Office of Naval Research awards GrammaTech $9M for Cyber-Hardening Security Research
ITHACA, NY - October 2, 2017 / GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced today that it has been awarded a $9M, three-year contract from the Office of Naval Research, a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks.
The goal of GrammaTech’s contribution to the overall Navy program is to advance the field of transforming existing software applications so that they are tailored for specific new situations. The tailoring produces simplified programs that are safer, more secure, and more efficient. GrammaTech’s approach will automate the removal of irrelevant layers of abstraction, indirection, and other inefficiencies that are introduced into applications as a consequence of modern software-development practices. It will also support removal of program features and options that are not needed in the specific setting where the transformed program is to run, that if left in the program only make it less safe, less secure, and less efficient.
GrammaTech’s system will be built from binary code transformation technologies that contributed to the Ithaca-based firm’s success at the DARPA Cyber Grand Challenge in 2016, where GrammaTech was awarded a million-dollar prize for its second-place finish. End users will be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity—all without breaking the application or disrupting operations. This same technology can also be used to reduce the time between detecting a vulnerability and re-deployment of a repaired system.
As threats emerge and evolve more quickly, it is crucial for organizations to take a proactive approach to protecting their software. “Binary code transformation is a key capability for many legacy Naval applications,” said Tim Teitelbaum, CEO of GrammaTech. “It allows the Navy to re-use existing applications in new contexts in a very affordable fashion, while protecting systems from ever-evolving cyber threats.”
This contract will be part of the science and technology (S&T) projects on Late-stage Software Customization and Complexity Reduction for Legacy Naval Systems under the Total Platform Cyber Protection Innovative Naval Prototype Program. “The Office of Naval Research has a history of initiating prescient research efforts on computer-security problems, well before the issues have bubbled up to the public’s attention,” says Thomas Reps, President of GrammaTech. “The larger ‘Software Customization and Complexity Reduction’ program that we are part of is a creative effort to build the technology base for a win-win: for software to be made to run faster at the same time as its ‘attack surface’—the number of potentially attackable features—is reduced.”
Those benefits become magnified in a military setting, underscoring the position of the Office of Naval Research in providing research funding to the nation’s leading computer scientists. The contract, which began on Sept. 26, was awarded under ONR’s Long Range Broad Agency Announcement for Navy and Marine Corps Science & Technology. GrammaTech will be subcontracting Rutgers University for a portion of the project.
GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software.