Navy to enhance software code security with tool from GrammaTechNews
August 20, 2013
ITHACA, NY. GrammaTech won a U.S. Navy contract to develop a tool that will enable computer systems to understand and react to malicious cyber attacks and still continue to run safely by specifying expected behavior in their software code.
As misbehaving software is not characterized by some universal pattern, it can be difficult to actively monitor systems to discover breaches and respond to them. Under this project, GrammaTech experts will use a combination of automatic program analysis and manual tuning methods to develop a tool for creating a model of a system’s intended behavior, then capturing its most important properties and determining what low level events need to be tracked in order to observe the system’s critical behavior.
“An important aspect of this tool is that it will be easy for developers to use,” says Tim Teitelbaum, GrammaTech’s CEO. “As the developer codes, the tool will capture his or her notion of what behavior is expected by creating a model that specifies a boundary the application shouldn’t cross. Our runtime monitors will then look for any unexpected behavior and take corrective action, even if the application has been compromised.”
The tool bring an extra layer of protection against attacks, including those that do not involve unusual system call activity.