USA flag logo/image

An Official Website of the United States Government

Company Information:

Company Name:
GrammaTech, Inc
Address:
531 Esty Street
Ithaca, NY
Phone:
(607) 273-7340
URL:
EIN:
161338879
DUNS:
603978321
Number of Employees:
53
Woman-Owned?:
No
Minority-Owned?:
No
HUBZone-Owned?:
No

Commercialization:

Has been acquired/merged with?:
N/A
Has had Spin-off?:
N/A
Has Had IPO?:
N/A
Year of IPO:
N/A
Has Patents?:
N/A
Number of Patents:
N/A
Total Sales to Date $:
$ 0.00
Total Investment to Date $
$ 0.00
POC Title:
N/A
POC Name:
N/A
POC Phone:
N/A
POC Email:
N/A
Narrative:
N/A

Award Totals:

Program/Phase Award Amount ($) Number of Awards
SBIR Phase I $5,539,416.99 57
SBIR Phase II $18,313,109.00 27
STTR Phase I $748,993.00 8
STTR Phase II $3,749,114.00 5

Award List:

LANGUAGE BASED SOFTWARE ENVIRONMENTS

Award Year / Program / Phase:
1989 / SBIR / Phase I
Award Amount:
$49,983.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Ray Teitelbaum
Abstract:
The synthesizer generator is a well-known and highly successful prototype system for automating the implementation of language-based software environments. it is currently licensed for research purposes to over 230 sites worldwide, including numerous dod contracts and laboratories, where it is being… More

User-interfaces for Rule-Based Formal-Methods Environments

Award Year / Program / Phase:
1995 / SBIR / Phase I
Award Amount:
$69,986.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Paul Anderson
Abstract:
N/a

User-interfaces for Rule-Based Formal-Methods Environments

Award Year / Program / Phase:
1996 / SBIR / Phase II
Award Amount:
$300,000.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Paul Anderson
Abstract:
Formal methods offer great promise for the elimination of errors in software, but before they can be widely adopted in industry, they must be supported by good tools readily acceptable to professional programmers. Existing formal-methods tools are hobbled by (1) weak user-interfaces, and (2)… More

Multi-Lingual Components for Reverse Engineering

Award Year / Program / Phase:
1997 / SBIR / Phase I
Award Amount:
$98,995.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Paul Anderson
Abstract:
The proposal presents a plan for creating a set of high-quality, language-independent, reusable components for extracting and operating on a program's semantic structure. Theses components will enable sophisticated and accurate analysis because semantic structures come much closer than syntactic… More

N/A

Award Year / Program / Phase:
1999 / SBIR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Paul Anderson
Abstract:
N/a

N/A

Award Year / Program / Phase:
2000 / STTR / Phase I
Award Amount:
$98,999.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Research Institution:
UNIV. OF WISCONSIN - MADISON
RI Contact:
Cheryl Gest
Abstract:
N/a

Inlined Reference Monitors for Java Bytecode

Award Year / Program / Phase:
2001 / SBIR / Phase I
Award Amount:
$74,899.00
Agency:
DOC
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Current state-of-the-art technology for specifying and enforcing security policies for software is generally too inflexible, coarse-grained, and difficult to use. In systems that make use of mobile code, such as Java applets, the situation is yet more difficult. A more flexible and powerful approach… More

Detecting Malicious Code in Firmware

Award Year / Program / Phase:
2001 / SBIR / Phase I
Award Amount:
$99,985.00
Agency / Branch:
DOD / USAF
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
The problem of detecting malicious code has focused until now on techniques that search a program's surface structure representations to find locations where suspicious constructs occur. Such techniques are fundamentally weaker than methods that operateon representations that capture a program's… More

Data Network for Submarine Command, Control, Communication, and Computers

Award Year / Program / Phase:
2001 / SBIR / Phase I
Award Amount:
$69,868.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Real-time embedded systems are becoming increasingly complex and safety critical. In order to satisfy the complexity and safety requirements developers need tools and methodologies that support rigorous and complete specification capabilities, robustautomated translation from design to… More

SBIR Phase I: Dependence Graphs for Internet Technologies

Award Year / Program / Phase:
2001 / SBIR / Phase I
Award Amount:
$99,804.00
Agency:
NSF
Principal Investigator:
Abstract:
This Small Business Innovation Research (SBIR) Phase I project from GrammaTech aims to conduct research that will address fundamental problems facing developers of the software systems that comprise the Internet. Problems with Internet systems such as software faults, security vulnerabilities and… More

