PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

16.OATS-003
Multi-Abstractions System Reasoning Infrastructure toward Achieving Adaptive Computing Systems

HSHQDC-16-C-00099 DHS SBIR-2016.OATS-16.OATS-003-0001-II
(DHS SBIR-2016.OATS Phase II)
Multi-Abstractions System Reasoning Infrastructure toward Achieving Adaptive Computing Systems

GrammaTech, Inc.
531 Esty Street
Ithaca, NY 14850-4201

09/29/2016
to
09/28/2018
$749,997.55

Software is a critical part of modern infrastructure. The nation's industry and government bear significant costs due to cyber attacks that steal data or otherwise disrupt operations. Software-based systems are too complex to be protected by a single layer of defense such as a perimeter firewall. Instead, operators need layered defenses that detect, inhibit and even block attackers who breach the perimeter. GrammaTech proposes to develop a tool for protecting and monitoring systems subject to cyber attack. This tool uses a combination of binary rewriting and system-wide event tracking to both harden systems and detect sophisticated attacks. Once complete, it will allow Government and Industry users to detect and block cyber attacks that exploit software vulnerabilities not anticipated by the original software developers. The first key advance of this approach is that we use binary rewriting to insert protection and monitoring directly into programs that are vulnerable to attack. This gives us complete access to program state and behavior in contrast to other techniques that have limited access to what a program does. The second advance is a system-wide monitor that takes low level events and generates a picture of mission health. GrammaTech will draw on its significant technology and expertise in program analysis and security. GrammaTech has successfully transitioned many projects from research to market over its history. Its latest transition is CodeSonar, a bug-finding analysis tool that is used by government, prime defense contractors and others for software assurance.

H-SB010.1-005
Synthetic Biometrics

D11PC20116 1014003
(FY10.1 Phase II)
Synthetic Biometric Image Generator

International Biometric Group
One Battery Park Plaza
New York, NY 10004-1405

05/13/2011
to
02/27/2013
$1,375,000.00

Software capable of generating synthetic fingerprint, face, and iris images may provide tremendous value to DHS organizations, USG components, and commercial organizations involved in development, testing, and operation of biometric systems. Such software could support cost-effective performance evaluation of new algorithms, optimize the speed and accuracy of deployed biometric systems, and reduce development and testing timelines. IBG will develop and license use of datasets on a customer-specific basis. IBG will work with the customer to define requirements and control parameters, such as image quality, demographic distribution, test case for genuine and impostor data, target algorithms. IBG will develop and license a synthetic biometric dataset generator SDK that supports development of standalone applications as well as integration into customer applications and environments. APIs will provide programmatic access to general parameters such as demographic distribution as well as modality-specific parameters such as sensor selection, positions, and quality. To support customers with highly specialized requirements for sensor technologies, demographic characteristics, or system design emulation that are not supported in the base software and that are not accessible through the SDK, IBG will license full source code versions of its synthetic biometric image generator, enabling customers to develop their own models using core libraries.

H-SB013.1-002
Hybrid Analysis Mapping (HAM)

D14PC00060 HSHQDC-13-R-00009-H-SB013.1-002-0002-II
(HSHQDC-13-R-00009 Phase II)
Code Ray: Software Assurance Risk Management Framework for Hybrid Analysis Mapping

