PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB09.2-002
Human-Animal Discrimination Capability for Unattended Ground Sensors

N10PC20007 0921154
(FY09.2 Phase I)
Collaborative Human-Animal Discrimination for Unattended Ground Sensors

Innovative Wireless Technologies, Inc.
1047 Vista Park Drive
Forest, VA 24551-4362

11/01/2009
to
05/15/2010
$99,893.10

Effective human-animal discrimination happens collectively at all levels of an UGS system. The ability to classify a target from footsteps alone as human versus non-human given a single modality and sensor is challenging, thus a collaborative network effort increases the system Probability of Detection (Pd) and minimizes Probability of False Alarm (Pfa). IWT proposes leveraging inter-UGS communication to both increase local classification probabilities and provide a system level indication of target intent. Humans crossing the border, cross with a purpose. This trait differs from animals loitering or stationary vegetation swaying in the wind. Correlation of information between UGS nodes provides strong target behavioral information on location, rate, and direction of travel as well as enhancing the alarm statistics of individual UGS units.

H-SB09.2-004
Software Testing and Vulnerability Analysis

N10PC20012 0921099
(FY09.2 Phase I)
Virtualization and Static Analysis to Detect Memory Overwriting Vulnerabilities

Zephyr Software LLC
2040 Tremont Road
Charlottesville, VA 22911-8635

11/01/2009
to
05/15/2010
$96,155.10

Memory overwriting vulnerabilities (buffer overflow, format string, double free, integer overflow, etc.) continue to plague commercial and government software, providing avenues for attackers to gain unauthorized control over computer systems. Testing tools are needed that will find vulnerabilities so that fixes can be applied before deployment. Existing vulnerability analyses often rely exclusively on either static or dynamic analysis tools, each of which has its strengths and weaknesses. Many defenses require source code for the application being tested, which is not practical for final acceptance testing by software consumers, who are often not allowed access to the source code of the software vendor. The proposed research will enhance and integrate prior static and dynamic analysis tools to enable software producers and consumers to accomplish two important objectives: (1) To strengthen software testing with respect to exercising potentially vulnerable code, and (2) to identify and fix memory overwriting vulnerabilities before software deployment. Only the binary form of the tested software will be needed. The result of the eventual Phase II effort will be an acceptance testing tool that will be commercialized for Linux and Windows systems.

H-SB09.2-004
Software Testing and Vulnerability Analysis

N10PC20013 0921152
(FY09.2 Phase I)
Run Time Tools` Output Integration Framework

Data Access Technologies, Inc
8605 Westwood Center Drive
Suite 503/505
Vienna, VA 22182-2231

11/01/2009
to
05/15/2010
$94,141.00

This proposal addresses the key issue in the normalization of software assurance information: how to integrate the vulnerability findings reported by multiple vulnerability detection tools. The normalization will provide normalized, consistent reporting on type of identified weakness (alignment with CWE) as well as normalized, consistent reporting on location and trace of identified weakness within code (source or binary). The project will build upon and extend the results of several recent government-funded programs in the area of software assurance. Once completed the project will develop an open-standard-based Run Time Tool Output Integration Framework (TOIF) and deliver the integration of several existing open source vulnerability detection tools into this framework. This will mitigate one of the major practical gaps with today`s software assurance tools: the non overlapping findings of the current tools and will enable cross examining the vulnerabilities reported by different tools, something that is currently very dependant on human verification and therefore very laborious. This would enable using multiple vulnerability detection tools in a coordinated manner. The anticipated results will be made available to the community (as open source) of tools vendors, leading to further improvements in vulnerability detection tools through normalization of their outputs, better alignment with existing standards, and better exchanges of software assurance information.

H-SB09.2-004
Software Testing and Vulnerability Analysis

D11PC20012 0922003
(FY09.2 Phase II)
Run Time Tools` Output Integration Framework

Data Access Technologies, Inc
8605 Westwood Center Drive
Suite 503/505
Vienna, VA 22182-2231

12/06/2010
to
07/31/2012
$749,988.00

This proposal addresses the key issue in the normalization of software assurance information, how to integrate the vulnerability findings reported by multiple vulnerability detection tools. The normalization will provide normalized, consistent reporting on type of identified weakness (alignment with CWE) as well as normalized, consistent reporting on location and trace of identified weakness within code (source or binary). The project will build upon and extend the results of several recent government-funded programs in the area of software assurance. The phase II R&D effort will utilize phase I deliverables and accomplishments to complete the project and deliver (1) an open-standard-based Run Time Tool Output Integration Framework (TOIF) and (2) the integration of several existing open source vulnerability detection tools into this framework. This will mitigate one of the major practical gaps with today`s software assurance tools, the non-overlapping findings of the current tools and will enable cross-examining the vulnerabilities reported by different tools, something that is currently very dependant on human verification and therefore very laborious. This would enable using multiple vulnerability detection tools in a coordinated manner. The anticipated results will be made available to the community (as open source) of tools vendors, leading to further improvements in vulnerability detection tools through normalization of their outputs, better alignment with existing standards, and better exchanges of software assurance information.

H-SB09.2-007
Enhancing Training Effectiveness through Cognitive State Assessment

N10PC20025 0921121
(FY09.2 Phase I)
Intelligent Bio-Adaptive Team Training System

Human Bionics
190 N 21st Street, Suite B
Purcellville, VA 20132-3077

11/01/2009
to
05/15/2010
$100,000.00

As we face new formidable challenges in the area of global asymmetric warfare, the DHS must be able to rapidly train and test those individuals responsible for screening of persons that may wish to bring harm to the U.S. and its allies. Thus there is a vast need to train individuals faster and to improve training outcomes, possibly by training in teams of screeners working together to improve their operational and situational readiness. Training of personnel to ensure requisite job preparedness with the appropriate operational experience is crucial for mission success. Today`s training environment relies on traditional classroom type sessions utilizing lectures, videos, and web-based methods to communicate the information that screeners need to adequately perform their job. To this end, new methodologies and ideas for training include Team Training Scenarios, which are being presented and awaiting validation under real-world conditions. Team Training allows social interactions among participants, which may reinforce training content uptake and retention through cross associations with other team members. Human Bionics (HB) is leveraging three year`s experience collecting and examining changes in psychophysiological signals from volunteers performing a host of militarily relevant tasks under simulated and real-world conditions. The overall purpose of this work has been to test human-computer mitigation methods and identify an appropriate set of physiological signals and features capable of improving the current state of Screener Training. In Phase I we will determine the feasibility of extending an existing prototype distributed training architecture to meet DHS S&T Training needs.