USA flag logo/image

An Official Website of the United States Government

Tool Output Integration Framework (TOIF) Upgrade for Hybrid Analysis Mapping

Award Information

Agency:
Department of Homeland Security
Branch:
N/A
Award ID:
Program Year/Program:
2013 / SBIR
Agency Tracking Number:
HSHQDC-13-R-00009-H-SB013.1-002-0005-I
Solicitation Year:
2013
Solicitation Topic Code:
H-SB013.1-002
Solicitation Number:
HSHQDC-13-R-00009
Small Business Information
Data Access Technologies, Inc
12209 Kyler Ln., Suite 104 Herndon, VA 20171-1624
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2013
Title: Tool Output Integration Framework (TOIF) Upgrade for Hybrid Analysis Mapping
Agency: DHS
Contract: HSHQDC-13-C-00045
Award Amount: $99,641.93
 

Abstract:

Building on the prior standards based work for the Tool Output Integration Framework (TOIF) and KDM - ISO/IEC 19506, this project will bring together dynamic and static analysis test results from multiple tools into a single solution that will provide a unified platform for security testing and application risk management. Software fault patterns (SFP) and Common Weakness Enumerations (CWE) will be leveraged to integrate information that typically resides in separate point products. The proposed solution will allow for detailed analysis and more precise results including correlation of results from dynamic and static assessments. The resulting integrated vulnerability reports provide more information about the discovered vulnerabilities, including actionable system-level information that links proof-of-exploit with line-of-code details and recommendations for mitigating them. A key element of this research is leveraging the past success of TOIF and the proven ability to combine and leverage the results of multiple tools. The initial TOIF work focused on static analysis, this work extends that to dynamic and penetration tools. More than combining data, the results from multiple tools is semantically integrated using KDM systems knowledge, formalized SFPs and CWEs into the TOIF knowledge base. Encompassing both static and dynamic analysis in a single knowledge framework encompassing overall systems knowledge provides a unique and formally unavailable capability.

Principal Investigator:

Cory Casanave
cory-c@modeldriven.com

Business Contact:

Cory B. Casanave
cory-c@modeldriven.com
Small Business Information at Submission:

Data Access Technologies, Inc
12209 Kyler Ln., Suite 104 Herndon, VA 20171-1624

EIN/Tax ID: 650646597
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No