Mathematically Rigorous Methods for Determining Software Quality

Award Information
Agency: Department of Defense
Branch: Navy
Contract: N00014-11-C-0447
Agency Tracking Number: N10A-035-0544
Amount: $749,509.00
Phase: Phase II
Program: STTR
Awards Year: 2011
Solicitation Year: 2010
Solicitation Topic Code: N10A-T035
Solicitation Number: 2010.A
Small Business Information
317 N. Aurora Street, Ithaca, NY, -
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Denis Gopan
 Senior Scientist
 (608) 827-0657
Business Contact
 Derek Burrows
Title: Contracts Manager
Phone: (607) 273-7340
Research Institution
 University of Wisconsin-Madison
 Thomas Reps
 1210 West Dayton Street
Madison, WI, 53706-
 (608) 262-2091
 Nonprofit college or university
Modern software typically integrates a number of third-party commercial components. The indiscriminate use of such components poses significant security threats to software systems because the components may harbor unintentional vulnerabilities as well as intentionally malicious behaviors. Moreover, third-party components often come only in binary form preventing most existing security-analysis tools from exposing the vulnerabilities and malicious behaviors harbored by those components themselves, as well as by software systems that integrate them. The goal of this project is to build a tool that will conduct rigorous analysis of machine code to assess its quality. The tool will automatically identify vulnerabilities in third-party components and will assist security analysts in spotting unexpected and potentially malicious behaviors in the third-party code. Moreover, the tool will integrate with CodeSonarGrammaTech"s commercially successful program-analysis tool for finding defects in softwareto increase its precision and to boost its effectiveness in dealing with third-party components and libraries. We expect that the integration will significantly reduce the number of false positives reported by CodeSonar and will allow CodeSonar to identify more bugs and vulnerabilities (and, in particular, subtler bugs and vulnerabilities) in software.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government