The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded funding to five research and development (R&D) projects that are expected to enhance the secure use of mobile applications for the federal government.

These Mobile Application Security (MAS) R&D projects will be managed by the DHS S&T Mobile Security R&D program, which is part of the Cyber Security Division in the Homeland Security Advanced Research Projects Agency.

The recently-launched MAS project is focused on continuous validation and threat protection for mobile apps, and integrating security throughout the mobile app lifecycle. It is also developing a security framework and integrated models, that will enable the development of secure mobile apps for mission use by DHS components, other government agencies and enterprise organizations, said the agency in a statement.

The project contracts were awarded under Broad Agency Announcement HSHQDC-16-R-B0006, which was issued in June 2016 by the S&T Cyber Security Division.

The following organizations and their projects are the funded MAS awards:

  • Qualcomm was awarded $1,842,739 to utilize and integrate its commercial technology to demonstrate a platform on which mobile application security can be anchored in the hardware of a device. The effort will include the demonstration of a Mission-Critical-Grade Security Layer (MCGSL). The MCGSL will extend continuous observations from the mobile device through Application Programming Interfaces to third-party applications and services across the commercial mobile ecosystem. The project is intended to demonstrate the potential for broad use across devices with Qualcomm Snapdragon platforms.
  • Lookout, based in San Francisco, California, was awarded $1,800,000 to add new app-threat, -risk and -vulnerability detection and protection capabilities and enhance existing capabilities in its cloud-based Mobile Endpoint Security platform. The enhanced platform will be applicable to iOS and Android operating systems.
  • United Technologies Researcher Center (UTRC), located in East Hartford, Connecticut, was awarded $1,453,655 to develop and implement a mobile app security system that will be run on a hybrid mobile-device-cloud environment called COMBAT (COntinuous Monitoring of Behavior to protect devices from evolving mobile Application Threats). COMBAT is expected to process diverse sources of information along with artificial intelligence to detect malicious and vulnerable apps. COMBAT will be demonstrated on Android devices.
  • Apcerto of Ashburn, Virginia, was awarded $1,643,419 to research and develop solutions for normalizing and rating mobile apps based on predefined standards, as well as a framework for orchestrating the entire mobile app security process. The first solution is expected to provide a testbed for mobile app security orchestration and the normalization of results to standards, including the National Information Assurance Partnership, Open Web Application Security Project, Health Insurance Portability and Accountability Act, and Sarbanes-Oxley Act.
  • Red Hat and Kryptowire jointly were awarded $1,902,750 to integrate security throughout the entire mobile app development lifecycle. They will develop an extension of the Red Hat Mobile Application Platform (RHMAP). This effort will adhere to appropriate U.S. government mobile security standards (e.g., National Information Assurance Partnership—Software Protection Profile). The mobile security technology will be optimized for iOS and Android apps.

CSD conducts and supports technology transitions and leads and coordinates R&D among DHS customers, government agencies, the private sector and international partners.

[Image courtesy: DHS]