The broader impact of this Small Business Innovation Research (SBIR) Phase 1 project will result from providing organizations and software developers the best available protection against harmful malware and application flaws in completely standalone and air-gapped environments. In cybersecurity, applications are now the new perimeter and have become the last frontier in malware protection, which is where all current endpoint security products are routinely turned off or otherwise bypassed by attackers. The Phase 1 project focuses on stopping and/or detecting hidden malware regardless of how it gets into an application or how it changes its behavior inside an application. The Phase 1 project result overcomes the fundamental technical flaw in current solutions â attempting to enforce least privilege mechanisms from outside applications â by delivering a solution that operates within the application where it can see and act upon malicious code. The solution will protect individual data and corporate assets in all types of organizations, including organizations running operational technology vulnerable to cyberattacks. Wide adoption will boost application and endpoint security, significantly reducing the worldwide problem posed by the continuing rise in successful malware attacks. This Small Business Innovation Research (SBIR) Phase I project seeks to address the core technical challenge associated with the development of an enforcement engine for implementing all current least privilege mechanisms on various operating systems inside applications. The challenge is to construct both the algorithms and the engine to recognize and protect against modern malware misusing the dynamic code privileges of applications. As proof that this protection is needed is the near 100% incidence of all recent, successful malware attacks that were all designed to take advantage of this specific vulnerability of current antivirus software. The first and most immediate application of this new technology, which is the subject of the phase I project, is to define the use of dynamic code in each application as a privilege, learn if and where within its code an application uses this privilege, and enforce it once the behavior has been learned. The outcomes from Phase 1 will result in a software solution that can produce in real time a map of how any healthy program uses dynamic code and stop any attempt by malware to subvert that process. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criter