Applied Visions, Inc.
6 Bayview Avenue
Northport, NY 11768-1502

03/15/2014
to
05/30/2018
$1,034,352.27

Secure Decisions is developing a software assurance risk management technology called "Code Ray" to: (1) Improve the speed, accuracy and confidence in detection of vulnerabilities by cross-mapping and normalizing the output of hybrid application security testing (HAST) techniques -- dynamic analysis, dynamic tracing, static analysis and contextual analysis. (2) Enhance prioritization and mitigation of vulnerabilities by providing both the run-time context for those vulnerabilities and their mapping to industry and regulatory security standards. (3) Improve the rapid comprehension and assessment of risks associated with vulnerabilities by delivering results in a risk management framework with risk metrics, dashboard, visual analytics, and reporting. (4) Support the education of programmers and security analysts in HAST. We start Phase II with a working TRL4 prototype completed at the end of Phase I. We will iteratively develop and deliver three progressively more-mature versions of Code Ray to the Software Assurance Marketplace (SWAMP), reaching TRL8 by Month 24. We will incrementally add functionality from each of the iterations to the existing Code Dx product, and integrate HAST capabilities in a Security Information Event Management (SIEM). We will also deliver an educational version of Code Ray to assist in teaching secure coding practices. During the proposed 18-month Phase II Option, commencing in Month 25, we will subject Code Ray to full-scale operational use in the SWAMP and in several DHS operational deployments. We will use feedback from the SWAMP users, educators, and operational sites to reach TRL9 within the Phase II Option period.

H-SB014.1-005
Machine-to-Machine Architectures to Improve First Responder Communications

D15PC00033 HSHQDC-14-R-00005-H-SB014.1-005-0008-II
(HSHQDC-14-R-00005 Phase II)
A Scalable, Mobile M2M/SDP/IoT Architecture to Connect First Responders at the Incident Site

BALFOUR Technologies LLC
510 Grumman Road West
Suite 212
Bethpage, NY 11714-3631

03/13/2015
to
07/27/2016
$749,360.86

First Responders need to leverage automated (M2M machine-to-machine), mobile connectivity at an incident site. With connectivity automated through M2M network technology, responders would have much improved situational awareness, and can effectively focus their complete attention on the necessary emergency response actions. We propose to develop a futuristic automated M2M prototype system/architecture, that could be initially deployed NOW, that would enable M2M devices at the emergency site (building sensors, people, and other first responders) to automatically "talk" to each other, providing automated situational awareness and inter-communications. We intend to leverage our previous SBIR Phase I/II/III work and experience in M2M architectures to design and prototype an operational solution that can evolve and leverage emerging "Internet-of-Everything" technologies in the coming years. This solution can be immediately integrated and commercialized into our existing fourDscape situational awareness, command and control, safety, security, and response product/marketplace.

H-SB014.2-002
Automatic Detection and Patching of Vulnerabilities in Embedded Systems

D15PC00113 HSHQDC-14-R-00035-H-SB014.2-002-0011-II
(HSHQDC-14-R-00035 Phase II)
Automated Embedded Vulnerability Identification and Exploitation Mitigation System Using FRAK, Symbiote and Autotomic Binary Structure Randomization

Red Balloon Security
336 West 37th Street Suite 1024
New York, NY 10018-4592

09/04/2015
to
09/18/2016
$754,922.66

We propose to implement a novel Embedded Live-Hardening framework and associated algorithms to combine the state-of-the-art in static firmware vulnerability analysis and mitigation with a suite of novel dynamic defensive techniques powered by Red Balloon Security's software Symbiote technology. While Symbiotes have traditionally been used directly to enforce dynamic firmware integrity attestation in embedded devices, we propose to design new Symbiote payloads capable of not only dynamic attestation, but live attack forensic data collection, analysis and ultimately, live hardening of vulnerable devices based on forensic data collected by other similar deployed devices. Lastly, we propose to design a comprehensive framework for truly integrating all meta-data collected through both static and dynamic analysis components to continuously, and automatically, identify and mitigate vulnerabilities on all protected devices. Such a framework will allow network defenders to: - Maximize vulnerability identification accuracy while minimizing expert human intervention - Minimize reaction time between threat identification and mitigation deployment for proprietary embedded devices - Maximize forensic data collection capabilities on black-box embedded devices - Minimize downtime of vulnerable and compromised devices while drastically increasing the defenders ability to patch vulnerabilities within embedded devices dynamically - Maximize overall embedded security situational awareness across enterprise-level networks of heterogeneous embedded devices We propose to deliver a phase one report that details the component technology designs and time and cost estimates for a phase two contract to implement, test and evaluate these technologies.

