Secure Environment for Distributed Development (SEDD) using the Software Pedigree Analyzer (SPA)

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$99,945.00
Award Year:
2005
Program:
SBIR
Phase:
Phase I
Contract:
FA8650-05-C-8042
Agency Tracking Number:
O043-SP7-1168
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
SENTAR, INC.
4900 University Square, Suite 8, Huntsville, AL, 35816
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
n/a
Principal Investigator:
Leigh Davis
Principal Analyst II
(256) 430-0860
ldavis@sentar.com
Business Contact:
Peter Kiss
CEO
(256) 430-0860
pkiss@sentar.com
Research Institution:
n/a
Abstract
During large software development projects, assuring tamper-proof source code is often difficult or impossible. Currently, many projects are vulnerable to attacks-both insider and external. The Software Protection Initiative (SPI) is charged with the task of ensuring all modifications to a project's source code can be accounted for using a Software Pedigree Analyzer (SPA). The SPA provides a method for tracking modifications and ensuring user authenticity via a mechanism for non-repudiation. When malicious code is detected, the SPA would allow a project manager to determine exactly which developer made the modification, what specific changes were made, and when the changes occurred. This requires certain data be collected-primarily the who, what, when, where, and how of the source code modifications. Additional capabilities include documenting each change, the ability to revert previous code versions, monitoring personnel activities during source code access, and notifying the proper authorities during abnormal activities. Sentar and SYColeman have teamed to propose a Secure Environment for Distributed Development (SEDD) architecture in order to protect the code pedigree of a software project. SEDD will act as a distributed development environment which programmers access to modify the source code while retaining control over the source code at all times.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government