You are here

Deep Understanding of Complex High-Assurance Hypervisor Source Code

Award Information
Agency: Department of Defense
Branch: Navy
Contract: N00014-08-M-0137
Agency Tracking Number: O072-I09-4020
Amount: $100,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: OSD07-I09
Solicitation Number: 2007.2
Timeline
Solicitation Year: 2007
Award Year: 2008
Award Start Date (Proposal Award Date): 2008-06-03
Award End Date (Contract End Date): 2008-12-03
Small Business Information
317 N. Aurora Street
Ithaca, NY 14850
United States
DUNS: 603978321
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Paul Anderson
 VP of Engineering
 (607) 273-7340
 paul@grammatech.com
Business Contact
 Ray Teitelbaum
Title: CEO and Chairman
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
N/A
Abstract

Hypervisors offer a virtualization platform that is cost effective and attractive from a security point of view because guest operating systems are independent of each other. However, these claims of independence must be certified before it is permitted to use a hypervisor in a security-critical environment. The cost to perform a Common Criteria security evaluation of such low-level system code is very high, and the complexity of the code often thwarts automated tools that could help. We propose to work on advanced static analysis techniques to help reduce this cost by providing user interfaces that aid a user gain understanding of the functionality of the code. When risky features are identified, the hypervisor can be refactored to remove them. The same static analysis techniques can be used to help assess the impact of the refactoring on the remainder of the code. These techniques will include advanced versions of program slicing and chopping, and software model checking. Variations of more superficial techniques will also be explored. The work will build on our existing static analysis platform. We will work closely with the customer and with existing customers involved in performing such certifications.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government