H-SB016.1-003
Malware Prediction for Situational Understanding and Preemptive Cyber Defense

HSHQDC-17-C-00007 HSHQDC-16-R-00012-H-SB016.1-003-0020-II
(HSHQDC-16-R-00012 Phase II)
Hybrid Prediction for Embedded Malware

Red Balloon Security
336 West 37th Street Suite 1024
New York, NY 10018-4592

04/15/2017
to
04/14/2019
$746,755.88

Predicting malware trends and designing defenses to defeat the next generation of malware is difficult but necessary in order to significantly increase the cost to attackers of developing malware and executing successful attacks. Without such malware trend predictions, we will continually be defending against yesterday's attacks and will remain unprepared for new threats. Embedded devices are becoming the next target for attackers as traditional workstations and servers become more secure. We will create a hybrid approach toward embedded device malware trend prediction. Our approach targets both long-term malware trend prediction utilizing attack graphs and short-term approaches monitoring malware and capturing forensic data to provide real-time predictions. A hybrid of short-term and long-term approaches offers many benefits. Captured samples would confirm or better inform the long-term predictions of what evasions and attack paths malware uses. Long-term predictions would enable advanced defenses to be prepared to capture malware samples. Our hybridized predictive malware trending scheme will significantly increase situational awareness into both short-term and long-term attack trends. Furthermore, our output will enhance embedded attack incidence response capabilities at an enterprise level and predict future attack trends at both tactical and strategic time scales.

H-SB018.1-006
Improved Human Systems for Computed Tomography

70RSAT19C00000005 FY18.1-H-SB018.1-006-0011-II
(FY18.1 Phase II)
Improved Human Systems for Computed Tomography Speed of Image Review

IDSS Holdings Inc
430 Bedford Road, Suite 204
Armonk, NY 10504-2002

04/17/2019
to
06/16/2020
$998,586.03

IDSS in partnership with Tufts University Human Factors Engineering Program, a leader in Engineering Phycology, proposes to study CT screening system operator burden and reduce image review time by reviewing and making improvements to the GUI and the current man-machine interaction and perform limited prototyping of potential improvement to the operator interface and toolset.

H-SB018.1-008
Automated & Scalable Analysis of Mobile & IoT Device Firmware

70RSAT19C00000006 FY18.1-H-SB018.1-008-0010-II
(FY18.1 Phase II)
Firmware Automated Analysis at Scale with Testing

Red Balloon Security
336 West 37th Street
Suite 1024
New York, NY 10018-4592

05/01/2019
to
11/01/2020
$999,797.00

The firmware running on mobile, embedded, and Internet of things devices is often treated as a blackbox by organizations. These firmware images can contain a myriad of n-day vulnerabilities, both malicious and unintentional backdoors, and other unwanted functionality. Unfortunately, analyzing these firmware images is a difficult and time-consuming task as each firmware can be packed with layers of compression and obfuscation along with specialized operating systems and filesystems. We propose Firmware Automated Analysis at Scale with Testing (FAAST), a technology built on top of Red Balloon Security's FRAK technology, a proprietary framework for unpacking, analyzing, modifying, and packing firmware images. FAAST will integrate additional specialized FRAK analyzers and utilize FRAK's client server architecture to automatically unpack and analyze firmware images returning human and machine readable reports back to the user.

