SBIR-STTR Award

  1. You are here:    Home
  2. Search Databases
  3. Search SBIR-STTR Awards
  4. SBIR-STTR Award

ISABEL - Integrated Secure Automated Bug Extraction List
Award last edited on: 2/2/2018

Sponsored Program
SBIR
Awarding Agency
DOC : NIST
Total Award Amount
$399,763
Award Phase
2
Solicitation Topic Code
N/A
Principal Investigator
David J Musliner

Company Information

Smart Information Flow Technologies (AKA: SIFT LLC~SMART Information Flow Tech)

319 North 1st Avenue Suite 400
Minneapolis, MN 55401
   (612) 339-7438
   contact@sift.net
   www.sift.net
Location: Multiple
Congr. District: 05
County: Hennepin

Phase I

Contract Number: 70NANB17H225
Start Date: 7/31/2017    Completed: 1/30/2018
Phase I year
2017
Phase I Amount
$99,835
The ISABEL program will create symbolic execution signatures to classify bugs in the NIST Bugs Framework. Using the symbolic execution signature ISABEL will find a program input to trigger the bug using fuzz testing. ISABEL will integrate its bug categorization and bug triggering capability with a software development environment using a flexible framework that will allow both open source and commercial software to use ISABEL features. One of the key ISABEL outputs summarizes the bug categories, when they were created and when they were eliminated against the organizations software development timeline. This will allow organizations to see which of their processes are most effective for catching various categories of bugs. ISABEL gives the software development organization actionable intelligence on how to improve their software development process. ISABEL will provide better insight into the science of software development for the entire industry.

Phase II

Contract Number: 70NANB18H169
Start Date: 8/2/2018    Completed: 8/31/2020
Phase II year
2018
Phase II Amount
$299,928
To automatically detect software bugs, understand their characteristics, and categorize them according to the evolving NIST Bugs Framework (BF), SIFT is developing ISABEL: Integrated Secure Automated Bug Extraction List. ISABEL will provide three key functions:- Using symbolic analysis and fuzz-testing tools to find inputs that trigger vulnerabilities (bugs).- Using fuzz-testing, delta-debugging, and other analyses to refine the triggering inputs.- Analyzing fault information and related code to characterize the bug and output a descriptive BF report.Our Phase I research developed a proof of concept implementation, identifying and addressing several key technical risks. We tested the robustness of the approach on thousands of test cases from NISTÂ’s Juliet test suite. In Phase II, we will extend the approach to a broader set of bug classes and improve the bug characterization methods, leading towardsa commercially viable tool for automatically understanding and characterizing software vulnerabilities. By automatically finding software flaws and characterizing them within the BF, ISABEL will help organizations improve their software quality, detecting flaws before they are deployed, and helping rapidly prioritize them for remediation.