Rapid Prototyping A Virus Scanner

Case Study:

Science Applications International Corporation

1710 SAIC Drive
McLean, VA 22102
(703) 676-4300


Customer with an idea for a custom device/service wants to get a rapid prototype with full functionality for demonstrations.


SAIC contacted PTR to come in and talk about creating a prototype of a device that would search removable media for malware.  The role of the Data Transfer Officer (DTO) of a military organization requires the configuration of one or more PCs with virus scanning software to be able to screen in-coming media for malicious code.  Unfortunately, the scanning PC itself becomes a major access vector for malware if the PC is running Microsoft Windows-based software.  So, the goal of the prototype was to create a non-Windows based scanner that could be treated as an appliance.  In only 10 days with a limited budget, PTR created the first generation prototype of the SAIC Ravelin system for demonstration using COTS components.  This demonstration vehicle showed that the idea was possible and generated considerable interest from SAIC’s customer base.  This success led to two successive prototypes over the next several months in which both the form factor and operating system would be changed significantly.

With the success of the first phase prototype, additional funding in the next fiscal year became available.  However, the customer wanted to shrink the system down to a book-sized unit and remove the original prototype’s keyboard and monitor and replace it with a simple LCD menu interface the size of a 3.5” drive bay.  Unfortunately, the LCD/menu interface of the open-source project LCDProc, really wasn’t designed for this type of use.  Consequently, PTR engineers made changes to the open-source project to support this new LCD panel and input mechanisms and then contributed that code back to the project.

Working with our partners, PTR was able to create a custom case that was specifically sized for the application including a power supply.  Then, using an industrial COTS motherboard and additional COTS components, PTR created three of the second-phase prototypes for field testing.  The project was delivered under budget and in less than eight weeks from start to finished prototypes complete with powder-coated logos on the units.
In the final prototype, PTR worked with SAIC to create an Atom-based Android platform capable of running the MacAfee Virus Scanner for Linux.  This prototype encompassed several key technology advancements.  First, this prototype was done before the IA32 architecture was officially supported by the Open Handset Alliance.  Therefore, PTR needed to create a port of Android to the Atom-based motherboard that was targeted for use in the system as well as an Android file system that could run from compact flash.

Additionally, a technique for executing Linux-based code under Android and dispatching that code from a custom Android home page that enabled tracking the progress of the malware scan and automatically reporting the results of the scan to both the operator and to a centralized recording facility.  This technique required the development of a specialized chroot jail and encapsulating the Linux code with its own libraries and interface to the Android front end.  Next, custom icons and Android user screens where developed to facilitate set up and operation by non-skilled users.  Once operational, the source code for this system as well as a concept of operations document was turned over to SAIC for use by their internal developers.  This product is expected to come to market in the not-too-distant future.