You are here

A Real-Time Application Security Analyzer

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: D15PC00249
Agency Tracking Number: DHS SBIR-2015.OATS-15.OATS-002-0001-II
Amount: $749,993.51
Phase: Phase II
Program: SBIR
Solicitation Topic Code: 15.OATS-002
Solicitation Number: DHS SBIR-2015.OATS
Timeline
Solicitation Year: 2015
Award Year: 2015
Award Start Date (Proposal Award Date): 2015-09-28
Award End Date (Contract End Date): 2017-10-13
Small Business Information
591 Camino de la Reina Suite 610
San Diego, CA 92108-3108
United States
DUNS: 010681380
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Robert McGraw
 Chief Technology Officer
 (619) 398-1410
 rmcgraw@ramlabs.com
Business Contact
 Maggie Sullivan
Title: Accounting & Contracts Manager
Phone: (619) 398-1410
Email: msullivan@ramlabs.com
Research Institution
N/A
Abstract

Software developers are faced with a variety of security challenges when developing and deploying new systems. The software may be subject to malicious insiders, external threats and supply chain threats that access systems through poor software hygiene or the presence of zero-day vulnerabilities that the vendor is not aware of. While an array of software assurance tools have been developed that audit code at the source code or static binary level, existing tools do not perform dynamic binary analysis with source code checking to assist developers, nor do they provide a drill-down into software libraries to assist supply chain management in gaining a compliance assessment for the entire software solution.

To address these shortfalls, this project extends the research and development of RAM Laboratories' Real-Time Application Security Analyzer (RASAR) tool. RASAR currently detects and characterizes security vulnerabilities (including zero-day vulnerabilities) in both under development and 3rd party software through source code analysis and dynamic binary instrumentation. This project will add capabilities to the tool suite that prioritize the vulnerabilities as defined by Common Weakness Enumeration, correlate identified binary vulnerabilities with both vulnerabilities found in the Common Vulnerability Exposure database and available source code flaws, and provide a compliance dashboard that tracks and reports supply chain issues for the user. Additionally, audit results will be visualized by the user through the use of a compliance dashboard. The resulting tool will be integrated within the Software Assurance Marketplace.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government