Source-Code Vulnerability Detection
Agency / Branch:
DOD / USAF
"The problem of information security has become critical because of the growing dependence of the economy and the armed forces on complex networked information systems. Of particular concern are security vulnerabilities that are caused by programmingerrors. We plan to study the feasibility and plan the development of a security vulnerability detection toolkit based on advanced static analyses. Our plan is targeted at semi-automatic detection of security vulnerabilities in C and C++ source code.This work will build on our own dependence-graph based COTS product for program understanding named CodeSurfer. We will focus our efforts on addressing technologies to detect vulnerabilities caused by buffer overflows, race conditions, and memory accesserrors. We will investigate the application of constraint analysis, dependence analysis, constant propagation, array subscript analysis, and other static analyses to the problem of vulnerability detection. We will develop a plan to integrate theseanalyses with CodeSurfer, in order to produce a commercial vulnerability detection toolkit. The proposed system will help eliminate vulnerabilities in open- and closed-source software systems. In doing so it will meet an emerging market need for securitycode-audit tools."
Small Business Information at Submission:
317 N. Aurora Street Ithaca, NY 14850
Number of Employees: