Tool Output Integration Framework (TOIF) Upgrade for Hybrid Analysis Mapping

Award Information
Agency:
Department of Homeland Security
Branch
n/a
Amount:
$99,641.93
Award Year:
2013
Program:
SBIR
Phase:
Phase I
Contract:
HSHQDC-13-C-00045
Award Id:
n/a
Agency Tracking Number:
HSHQDC-13-R-00009-H-SB013.1-002-0005-I
Solicitation Year:
2013
Solicitation Topic Code:
H-SB013.1-002
Solicitation Number:
HSHQDC-13-R-00009
Small Business Information
12209 Kyler Ln., Suite 104, Herndon, VA, 20171-1624
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
019383376
Principal Investigator:
Cory Casanave
cory-c@modeldriven.com
Business Contact:
Cory Casanave
cory-c@modeldriven.com
Research Institute:
n/a
Abstract
Building on the prior standards based work for the Tool Output Integration Framework (TOIF) and KDM - ISO/IEC 19506, this project will bring together dynamic and static analysis test results from multiple tools into a single solution that will provide a unified platform for security testing and application risk management. Software fault patterns (SFP) and Common Weakness Enumerations (CWE) will be leveraged to integrate information that typically resides in separate point products. The proposed solution will allow for detailed analysis and more precise results including correlation of results from dynamic and static assessments. The resulting integrated vulnerability reports provide more information about the discovered vulnerabilities, including actionable system-level information that links proof-of-exploit with line-of-code details and recommendations for mitigating them. A key element of this research is leveraging the past success of TOIF and the proven ability to combine and leverage the results of multiple tools. The initial TOIF work focused on static analysis, this work extends that to dynamic and penetration tools. More than combining data, the results from multiple tools is semantically integrated using KDM systems knowledge, formalized SFPs and CWEs into the TOIF knowledge base. Encompassing both static and dynamic analysis in a single knowledge framework encompassing overall systems knowledge provides a unique and formally unavailable capability.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government