H-SB04.2-001
Cross-Domain Attack Correlation Technologies

NBCHC050144 0423005
(FY04.2 Phase II)
Cross-domain security alert sharing: Worminator

CounterStorm Inc.
15 W. 26th Street
7th Floor
New York, NY 10010-1002

10/01/2005
to
09/30/2008
$750,000.00

This proposal by CounterStorm, Inc. (formerly System Detection) concerns the second phase of research, development, and commercial release of Worminator, an innovative and effective approach to anonymously sharing and correlating security information in real-time. The overriding principle of Worminator is that cross-domain collaboration enhances accuracy and efficacy by enabling rapid detection of worms, zero-day exploits, and slow-and-stealthy attacks currently undetected by existing products. The overarching goal of this Phase 2 effort is to fully incorporate the Worminator technology into CounterStorm`s AntiWorm-1 commercial security product, providing an effective defense against emerging threats. CounterStorm`s Phase 1 effort oversaw the successful development and deployment of the first-generation Worminator architecture at commercial and academic sites. Using Worminator to correlate alerts from CounterStorm's Surveillance Detection Engine, we demonstrated a dramatic reduction in the alert stream, yielding a manageable number of actionable alarms. This Phase 2 effort is organized into four components. First, we will extend Worminator`s collaboration capabilities beyond the sharing of attack source addresses. As a part of this effort, we will integrate Worminator with CounterStorm's Payload Anomaly Sensor (PAYL is the topic of another SBIR Phase 2 proposal). PAYL and Worminator together provide real-time sharing of automatically-generated content signatures to inoculate collaborating sites against attack. Second, we aim to support anonymous collaboration. Third, we plan a fully commercialized implementation of Worminator as an extension of CounterStorm's AntiWorm-1 architecture. Finally, in collaboration with Columbia University, we plan to conduct a comprehensive study of real-world attack behaviors over time, including coverage, response rates, and efficiency under different exchange algorithms. Incorporation of the Worminator technology enhances AntiWorm-1 by allowing rapid and anonymous sharing and correlation of threat information in real time, thus giving sites the ability to block malicious activity before it is seen locally.

H-SB04.2-002
Real-Time Malicious Code Identification

NBCHC050142 0423004
(FY04.2 Phase II)
Packet Content Payload Anomaly Detection

CounterStorm Inc.
15 W. 26th Street
7th Floor
New York, NY 10010-1002

10/01/2005
to
09/30/2007
$750,000.00

This proposal by CounterStorm Inc. (formerly System Detection) concerns the second phase for research, development and commercial release of a novel method to detect malicious code exploits in network traffic. The successful Phase 1 project led to several new innovations and improvements, and commercial development is under way. The PAYL Payload Anomaly Detection sensor will be completely implemented in the CounterStorm AntiWorm-1 product platform and introduced to commercial and government sites. New features of the PAYL anomalous payload detection sensor created under Phase 1 funding demonstrated highly accurate detection and generate signatures for zero-day worm exploits. Experimental evidence demonstrated that "site-specific models" trained and used for testing by PAYL can detect new worms with high accuracy in a collaborative security system. In Phase 2 we continue to build on a new approach that correlates ingress/egress payload alerts to identify the worm's initial propagation. The method also enables automatic signature generation very early in the worm's propagation stage. These signatures can be deployed immediately to network firewalls and content filters to proactively protect other hosts. Tests and evaluations of sensor performance are also proposed for Phase 2. Collaborative research and development by CounterStorm and Columbia University will address several basic problems dealing with handling encrypted content traffic and scaling the sensor to high speed network rates. Significant engineering activities are needed to embed solutions to these performance issues into the CounterStorm AntiWorm-1 Platform. The speed of gigabit networks strains the limits of what can be detected in real-time, especially when decrypting content flows. There are currently no Commercial Off-the-Shelf (COTS) solutions offered today that provide highly efficient content-based anomaly detectors operating on high-speed networks without packet loss. By overcoming these obstacles, we can provide the first effective content-based anomaly detection system to secure high speed networks. The CounterStorm AntiWorm-1 platform with PAYL technology improves accuracy for all worm detection and blocking. More importantly, PAYL facilitates the detection and blocking of non-scanning 'zero-day' worms, adding a significant layer of security to critical IT infrastructures for commercial and government entities.

