According to a notice of intent posted on the FedBizOpps site, the FBI is awarding a sole contract to Geoge Mason University in Fairfax, Virginia, to develop a system for automated security testing of Android applications in the cloud environment.
The FBI will provide matching funds on a jointly funded effort with DARPA under a previously awarded DARPA grant to George Mason.
Under the DARPA grant, researchers at George Mason have been developing an approach to carry out fuzzing attacks, which feed unexpected data to an application as a form of brute force exploitation. “In short, fuzzing is a form of negative software testing that feeds malformed and unexpected input data to a program with the objective of revealing security vulnerabilities”, the researchers explained in a paper.
The George Mason researchers have been working on a way to develop a scalable framework for intelligent fuzz testing of Android applications using cloud computing.
“The framework scales both in terms of code size and number of applications by leveraging the unprecedented computational power of cloud computing. The framework uses numerous heuristics and software analysis techniques to intelligently guide the generation of test cases aiming to boost the likelihood of discovering vulnerabilities”, the researchers noted.