Sandia National Laboratories has a large cybersecurity research program supporting the Department of Energy as well as other federal departments and agencies. Fundamental research helps us stay ahead of threats. Sandia’s research efforts in cybersecurity are focused in three broad areas: 1. Trusted hardware, software, and systems 2. Networks and systems architectures and analysis 3. Effective cyber defense systems Research is conducted in state-of-the-art facilities with extensive computing and information science capabilities, which range from architectures and algorithms to advanced modeling and simulation. Three areas of active research most applicable to connected vehicle security are: Red Team Assessments, Emulytics™, and Supply Chain Risk Management.
We present the forensic analysis repository for malware (FARM), a system for automating malware analysis. FARM leverages existing dynamic and static analysis tools and is designed in a modular fashion to provide future extensibility. We present our motivations for designing the system and give an overview of the system architecture. We also present several common scenarios that detail uses for FARM as well as illustrate how automated malware analysis saves time. Finally, we discuss future development of this tool.
We report on the work done in the late-start LDRD Using Emulation and Simulation to Understand the Large-Scale Behavior of the Internet. We describe the creation of a research platform that emulates many thousands of machines to be used for the study of large-scale inter-net behavior. We describe a proof-of-concept simple attack we performed in this environment. We describe the successful capture of a Storm bot and, from the study of the bot and further literature search, establish large-scale aspects we seek to understand via emulation of Storm on our research platform in possible follow-on work. Finally, we discuss possible future work.
We present the forensic analysis repository for malware (FARM), a system for automating malware analysis. FARM leverages existing dynamic and static analysis tools and is designed in a modular fashion to provide future extensibility. We present our motivations for designing the system and give an overview of the system architecture. We also present several common scenarios that detail uses for FARM as well as illustrate how automated malware analysis saves time. Finally, we discuss future development of this tool.