Tool Output Integration Framework (TOIF) Upgrade for Hybrid Analysis Mapping

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: HSHQDC-13-C-00045
Agency Tracking Number: HSHQDC-13-R-00009-H-SB013.1-002-0005-I
Amount: $99,641.93
Phase: Phase I
Program: SBIR
Awards Year: 2013
Solicitation Year: 2013
Solicitation Topic Code: H-SB013.1-002
Solicitation Number: HSHQDC-13-R-00009
Small Business Information
Data Access Technologies, Inc
12209 Kyler Ln., Suite 104, Herndon, VA, 20171-1624
DUNS: 019383376
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Cory Casanave
 CEO
 (703) 880-6708
 cory-c@modeldriven.com
Business Contact
 Cory Casanave
Title: CEO
Phone: (703) 880-6708
Email: cory-c@modeldriven.com
Research Institution
N/A
Abstract
Building on the prior standards based work for the Tool Output Integration Framework (TOIF) and KDM - ISO/IEC 19506, this project will bring together dynamic and static analysis test results from multiple tools into a single solution that will provide a unified platform for security testing and application risk management. Software fault patterns (SFP) and Common Weakness Enumerations (CWE) will be leveraged to integrate information that typically resides in separate point products. The proposed solution will allow for detailed analysis and more precise results including correlation of results from dynamic and static assessments. The resulting integrated vulnerability reports provide more information about the discovered vulnerabilities, including actionable system-level information that links proof-of-exploit with line-of-code details and recommendations for mitigating them. A key element of this research is leveraging the past success of TOIF and the proven ability to combine and leverage the results of multiple tools. The initial TOIF work focused on static analysis, this work extends that to dynamic and penetration tools. More than combining data, the results from multiple tools is semantically integrated using KDM systems knowledge, formalized SFPs and CWEs into the TOIF knowledge base. Encompassing both static and dynamic analysis in a single knowledge framework encompassing overall systems knowledge provides a unique and formally unavailable capability.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government