USA flag logo/image

An Official Website of the United States Government

Prioritization of Weapon System Software Assurance Assessment

Award Information

Agency:
Department of Defense
Branch:
N/A
Award ID:
Program Year/Program:
2012 / SBIR
Agency Tracking Number:
F103-169-1893
Solicitation Year:
2010
Solicitation Topic Code:
AF103-169
Solicitation Number:
2010.3
Small Business Information
GrammaTech, Inc
531 Esty Street Ithaca, NY 14850-
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2012
Title: Prioritization of Weapon System Software Assurance Assessment
Agency: DOD
Contract: FA8650-12-C-1349
Award Amount: $750,000.00
 

Abstract:

ABSTRACT: The Air Force, other government organizations, and security-critical software development companies could be more cost-effective by using COTS and open-source software in their information and weapons systems. However, these software sources have significant safety and security risks; the software must be carefully assessed and certified prior to use. Due diligence requires even contracted software to be carefully assessed for safety and security risks. We propose to build an assessment process that combines screening tools and existing detailed analysis tools. The result will be a tool-supported assessment process that enables software assessors to prioritize their detailed analysis efforts, that incorporates security policies in the assessment, and that unifies all the artifacts from human and automated reviews. The proposed tools will solve key challenges such as prioritizing assessment efforts, relating coarse screening results to fine-grained risks, creating assessment tools that accurately predict levels of risk, and auditing tools that can usefully summarize results from disparate automated tools. Organizations responsible for assessments will benefit from a more efficient assessment process, an integrated but extensible set of tools for assessments, and higher confidence in the end result. BENEFIT: A process and tools for assessing the safety and security aspects of executable binaries is useful for any organization that is concerned about the quality of its software and protecting the information it holds. However, military organizations and companies that supply military software have a particularly strong concern for software security. It is known that hostile actors are targeting high-profile and high-value miltary targets. In addition, safety and correctness of software is also important. Faults in embedded software (e.g. weapons systems) can have grave consequences; even faults in desktop systems can lead to inaccurate information or delayed responses in critical situations. Commercial companies have corresponding conerns. Security breaches are highly costly and detrimental to a company's business. Safety errors in code can create major liabilities for the company and risks to human life. Thus military and commercial companies would benefit from the tools proposed here: unified assessment processes that enable documented, prioritized software assessments of safety and security risks; adherence to stated security policies; and an integrated set of detailed automatic assessment tools.

Principal Investigator:

David Cok
VP of Research
(607) 273-7340
dcok@grammatech.com

Business Contact:

Derek Burrows
Contracts Manager
(607) 273-7340
dburrows@grammatech.com
Small Business Information at Submission:

GrammaTech, Inc
317 N. Aurora Street Ithaca, NY -

EIN/Tax ID: 161338879
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No