SBIR-STTR Award

In this proposal, we present an approach for building the Internet Cleanroom (IC) that represents a radical departure from prior and current Internet security tools and practices. Where todayís information security tools and practices focus either on building better software, filtering mechanisms such as firewalls to prevent remote exploitation, or building tools to detect compromises, the proposed technology described here creates a safe environment for running Internet-enabled software. The system provides an environment in which intrusions or compromises present no threat to the host system or other software and data. This approach effectively eliminates all external threats from Internet-connected machines. It does not address the insider threat where users are given keyboard access to machines.

Keywords:
Cyber Security, Virtual Machines, Operating Systems, Intrusions, Malicious Code

The vision for the Internet Cleanroom is to make the operating system a single-use machine. Machines are created on demand when needed for an application, and then disposed of after use. Each machine created is pristine (original build with vendor patches) so the application runs in an unpolluted environment. Machines that are infected or compromised during use are disposed of and therefore foreign threats eliminated. The key technology enabler used in this project is machine virtualization. The mechanics of the virtualization are transparent to user. User experience should be similar to current desktop computing experience. Phase I demonstrated the feasibility of this approach. Phase II will develop a robust prototype for use in pilot evaluations in DoD facilities.

Keywords:
Internet Security, Virtualization, Virtual Machines