GrammaTech, Inc. today announced that it has been awarded a new SBIR Phase I contract by the United States Air Force for Software Protection to Fight Through an Attack.
New vulnerabilities and attacks on software applications and the underlying systems are discovered daily. While most security research focuses on early detection and prevention of attacks, in reality, successful attacks will continue to be carried out. A particularly nefarious class of attacks is the so-called non-control-data attacks. Instead of directly modifying targets of control-flow transfers, non-control-data attacks corrupt application data in a way that makes an apparently normal execution of the application carry out the attacker's goals. There is a need for tools and techniques that allow critical applications to recover and maintain safe operational state while under cyber attacks and, in particular, under non-control-data attacks. For this contract, GrammaTech will develop a tool that will allow critical applications to recover from attacks and remain operational.
GrammaTech's static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.