GrammaTech Research extends its work on automated methods for systems to defend themselves against cyber-attacks
GrammaTech, Inc., a leading developer of software-assurance tools and advanced cyber-security solutions, today announced the start of a new research initiative to make use of modern advances in hardware and software to harden a system’s security. This project, funded by the Defense Advanced Research Projects Agency (DARPA) under the Cyber Fault-Tolerant Attack Recovery (CFAR) program, is part of a larger effort at GrammaTech to create highly-effective automated defenses against all kinds of cyber-attacks. The CFAR project is just one of several cyber-security projects being worked by GrammaTech, and the fifth in a line of contracts awarded from DARPA.
“Cyber-security continues to present a very large challenge to our nation and commercial business,” said Tim Teitelbaum, GrammaTech CEO. “The Internet of Things era signifies a very real threat to our security and safe equipment operation. As the world moves toward more and more connectivity, our business is working hard to advance our ability to prevent the kinds of cyber-attacks that are occurring today, as well as those being planned by criminal organizations and nation states.”
The newest contract combines advanced binary analysis and transformation technology with new approaches to binary diversification. Software diversification creates small variations in a programs implementation to thwart potential attacks yet maintain its original functionality. The resulting technology seeks to allow a system to understand when one of the program variants has been compromised. Subcontractors New York University and the University of Iowa will assist GrammaTech in developing algorithms that will ensure that the automatically-created variants function in the same way.
“If a system can automatically discover that it is under attack, it can automatically prevent the attacker from gaining access to the system,” said David Melski, VP of Research at GrammaTech and PI for the CFAR contract. “By focusing on automatic detection, we eliminate the need to rely on humans to detect malicious activity, which isn’t realistic in today’s highly connected world.”
Research at GrammaTech in the field of autonomic computing currently includes work on several other DARPA initiatives, such as Vetting Commodity IT Software and Firmware (VET), Mining and Understanding Software Enclaves (MUSE), Space/Time Analysis for Cybersecurity (STAC), and the Cyber Grand Challenge. Additional research in source code analysis and binary code analysis, to address the challenges of the rapidly-growing complexity and dangers of large computing systems, is ongoing.
GrammaTech’s cyber-security solutions – software analysis and assurance, binary transformations and autonomic computing – are the result of decades of research with both academic and commercial experts, i.e., University of Wisconsin-Madison, University of Virginia, Georgia Institute of Technology, Raytheon, National Science Foundation, NASA, DARPA and the DoD. Much of this research, techniques, and technology have been incorporated into GrammaTech’s CodeSonar product, enabling teams from all industries to quickly scan and analyze their source and binary code to find defects and security vulnerabilities that make their systems open to attack.