veriScan

The goal of the Information Assurance Run-time Auditing (IARA) Phase I project was to provide a framework that promotes the specification of software system monitoring, audit, analysis, and threat mitigation capabilities in large scale software intensive systems (LSSIS). IARA was designed to promote software assurance by incorporating novel tools that help certify the operations of untrusted software within a trusted environment. For the Phase II effort, Sentar has re-framed IARA as veriScan to better address the software assurance requirements whos critical operations require off-line analysis. veriScan is envisioned as a software assurance platform for statically and dynamically analyzing and assessing both source and binary software files for the presence of program vulnerabilities, coding weaknesses, and malicious intent. veriScan automates the execution of a critical mass of analysis programs for verifying large scale, mixed programming language systems that are implicitly trusted. veriScan performs risk assessments; reports on those risks in the face of reuse; and provides decision support to enable the mitigation of any risks identified. This Phase II project is particularly focused on developing advanced scanning capabilities for systems software written in FORTRAN and ADA. In addition, this capability will support dynamic vulnerability identification and verification. Approved for Public Release | 16-MDA-8863 (22 September 16)