PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB09.2-004
Software Testing and Vulnerability Analysis

N10PC20014 0921066
(FY09.2 Phase I)
Software Assurance Analysis and Visual Analytics

Applied Visions, Inc.
6 Bayview Avenue
Northport, NY 11768-1502

11/01/2009
to
05/15/2010
$99,207.00

Software is a mature discipline, yet more than 98 percent of all PCs have one or more vulnerable programs, and in the US there are 2.7 billion programs open for attack. Efforts to address the problem at the source--during software development--are shockingly inadequate, with many commercial Software Assurance tools focused on detection rather than working to become part of the development process. More effective Software Testing and Vulnerability Analysis is required to identify and remediate vulnerabilities before systems are deployed. The Secure Decisions Division of Applied Visions Inc. proposes to design and develop a Software Assurance Analysis and Visual Analytics system that can be integrated into the Software Development Life Cycle to identify, confirm, and understand weaknesses and vulnerabilities in source code. No single Software Assurance tool is likely to identify all vulnerabilities: we do not propose to develop yet another vulnerability detection method, but to develop a platform for correlating the results of multiple analysis tools. Our approach is to leverage existing tools by providing a framework for linking disparate testing and vulnerability analysis tools, and to provide a visual analytics platform that embeds a mechanism for feedback from human analysis into automated analysis.

H-SB09.2-004
Software Testing and Vulnerability Analysis

N10PC20017 0921090
(FY09.2 Phase I)
Concolic Testing with Metronome

GrammaTech, Inc.
317 N. Aurora Street
Ithaca, NY 14850-4201

11/01/2009
to
05/15/2010
$99,999.99

We propose to build a system that combines novel automatic test generation techniques with state-of-the-art multi-platform continuous integration technology. The proposed system will automatically generate test data by using a combination of symbolic and concrete executions to intelligently explore the space of inputs. The continuous integration technology will enable the system to detect defects very early in the development cycle.

H-SB09.2-004
Software Testing and Vulnerability Analysis

N10PC20004 0921091
(FY09.2 Phase I)
CodeSonar with Metronome

GrammaTech, Inc.
317 N. Aurora Street
Ithaca, NY 14850-4201

11/01/2009
to
05/15/2010
$99,999.99

The current generation of advanced static-analysis tools find vulnerabilities by exploring all possible executions of a program as configured for a single platform. The next quantum leap in capability will be a system that will explore all executions for many different platforms simultaneously. We propose to develop such a system by combining a number of state-of-the-art techniques. Novel continuous integration technology will allow distribution of concurrent analyses across a farm of heterogeneous machines. Advances in our static-analysis engine will exploit machine-code analysis to ferret out subtle platform-specific differences in behavior. The results of these analyses will be collated, filtered, ranked, and presented to the analyst in a single combined report.