: $99,997   Topic: H-SB016.1-003

Predicting malware trends and designing defenses to defeat the next generation of malware is difficult but necessary in order to significantly increase the cost to attackers of developing malware and executing successful attacks. Without such malware trend predictions, we will continually be defending against yesterday's attacks and will remain unprepared for new threats. Embedded devices are becoming the next target for attackers as traditional workstations and servers become more secure. We will create a hybrid approach toward embedded device malware trend prediction. Our approach targets both long-term malware trend prediction utilizing attack graphs and short-term approaches monitoring malware and capturing forensic data to provide real-time predictions. A hybrid of short-term and long-term approaches offers many benefits. Captured samples would confirm or better inform the long-term predictions of what evasions and attack paths malware uses. Long-term predictions would enable advanced defenses to be prepared to capture malware samples. Our hybridized predictive malware trending scheme will significantly increase situational awareness into both short-term and long-term attack trends. Furthermore, our output will enhance embedded attack incidence response capabilities at an enterprise level and predict future attack trends at both tactical and strategic time scales.

Tagged as:

SBIR

Phase I

2016

DHS

Seal of the Agency: DHS

Automated Embedded Vulnerability Identification and Exploitation Mitigation System Using FRAK, Symbiote and Autotomic Binary Structure Randomization

Amount: $754,923   Topic: H-SB014.2-002

We propose to implement a novel Embedded Live-Hardening framework and associated algorithms to combine the state-of-the-art in static firmware vulnerability analysis and mitigation with a suite of novel dynamic defensive techniques powered by Red Balloon Security's software Symbiote technology. While Symbiotes have traditionally been used directly to enforce dynamic firmware integrity attestation in embedded devices, we propose to design new Symbiote payloads capable of not only dynamic attestation, but live attack forensic data collection, analysis and ultimately, live hardening of vulnerable devices based on forensic data collected by other similar deployed devices. Lastly, we propose to design a comprehensive framework for truly integrating all meta-data collected through both static and dynamic analysis components to continuously, and automatically, identify and mitigate vulnerabilities on all protected devices. Such a framework will allow network defenders to: - Maximize vulnerability identification accuracy while minimizing expert human intervention - Minimize reaction time between threat identification and mitigation deployment for proprietary embedded devices - Maximize forensic data collection capabilities on black-box embedded devices - Minimize downtime of vulnerable and compromised devices while drastically increasing the defenders ability to patch vulnerabilities within embedded devices dynamically - Maximize overall embedded security situational awareness across enterprise-level networks of heterogeneous embedded devices We propose to deliver a phase one report that details the component technology designs and time and cost estimates for a phase two contract to implement, test and evaluate these technologies.

Tagged as:

SBIR

Phase II

2015

DHS

Seal of the Agency: DHS

Automated Embedded Vulnerability Identification and Exploitation Mitigation System Using FRAK, Symbiote and Autotomic Binary Structure Randomization

Amount: $99,500   Topic: H-SB014.2-002

We propose to design a novel framework and associated algorithms to combine the state-of-the-art in static firmware vulnerability analysis and mitigation with a suite of novel dynamic defensive techniques powered by Red Balloon Security's software Symbiote technology. While Symbiotes have traditionally been used directly to enforce dynamic firmware integrity attestation in embedded devices, we propose to design new Symbiote payloads capable of not only dynamic attestation, but live attack forensic data collection, analysis and ultimately, live hardening of vulnerable devices based on forensic data collected by other similar deployed devices. Lastly, we propose to design a comprehensive framework for truly integrating all meta-data collected through both static and dynamic analysis components to continuously, and automatically, identify and mitigate vulnerabilities on all protected devices. Such a framework will allow network defenders to: - Maximize vulnerability identification accuracy while minimizing expert human intervention - Minimize reaction time between threat identification and mitigation deployment for proprietary embedded devices - Maximize forensic data collection capabilities on black-box embedded devices - Minimize downtime of vulnerable and compromised devices while drastically increasing the defenders ability to patch vulnerabilities within embedded devices dynamically - Maximize overall embedded security situational awareness across enterprise-level networks of heterogeneous embedded devices We propose to deliver a phase one report that details the component technology designs and time and cost estimates for a phase two contract to implement, test and evaluate these technologies.

Tagged as:

SBIR

Phase I

2014

DHS