Mathematically Rigorous Methods for Determining Software Quality

Award Information
Agency: Department of Defense
Branch: Navy
Contract: N00014-10-M-0251
Agency Tracking Number: N10A-035-0544
Amount: $100,000.00
Phase: Phase I
Program: STTR
Awards Year: 2010
Solicitation Year: 2010
Solicitation Topic Code: N10A-T035
Solicitation Number: 2010.A
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
DUNS: 603978321
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Denis Gopan
 Senior Scientis
 (608) 827-0657
Business Contact
 Ray Teitelbaum
Title: CEO
Phone: (607) 273-7340
Research Institution
 University of Wisconsin
 Thomas Reps
 1210 West Dayton Street
Madison, WI, 53706
 (608) 262-2091
 Nonprofit college or university
Software is rarely written entirely from scratch. Typically, third-party commercial off-the-shelf (COTS) components are integrated into larger software systems used both in the commercial sector and in critical infrastructure. Third-party components often come in binary form, e.g., as dynamically linked libraries, Active X controls, or plain executables. That is, the source code for those components is typically unavailable and the debug information is stripped. Additionally, to hamper reverse-engineering attempts, the binaries of those components are often further protected with anti-tamper techniques and obfuscations. The lack of source code for third-party components prevents most existing security-analysis tools from exposing the vulnerabilities and malicious behaviors harbored by those components themselves, as well as by software systems that integrate those components. We propose to design and build a tool that will conduct rigorous analysis of machine code to assess its quality. The tool will automatically identify vulnerabilities in third-party components and will assist security analysts in spotting unexpected and potentially malicious behavior in the third-party code. The proposed tool will integrate with existing GrammaTech source-code-analysis tools to boost their effectiveness in dealing with third-party components and libraries.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government