Source-Code Vulnerability Detection

Award Information
Agency:
Department of Defense
Amount:
$99,981.00
Program:
SBIR
Contract:
F30602-02-C-0064
Solitcitation Year:
N/A
Solicitation Number:
N/A
Branch:
Air Force
Award Year:
2002
Phase:
Phase I
Agency Tracking Number:
021IF-0752
Solicitation Topic Code:
N/A
Small Business Information
Grammatech, Inc.
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
N
Duns:
603978321
Principal Investigator
 Paul Anderson
 Senior Software Engineer
 (607) 273-7340
 paul@grammatech.com
Business Contact
 Ray (Tim) Tietelbaum
Title: Chairman
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
N/A
Abstract
"The problem of information security has become critical because of the growing dependence of the economy and the armed forces on complex networked information systems. Of particular concern are security vulnerabilities that are caused by programmingerrors. We plan to study the feasibility and plan the development of a security vulnerability detection toolkit based on advanced static analyses. Our plan is targeted at semi-automatic detection of security vulnerabilities in C and C++ source code.This work will build on our own dependence-graph based COTS product for program understanding named CodeSurfer. We will focus our efforts on addressing technologies to detect vulnerabilities caused by buffer overflows, race conditions, and memory accesserrors. We will investigate the application of constraint analysis, dependence analysis, constant propagation, array subscript analysis, and other static analyses to the problem of vulnerability detection. We will develop a plan to integrate theseanalyses with CodeSurfer, in order to produce a commercial vulnerability detection toolkit. The proposed system will help eliminate vulnerabilities in open- and closed-source software systems. In doing so it will meet an emerging market need for securitycode-audit tools."

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government