SBIR/STTR Award attributes
Because Navy Cyber Physical Systems (CPSs) are often not connected to IP networks, yet still may be vulnerable to cyber attack, there is an urgent need for a portable device that can be connected to a variety of non-IP CPSs to assess their security posture. SIFT proposes to develop the CRIMSON Portable Red Team to automatically extract firmware from a target, analyze the firmware to find zero-day vulnerabilities, and then generate a report describing the vulnerabilities and possible mitigations. CRIMSON will be built on our state of the art NEO-Fuzz Cyber Reasoning System, which already includes capabilities to unpack, analyze, and fuzz-test embedded system software. CRIMSON will re-host the system on a portable computing platform and add components to connect to a wide variety of CPS targets, extract their firmware for analysis, and generate user interfaces and reports for use by non-experts.
