GrammaTech, Inc., a leading maker of tools that improve and accelerate software development, today announced that the company has been awarded funding to complete Phase II of an STTR contract sponsored by the United States Navy. Within this research project, GrammaTech is creating an Eclipse plug-in that will help developers efficiently create models, used to ensure that software is running as expected.
As software systems continue to become more complex and difficult to secure, it is important to employ multifaceted defenses against cyber-attacks. This research project encourages a defense-in-depth strategy, whereby software is hardened and then monitored to detect breaches and respond to them. In order to make such monitoring more feasible, GrammaTech is building a tool to help developers create better models in an efficient way.
The Eclipse plug-in monitors what the developer is writing in the IDE, analyzes the code directly, and then constructs a model of the application’s expected behavior. The model is generated automatically using GrammaTech’s advanced static analysis technology, and then edited by the user directly. This model can then inform GrammaTech’s run-time monitors, telling them what specific low-level events to observe and which observations should constitute abnormal behavior.
In the past, the effort required to construct precise formal models of source code has inhibited the adoption of formal methods, leading to software that continues to be a weak link in critical systems. By improving the technology for automatically generating models and using these models effectively in run-time monitors, we will enhance the ease and ability to secure contemporary multi-process applications with a significant attack surface.
About GrammaTech:
Originally founded as a spin-off from Cornell University to commercialize software developed by Tim Teitelbaum and Thomas Reps at Cornell’s computer science lab, GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions. GrammaTech’s tools are used by software developers worldwide, spanning a myriad of industries including avionics, medical, industrial control, and other applications where reliability and security are paramount. With both static and dynamic analysis techniques that analyze source code as well as binary executables, GrammaTech provides superior static analysis for better software.