SBIR-STTR Award

SPAR - Software Pedigree Analyzer and Reporter
Award last edited on: 4/18/2007

Sponsored Program
SBIR
Awarding Agency
DOD : OSD
Total Award Amount
$844,988
Award Phase
2
Solicitation Topic Code
OSD04-SP7
Principal Investigator
Santhosh Cheeniyil

Company Information

Avenda Systems (AKA: Micfrosoft Avenda Systems)

2855 Kifer Road Suite 102
Santa Clara, CA 95051
   (408) 748-1993
   info@avendasys.com
   www.avendasys.com
Location: Single
Congr. District: 17
County: Santa Clara

Phase I

Contract Number: ----------
Start Date: ----    Completed: ----
Phase I year
2005
Phase I Amount
$96,325
Organizations and companies are now recognizing the importance of security in the life cycle of software development and code maintenance. Several recent studies have shown that the risk of not integrating security into the software life cycle can have highly negative impacts. There are some disparate tools and products currently available to monitor and mitigate the risks, but a comprehensive solution is needed for covering the entire pedigree of the software development and release. Avenda Systems proposes a Software Pedigree Analyzer and Reporter (SPAR) solution to monitor, track, analyze and report pertinent data during various phases of software life cycle including code development, product build, release and patch distribution. The solution works with a distributed set of file servers and source code management and version control systems. It supports multiple hardware and software platforms. Avenda Systems will demonstrate the knowledge and foundation to develop a prototype of tools and methods in Phase-I, deliver a complete solution in Phase-II, and a commercially viable product in Phase-III.

Keywords:
CODE PEDIGREE, CODE INTEGRITY, TAMPERPROOFING, SOFTWARE PROTECTION, SOFTWARE SECURITY, SOURCE CODE MANAGEMENT AND VERSIONING, INFORMATION RIGHTS MANAGEMENT, OPERATING SYSTEMS

Phase II

Contract Number: ----------
Start Date: ----    Completed: ----
Phase II year
2006
Phase II Amount
$748,663
The DoD and commercial software companies have made significant investment in software. In the DoD context, these high value applications provide significant technological advantage over our adversaries. It is of paramount importance to protect these applications from reverse engineering, theft or other malicious tampering. We propose a hybridized system called Software Protection and Obfuscation Toolset (SPOT), which provides multiple layers of defense against malicious reverse engineering attacks. The techniques proposed in SPOT provide defenses against both static and dynamic analysis of application binaries. This hybridized approach consisting of code obfuscation, encryption and tamper-proofing will provide an effective deterrent against reverse engineering attacks. Applications protected by the SPOT system can be deployed in hostile environments where the host and the user cannot be trusted. We expect this product to be a major component of the "third leg" to the information assurance triad, namely, the application-centric approach to protecting important DoD software. Our past experience in commercializing SBIR projects, and the experience gained from designing and implementing SPOT will help us to release a commercially viable product in Phase III.

Keywords:
Reverse Engineering, Tamper Proofing, Decompiling, Binary Encryption, Obfuscation, Anti-Debugging, Software Protection