H-SB05.2-003
DISTRIBUTED BUOY VESSEL DETECTION SYSTEM

D07PC75288 (formerly NBCHC070095) 0523002
(FY05.2 Phase II)
Cost Effective Distributed Buoy Vessel Detection System

Advanced Acoustic Concepts, Inc.
425 Oser Avenue
Hauppauge, NY 11788-3640

04/30/2007
to
07/03/2009
$749,996.00

A layered approach to Maritime Domain Awareness begins with surveillance of vessel traffic as far offshore as possible to allow the advantage of time and space to identify and intercept threats before they can get close enough to affect the Homeland. The team of Advanced Acoustic Concepts (AAC) and Sparton Electronics has provided a solution to this deep-water surveillance problem with a low-cost distributed buoy vessel detection and tracking system based on the Navy's low-cost passive sonobuoy sensor, manufactured by Sparton Electronics, and sonobuoy processing software developed for the Navy by AAC. The Phase I study has indicated that the design will provide a system that can be deployed in water up to 4 km deep and detect all non-cooperative vessels approaching US shores while operating autonomously for at least a year. Among the many commercial applications of the distributed buoy detection system are as a "persistent sonobuoy" system for extended surveillance of both friendly and unfriendly waters off foreign shores, as a perimeter protection system for offshore assets and high-risk Navy platforms, and a surveillance system for commercial cruise line shipping lanes.

H-SB05.2-004
HARDWARE-ASSISTED SYSTEM SECURITY MONITOR

NBCHC070061 0522008
(FY05.2 Phase II)
HARDWARE-ASSISTED SYSTEM SECURITY MONITOR

AFCO Systems Development Inc
150 Broadhollow Road
Room 207
Melville, NY 11747-4901

03/08/2007
to
03/07/2009
$750,000.00

The primary objective of this project is to design and develop a rootkit detection system that also has the capability to protect itself. AFCO Systems Development (ASD) proposes to advance the state of system security monitoring technology and meet its objective by developing a PCI card that combines co-processor based firmware, reconfigurable computing and host-based software to provide a comprehensive and extensible platform against such attacks. The proposed solution will be upgradeable in the field by replacement and/or reconfiguration of its firmware, software or hardware (VHDL). An immediate benefit of this research will be the availability of tool for the detection of rootkits that have been maliciously introduced onto Windows platforms. This is accomplished, not by searching for the particular 'signatures' known to be carried by this type of malware, but rather by the examination of operating system internal data structures for any corruption or inconsistency. This more flexible approach will allow the identification of a much wider class of rootkits than previously attainable. An additional benefit of our research efforts is that the (platform independent) algorithms we develop can be ported over to other environments, including new bus (e.g. PCI express) and processor (e.g. VMX) architectures.

H-SB06.1-006
INSTANTANEOUS REMOTE SENSING DATA RECEIVING AND PROCESSING FOR EMERGENCY RESPONSE

NBCHC080046 0614021
(FY06.1 Phase II)
Department of Homeland Security, SBIR Topic Number H-SB06.1-006, Real-time Airborne data Management System (RAMS)

Pictometry International Corp.
100 Town Centre Drive
Suite A
Rochester, NY 14623-4260

01/29/2008
to
01/28/2010
$750,000.00

The team of Pictometry International, Harris RF and ITT Space Systems has provided a high level design and a capabilities demonstration for Phase I for the near real-time remote sensing data collection system: Real-time Airborne data Management System (RAMS). The system will utilize a varied suite of deployable receivers in the field based on diverse emergency response sensor needs. The objective of this Phase II effort will be to develop a commercially viable scalable system that can be used for disaster response, with special emphasis on large hurricane scenarios. The team has addressed the following in Phase II: - Developing mobile receive units and devising a solution to quickly deploy them in a disaster zone where infrastructure is destroyed - Automating flight planning so that aerial assets can be more effectively deployed - Processing data on the aircraft as part of the sensor technology - Downloading large data streams from the aircraft to the mobile units in an efficient fashion - Quickly disseminating the data from the mobile units to multiple remote locations based on the requirements of each location - Providing a command and control function to track aerial and ground assets and to redeploy based on emerging priorities

