Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP)
For information contact: firstname.lastname@example.org
STONESOUP develops and demonstrates comprehensive, automated techniques that allow end users to securely execute software without basing risk mitigations on characteristics of provenance that have a dubious relationship to security. Existing techniques to find and remove software vulnerabilities are costly, labor-intensive, and time-consuming. Many risk management decisions are therefore based on qualitative and subjective assessments of the software suppliers' trustworthiness. STONESOUP develops software analysis, confinement, and diversification techniques so that non-experts can transform questionable software into more secure versions without changing the behavior of the programs.
Performers (Prime Contractors)
Columbia University; GrammaTech, Inc.; Kestrel Institute; Leidos, Inc.; University of Illinois, Urbana-Champaign
- Cybersecurity & information assurance
- Software assurance
- Vulnerability detection & mitigation
- Columbia University MINESTRONE
- GrammaTech Inc. PEASOUP
- Kestrel Institute VIBRANCE
- Test and evaluation data and reports are available at theNIST SAMATE website.
To access additional STONESOUP program-related publications, please enter the following into a Google Scholar search query: "FA8650-10-C-7025 OR FA8650-10-C-7026 OR FA8650-10-C-7024 OR FA8650-10-C-7022"