Accession Number : AD1005645


Title :   Software Epistemology


Descriptive Note : Technical Report,01 Dec 2013,30 Sep 2015


Corporate Author : THE CHARLES STARK DRAPER LABORATORY, INC. Cambridge United States


Personal Author(s) : Opper,Jeffrey M


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1005645.pdf


Report Date : 01 Mar 2016


Pagination or Media Count : 36


Abstract : The effort developed a comprehensive approach for determining software epistemology which significantly advances the state of the art in automated vulnerability discovery. The approach applies an analytic sieve concept and a novel hashing scheme to a large corpus of open-source software to mine information that indicates the presence of pre- and post-fix conditions in program control flow, fully exploiting the hierarchy of abstraction and richness of data produced by the artifact extraction process, while taking advantage of the scalable computation capabilities present in TitanDB. The developed prototype software system is able to quickly analyze and compare software packages, demonstrating an ability to identify individual software components in a software system and track common vulnerabilities in software packages across large code corpora.


Descriptors :   computer programs , computer security , Vulnerability , Automation , software , risk


Distribution Statement : APPROVED FOR PUBLIC RELEASE