Mathematically Rigorous Methods for Determining Software Quality

Award Information
Agency:
Department of Defense
Branch
Navy
Amount:
$749,509.00
Award Year:
2011
Program:
STTR
Phase:
Phase II
Contract:
N00014-11-C-0447
Award Id:
n/a
Agency Tracking Number:
N10A-035-0544
Solicitation Year:
2010
Solicitation Topic Code:
N10A-T035
Solicitation Number:
2010.A
Small Business Information
317 N. Aurora Street, Ithaca, NY, -
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator:
Denis Gopan
Senior Scientist
(608) 827-0657
gopan@grammatech.com
Business Contact:
Derek Burrows
Contracts Manager
(607) 273-7340
dburrows@grammatech.com
Research Institute:
University of Wisconsin-Madison
Thomas Reps
1210 West Dayton Street
Madison, WI, 53706-
(608) 262-2091
Nonprofit college or university
Abstract
Modern software typically integrates a number of third-party commercial components. The indiscriminate use of such components poses significant security threats to software systems because the components may harbor unintentional vulnerabilities as well as intentionally malicious behaviors. Moreover, third-party components often come only in binary form preventing most existing security-analysis tools from exposing the vulnerabilities and malicious behaviors harbored by those components themselves, as well as by software systems that integrate them. The goal of this project is to build a tool that will conduct rigorous analysis of machine code to assess its quality. The tool will automatically identify vulnerabilities in third-party components and will assist security analysts in spotting unexpected and potentially malicious behaviors in the third-party code. Moreover, the tool will integrate with CodeSonarGrammaTech"s commercially successful program-analysis tool for finding defects in softwareto increase its precision and to boost its effectiveness in dealing with third-party components and libraries. We expect that the integration will significantly reduce the number of false positives reported by CodeSonar and will allow CodeSonar to identify more bugs and vulnerabilities (and, in particular, subtler bugs and vulnerabilities) in software.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government