GrammaTech (“CodeSonar”) joins in DARPA system-security research
This project, funded by the [USA’s] Defense Advanced Research Projects Agency (DARPA) under the Cyber Fault-Tolerant Attack Recovery (CFAR) program, is part of a larger effort at GrammaTech to create highly-effective automated defences against all kinds of cyber-attacks. The CFAR project is just one of several cyber-security projects being worked by GrammaTech, and the fifth in a line of contracts awarded from DARPA.
"Cyber-security continues to present a very large challenge to our nation and commercial business," said Tim Teitelbaum, GrammaTech CEO. "The Internet of Things era signifies a very real threat to our security and safe equipment operation. As the world moves toward more and more connectivity, our business is working hard to advance our ability to prevent the kinds of cyber-attacks that are occurring today, as well as those being planned by criminal organisations and nation states."
The latest contract combines advanced binary analysis and transformation technology with new approaches to binary diversification. Software diversification creates small variations in a program’s implementation to thwart potential attacks yet maintain its original functionality. The resulting technology seeks to allow a system to understand when one of the program variants has been compromised. Subcontractors New York University and the University of Iowa will assist GrammaTech in developing algorithms that will ensure that the automatically-created variants function in the same way.
"If a system can automatically discover that it is under attack, it can automatically prevent the attacker from gaining access to the system," said David Melski, VP of Research at GrammaTech and PI [principal investigator] for the CFAR contract. "By focusing on automatic detection, we eliminate the need to rely on humans to detect malicious activity, which isn’t realistic in today’s highly connected world."
Research at GrammaTech in the field of autonomic computing currently includes work on several other DARPA initiatives, such as Vetting Commodity IT Software and Firmware (VET), Mining and Understanding Software Enclaves (MUSE), Space/Time Analysis for Cybersecurity (STAC), and the Cyber Grand Challenge. Additional research in source code analysis and binary code analysis, to address the challenges of the rapidly-growing complexity and dangers of large computing systems, is ongoing.
GrammaTech’s cyber-security solutions – software analysis and assurance, binary transformations and autonomic computing – are the result of decades of research with both academic and commercial experts, i.e., University of Wisconsin-Madison, University of Virginia, Georgia Institute of Technology, Raytheon, National Science Foundation, NASA, DARPA and the DoD. Much of this research, techniques, and technology has been incorporated into GrammaTech’s CodeSonar product, enabling teams from all industries to quickly scan and analyse their source and binary code to find defects and security vulnerabilities that make their systems open to attack.