Advanced Static Analysis for Software Assurance

Award Information
Agency: Department of Defense
Branch: Missile Defense Agency
Contract: DASG6002P0137
Agency Tracking Number: 02-0982
Amount: $69,949.00
Phase: Phase I
Program: SBIR
Awards Year: 2003
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Paul Anderson
 Senior Software Engineer
 (607) 273-7340
Business Contact
 Ray (Tim) Teitelbaum
Title: Chairman
Phone: (607) 273-7340
Research Institution
Software continues to be deployed with large numbers of flaws. Existing approaches for detecting flaws in software are mostly dynamic: they rely on the executing the software on a particular set of inputs. In contrast, static approaches consider allpossible executions of the program. Static approaches have achieved some success, but to date have not realized their full potential because they are based on analysis of superficial surface structures, are not interprocedural, not whole-program, and areblind to aliasing effects. We have developed highly-advanced static analysis technology for reverse engineering that addresses these shortcomings, and we now propose to apply that technology to finding flaws in software. Our technology computes thedependence graph representation of programs, which captures their semantics at a much deeper level. We propose a tool that will address a wide range of flaws including resource mismanagement errors, failure mode checking, division by zero defects, andillegal conversions. The challenge is to achieve accuracy (fewer false positives) and completeness (fewer false negatives), while maintaining the ability to scale to very large programs. We propose to prototype the system in Phase I, and develop anexperimentation plan to measure its efficacy. The proposed tool will used to significantly enhance the quality of software systems. It will allow software developers to develop higher-quality software with lower software assurance costs.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government