A New Technique for Efficient Compression of Information

Award Year / Program / Phase:
2001 / SBIR / Phase I
Award Amount:
$64,929.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
We propose the commercial development of a new data structure thatwill be a plug-compatible replacement for binary-decision diagrams(BDDs). BDDs have proven to be extremely useful across a wide rangeof software applications. For example, they are essential in manyhardware design automation tasks,… More

Verification of Hierarchical Graph Structures

Award Year / Program / Phase:
2001 / SBIR / Phase I
Award Amount:
$98,941.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Embedded systems software is being used for increasingly complex and safety-critical applications. In order to ensure the safe and successful operation of these applications we must verify their safety and mission critical properties, and reduce relianceon a testing process that can only detect the… More

Inlined Reference Monitors for Java Bytecode

Award Year / Program / Phase:
2002 / SBIR / Phase II
Award Amount:
$299,995.00
Agency:
DOC
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Current state-of-the-art technology for specifying and enforcing security policies for software is generally too inflexible, coarse-grained, and difficult to use. In systems that make use of mobile code, such as Java applets, the situation is yet more difficult. A more flexible and powerful approach… More

Detecting Malicious Code In Firmware

Award Year / Program / Phase:
2002 / SBIR / Phase II
Award Amount:
$749,996.00
Agency / Branch:
DOD / USAF
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
"Malicious code is code that has been intentionally added to or changed in a software system with the intention of causing harm, or subverting the intended function of the system. Most digital electronic equipment is controlled by firmware. Firmwarepresents a tempting target to an attacker because… More

Source-Code Vulnerability Detection

Award Year / Program / Phase:
2002 / SBIR / Phase I
Award Amount:
$99,981.00
Agency / Branch:
DOD / USAF
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
"The problem of information security has become critical because of the growing dependence of the economy and the armed forces on complex networked information systems. Of particular concern are security vulnerabilities that are caused by programmingerrors. We plan to study the feasibility and… More

Static Analysis for Automatic Differentiation

Award Year / Program / Phase:
2002 / SBIR / Phase I
Award Amount:
$69,941.00
Agency:
NASA
Principal Investigator:
Paul Anderson, Principal Investigator
Abstract:
Differentiation is the single most important numerical operation inscientific computing. Creating derivative functions manually or byusing finite differencing is error-prone, time-consuming andpotentially inaccurate. Automatic differentiation (AD) holds great promisefor overcoming these problems,… More

Verification of Hierarchical Graph Structures

Award Year / Program / Phase:
2002 / SBIR / Phase II
Award Amount:
$381,099.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
"The security and prosperity of the nation has become increasingly dependent on complex software systems. Unfortunately, current practice usually yields software that is generally unreliable and insecure. The industry must reduce reliance on methods thatcan only detect the presence of faults, and… More

A Refactoring Environment for Ada

Award Year / Program / Phase:
2002 / SBIR / Phase I
Award Amount:
$69,931.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
"The problem of supporting millions of lines of Ada code is of critical importance to the DoD and the missile defense community. The decline in the use of Ada has led to a fall in the supply of trained personnel, and a reduction in vendor tool support. Asmigration to a new language is usually… More

A Refactoring Environment for Incremental Migration of Legacy Code

Award Year / Program / Phase:
2002 / SBIR / Phase I
Award Amount:
$69,897.00
Agency:
NASA
Principal Investigator:
Paul Anderson, Principal Investigator
Abstract:
We propose the development of software technology for the interactive incremental conversion of legacy code to other languages. The goal is to make it cost-effective to migrate code from one language to another. The technology will allow a user to first transform the code to make it amenable to… More

An Aspect-Oriented Solution for Unit Test Generation

Award Year / Program / Phase:
2002 / SBIR / Phase I
Award Amount:
$99,656.00
Agency:
NSF
Principal Investigator:
Abstract:
This Small Business Innovation Research Phase I project will conduct research to design a system for the unit testing of modules. This system will operate by automatically capturing events at the boundary of the module under test while a client of the module executes test cases. These events will be… More

Source Code Vulnerability Detection

Award Year / Program / Phase:
2003 / SBIR / Phase II
Award Amount:
$749,979.00
Agency / Branch:
DOD / USAF
Principal Investigator:
David Melski, Senior Software Scientist
Abstract:
Buffer-overrun vulnerabilities in programs are responsible for a huge percentage of security breaches worldwide. The widespread use of dynamic testing tools to detect these vulnerabilities has failed to halt or prevent the problem. We propose thedevelopment of a semi-automatic tool for detecting… More

