Recent Projects

DARPA Space/Time Analysis for Cybersecurity

Our work in the DARPA STAC program involves applying static analysis techniques to the problem of identifying the algorithmic complexity of programs represented by Java byte code.

stac
muse

DARPA Mining and Understanding Software Enclaves

For our project under the DARPA MUSE program we use static analysis to extract program semantic features for machine learning.

DARPA SBIR Direct to Phase II

We recently started work on our CLAIM project involving the detection of malware using semantic/logical matching.

stac
muse

DARPA SBIR Phase I

Performing verified network stack synthesis for seL4.

OASIS SARIF

We are participating in the technical committee for development of the Static Analysis Results Interchange Format (SARIF).

www.oasis-open.org
Bootstrap Framework

DHS S&T Cyber Security Division Static Tool Analysis Modernization Program (STAMP)

Our Static Analysis Architecture Lifecycle Test and Evaluation (STARLITE) project will enhance open source and proprietary static analysis tools, prepare new test suites, develop new methods for evaluating tools, and conduct pilot demonstrations.

Recently Completed...

sana

AFRL Software Producibility Initiative

Together with our teammate Honeywell Aerospace Advanced Technology we explored innovative techniques for combining model-level analysis with source-level analysis in order to provide algorithm-level analysis for certain design constructs. Our SWPI project Static Analysis of Numerical Methods developed such techniques for linear digital filters.

DHS S&T Cyber Security Division

Our Gold Standard project established techniques and benchmarks for evaluating static analysis tools against expectations from the C language standard with respect to memory safety properties.

gold-standard
Theme Options for Bootstrap

NASA System-Wide Safety Assurance Technologies

Our project in the SSAT program is situated under its subtopic Software Intensive Systems: Qualification of Formal Methods Tools. Our project considers the problem of obtaining certification credit for the use of formal methods tools during safety-critical software development and testing. Specifically we study an approach using dissimilar formal methods tool chains to bolster the trustworthiness claims in the certification argument.

R&D Opportunities

Main Themes

Our main engineering work involves the computer science and mathematics of static analysis techniques, whether developing new iteration algorithms, implementing analysis domains, or performing new tool chain integrations. Our core intellectual property is the general-purpose abstract interpretation engine CodeHawk underlying our several static analyzers. In the classic soundness-incompleteness trade space we focus on delivering sound results. Our approach for verification problems delivers the property proof obligations, the invariants, and the available analysis evidence, so that the user can easily check results and can easily identify effort associated with open work. Let's discuss your needs or interests in this field and learn if we can help.

Our Work

The static analyzers we developed have been applied not only to solving traditional source code verification problems but also to solving binary reverse-engineering, malware analysis, and vulnerability analysis problems. We developed techniques for analyzing both sides of an API, for leveraging design model information to enhance source code analysis, and for supporting dynamic and runtime analysis with static analysis results. Because our analyzers produce evidence we also have an interest in assurance case frameworks and safety-critical software certification methods.

We Deliver

We are a small business but frequently serve as a prime contractor with the US government. We are comfortable leading proposal efforts and working with teammates in technical and administrative roles. We maintain a DCAA compliant accounting system for cost-reimbursable contracts under FAR 16.3, and we undergo audits by DCAA when requested by procurement agencies. We organize, plan, and execute the technical performance in coordination with our teammates and the customer, re-planning the R&D efforts when technical discoveries lead us in unanticipated directions.

Are you interested in teaming?

About Us

Learn more about the company's technology and motivating pursuits.

More...

Contact

  +1.650.320.8474