SPRINT: Secure Programming Using Artificial Intelligence Techniques

Award Information
Agency:
Department of Defense
Branch
Defense Advanced Research Projects Agency
Amount:
$98,969.00
Award Year:
2004
Program:
SBIR
Phase:
Phase I
Contract:
W31P4Q-04-C-R155
Agency Tracking Number:
03SB2-0181
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
ATC - NY
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
101321479
Principal Investigator:
David Guaspari
Staff Scientist
(607) 257-1975
davidg@atc-nycorp.com
Business Contact:
Richard Smith
Controller
(607) 257-1975
rick@atc-nycorp.com
Research Institution:
n/a
Abstract
To meet the demand for more "intelligent" applications-in web services, enterprise software, network management, etc.-developers are turning to the AI technique of rule-based programming. But the very things that make rule-based programming attractive-its flexibility, its introduction of complex and dynamically changing control structures-raise serious security concerns. ATC-NY, in collaboration with Architecture Technology Corporation (ATC), will develop SPRINT, a tool to support secure programming in the rule-based language CLIPS. SPRINT can be thought of as a sophisticated type-checker for a modest extension of CLIPS. The extensions, which take the form of structured comments, provide a way for programmers to indicate more precise constraints on intended execution, and thereby provide "checkable hints" to SPRINT. A program that passes SPRINT type checks will have eliminated many potential security flaws. Since CLIPS is broadly similar to many other rule-based languages, we expect that the techniques and principles developed in this work will be generally applicable.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government