H-SB06.1-007
NETWORK-BASED BOUNDARY CONTROLLERS

NBCHC070112 0612009
(FY06.1 Phase II)
Secure Inter-organizational Network Boundary Assurance Devise (SINBAD) Phase II

Dolphin Technology, Inc.
474 Phoenix Drive
Rome, NY 13441-4911

08/20/2007
to
03/19/2009
$749,990.00

This effort proposes to design, develop and productize the Secure Inter-organizational Network Boundary Assurance Device (SINBAD). SINBAD will leverage capabilities and lessons from guard technology to yield an enhanced boundary control and inspection capability suitable for Homeland Security organizations exchanging inter-organizational email with attachments. It will 1) prevent improper disclosure of an organization's sensitive information and 2) protect an organization's IT infrastructure from outside penetration. Instances of SINBAD will be installed between an organization's internal network and existing firewall. The SINBAD design will be modular and extensible thus able to leverage software inspection capabilities developed by 3rd parties within an affordable yet secure network appliance. SINBAD will rely on an SE-Linux Operating System in order to secure the operating. SINBAD will be packaged as a preinstalled 1-2U device allowing it to easily be connected to a network, configured and made operational. Essential SINBAD capabilities will include: Virus detection, PuriFile(RM) scanning, in depth file type verification, sender/receiver validation (to include digital signatures should PKI exist within the organization), enforcement of port-address restrictions, malicious code detection, dirty word checking, content screening based on semantic distance, remote administration, feedback and quarantine of denied transfers, crisis override, and an easily configured XML-based policy model which is stored in a backend database.

H-SB06.1-009
MANAGING MULTI-MEDIA SURVEILLANCE INFORMATION NETWORKS

NBCHC070145 0612006
(FY06.1 Phase II)
fourDscape[TM] Automated Situation Awareness (ASA) System

BALFOUR Technologies LLC
510 Grumman Road West
Suite 212
Bethpage, NY 11714-3631

10/01/2007
to
01/28/2009
$799,926.00

Balfour Technologies is developing a deployable fourDscape[TM]-based Automated Situation Awareness (ASA) System that effectively manages large, distributed surveillance sensor suites and delivers to the user a correlated, integrated, seamless view of extensive areas under surveillance in an interactive 4D browser. During Phase I of this project a scalable system architecture was developed and successfully demonstrated with live, interactive fourDscape[TM]-based demonstrations. In Phase II we will develop a deployable system prototype based on this architecture. The prototype system will process, analyze and correlate a variety and multitude of sensor data feeds, such as video and radiological, extract objects of interest and develop for the user a temporal-spatial view of the area to provide comprehensive situation awareness in a single canvas. This surveillance management system will be deployed in at least two significant sites in the U.S., which will facilitate the enhancement of the prototype system based on user feedback and lessons learned in a real world environment. By the end of Phase II we will have a field-tested system ready for the commercial, government and military homeland security market, with the potential to be deployed at every critical infrastructure location and sensitive security area in every agency, utility, city, county and state in the country and along our borders and ports of entry.

H-SB06.1-010
NON-NUCLEAR SOURCES OR TECHNIQUES TO REPLACE NUCLEAR SOURCES IN COMMERCIAL (NON-MEDICAL) APPLICATIONS

HSHQDC-07-C-00080 0612011
(FY06.1 Phase II)
Development of a Non-Nuclear Soil Density Gauge to Replace Nuclear Density Gauges

