You are here

Mathematically Rigorous Methods for Determining Software Quality

Award Information
Agency: Department of Defense
Branch: Navy
Contract: N00014-10-M-0251
Agency Tracking Number: N10A-035-0544
Amount: $100,000.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: N10A-T035
Solicitation Number: 2010.A
Timeline
Solicitation Year: 2010
Award Year: 2010
Award Start Date (Proposal Award Date): 2010-06-28
Award End Date (Contract End Date): 2011-07-08
Small Business Information
317 N. Aurora Street
Ithaca, NY 14850
United States
DUNS: 603978321
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Denis Gopan
 Senior Scientis
 (608) 827-0657
 gopan@grammatech.com
Business Contact
 Ray Teitelbaum
Title: CEO
Phone: (607) 273-7340
Email: tt@grammatech.com
Research Institution
 University of Wisconsin
 Thomas Reps
 
1210 West Dayton Street
Madison, WI 53706
United States

 (608) 262-2091
 Nonprofit College or University
Abstract

Software is rarely written entirely from scratch. Typically, third-party commercial off-the-shelf (COTS) components are integrated into larger software systems used both in the commercial sector and in critical infrastructure. Third-party components often come in binary form, e.g., as dynamically linked libraries, Active X controls, or plain executables. That is, the source code for those components is typically unavailable and the debug information is stripped. Additionally, to hamper reverse-engineering attempts, the binaries of those components are often further protected with anti-tamper techniques and obfuscations. The lack of source code for third-party components prevents most existing security-analysis tools from exposing the vulnerabilities and malicious behaviors harbored by those components themselves, as well as by software systems that integrate those components. We propose to design and build a tool that will conduct rigorous analysis of machine code to assess its quality. The tool will automatically identify vulnerabilities in third-party components and will assist security analysts in spotting unexpected and potentially malicious behavior in the third-party code. The proposed tool will integrate with existing GrammaTech source-code-analysis tools to boost their effectiveness in dealing with third-party components and libraries.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government