Sanitizing Software of Malicious and Unauthorized Code

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-06-C-8052
Agency Tracking Number: O043-SP6-1119
Amount: $750,000.00
Phase: Phase II
Program: SBIR
Awards Year: 2006
Solicitation Year: 2004
Solicitation Topic Code: OSD04-SP6
Solicitation Number: 2004.3
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Paul Anderson
 Senior Scientist
 (607) 273-7340
 paul@grammatech.com
Business Contact
 Ray Teitelbaum
Title: CEO
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
N/A
Abstract
The problem of malicious code inserted by a hostile inside attacker is of increasing concern to the government. The most efficient time to detect such code is during development. This is currently very difficult as malicious code can often be disguised as an innocent error, and because much code will only be available as object code. Sound static analysis tools that are capable of analyzing machine code directly offer the best hope of detecting these problems. A survey of over fifty static analysis tools in Phase I found that none were capable of addressing this issue. In Phase II we propose to develop such a tool. It will leverage both high-level source information and the actual machine code to create a precise program representation that has many applications in addition to malicious code detection, including machine-code analysis and executable editing. It will offer two modes: a lightweight screening mode requiring few resources but which will fail to detect some problems, and a much sounder mode capable of a much more stringent analysis. The tool will directly benefit software protection as its more precise intermediate representation will enable better and stronger anti-reverse-engineering transformations.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government