You are here

SIENNA LOCOMOTIVE

Award Information
Agency: Department of Defense
Branch: Army
Contract: W56KGU-15-C-0042
Agency Tracking Number: A151-043-0392
Amount: $99,751.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: A15-043
Solicitation Number: 2015.1
Timeline
Solicitation Year: 2015
Award Year: 2015
Award Start Date (Proposal Award Date): 2015-09-18
Award End Date (Contract End Date): 2016-02-17
Small Business Information
228 Park Ave S #80688
New York, NY 10003
United States
DUNS: 078801536
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Nicholas DePetrillo
 Principal Security Researcher
 (917) 817-0359
 nick@trailofbits.com
Business Contact
 Nicholas DePetrillo
Title: Mr.
Phone: (917) 817-0359
Email: nick@trailofbits.com
Research Institution
N/A
Abstract

As the use of software to control more of the world inexorably increases, so does the importance of having confidence that software cannot easily be subverted by attackers. To provide this assurance, several techniques have been developed. One of the most effective and low-cost is software fuzzing, which randomly and semi-randomly permutes software inputs (e.g. files or network data). The software being tested is monitored for crashes which generally indicate poor code quality and potential security vulnerabilities. Fuzzing generally produces hundreds or thousands of crashes, each a candidate software vulnerability that must be mitigated. Each crashing input needs to be manually evaluated for exploitability and the severity of the vulnerability. The severity of each crash is a valuable metric to helps prioritize limited remediation resources. What if a system could characterize a crash, automatically, in terms of severity This document proposes the initial research into and the development of an advanced exploitability reasoning system.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government