Ithaca, NY — GrammaTech, Inc. announced today that it has been awarded a $300,000 Small Business Innovative Research (SBIR) Phase II contract by the National Institute of Standards and Technology (NIST). Under the terms of the agreement, GrammaTech will develop a system that permits efficient and fully automatic insertion of Inlined Reference Monitors (IRMs) into Java bytecode for the purpose of enforcing security policies.
The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. IRMs work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. Advanced static analysis will be used to help reduce the overhead of doing reference monitoring.
The problem of information security has become critical because of the growing dependence of the economy on complex networked information systems. Specification and enforcement of security policies is difficult even when policy-setting authorities have complete control over and knowledge of the target software. In an environment where mobile code is being used, security policy enforcement is even more difficult because little is known about the code being executed. The IRM approach is important because administrators and users can transparently tailor policies on a per-application basis, without requiring access to source code or operating system internals.
