USA flag logo/image

An Official Website of the United States Government

Source Code Vulnerability Detection

Award Information

Agency:
Department of Defense
Branch:
Air Force
Award ID:
57549
Program Year/Program:
2003 / SBIR
Agency Tracking Number:
021IF-0752
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
GrammaTech, Inc
531 Esty Street Ithaca, NY -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2003
Title: Source Code Vulnerability Detection
Agency / Branch: DOD / USAF
Contract: F30602-03-C-0073
Award Amount: $749,979.00
 

Abstract:

Buffer-overrun vulnerabilities in programs are responsible for a huge percentage of security breaches worldwide. The widespread use of dynamic testing tools to detect these vulnerabilities has failed to halt or prevent the problem. We propose thedevelopment of a semi-automatic tool for detecting these vulnerabilities statically. Static approaches are superior to dynamic approaches because they compute properties for all possible executions of a program. The proposed tool will use constraintanalysis on a program's variables and buffers to identify locations where buffer overruns can occur. These locations, which may contain false-positives, will be sorted so that those most likely to be genuine faults appear first. A user interface willallow the user to explore the program to determine the actual severity of the problem. Our Phase I results show that we can already find previously undetectable vulnerabilities. In Phase II we propose to improve the analyses to reduce the number of falsepositives, to further develop the user interface, and to identify and alleviate remaining barriers to success. Furthermore, we will cultivate the connections we have made with commercial companies in Phase I in order to achieve commercial success in PhaseIII.

Principal Investigator:

David Melski
Senior Software Scientist
6072737340
melski@grammatech.com

Business Contact:

Ray (Tim) Teitelbaum
CEO
6072737340
tt@grammatech.com
Small Business Information at Submission:

GRAMMATECH, INC.
317 N. Aurora Street Ithaca, NY 14850

EIN/Tax ID: 161338879
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No