Source Code Vulnerability Detection

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: F30602-03-C-0073
Agency Tracking Number: 021IF-0752
Amount: $749,979.00
Phase: Phase II
Program: SBIR
Awards Year: 2003
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 David Melski
 Senior Software Scientist
 (607) 273-7340
 melski@grammatech.com
Business Contact
 Ray (Tim) Teitelbaum
Title: CEO
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
N/A
Abstract
Buffer-overrun vulnerabilities in programs are responsible for a huge percentage of security breaches worldwide. The widespread use of dynamic testing tools to detect these vulnerabilities has failed to halt or prevent the problem. We propose thedevelopment of a semi-automatic tool for detecting these vulnerabilities statically. Static approaches are superior to dynamic approaches because they compute properties for all possible executions of a program. The proposed tool will use constraintanalysis on a program's variables and buffers to identify locations where buffer overruns can occur. These locations, which may contain false-positives, will be sorted so that those most likely to be genuine faults appear first. A user interface willallow the user to explore the program to determine the actual severity of the problem. Our Phase I results show that we can already find previously undetectable vulnerabilities. In Phase II we propose to improve the analyses to reduce the number of falsepositives, to further develop the user interface, and to identify and alleviate remaining barriers to success. Furthermore, we will cultivate the connections we have made with commercial companies in Phase I in order to achieve commercial success in PhaseIII.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government