You are here

Software Supply Chain Identification for Compiled Binary Executables

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: 70RSAT22C00000018
Agency Tracking Number: 21.1-DHS211-007-0022-II
Amount: $953,720.18
Phase: Phase II
Program: SBIR
Solicitation Topic Code: DHS211-007
Solicitation Number: 21.1
Solicitation Year: 2021
Award Year: 2022
Award Start Date (Proposal Award Date): 2022-04-29
Award End Date (Contract End Date): 2024-04-28
Small Business Information
828 Fort Street Mall #600
Honolulu, HI 96813-4314
United States
DUNS: 144540283
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 David Siu
 Cybersecurity Lead
 (808) 531-3017
Business Contact
 Ken Cheung
Title: S&T Director
Phone: (808) 531-3017
Research Institution

Computing systems contain increasing and changing software applications from a wide variety of vendors and sources. These applications contain numerous libraries for them to function, which are often not known to the end-user and considered a black box. When these libraries or their dependencies are discovered to have a vulnerability, the end-user relies exclusively on the software publisher to recognize the vulnerability, potentially leaving a time-gap where the vulnerability can be exploited before the publisher notifies affected end-users of the issue. This use-case is magnified when the publisher no longer maintains a piece of software. Current market capabilities lack the sophisticated detection techniques that are needed by the homeland security enterprise (HSE) to protect critical cybersecurity missions from vulnerable and embedded software libraries. In this Phase II project, Oceanit will develop a powerful tool that can detect and report embedded software library information in compiled Windows 64-bit binaries.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government