Developer of commercial embedded software assurance tools and advanced cyber security solutions, GrammaTech, has announced that it has been awarded a $9m, three-year contract from the Office of Naval Research, a division of the United States Department of the Navy, to perform research and development into techniques for protecting software from cyber attacks. The goal of GrammaTech’s contribution to the overall Navy programme is to advance the field of transforming existing software applications so that they are tailored for specific new situations.
The tailoring produces simplified programmes that are safer, more secure, and more efficient. GrammaTech’s approach will automate the removal of irrelevant layers of abstraction, indirection, and other inefficiencies that are introduced into applications as a consequence of modern software-development practices. It will also support removal of programme features and options that are not needed in the specific setting where the transformed programme is to run, that if left in the programme only make it less safe, less secure, and less efficient.
GrammaTech’s system will be built from binary code transformation technologies that contributed to the Ithaca-based firm’s success at the DARPA Cyber Grand Challenge in 2016, where GrammaTech was awarded a million-dollar prize for its second-place finish. End users will be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity - all without breaking the application or disrupting operations. This same technology can also be used to reduce the time between detecting a vulnerability and re-deployment of a repaired system.
As threats emerge and evolve more quickly, it is crucial for organisations to take a proactive approach to protecting their software. “Binary code transformation is a key capability for many legacy Naval applications,” said Tim Teitelbaum, CEO, GrammaTech. “It allows the Navy to re-use existing applications in new contexts in a very affordable fashion, while protecting systems from ever-evolving cyber threats.”
This contract will be part of the science and technology (S&T) projects on Late-stage Software Customisation and Complexity Reduction for Legacy Naval Systems under the Total Platform Cyber Protection Innovative Naval Prototype Programme. “The Office of Naval Research has a history of initiating prescient research efforts on computer-security problems, well before the issues have bubbled up to the public’s attention,” said Thomas Reps, President of GrammaTech. “The larger ‘Software Customisation and Complexity Reduction’ programme that we are part of is a creative effort to build the technology base for a win-win: for software to be made to run faster at the same time as its ‘attack surface’ - the number of potentially attackable features - is reduced.”
Those benefits become magnified in a military setting, underscoring the position of the Office of Naval Research in providing research funding to the nation’s leading computer scientists. The contract, which began on 26th September, was awarded under ONR’s Long Range Broad Agency Announcement for Navy and Marine Corps Science & Technology. GrammaTech will be subcontracting Rutgers University for a portion of the project.