Mathematically Rigorous Methods for Determining Software Quality

Award Information
Agency:
Department of Defense
Branch
Navy
Amount:
$100,000.00
Award Year:
2010
Program:
STTR
Phase:
Phase I
Contract:
N00014-10-M-0251
Agency Tracking Number:
N10A-035-0544
Solicitation Year:
2010
Solicitation Topic Code:
N10A-T035
Solicitation Number:
2010.A
Small Business Information
GrammaTech, Inc
317 N. Aurora Street, Ithaca, NY, 14850
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
603978321
Principal Investigator:
Denis Gopan
Senior Scientis
(608) 827-0657
gopan@grammatech.com
Business Contact:
Ray Teitelbaum
CEO
(607) 273-7340
tt@grammatech.com
Research Institution:
University of Wisconsin
Thomas Reps
1210 West Dayton Street
Madison, WI, 53706
(608) 262-2091
Nonprofit college or university
Abstract
Software is rarely written entirely from scratch. Typically, third-party commercial off-the-shelf (COTS) components are integrated into larger software systems used both in the commercial sector and in critical infrastructure. Third-party components often come in binary form, e.g., as dynamically linked libraries, Active X controls, or plain executables. That is, the source code for those components is typically unavailable and the debug information is stripped. Additionally, to hamper reverse-engineering attempts, the binaries of those components are often further protected with anti-tamper techniques and obfuscations. The lack of source code for third-party components prevents most existing security-analysis tools from exposing the vulnerabilities and malicious behaviors harbored by those components themselves, as well as by software systems that integrate those components. We propose to design and build a tool that will conduct rigorous analysis of machine code to assess its quality. The tool will automatically identify vulnerabilities in third-party components and will assist security analysts in spotting unexpected and potentially malicious behavior in the third-party code. The proposed tool will integrate with existing GrammaTech source-code-analysis tools to boost their effectiveness in dealing with third-party components and libraries.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government