Cyber Genome Project General Dynamics TA-1 Statement of Work
Revision –
March 4, 2010
Overview
HBGary Federal, LLC will develop automated malware analysis technologies to identify
the malicious behaviors and traits. In Phase 1
Phase 1 (Months 1-24)
Task 1: Malware Correlation
Provide the research and development of memory and malware analysis techniques to
achieve correlation between malware that share traits or disassembled code. This
includes developing and refining signatures of code sequences within software that are of
value for correlation techniques.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 2: Function Extraction
Provide research and development of function extraction methods from disassembled
code based on previous work with Automated Run-Time Disassembly techniques.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 3: Data Flow Maps
Provide research support to GDAIS and other team members in correlation techniques for
signatures based on, but not limited to, malware artifacts, function extraction, data flow
maps, and function maps.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 4: Malware Trigger Discovery
Provide research support to GDAIS and other team members in malware trigger
discovery to determine runtime requirements to automate the execution of malware.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 5: DNA Sequences
Provide sample or generated DNA sequences for integration into the correlation database
as needed for visualization and POC demonstration.
Dependencies:
Completion Criteria / Milestones:
HBGary Federal Cyber Genome General Dynamics TA-1 SOW – Page 1
Schedule: Months x-x
Task 6: Malware Genome
Provide research support to GDAIS and other team members in the creation of a unified
malware genome for use in malware correlation.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 7: Malware Identification & Classification
Provide research support to GDAIS and other team members on identification and
classification of malware.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 8: Identify Toolmarks
Provide research and development of toolmarks and latent artifacts within executables
that can reveal information about the environment when developed and compiled.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Phase 2 (Months 25-48)
Task 1: Malware Correlation
Provide the research and development of memory and malware analysis techniques to
achieve correlation between malware that share traits or disassembled code. This
includes developing and refining signatures of code sequences within software that are of
value for correlation techniques.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 2: Function Extraction
Provide research and development of function extraction methods from disassembled
code based on previous work with Automated Run-Time Disassembly techniques.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 3: Data Flow Maps
Provide research support to GDAIS and other team members in correlation techniques for
signatures based on, but not limited to, malware artifacts, function extraction, data flow
maps, and function maps.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Secure Decisions Cyber Genome HBGary TA-3 SOW – Page 2
Task 4: Malware Trigger Discovery
Provide research support to GDAIS and other team members in malware trigger
discovery to determine runtime requirements to automate the execution of malware.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 5: DNA Sequences
Provide sample or generated DNA sequences for integration into the correlation database
as needed for visualization and POC demonstration.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 6: Malware Genome
Provide research support to GDAIS and other team members in the creation of a unified
malware genome for use in malware correlation.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 7: Malware Identification & Classification
Provide research support to GDAIS and other team members on identification and
classification of malware.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Task 8: Identify Toolmarks
Provide research and development of toolmarks and latent artifacts within executables
that can reveal information about the environment when developed and compiled.
Dependencies:
Completion Criteria / Milestones:
Schedule: Months x-x
Travel Assumptions
HBGary Federal will send up to 2 representatives to support and participate in the
following Customer meetings:
 Cyber Genome Kickoff Workshop (2 days)
 Team Interim Program Review (Quarterly, for 1 day)
 Cyber Genome Annual Review (Up to 5 days, every 11 months)
 Period 1B and 2B IV&V events (near end of contract)
HBGary Federal will send up to 2 representatives to support and participate in the
following General Dynamics-organized meetings:
 Team Kickoff Meeting (once, 2 days)
 Team Technical Interchange Meetings (every 2 months)
Secure Decisions Cyber Genome HBGary TA-3 SOW – Page 3





Integration events (minimum once every 4 months)
Risk Reduction test events (minimum of 5 – one each 12 month period; 2
during the last 12 month period)
Demonstration & Feedback events (minimum of 5 – one each 12 month
period; 2 during the last 12 month period)
IV&V “Dress Rehearsal” test event (prior to customer IV&V event)
Team Hotwash event (post customer IV&V event)
Secure Decisions Cyber Genome HBGary TA-3 SOW – Page 4