Our Case Studies
This is a selection of our past and present projects, showcasing our team's capabilities. Over the years we have accumulated a wealth of experience in information assurance and engineering projects. This page is updated as time and agreements permit.
AntiSig (Juniper Networks NetScreen IDP Signature Analysis)
AntiSig was developed for internal use to extract and process the IDS (Intrusion Detection System) signatures for the Juniper Networks’ NetScreen IDP family of IDS appliances, including decryption of hidden (protected) signatures. This allowed Subreption to obtain at-will access to the actual detection patterns, as well as triggers for zeroday and n-day vulnerabilities.
- Parsing of IDS signatures with human-readable tree output.
- Decryption of protected signatures.
- Automated parallelized downloading of updated databases.
- Custom S-Expression parser and tokenizer.
KERNHEAP: Linux kernel heap tampering detection
KERNHEAP was the first integral solution against vulnerabilities abusing the Linux kernel heap. It pioneered concepts applicable to dynamic memory allocators in other operating systems, their kernels and toolchains.
- The first integral solution against vulnerabilities abusing the Linux kernel heap.
- Addressing the nature of different bug classes, reliable protection against zerodays was provided by a defense-in-depth design.
- Its concepts were applicable, and have been applied, to multiple operating systems, including their kernel and toolchains.
- DYMASEC is the technical successor to KERNHEAP, years later, funded under the DARPA Cyber Fast Track program.
SAFEDROID: Secure mobile computing platform
Funded under the DARPA Cyber Fast track (CFT) program, SAFEDROID enforced memory protections and reduced system predictability, altering core components of the operating system (OS), based off Android and the Linux kernel, to provide a defensive in-depth solution against zero-day attacks targeting smartphone users. The project leveraged Subreption’s DYMASEC (proactive defenses for memory allocators) extensively, providing a high level of deterrence against all vulnerability classes related to dynamic memory.
- The first integrally hardened Android OS for consumer devices.
- Fully protected user-land and kernel with DYMASEC, preventing all known techniques to abuse dynamic memory related vulnerabilities.
- Android application-tolerant.
- Part of the DARPA I2O’s Demo Day at the Pentagon (2014).