|
Cutting Edge Cyber R&D and Solutions
Global InfoTek, Inc. has a proven track record of successfully providing cutting edge cyber security and computer network operations capabilities to the U.S. Government. This success stems from an exceptionally strong and diverse group of technologists, deep knowledge of leading edge technologies, and a focus on our customers’ challenges. This knowledge and experience, combined with our inherent laboratory capabilities, provides research that breaks new ground for cyber operations at the rapid speed of the cyber warfare arena. While other contractors are just entering the cyber research market, GITI is already at the leading edge of technology, with close ties to the leaders of the technology at academia and commercial vendors.
GITI offers exceptional capability to develop and apply advanced technologies to address challenging cyber security problems for our customers. Our work spans the areas below:
If you are interested in helping develop cutting edge solutions to hard problems in cyber security and computer network operations, please contact us.
 Vulnerabilities and Exploits |
GITI builds on its fundamental understanding of platform and protocol vulnerability and exploit mechanisms for all of its cyber work. We have state-of-the-art capabilities to discover vulnerabilities on many platforms by leveraging source code analysis, static and dynamic binary analysis and other techniques. We understand how different exploit mechanisms use these vulnerabilities to enable execution of different payloads for specific effects
|
For example these techniques allow us to help our customers find vulnerabilities in MS Windows application and service, including operating systems, Windows kernel, and DLL level vulnerabilities. Our focus is developing technologies to help customers identify the potential for impacts to data and system integrity, command injection, and arbitrary code execution. We also develop techniques to support embedded systems. |
|
| -back to top |
|
 Cyber Situation Awareness and Monitoring |
CIATA (Cyber Intelligence Analysis and Threat Awareness) is built on a proven framework that can be applied to help customers efficiently build Command and Control (C2) Centers to protect US military cyber assets.
CIATA provides network security operations center staff with the ability to rapidly construct and deploy Cyber Monitoring, Analysis and Notification capabilities, in response to changing threats. Operators can build these cyber situation monitoring capabilities based on all available network and host sensor data sources available, develop a real-time situation picture and perform threat analysis and response (plan determination). CIATA integrates with legacy applications, variety of data sources and sensor data. |
|
Our CIATA framework incorporates open source and commercial tools and addresses key challenges in Cyber C2: Event Representation, Event Correlation, and Dynamic analysis. Data sources like anti-virus alerts, host IDS software, traditional intelligence, network awareness through IDS like Snort, log analysis, etc., feed automated analysis and prioritization of threats and response evaluation with rules and human-in-the-loop preferences. Advanced reasoning techniques including Bayesian, spatial, temporal logic can be applied to evaluate multiple sensor inputs for the highest reliability analysis and response. New host or network sensors and the advanced reasoning techniques can readily be plugged into the system.
CIATA builds upon our staff experience with DARPA’s Strategic Cyber Defense Vision and Cyber C2 program. It enables situation understanding, monitoring, and visualization. |
|
| -back to top- |
|
 Cyber Attack Detection |
There are three ways that a remote attacker can affect resources on a host running an application: getting their own code to execute within that application (code injection), getting their own commands to be executed within that application (command injection), or by manipulating the control flow and/or internal state of the application to effect resource changes through resource altering code within the application.
The vast majority of known attacks utilize either code or command injection because there are many vulnerabilities that can be exploited individually or in combination to effect code or command injection. The attacker can, therefore, choose which resources to affect and how by choosing which code or commands to inject. Utilizing existing resource altering code within the application is both harder for the attacker to exploit and more limited in the choice of resources to be affected or how they are modified.
For this reason, much of GITI’s effort is directed at developing generic (i.e., language-independent) techniques for blocking (through diversification) and confining these attacks. As these techniques focus on the resource altering portion of the attack, they are effective in helping our customers detect attacks no matter which vector of application vulnerabilities was exploited to mount the attack.
By utilizing static analysis to identify where to apply confinement and diversification transformations and deploy runtime monitors, we eliminate both the intractability and size limitations associated with the deeper analysis required to guarantee the absence of vulnerabilities. Without any size restrictions imposed by our analysis component, our entire framework is application size independent. |
| -back to top- |
|
 Proactive Host Defenses
|
| We have designed and implemented various beyond-state-of-the-art host defense technologies including:
- Address space randomization (via user and kernel space modules) for Windows
- Process Environment Block (PEB)/Thread Environment Block (TEB), etc.
- Lightweight taint analysis
- Automated crash analysis
- Automatic generation of blocking signatures
|
|
|
These, and other techniques, are brought together to provide our customers with continuous, mission-critical service protection via proven, proactive host-based defenses. Our overall approach builds upon our automated vulnerability detection approach and incorporates memory-based attack protection, automated service restoration, and long-term protection through immunization techniques.
The result of our approach is a Proactive defense that meet the operational challenges posed by real world attackers
-back to top-
|
 Cyber Testing and Evaluation |
GITI has extensive and unique experience in advanced Cyber T&E technologies. We have been both testers and performers on such tests (e.g., Test & Evaluation lead and supporting roles, performer on multiple Cyber programs and both unclassified and classified testing support). This gives us a unique perspective on how to help our customers rapidly test deployable Cyber results.
GITI staff have led multi-organization teams, worked as test leads and test designers and have the experience in:.
- Test plan development, network specs, scenarios, instrumentation, etc.
- Working with development and operational test partners to reflect their interests
- Offensive, exploitation and defensive technology testing
- Automated and human-in-the-loop systems
GITI has developed test management and evaluation software to support Test Directors and their staff. This software delivers near-real-time visualization, monitoring, control and evaluation of individual network experiments. It supports visual reporting of test results, capture of key test data and event and rapid test replay. It is highly customizable and has been proven in several large scale test and evaluation projects for DARPA programs (Dynamic Quarantine of Worms (DQW), Self Regenerative Software (SRS), Coordinators). It easily integrates metrics, measurements and sensors to support test goals and provides near-real-time framework for signaling / monitoring to track and log attack and defense status, allowing our customers real-time visibility into the progress of the test. |
|
We have developed range management software that automates resource allocation for multiple simultaneous tests. The automation covers host imaging, health and status monitoring, and data collection. It has been used to run 200,000+ automated tests on a 140 physical node testbed located at GITI. The software is scalable to thousands of nodes. The test management software described in the above paragraph integrates with this range management software to deliver exceptional end-to-end performance.
GITI staff have designed and operated multi-level testbeds including PL5 high assurance guards. We understand the policy, design, and technical implementation issues of such testbeds. Our customers benefit from our knowledge of the strengths and weaknesses of current approaches for such areas as traffic generation, data collection, network design, and test control harnesses.
We have designed and implemented host traffic agents that replicate selected aspects of human behavior including reactions to other agents and to changes in environment. This capability enables non-scripted group interactions that emulate scenarios and workflows. Such activities have never been possible before without the use of humans or extensive, deterministic scripting.
|
-back to top-
|
|
|
