ISABEL - Integrated Secure Automated Bug Extraction List

Award Information
Agency: Department of Commerce
Branch: National Institute of Standards and Technology
Contract: 70NANB18H169
Agency Tracking Number: 036-04-11 (PII)
Amount: $299,927.63
Phase: Phase II
Program: SBIR
Solicitation Topic Code: N/A
Solicitation Number: 2018-NIST-SBIR-02
Timeline
Solicitation Year: 2018
Award Year: 2018
Award Start Date (Proposal Award Date): 2018-08-02
Award End Date (Contract End Date): 2020-08-31
Small Business Information
319 1st Ave N. Suite 400, Minneapolis, MN, 55401
DUNS: 103477993
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 David Musliner
 (612) 325-9314
 musliner@sift.net
Business Contact
 David Musliner
Phone: (612) 325-9314
Email: musliner@sift.net
Research Institution
N/A
Abstract
To automatically detect software bugs, understand their characteristics, and categorize them according to the evolving NIST Bugs Framework (BF), SIFT is developing ISABEL: Integrated Secure Automated Bug Extraction List. ISABEL will provide three key functions:- Using symbolic analysis and fuzz-testing tools to find inputs that trigger vulnerabilities (bugs).- Using fuzz-testing, delta-debugging, and other analyses to refine the triggering inputs.- Analyzing fault information and related code to characterize the bug and output a descriptive BF report.Our Phase I research developed a proof of concept implementation, identifying and addressing several key technical risks. We tested the robustness of the approach on thousands of test cases from NIST’s Juliet test suite. In Phase II, we will extend the approach to a broader set of bug classes and improve the bug characterization methods, leading towardsa commercially viable tool for automatically understanding and characterizing software vulnerabilities. By automatically finding software flaws and characterizing them within the BF, ISABEL will help organizations improve their software quality, detecting flaws before they are deployed, and helping rapidly prioritize them for remediation.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government