GrammaTech, a leading provider of software assurance, hardening, and cybersecurity solutions, has been selected by the US Government to receive five research contracts that will advance techniques and technologies in static analysis and software protection.
GrammaTech’s research teams will continue their focus on solving the most challenging issues impacting embedded device software. This new set of research projects will augment the company’s commercial software, CodeSonar, which findsbugs, security vulnerabilities, and complex programming defects in software.
Sponsored by branches of the US Department of Defense and the Department of Homeland Security (DHS), GrammaTech’s newest research projects will work to advance our nation’s ability to protect device software. They include the following:
- Critical Vulnerability Discovery Using Big Code (Sponsored by the Defense Advanced Research Projects Agency (DARPA)) Most modern systems incorporate a significant amount of third-party software with lurking bugs that compromise the security of the entire software chain. GrammaTech will develop a vulnerability assessment tool to scan these binary executables and find critical vulnerabilities, using a combination of statistical and language-based techniques.
- Anticipating Malware Evolution (Sponsored by DHS) Building on existing collections of malware and the results of earlier projects such as DARPA’s CyberGenome and MUSE projects, this project will contribute to the battle against harmful malware. GrammaTech will create pattern-recognition and machine-learning algorithms that can identify common characteristics in malware and recognize evolving patterns in new malware, with the goal of spotting evolving threats before they become widespread.
- Injecting Vulnerabilities for Configurable Cyber Defense (Sponsored by DARPA) GrammaTech will develop a tool for generating cybersecurity evaluation benchmarks. The tool will help users evaluate the effectiveness of their current cyber defenses to detect specific vulnerabilities in their software (for instance, by injecting the Heartbleed bug into their software, users could determine if the static analysis tool they are using would have caught the Heartbleed bug, were it part of their applications).
- Recovering the High-Level Architecture of Embedded Systems (Sponsored by the Office of the Secretary of Defense) To enable security researchers to rapidly identify potential cyber access points, weaknesses, and susceptibilities, GrammaTech will develop innovative tools and techniques for recovering/reconstructing the architecture of a software system, accurately modeling and displaying the architecture, and assessing its security.
- Inserting Code into Firmware Image (Sponsored by the US Navy) Fixing the software that runs embedded devices is challenging, especially when you don’t have access to its original source code. GrammaTech will develop a tool that will automate the process of turning a high-level patch description into a modified firmware image, allowing users to modify embedded software as simply as if they had access to the original source.
"We’re pleased to continue our efforts to advance new technologies to solve the ever-expanding problems of cyber-security," said Tim Teitelbaum, GrammaTech’s CEO. "The five new research projects illustrate the technical depth of our team, and will drive our innovations in software analysis and hardening. The results of these projects will help mitigate software threats, and we’re proud to be able to deliver that to our research sponsors."