You are here

Tool Output Integration Framework (TOIF) Upgrade for Hybrid Analysis Mapping

Award Information
Agency: Department of Homeland Security
Branch: N/A
Contract: HSHQDC-13-C-00045
Agency Tracking Number: HSHQDC-13-R-00009-H-SB013.1-002-0005-I
Amount: $99,641.93
Phase: Phase I
Program: SBIR
Solicitation Topic Code: H-SB013.1-002
Solicitation Number: HSHQDC-13-R-00009
Timeline
Solicitation Year: 2013
Award Year: 2013
Award Start Date (Proposal Award Date): 2013-05-01
Award End Date (Contract End Date): 2013-10-31
Small Business Information
12209 Kyler Ln. Suite 104
Herndon, VA 20171-1624
United States
DUNS: 019383376
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Cory Casanave
 CEO
 (703) 880-6708
 cory-c@modeldriven.com
Business Contact
 Cory Casanave
Title: CEO
Phone: (703) 880-6708
Email: cory-c@modeldriven.com
Research Institution
N/A
Abstract

Building on the prior standards based work for the Tool Output Integration Framework (TOIF) and KDM - ISO/IEC 19506, this project will bring together dynamic and static analysis test results from multiple tools into a single solution that will provide a unified platform for security testing and application risk management. Software fault patterns (SFP) and Common Weakness Enumerations (CWE) will be leveraged to integrate information that typically resides in separate point products. The proposed solution will allow for detailed analysis and more precise results including correlation of results from dynamic and static assessments. The resulting integrated vulnerability reports provide more information about the discovered vulnerabilities, including actionable system-level information that links proof-of-exploit with line-of-code details and recommendations for mitigating them.

A key element of this research is leveraging the past success of TOIF and the proven ability to combine and leverage the results of multiple tools. The initial TOIF work focused on static analysis, this work extends that to dynamic and penetration tools. More than combining data, the results from multiple tools is semantically integrated using KDM systems knowledge, formalized SFPs and CWEs into the TOIF knowledge base. Encompassing both static and dynamic analysis in a single knowledge framework encompassing overall systems knowledge provides a unique and formally unavailable capability.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government