Mathematically Rigorous Methods for Determining Software Quality

Award Information
Agency:
Department of Defense
Branch
Navy
Amount:
$70,000.00
Award Year:
2010
Program:
STTR
Phase:
Phase I
Contract:
N00014-10-M-0251
Award Id:
95159
Agency Tracking Number:
N10A-035-0544
Solicitation Year:
n/a
Solicitation Topic Code:
NAVY 10T035
Solicitation Number:
n/a
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator:
DenisGopan
Senior Scientis
(608) 827-0657
gopan@grammatech.com
Business Contact:
RayTeitelbaum
CEO
(607) 273-7340
tt@grammatech.com
Research Institute:
University of Wisconsin
Thomas Reps
1210 West Dayton Street
Madison, WI, 53706
(608) 262-2091

Abstract
Software is rarely written entirely from scratch. Typically, third-party commercial off-the-shelf (COTS) components are integrated into larger software systems used both in the commercial sector and in critical infrastructure. Third-party components often come in binary form, e.g., as dynamically linked libraries, Active X controls, or plain executables. That is, the source code for those components is typically unavailable and the debug information is stripped. Additionally, to hamper reverse-engineering attempts, the binaries of those components are often further protected with anti-tamper techniques and obfuscations. The lack of source code for third-party components prevents most existing security-analysis tools from exposing the vulnerabilities and malicious behaviors harbored by those components themselves, as well as by software systems that integrate those components. We propose to design and build a tool that will conduct rigorous analysis of machine code to assess its quality. The tool will automatically identify vulnerabilities in third-party components and will assist security analysts in spotting unexpected and potentially malicious behavior in the third-party code. The proposed tool will integrate with existing GrammaTech source-code-analysis tools to boost their effectiveness in dealing with third-party components and libraries.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government