SBIR Phase II: An Aspect-Oriented Solution for Unit Test Generation

Award Year / Program / Phase:
2003 / SBIR / Phase II
Award Amount:
$498,243.00
Agency:
NSF
Principal Investigator:
Paul Anderson
Abstract:
This Small Business Innovation Research Phase II project aims to make it much easier to create unit-level regression tests for Java programs. Their benefits are clear, but existing techniques for creating them are flawed because they are difficult to apply to existing code, and tool support… More

SBIR Phase II: An Aspect-Oriented Solution for Unit Test Generation

Award Year / Program / Phase:
2003 / SBIR / Phase I
Award Amount:
$0.00
Agency:
NSF
Principal Investigator:
Paul Anderson
Abstract:
This Small Business Innovation Research Phase II project aims to make it much easier to create unit-level regression tests for Java programs. Their benefits are clear, but existing techniques for creating them are flawed because they are difficult to apply to existing code, and tool support… More

Advanced Static Analysis for Software Assurance

Award Year / Program / Phase:
2003 / SBIR / Phase I
Award Amount:
$69,949.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Software continues to be deployed with large numbers of flaws. Existing approaches for detecting flaws in software are mostly dynamic: they rely on the executing the software on a particular set of inputs. In contrast, static approaches consider allpossible executions of the program. Static… More

Defenses against Reverse Engineering

Award Year / Program / Phase:
2003 / SBIR / Phase I
Award Amount:
$99,921.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Software Scientist
Abstract:
Existing software systems face the threat of reverse engineering. Given enough time and resources, a determined hacker can recover the design of a software program by examining its binary. The consequences of this can be dramatic: the hacker may gainunauthorized access to sensitive computer systems,… More

A Refactoring Environment for Ada

Award Year / Program / Phase:
2004 / SBIR / Phase II
Award Amount:
$749,982.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
The problem of supporting millions of lines of Ada code is of critical importance to the DoD and the missile defense community. The decline in the use of Ada has led to a fall in the supply of trained personnel, and a reduction in tool vendor support. Migration to a new language is usually… More

Static Analysis of AI Systems

Award Year / Program / Phase:
2004 / SBIR / Phase I
Award Amount:
$99,000.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Toolkits for Artificial Intelligence (AI) are increasingly being used in government and industry. If such systems have access to sensitive information, it is important to know their security properties. A toolkit may contain low-level flaws, such as buffer-overrun errors that allow an attacker to… More

Defenses Against Reverse Engineering

Award Year / Program / Phase:
2004 / SBIR / Phase II
Award Amount:
$375,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Scientist
Abstract:
Existing software systems face the threat of reverse engineering. Given enough time and resources, a determined hacker can recover the design of a software program by examining its binary. The consequences of this can be dramatic: the hacker may gain unauthorized access to sensitive computer… More

Modernization of Legacy Software: Re-engineering Low-Level Code

Award Year / Program / Phase:
2004 / SBIR / Phase I
Award Amount:
$99,983.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Scientist
Abstract:
As hardware platforms age, manufacturers are less willing to support them and related technologies. Legacy weapons systems must eventually be modernized. Re-implementation of the legacy software by hand is prohibitively expensive. A system is needed for automatically translating software written… More

Static Analysis Tools for SWRL

Award Year / Program / Phase:
2005 / SBIR / Phase II
Award Amount:
$749,872.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Michael McDougall, Senior Software Engineer
Abstract:
The semantic web is a worldwide effort aimed at attaching machine-understandable semantic information to content, and to develop applications that make use of that information. SWRL (Semantic Web Rule Language) is a logic programming language that is becoming a standard for providing reasoning… More

Software Anti-Tamper for Real-Time Systems

Award Year / Program / Phase:
2005 / SBIR / Phase I
Award Amount:
$69,997.00
Agency / Branch:
DOD / ARMY
Principal Investigator:
David Melski, Senior Scientist
Abstract:
Adversaries reverse engineer weapons systems to replicate a system's advanced capabilities or discover its weaknesses. The software in advanced civilian products is similarly reverse engineered by competitors. Many of these critical systems are real-time systems. The restrictions of real-time have… More

Modernization of Legacy Software: Re-engineering Low-Level Code

Award Year / Program / Phase:
2005 / SBIR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Scientist
Abstract:
As hardware platforms age, manufacturers are less willing to support them and related technologies. Legacy weapons systems must eventually be modernized. Re-implementation of the legacy software by hand is prohibitively expensive. A system is needed for automatically translating software written in… More

