GrammaTech Inc, a developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced that it has been awarded a $8.4 million, 4-year contract from Defense Advanced Research Projects Agency (DARPA), to develop technology that generates and deploys secure configurations to commercial off-the-shelf (COTS) equipment rapidly and largely autonomously.
Modern networked systems provide automation in buildings, they control industrial processes and power plants, and they are a key component in modern automobiles. These systems incorporate many general-purpose COTS components that must be configured appropriately for the larger system to meet its operational requirements. The configuration of such networked systems is often done in an ad-hoc way, which may leave critical parameters in their factory settings, exposing unnecessary attack surfaces and weakening the security of the system.
“Seemingly benign minor configuration missteps, such as exposing unneeded services or keeping factory-set access credentials, can quickly add up to serious security breaches in complex networked systems, as the past has proven,” says Mark Hermeling, Senior Director of Product Marketing at GrammaTech, Inc. “This project is focused on reducing the chance of human error in the configuration of these systems.”
GrammaTech will combine its binary analysis technology with contributions from LGS Innovations, SRI International, and Assured Information Security. The result is a set of tools that will analyze implementation, documentation and other available artefacts of a system to generate and deploy a configuration that allows the system to meet its objectives while reducing attack surfaces and eliminating configuration-based vulnerabilities.