You are here

Automated Explotability Reasoning

Award Information
Agency: Department of Defense
Branch: Army
Contract: W56KGU-17-C-0044
Agency Tracking Number: A2-6441
Amount: $988,135.61
Phase: Phase II
Program: SBIR
Solicitation Topic Code: A15-043
Solicitation Number: 2015.1
Timeline
Solicitation Year: 2015
Award Year: 2017
Award Start Date (Proposal Award Date): 2017-06-05
Award End Date (Contract End Date): 2018-12-04
Small Business Information
228 Park Ave S #80688
New York, NY 10003
United States
DUNS: 078801536
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Yan Ivnitskiy
 Principal Security Architect
 (347) 879-0204
 yan@trailofbits.com
Business Contact
 Nicholas DePetrillo
Phone: (917) 817-0359
Email: nick@trailofbits.com
Research Institution
N/A
Abstract

Determining the severity of a crash in an application is a vital but time-consuming step in security research. The objective of this research project is to develop a system that can be used to automatically measure and triage the exploitability of crashes. In Phase 1 Trail of Bits performed a survey of extant crash triage tools and approaches and developed a prototype tool for crash triage. Current crash triage tools require an experienced end user to both provide useful input as well as to interpret results in a meaningful fashion. Phase 2 will pursue development of fuzzing and crash triage as a service. The service will reduce the level of expertise and time required to make effective use of fuzzing and crash triage technology. Automated fuzzing and crash triage as a service could find application by governmental and commercial entities for both offensive and defensive security applications. The fully-developed service could provide a low-effort security evaluation for application developers lacking in-house security expertise or the requisite time to develop such expertise.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government