Tools for Software Architecture Visualization

Award Year / Program / Phase:
2005 / SBIR / Phase I
Award Amount:
$79,979.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
The problem of supporting large mixed-language software systems is of great importance to the Navy and beyond. Often the only reliable source of information about their architecture is the source code itself. Having a reliable way to automatically create visualizations of the architecture is… More

Semantics-Aware Malware Detection

Award Year / Program / Phase:
2005 / STTR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / ARMY
Principal Investigator:
David Melski, Senior Scientist
Research Institution:
UNIV. OF WISCONSIN, COMP. SCI.
RI Contact:
Somesh Jha
Abstract:
The goal of this proposal is to advance the state-of-the-art in malware detectors, and thereby offer protection against next-generation malicious code. Currently, malware detectors - in the form of commercial virus scanners - are an important component in the defense of computer systems. We propose… More

SBIR Phase I: Defenses Against Malicious Code

Award Year / Program / Phase:
2005 / SBIR / Phase I
Award Amount:
$100,000.00
Agency:
NSF
Principal Investigator:
Abstract:
This Small Business Innovation Research (SBIR) Phase I project will investigate a new approach to hardening programs against attack. The defense mechanism works by controlling how a process can interact with its environment, making it exceedingly difficult for an attacker to commandeer a system and… More

Sanitizing Software of Malicious and Unauthorized Code

Award Year / Program / Phase:
2005 / SBIR / Phase I
Award Amount:
$99,919.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Paul Anderson, Senior Scientist
Abstract:
Development of modern software applications involves the use (or reuse) of a large number of software components from many different developers - some of whom may be unknown, untrustworthy, or even hostile parties. A comprehensive approach is needed for identifying malicious and unauthorized code in… More

Trace-Based Disassembly

Award Year / Program / Phase:
2005 / SBIR / Phase I
Award Amount:
$99,993.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Software Engineer
Abstract:
We propose to develop a trace-based disassembler and integrate it with our break-through binary analysis tool, CodeSurfer/x86. A trace-based disassembler builds a trace of the instruction sequence that is executed at run time (during one or more runs of the program). The trace is analyzed to… More

Run-Time Process Monitoring

Award Year / Program / Phase:
2005 / SBIR / Phase I
Award Amount:
$99,947.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Scientist
Abstract:
Malicious logic may be intentionally inserted into software as is the case with insider attack, or innocent mistakes may open vulnerabilities to worms and the like. We propose a double edged approach to inserting monitoring logic for machine code on all operating systems in order to ensure that:… More

Software Anti-Tamper for Real-Time Systems

Award Year / Program / Phase:
2006 / SBIR / Phase II
Award Amount:
$729,972.00
Agency / Branch:
DOD / ARMY
Principal Investigator:
David Melski, Senior Scientist
Abstract:
Adversaries reverse engineer weapons systems to replicate a system's advanced capabilities or discover its weaknesses. The software in advanced civilian products is similarly reverse engineered by competitors. Many of these critical systems are real-time systems. The restrictions of real-time have… More

Ballistic Missile Defense Innovative Anti-Tamper Techniques

Award Year / Program / Phase:
2006 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Colin Van Dyke, Senior Scientist
Abstract:
Adversaries reverse engineer weapons systems to replicate a system's advanced capabilities or discover its weaknesses. Many of these critical systems are real-time systems. The restrictions of real-time have a significant impact on the implementation of anti-tamper technology. This work will build… More

Information Retrieval Techniques for Software Design Visualization

Award Year / Program / Phase:
2006 / SBIR / Phase I
Award Amount:
$99,994.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Paul Anderson, Senior Software Engineer
Abstract:
Large software systems typically comprise many components written in many different languages that communicate through complex interfaces. The code base will consist of a mixture of source code, configuration files, test vectors and other artifacts. Tools are needed to help software engineers… More

Software Design Visualization

Award Year / Program / Phase:
2006 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist
Abstract:
Modern software projects are extremely complex systems. A small subprogram may require intense study to understand its intended functionality, yet even modest software applications have thousands of such subprograms. Assessing software quality is critical, but an engineer tasked with analyzing or… More

Deobfuscating tools for the validation and verification of tamper-proofed software

