USA flag logo/image

An Official Website of the United States Government

Virtualization and Static Analysis to Detect Memory Overwriting Vulnerabilities

Award Information

Agency:
Department of Homeland Security
Branch:
N/A
Award ID:
89996
Program Year/Program:
2009 / SBIR
Agency Tracking Number:
0921099
Solicitation Year:
N/A
Solicitation Topic Code:
N/A
Solicitation Number:
N/A
Small Business Information
Zephyr Software LLC
2040 Tremont Rd Charlottesville, VA -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2009
Title: Virtualization and Static Analysis to Detect Memory Overwriting Vulnerabilities
Agency: DHS
Contract: N10PC20012
Award Amount: $96,155.00
 

Abstract:

Memory overwriting vulnerabilities (buffer overflow, format string, double free, integer overflow, etc.) continue to plague commercial and government software, providing avenues for attackers to gain unauthorized control over computer systems. Testing tools are needed that will find vulnerabilities so that fixes can be applied before deployment. Existing vulnerability analyses often rely exclusively on either static or dynamic analysis tools, each of which has its strengths and weaknesses. Many defenses require source code for the application being tested, which is not practical for final acceptance testing by software consumers, who are often not allowed access to the source code of the software vendor. The proposed research will enhance and integrate prior static and dynamic analysis tools to enable software producers and consumers to accomplish two important objectives: (1) To strengthen software testing with respect to exercising potentially vulnerable code, and (2) to identify and fix memory overwriting vulnerabilities before software deployment. Only the binary form of the tested software will be needed. The result of the eventual Phase II effort will be an acceptance testing tool that will be commercialized for Linux and Windows systems.

Principal Investigator:

Clark L. Coleman
(434) 284-3002
clark.coleman@att.net

Business Contact:

Jack W. Davidson
(434) 242-4280
davidsonjw@acm.org
Small Business Information at Submission:

Zephyr Software LLC
2040 Tremont Road Charlottesville, VA 22911-

EIN/Tax ID: 270338717
DUNS: N/A
Number of Employees:
Woman-Owned: Yes
Minority-Owned: Yes
HUBZone-Owned: Yes