System Assurance Solutions and Tools

MRoT - Mobile Roots of Trust

Mobile Roots-of-Trust (MRoT), which are highly trustworthy tamper evident components, provide a foundation to build security and trust for mobile devices. MRoT, is a fully software-based dynamic mobile trusted module technology, supported by DHS S&T Cyber Security Division (CSD). MRoT measures and verifies the device’s static and runtime state (e.g., boot loader, operating system, apps, etc) to enable trust and security. It can be utilized to detect malicious system change or activity, and to ensure that access to critical information and software can only be performed in a trusted state. It requires no modifications to the underlying operating system kernel, nor any manufacturer or service provider support for insertion. It comes with a user interface that allows adding mobile applications to the MRoT protected vault as well as a standard API.


ThreatSCOPE Base - Vulnerability Analysis and Visualization Tool

ThreatSCOPE Base is a system assurance tool at the binary level for analyzing software vulnerabilities, cyber threats, and potential paths for exploit. It builds on a new concept that is fundamental and does not rely on signatures nor solutions tailored for particular known cyber exploits. Its core technology is patented; some of its components are supported by DARPA, DHS, and Air Force. The tool supports ARM, MIPS, and PowerPC binaries and builds on a sophisticated program analysis framework implementing a new theory of identifying vulnerabilities. The result of the tool is graphical and includes guidance for vulnerability testing. Various metrics are employed to quantify the level of exploitability. Can be used for evaluating vulnerabilities as part of the development process and/or qualifying third-party modules/libraries. In addition to ThreatSCOPE Base, we are also in the process of adding a variety of additional features including support for instrumentation/code-injection as well as modeling. Please contact us for more information regarding these technologies.


UniQore and TrustGUARD Processor Cores - Secure Softcore CPUs for FPGAs

UniQore and TrustGUARD, are highly secure soft (synthesizable) cores targeting securing embedded systems with FPGAs. BlueRISC invented the concept of unique instruction sets and interfaces – made unique to each product line or device depending on customer integration. The cores target different use cases. In particular, UniQore (supported by Darpa and MDA) is a very low overhead processor core that can be used as an add-on to a customer reconfigurable hardware. Both come with ecosystem and security firmware as well as standard interfaces for Xilinx, MicroSemi, and Altera FPGAs. They build on unique, patented concepts for securing the internals of a device and software against various kinds of tampering and side-channel attacks.


ImmuneSoft - Software Immune System

ImmuneSoft, is a runtime system for self-healing software in the field that is inserted into a binary. With the emergence of the Internet of Things, consisting of potentially billions of autonomous devices as well as networked embedded systems with limited access, it has become clear that keeping up with patching software vulnerabilities rapidly approaches its limits of feasibility. Built upon a patented theoretical concept and sponsored by both DHS and Darpa, ImmuneSoft is capable of healing itself in the field without apriori knowledge of an attack. The software immune system introduces minimal overhead and has been shown to could have uncovered the Heartbleed security vulnerability, that affected most of the Internet servers. In addition to self-healing (autonomously), it can be used to provide guidance for a quick recovery from an exploit situation, somewhat similar to the incremental automation of self-driving cars, as well as employed as part of security testing.


CaptureGUARD ExpressCard - Gateway to Forensics

This is an ExpressCard platform that enables access to locked Windows computers allowing live forensic acquisition/analysis in these otherwise inaccessible systems. Watch this video demonstration of CaptureGUARD Gateway bypassing Windows login passwords at the WindowsSCOPE product site. Other than Windows operating systems can also be quoted.

Buy Now at WindowsSCOPE Store

WindowsSCOPE - Cyber Forensics Tool

A GUI-based memory forensic capture and analysis toolkit. Allows for the import of standard WinDD memory dumps which are then automatically reverse engineered and presented in an easy-to-view format for forensic analysis in a central location. Applications include digital forensics, memory forensics, cyber crime investigation, cyber defense, cyber attack detection, cyber analysis, and other reverse engineering activities.

Buy Now at WindowsSCOPE Store