Award Year / Program / Phase:
2006 / STTR / Phase I
Award Amount:
$99,999.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Software Engineer
Research Institution:
UNIV. OF WISCONSIN, COMP. SCI.
RI Contact:
Thomas Reps
Abstract:
We propose a deobfuscation tool that uses machine-code analysis to expose self-protecting malware for further analysis (e.g., by an automated malware detector, or a human analyst) using dynamic disassembly techniques. The proposed deobfuscator will also be capable of checking that the… More

Run-Time Process Monitoring

Award Year / Program / Phase:
2006 / SBIR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Scientist
Abstract:
Malicious code causes huge economic damage every year. As critical infrastructure increases its dependence on networked information systems, the potential damage from malicious becomes more acute. Identifying and neutralising such code is especially difficult when executables are defended against… More

Sanitizing Software of Malicious and Unauthorized Code

Award Year / Program / Phase:
2006 / SBIR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Paul Anderson, Senior Scientist
Abstract:
The problem of malicious code inserted by a hostile inside attacker is of increasing concern to the government. The most efficient time to detect such code is during development. This is currently very difficult as malicious code can often be disguised as an innocent error, and because much code… More

Cognitive Techniques for Analysis of Complex Software Systems

Award Year / Program / Phase:
2006 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / USAF
Principal Investigator:
Paul Anderson, Senior Scientist
Abstract:
The problem of finding flaws in large complex software systems is acute and getting worse because many systems are employing new cognitive techniques to increase their capabilities. Such techniques are typically highly dynamic and concurrent, which increases the complexity of the system and makes… More

Hardware-assisted Software Anti-Tamper

Award Year / Program / Phase:
2007 / SBIR / Phase I
Award Amount:
$99,999.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Colin Van Dyke, Senior Scientist
Abstract:
Defense research and development is increasingly using software to perform critical roles. It is important that these assests be protected. Great progress has been made in providing in-band protection of software, including on-going work at GrammaTech. However, strong protection requires defensive… More

Software Protection through Specialized Commodity Processors

Award Year / Program / Phase:
2007 / SBIR / Phase I
Award Amount:
$99,999.00
Agency / Branch:
DOD / OSD
Principal Investigator:
David Melski, Senior Scientist
Abstract:
The protection of intellectual property is a key problem being addressed both in public and private research. However, even with the amount of resources given to further research into the state-of-the-art, existing technologies are far short of being sufficiently protected against reverse… More

Software Protection to Deter Malicious Forensic Data Collection and Exploitation

Award Year / Program / Phase:
2007 / SBIR / Phase I
Award Amount:
$99,999.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist
Abstract:
Distributing applications across networks brings both new power and new risks. Mission-critical applications are increasingly spread over national or global networks to enable information gathering and sharing on an unprecedented scale. The Global Information Grid envisions diverse end-to-end… More

Light-weight Virtualization as a Defense against Reverse Engineering

Award Year / Program / Phase:
2007 / SBIR / Phase I
Award Amount:
$99,999.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Software Engineer
Abstract:
The victor in a conflict is often the party that can gain the "upper hand". In the battle between software protection and reverse engineering, however, the victor is the party that gains the "lower hand". We propose a novel software protection system based on hypervisors that gives the advantage… More

Static Analysis of Multi-Core Applications

Award Year / Program / Phase:
2007 / SBIR / Phase I
Award Amount:
$99,000.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
David Melski, VP of Research
Abstract:
The goal of this project is to develop a static analysis tool that identifies program flaws that may arise when executing on a multi-core processor. In particular, we will target flaws that arise in lock-free algorithms. Concurrent programs are often plagued by race conditions on shared data.… More

Static Detection of Bugs in Embedded Software Using Lightweight Verification

Award Year / Program / Phase:
2007 / SBIR / Phase I
Award Amount:
$99,996.00
Agency:
NASA
Principal Investigator:
Ray G. Teitelbaum, Principal Investigator
Abstract:
Validating software is a critical step in developing high confidence systems. Typical software development practices are not acceptable in systems where failure leads to loss of life or other high costs. New software development tools are needed to radically reduce defect rates and enable the high… More

Software System Reliability Analysis

Award Year / Program / Phase:
2007 / STTR / Phase I
Award Amount:
$99,996.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist
Research Institution:
UNIV. OF WEST VIRGINIA
RI Contact:
Tim Menzies
Abstract:
Reliability is a crucial characteristic in safety-critical systems, yet it can only be measured late in the software development process when changes are difficult and costly. We propose a framework for estimating the risk of software that can be applied early in the software development… More

Deobfuscating tools for the validation and verification of tamper-proofed software

