You are here

MoSRA: Modular Software Risk Assessment

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: 70RSAT21C00000023
Agency Tracking Number: 21.1-DHS211-007-0037-I
Amount: $149,976.40
Phase: Phase I
Program: SBIR
Solicitation Topic Code: DHS211-007
Solicitation Number: DHS211
Solicitation Year: 2021
Award Year: 2021
Award Start Date (Proposal Award Date): 2021-05-11
Award End Date (Contract End Date): 2021-10-10
Small Business Information
1855 1st Ave Ste 103
San Diego, CA 92101-2655
United States
DUNS: 828934914
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Ulrich Lang
 (650) 515-3391
Business Contact
 Ulrich Lang
Title: CEO
Phone: (650) 515-3391
Research Institution

The objective of the solicitation is to develop a commercial capability and product to analyze compiled binary executables of Windows applications, that can detect and report embedded software library information in multi-faceted software packages. The libraries are shared, for example as Windows .dll files, or are directly linked into static binaries, and are not available as source code. Normally, the binary is also stripped, all symbol information is removed. This means that software users in most cases do not know on which libraries (including version information) their applications are based on. We propose a product for supply chain risk management and provenance of binary applications. It shall process binary applications and the libraries they use, shall generate similarity graphs and reports of libraries. Our technical approach is based on a binary similarities analysis between pairs of functions, using a graph database. First of all, we split the binary to analyze into individual functions, and then calculate, in an optimized way, a similarity index between pairs of the functions in the binary and functions we already have in the graph database, from previous analysis.The similarity indices are stored the database, and as result we now can calculate full software provenance graphs of the analyzed binaries and libraries, including version history graphs of the individual libraries. The graphs are visualized, for example the libraries used by an application can be shown, and reports of applications and referenced libraries are generated.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government