TransTech Systems Inc.
1594 State Street
Schenectady, NY 12304-1529

08/31/2007
to
12/30/2008
$999,829.40

Orphaned radioactive sources are a worldwide problem. DHS DNDO is seeking replacement technologies for non-medical orphaned nuclear devices. One such device is the Nuclear Density Gauge (NDG), which is used as a portable test instrument on construction sites where is susceptible to being lost, stolen or damaged. According to the NRC, there are about 25,000 of these units in the US. Of these, the GAO reports that 300 are reported as lost or stolen EACH year. These units pose an obvious security risk. They are also an environmental risk due to the improper disposal or damage of these units. Outside the US, there is an estimated additional 25,000 units. TransTech has developed a spectrographic impedance instrument which uses low energy electromagnetic signals to determine soil density and moisture. In Phase I, TransTech has demonstrated that its technology can achieve measurement precision comparable to a NDG and statistically identical readings with a single soil class. The Phase II objective is to demonstrate that it can be used with other soils and be a replacement for the NDG. Having already successfully commercialized a number of devices for the construction industry, TransTech is ideally positioned to transfer this technology to the market.

H-SB07.2-001
Spectroscopic Methods for Explosives Detection

NBCHC090012 0722012
(FY07.2 Phase II)
Stand Off Detection of VBIED and Suicide Bomber

Energy Research Company
2571-A Arthur Kill Road
Staten Island, NY 10309-1232

12/15/2008
to
03/31/2011
$1,050,000.00

Energy Research Company proposes the continued development of its proprietary technology, Laser Induced Acoustics (LIA), for standoff detection of VBIEDs and suicide bombers, and building a LIA based prototype suitable for high fidelity simulations. LIA uses a laser to interrogate a surface with the resulting acoustic signal indicating the presence of any explosive residues. In addition, we are using advanced signal processing techniques to improve the accuracy of the method.

H-SB09.2-004
Software Testing and Vulnerability Analysis

D11PC20009 0922001
(FY09.2 Phase II)
Multi-Platform Program Analysis

GrammaTech, Inc.
317 N. Aurora Street
Ithaca, NY 14850-4201

06/01/2011
to
11/30/2013
$750,000.00

The current generation of advanced static-analysis tools find vulnerabilities by exploring all possible executions of a program as configured for a single platform. Phase I research confirmed that a significant number of platform-specific defects may be missed if analysis is restricted to a single platform. The next quantum leap in capability will be a system that will explore all executions for many different platforms simultaneously. We propose to develop such a system by combining a number of state-of-the-art techniques. Novel continuous integration technology will allow distribution of concurrent analyses across a farm of heterogeneous machines. Advances in our static-analysis engine will exploit machine-code analysis to ferret out subtle platform-specific differences in behavior. Intelligent test-case-generation technology will find test inputs that trigger platform-specific defects. The results of these analyses will be collated, filtered, ranked, and presented to the analyst as a single combined report. The resulting analysis system will appeal to software producers in many market segments, including communications, medical electronics, avionics, and industrial control.

H-SB09.2-004
Software Testing and Vulnerability Analysis

D11PC20010 0922004
(FY09.2 Phase II)
Software Assurance Analysis and Visual Analytics

Applied Visions, Inc.
6 Bayview Avenue
Northport, NY 11768-1502

01/10/2011
to
12/30/2014
$836,996.16

To increase confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but produce massive data with many false positives. Further, the individual tools catch different vulnerabilities, often with little overlap. The NSA tested five static code analysis tools and found that 84pct of the vulnerabilities were identified by only one tool. These results point to the need to combine and correlate the results of multiple tools to ensure comprehensive vulnerability analysis. However, the disparate interfaces and non-normalized results of each tool make correlation of their results taxing to the software developer. The Secure Decisions Division of Applied Visions Inc. is developing a Software Assurance Analysis and Visual Analytics platform that integrates the results of disparate software analysis tools into a visual environment for triage and exploration of code vulnerabilities. Software developers can explore voluminous vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. Visual analytics focus the user`s attention on the most pressing vulnerabilities. By correlating and normalizing data from multiple tools, the overall vulnerability detection coverage of software is increased.