Award Year / Program / Phase:
2007 / STTR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Software Engineer
Research Institution:
THE JOHNS HOPKINS UNIV-APL
RI Contact:
Andy Thompson
Abstract:
Recently, there has been an increase in the use of anti-tamper techniques (e.g., obfuscation) in all types of software. However, applying anti-tamper techniques is technically challenging, and when applied to large, sophisticated software, there is a danger of introducing subtle bugs, or not… More

Covert Loading and Execution of Software Protections to Reduce Adversarial Detection

Award Year / Program / Phase:
2008 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Software Engineer
Abstract:
A number of software defenses exist that frustrate attempts to examine or tamper with a protected application. However, attackers are unlikely to approach the defenses head-on. One weak point is during installation and deployment of defenses. There is sort of a "who came first" game played between… More

Software Protection to Deter Malicious Forensic Data Collection and Exploitation

Award Year / Program / Phase:
2008 / SBIR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Colin Van Dyke, Sr. Scientist
Abstract:
Global networks bring both new power and new risks. Mission-critical applications are increasingly spread over national or global networks to enable information gathering and sharing on an unprecedented scale. While this large-scale information sharing promises new efficiencies, each endpoint in a… More

Static Detection of Bugs in Embedded Software Using Lightweight Verification

Award Year / Program / Phase:
2008 / SBIR / Phase II
Award Amount:
$599,999.00
Agency:
NASA
Principal Investigator:
Michael McDougall, Principal Investigator
Abstract:
Validating software is a critical step in developing high confidence systems. Typical software development practices are not acceptable in systems where failure leads to loss of life or other high costs. Software best practices for high confidence systems are often codified as coding rules.… More

Graphical Trace Object (GTO) Tool

Award Year / Program / Phase:
2008 / SBIR / Phase I
Award Amount:
$80,000.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Michael McDougall, Senior Scientist
Abstract:
Development and maintenance of large software systems is a daunting task. A number of tools for simplifying the development process have been designed over the years. These include source-code browsers, debuggers, and profilers. However, despite all of these tools, software has become increasingly… More

Deep Understanding of Complex High-Assurance Hypervisor Source Code

Award Year / Program / Phase:
2008 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Paul Anderson, VP of Engineering
Abstract:
Hypervisors offer a virtualization platform that is cost effective and attractive from a security point of view because guest operating systems are independent of each other. However, these claims of independence must be certified before it is permitted to use a hypervisor in a security-critical… More

Deep Understanding of Complex High-Assurance Hypervisor Source Code

Award Year / Program / Phase:
2009 / SBIR / Phase II
Award Amount:
$713,270.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Paul Anderson, VP of Engineering
Abstract:
Hypervisors offer a virtualization platform that is cost effective and attractive from a security point of view because guest operating systems are independent of each other. However, these claims of independence must be certified before it is permitted to use a hypervisor in a security-critical… More

CodeSonar with Metronome

Award Year / Program / Phase:
2009 / SBIR / Phase I
Award Amount:
$99,999.00
Agency:
DHS
Principal Investigator:
Abstract:
The current generation of advanced static-analysis tools find vulnerabilities by exploring all possible executions of a program as configured for a single platform. The next quantum leap in capability will be a system that will explore all executions for many different platforms simultaneously. We… More

Concolic Testing with Metronome

Award Year / Program / Phase:
2009 / SBIR / Phase I
Award Amount:
$99,999.00
Agency:
DHS
Principal Investigator:
Abstract:
We propose to build a system that combines novel automatic test generation techniques with state-of-the-art multi-platform continuous integration technology. The proposed system will automatically generate test data by using a combination of symbolic and concrete executions to intelligently explore… More

Software Protection to Fight through an Attack

Award Year / Program / Phase:
2009 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Alexey Loginov, Senior Scientist
Abstract:
New vulnerabilities and attacks on software applications and the underlying systems are discovered daily. Most security research focuses on detection of attacks--typically, by monitoring the execution of an application and detecting anomalous behavior. Little attention has been paid to how an… More

Software System Reliability Analysis

Award Year / Program / Phase:
2010 / STTR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist
Research Institution:
West Virgina University
RI Contact:
Tim Menzies
Abstract:
System reliability is a fundamental requirement for safety-critical weapons systems. A key challenge is identifying reliability problems early so that they can be fixed quickly and cheaply. Reliability problems are often integration problems: integration often reveals that flaws that seemed minor in… More

