Source-Code Vulnerability Detection

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$99,981.00
Award Year:
2002
Program:
SBIR
Phase:
Phase I
Contract:
F30602-02-C-0064
Award Id:
57549
Agency Tracking Number:
021IF-0752
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator:
Paul Anderson
Senior Software Engineer
(607) 273-7340
paul@grammatech.com
Business Contact:
Ray (Tim) Tietelbaum
Chairman
(607) 273-7340
tt@grammatech.com
Research Institution:
n/a
Abstract
"The problem of information security has become critical because of the growing dependence of the economy and the armed forces on complex networked information systems. Of particular concern are security vulnerabilities that are caused by programmingerrors. We plan to study the feasibility and plan the development of a security vulnerability detection toolkit based on advanced static analyses. Our plan is targeted at semi-automatic detection of security vulnerabilities in C and C++ source code.This work will build on our own dependence-graph based COTS product for program understanding named CodeSurfer. We will focus our efforts on addressing technologies to detect vulnerabilities caused by buffer overflows, race conditions, and memory accesserrors. We will investigate the application of constraint analysis, dependence analysis, constant propagation, array subscript analysis, and other static analyses to the problem of vulnerability detection. We will develop a plan to integrate theseanalyses with CodeSurfer, in order to produce a commercial vulnerability detection toolkit. The proposed system will help eliminate vulnerabilities in open- and closed-source software systems. In doing so it will meet an emerging market need for securitycode-audit tools."

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government