PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

16.OATS-003
Multi-Abstractions System Reasoning Infrastructure toward Achieving Adaptive Computing Systems

HSHQDC-16-C-00099 DHS SBIR-2016.OATS-16.OATS-003-0001-II
(DHS SBIR-2016.OATS Phase II)
Multi-Abstractions System Reasoning Infrastructure toward Achieving Adaptive Computing Systems

GrammaTech, Inc.
531 Esty Street
Ithaca, NY 14850-4201

09/29/2016
to
09/28/2018
$749,997.55

Software is a critical part of modern infrastructure. The nation's industry and government bear significant costs due to cyber attacks that steal data or otherwise disrupt operations. Software-based systems are too complex to be protected by a single layer of defense such as a perimeter firewall. Instead, operators need layered defenses that detect, inhibit and even block attackers who breach the perimeter. GrammaTech proposes to develop a tool for protecting and monitoring systems subject to cyber attack. This tool uses a combination of binary rewriting and system-wide event tracking to both harden systems and detect sophisticated attacks. Once complete, it will allow Government and Industry users to detect and block cyber attacks that exploit software vulnerabilities not anticipated by the original software developers. The first key advance of this approach is that we use binary rewriting to insert protection and monitoring directly into programs that are vulnerable to attack. This gives us complete access to program state and behavior in contrast to other techniques that have limited access to what a program does. The second advance is a system-wide monitor that takes low level events and generates a picture of mission health. GrammaTech will draw on its significant technology and expertise in program analysis and security. GrammaTech has successfully transitioned many projects from research to market over its history. Its latest transition is CodeSonar, a bug-finding analysis tool that is used by government, prime defense contractors and others for software assurance.