Mathematically Rigorous Methods for Determining Software Quality

Award Year / Program / Phase:
2010 / STTR / Phase I
Award Amount:
$70,000.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Denis Gopan, Senior Scientis
Research Institution:
University of Wisconsin
RI Contact:
Thomas Reps
Abstract:
Software is rarely written entirely from scratch. Typically, third-party commercial off-the-shelf (COTS) components are integrated into larger software systems used both in the commercial sector and in critical infrastructure. Third-party components often come in binary form, e.g., as dynamically… More

Information Assurance

Award Year / Program / Phase:
2010 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Alexey Loginov, Senior Scientist
Abstract:
Insider threat has been an increasingly important problem given low employee morale in todayf?Ts tight economy and the increasing reliance on third-party software (including COTS components) that are generally only available in machine-code form and are in many cases produced oversees. We believe… More

Automatic Artificial Diversity for Virtual Machines

Award Year / Program / Phase:
2010 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / USAF
Principal Investigator:
David Melski, VP of Research
Abstract:
We propose to introduce artificial diversity to each installation of a standard platform by running the system using a combination of hardware virtualization and software dynamic translation. Automatic, transparent diversification offers powerful protection for systems that would otherwise remain… More

Antitamper Technology for Missile Defense

Award Year / Program / Phase:
2010 / SBIR / Phase I
Award Amount:
$100,000.00
Agency / Branch:
DOD / MDA
Principal Investigator:
Thomas Johnson, Software Engineer
Abstract:
A reverse engineer who has the ability to examine software in an off-line lab has an enormous advantage over one who is forced to work f?oin the fieldf??. In contrast to the softwaref?Ts intended environment, a reverse engineer can work undetected, and can more easily make use of analysis tools such… More

Static Analysis of Multi-Core Applications

Award Year / Program / Phase:
2010 / SBIR / Phase II
Award Amount:
$749,231.00
Agency:
DOD
Principal Investigator:
Denis Gopan, Senior Scientist – (608) 827-0657
Abstract:
Multi-core architectures, which recently have become pervasive, exposed the software-engineering community to a host of challenges. Applications that want to take a full advantage of a multi-core processor must be explicitly parallelizeda process that is hard and error prone. Additionally, the… More

Covert Loading and Execution of Software Protections to Reduce Adversarial Detection

Award Year / Program / Phase:
2010 / SBIR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Software Engineer
Abstract:
A number of software defenses exist that frustrate attempts to examine or tamper with a protected application. However, if an attacker arrives before these defenses are initialized, then they can observe the defenses as they are setup, gaining great insight into how the protections can be subverted.… More

Immersive Environments for Visualizing Software Tradeoffs

Award Year / Program / Phase:
2010 / SBIR / Phase II
Award Amount:
$730,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist
Abstract:
Complex software is notoriously opaque. This opacity is costly for software engineers who must make pivotal design decisions without knowing the tradeoffs and consequences of those decisions. We propose a visualization tool that combines powerful document and software analysis techniques with rich… More

Multi-Platform Program Analysis

Award Year / Program / Phase:
2010 / SBIR / Phase II
Award Amount:
$750,000.00
Agency:
DHS
Principal Investigator:
Paul Anderson – (607) 273-7340
Abstract:
The current generation of advanced static-analysis tools find vulnerabilities by exploring all possible executions of a program as configured for a single platform. Phase I research confirmed that a significant number of platform-specific defects may be missed if analysis is restricted to a single… More

Software System Reliability Analysis

Award Year / Program / Phase:
2010 / STTR / Phase II
Award Amount:
$750,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist – (607) 273-7340
Research Institution:
West Virgina University
RI Contact:
Tim Menzies
Abstract:
System reliability is a fundamental requirement for safety-critical weapons systems. A key challenge is identifying reliability problems early so that they can be fixed quickly and cheaply. Reliability problems are often integration problems: integration often reveals that flaws that seemed minor in… More

Continuous Integrated Invariant Inference

Award Year / Program / Phase:
2011 / SBIR / Phase I
Award Amount:
$100,000.00
Agency:
NASA
Principal Investigator:
David R. Cok, Principal Investigator
Abstract:
The proposed project will develop a new technique for invariant inference and embed this and other current invariant inference and checking techniques in an easy-to-use tool. The result will enhance an engineer's ability to use formal methodsÂ? generating, editing, reviewing, proving and… More

