GrammaTech to develop security system for AFRL
STONESOUP seeks to address a key problem in today’s world: How can we use software securely if we do not know how or by whom the software was created, or where its component parts originated? Software is produced around the world; component parts come from many different places and are integrated into larger systems. The production of software increasingly involves contract software engineers and off-shore suppliers because it is often prohibitively expensive to generate a major system completely in-house. Accordingly, security-conscious users require ways to assure that the software they utilize performs no malicious actions. GrammaTech, Raytheon, the University of Virginia, and the Georgia Institute of Technology will combine state-of-the-art technologies that together will make a significant contribution to solving this problem.
According to Tim Teitelbaum, GrammaTech’s co-founder and CEO, “Application software is rarely subject to rigorous analysis; this lack of quality control is complicated by the fact that software producers can issue updates and fixes at a rate faster than present processes can evaluate their effects. In concert with our partners, we intend to advance automated techniques for software analysis, to combine them with methods for confining software execution so that known weaknesses cannot be exploited, to diversify software components so that residual vulnerabilities will be more difficult for attackers to discover or exploit, and to remediate software components with automatically-generated and evaluated software patches.”
Development and Demonstration Efforts
GrammaTech will apply its deep expertise in source and machine code analysis to discover and remediate software problems through static analysis and automated, high-coverage testing. GrammaTech will provide both program-analysis technology and research expertise. GrammaTech’s Dr. David Melski, an expert in static and run-time analysis, will be the principal investigator for this effort.
Researchers at the University of Virginia School of Engineering and Applied Science (led by Professors Jack Davidson and John Knight) will contribute expertise in translation of running software and runtime detection of memory errors, as evident in their Strata and MEDS tools; these technologies monitor running programs. Researchers at the Georgia Institute of Technology (led by Professor Wenke Lee) will build on their Secure In-VM Monitoring technology, which both reduces a program’s vulnerability to attack and confines the effects of software exploits. A group at Raytheon Company (led by Tom Bracewell) will provide large-scale integration capability and apply the integrated system to real-world applications.
The IARPA-sponsored project is an example of GrammaTech's growing success in applying its core technologies in program analysis of both source and machine code to improve safety, security, and robustness of desktop and embedded software.
About GrammaTech
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes twelve PhDs working on automated program analysis. The company has headquarters in Ithaca, NY.

Check out our free e-newsletters
to read more great articles.
- Posted in:
- Project
- Related Portals:
- Cybersecurity
MORE PROJECT NEWS
-
Machine Vision Technology Market: Need for Automation to Push Adoption Globally
The global market for machine vision technology is expected to witness a stable 8.40% CAGR from 2015 to 2021. Considering this growth rate, the...
-
X-ES Introduces XPedite5850 COM Express Module Featuring Powerful NXP QorIQ T4240 Processor
Extreme Engineering Solutions (X-ES) is excited to announce the XPedite5850, a ruggedized COM Express® module supporting an enhanced Type 5-based...
-
MQTT is easy when you are using Tibbo BASIC/C-programmable devices
Very useful MQTT library and a pair of demo projects illustrating the use of the new MQTT library
-
Movicon used in MSC Cruise Ship Overhaul Project
This extraordinary engineering feat was achieved by slicing the ship in half by following a line marked out with accurate sandblasting and...
-
Aveva to supply virtualization software to platform in North Sea
AVEVA Activity Visualisation Platform will be used to improve operational training on Total’s Martin Linge topside platform in the North Sea
RELATED
-
Valve Manufacturers Association of America (VMA) announces 2019 Annual Valve Industry Knowledge...
The 2nd Annual Valve Industry Knowledge Forum will be held April 9-11, 2019 at the Doubletree Hotel at Perimeter Park in Birmingham, AL.
-
Northrop Grumman Corporation announces appointment Om Prakash as Chief Executive, Japan
As chief executive, Northrop Grumman Japan, Prakash will be responsible for ensuring effective performance on current programs, as well as...
-
CyberX partners with Spire Solutions to strengthen industrial cybersecurity solutions in the...
CyberX is an industrial cybersecurity company to have been awarded a patent for its ICS-aware threat detection analytics and machine learning...
-
Network Monitoring: Passive, Active or Both
By Zane Blomgren, Tripwire
There is little doubt that the need for OT operators to adapt to stronger cyber security postures is getting... -
Claroty announces Admiral (Ret.) Michael S. Rogers as Chairman of the company’s Board of Advisors
As Chairman of Claroty’s Board of Advisors, Rogers will lead a distinguished cadre of business and security leaders to provide guidance and...