OSD Awards GrammaTech $1M for Binary Architecture Recovery Research

OCTOBER 2018

ITHACA, NY.

GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced that it has been awarded a $1 million, 2-year contract from the Office of the Secretary of Defense (OSD), a division of the Department of Defense, to perform research and development into architecture recovery of binary software. This contract is administered by the Air Force Research Lab, Wright-Patterson Air Force Base in Dayton, Ohio.

The goal of GrammaTech’s contribution is to create high level Unified Modeling Language (UML) based architecture diagrams from information found in native binaries. These diagrams are a valuable asset when performing cyber security assessments.

High level UML based diagrams are typically created during the software development phase. However, the final software implementation often differs from the initial plan and the end user of the software seldom has access to the design documents. The architecture recovery technology that GrammaTech is developing allows security assessors to use UML diagrams to find critical paths through the software. This allows them to quickly focus their investigations on these areas of the application.

“Vulnerability analysis often happens at the level of assembly code which makes it very time consuming and makes it easy to overlook vulnerabilities”, says Dave Ciarletta, Director of Reverse Engineering at GrammaTech, Inc. “This new architecture visualization capability will allow security assessors to look at the big picture first and then focus on sensitive areas in an application to investigate; saving time as well as improving accuracy.”

UML architecture recovery will be integrated into the visualization capability provided by GrammaTech’s CodeSonar® static analysis tool.

This material is sponsored by the United States Air Force Research under contract number FA8650-18-C-1663. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Air Force.

About GrammaTech:

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.