Prioritization of Weapon System Software Assurance Assessment

Award Information
Agency:
Department of Defense
Branch
n/a
Amount:
$750,000.00
Award Year:
2012
Program:
SBIR
Phase:
Phase II
Contract:
FA8650-12-C-1349
Award Id:
n/a
Agency Tracking Number:
F103-169-1893
Solicitation Year:
2010
Solicitation Topic Code:
AF103-169
Solicitation Number:
2010.3
Small Business Information
317 N. Aurora Street, Ithaca, NY, -
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator:
David Cok
VP of Research
(607) 273-7340
dcok@grammatech.com
Business Contact:
Derek Burrows
Contracts Manager
(607) 273-7340
dburrows@grammatech.com
Research Institution:
Stub




Abstract
ABSTRACT: The Air Force, other government organizations, and security-critical software development companies could be more cost-effective by using COTS and open-source software in their information and weapons systems. However, these software sources have significant safety and security risks; the software must be carefully assessed and certified prior to use. Due diligence requires even contracted software to be carefully assessed for safety and security risks. We propose to build an assessment process that combines screening tools and existing detailed analysis tools. The result will be a tool-supported assessment process that enables software assessors to prioritize their detailed analysis efforts, that incorporates security policies in the assessment, and that unifies all the artifacts from human and automated reviews. The proposed tools will solve key challenges such as prioritizing assessment efforts, relating coarse screening results to fine-grained risks, creating assessment tools that accurately predict levels of risk, and auditing tools that can usefully summarize results from disparate automated tools. Organizations responsible for assessments will benefit from a more efficient assessment process, an integrated but extensible set of tools for assessments, and higher confidence in the end result. BENEFIT: A process and tools for assessing the safety and security aspects of executable binaries is useful for any organization that is concerned about the quality of its software and protecting the information it holds. However, military organizations and companies that supply military software have a particularly strong concern for software security. It is known that hostile actors are targeting high-profile and high-value miltary targets. In addition, safety and correctness of software is also important. Faults in embedded software (e.g. weapons systems) can have grave consequences; even faults in desktop systems can lead to inaccurate information or delayed responses in critical situations. Commercial companies have corresponding conerns. Security breaches are highly costly and detrimental to a company's business. Safety errors in code can create major liabilities for the company and risks to human life. Thus military and commercial companies would benefit from the tools proposed here: unified assessment processes that enable documented, prioritized software assessments of safety and security risks; adherence to stated security policies; and an integrated set of detailed automatic assessment tools.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government