GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced that it has been awarded a $8.4 million, 4-year contract from Defense Advanced Research Projects Agency (DARPA), an agency of the U.S. Department of Defense, to develop technology that generates and deploys secure configurations to commercial off-the-shelf (COTS) equipment rapidly and largely autonomously.
Modern networked systems are everywhere, they provide automation in buildings, they control industrial processes and power plants, and they are a key component in modern automobiles. These systems incorporate many general-purpose COTS components that must be configured appropriately for the larger system to meet its operational requirements. The configuration of such networked systems is often done in an ad-hoc way, which may leave critical parameters in their factory settings, exposing unnecessary attack surfaces and weakening the security of the system.
“Seemingly benign minor configuration missteps, such as exposing unneeded services or keeping factory-set access credentials, can quickly add up to serious security breaches in complex networked systems, as the past has proven,” says Mark Hermeling, Senior Director of Product Marketing at GrammaTech, Inc. “This project is focused on reducing the chance of human error in the configuration of these systems.”
GrammaTech will combine its binary analysis technology with contributions from LGS Innovations, headquartered in Herndon, VA, SRI International of Menlo Park, CA, and Assured Information Security (AIS) of Rome, NY. The result is a set of tools that will analyze implementation, documentation and other available artefacts of a system to generate and deploy a configuration that allows the system to meet its objectives while reducing attack surfaces and eliminating configuration-based vulnerabilities.
This material is sponsored by the Air Force Research Laboratory (AFRL) and Defense Advanced Research Project Agency (DARPA) under contract number FA8750-18-C-0141. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the AFRL or DARPA.
GrammaTech’s advanced static analysis tool CodeSonar©is used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally spun out of Cornell University, GrammaTech is now a leading research center for software security, and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.
CodeSonar® is a registered trademark of GrammaTech.