Mathematically Rigorous Methods for Determining Software Quality

Award Year / Program / Phase:
2011 / STTR / Phase II
Award Amount:
$749,509.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Denis Gopan, Senior Scientist – (608) 827-0657
Research Institution:
University of Wisconsin-Madison
RI Contact:
Thomas Reps
Abstract:
Modern software typically integrates a number of third-party commercial components. The indiscriminate use of such components poses significant security threats to software systems because the components may harbor unintentional vulnerabilities as well as intentionally malicious behaviors. Moreover,… More

Field Programmable Gate Array (FPGA) Physical Unclonable Functions

Award Year / Program / Phase:
2011 / SBIR / Phase I
Award Amount:
$100,000.00
Agency:
DOD
Principal Investigator:
Jason Dickens, Software Engineer II – (607) 273-7340
Abstract:
Physically Unclonable Devices (PUFs) have many applications in security and digital rights management. These devices are used in creation of random number generators used to seed key generation and one-time pad construction for encryption applications. They are also used as a means of uniquely… More

Prioritization of Weapon System Software Assurance Assessment

Award Year / Program / Phase:
2011 / SBIR / Phase I
Award Amount:
$100,000.00
Agency:
DOD
Principal Investigator:
David Cok, VP of Technology – (607) 273-7340
Abstract:
The cost and timeliness of weapons-software deployment may benefit from including shareware, freeware, open-source, and COTS components. However, Air Force"s critical, safety-of-flight, and sensitive-data applications require higher assurance than that provided by commercial components. To make… More

Stealth and Real-time Program Execution Monitoring

Award Year / Program / Phase:
2011 / SBIR / Phase I
Award Amount:
$80,000.00
Agency:
DOD
Principal Investigator:
Thomas Johnson, Software Engineer – (607) 273-7340
Abstract:
Modern computer systems involve complex arrangements of many software components. It has proven difficult to secure such systems from attack by finding and closing all security holes. Dynamic monitoring techniques that detect intrusions have been developed to defend against latent, unknown… More

Automatic Artificial Diversity for Virtual Machines

Award Year / Program / Phase:
2011 / SBIR / Phase II
Award Amount:
$750,000.00
Agency:
DOD
Principal Investigator:
David Melski, VP of Research – (607) 273-7340
Abstract:
ABSTRACT: We propose to introduce artificial diversity to each installation of a standard platform by running the system using a combination of hardware virtualization and software dynamic translation. Automatic, transparent diversification offers powerful protection for systems that would… More

Enhancing Code Awareness in Software Development Environment

Award Year / Program / Phase:
2012 / SBIR / Phase I
Award Amount:
$150,000.00
Agency:
DOD
Principal Investigator:
Michael McDougall, Senior Scientist – (607) 273-7340
Abstract:
Most large pieces of software are sufficiently complex that no individual completely understands all of its subparts. In order to make progress, programmers must operate in this environment of incomplete information. In many cases, programmers make poor design and implementation decisions because of… More

Deterministic Detection for Hijacked Program Execution

Award Year / Program / Phase:
2012 / SBIR / Phase I
Award Amount:
$150,000.00
Agency:
DOD
Principal Investigator:
Thomas Johnson, Software Engineer – (607) 273-7340
Abstract:
We propose technology to automatically detect software exploits that hijack the execution of a running Linux kernel or one of its hosted applications. The key enabling technology for the proposed work is provided by KATE, the Kernel Analysis and Translation Engine. KATE uses a combination of… More

Prioritization of Weapon System Software Assurance Assessment

Award Year / Program / Phase:
2012 / SBIR / Phase II
Award Amount:
$750,000.00
Agency:
DOD
Principal Investigator:
David Cok, VP of Research – (607) 273-7340
Abstract:
ABSTRACT: The Air Force, other government organizations, and security-critical software development companies could be more cost-effective by using COTS and open-source software in their information and weapons systems. However, these software sources have significant safety and security risks; the… More

Stealth and Real-time Program Execution Monitoring

Award Year / Program / Phase:
2012 / SBIR / Phase II
Award Amount:
$749,993.00
Agency / Branch:
DOD / NAVY
Principal Investigator:
Thomas Johnson, Software Engineer – (607) 273-7340
Abstract:
Modern software development has introduced a wide variety of functionality in modular chunks that can be rapidly reconfigured to create new applications. This leads to large, complex systems that, while providing the desired capabilities, may also include non-obvious and undesirable behavior. Such… More

Specification Editing and Discovery Assistant

Award Year / Program / Phase:
2013 / SBIR / Phase I
Award Amount:
$125,000.00
Agency:
NASA
Principal Investigator:
David Cok, Assoc. VP of Technology
Abstract:
The project will prototype a specification editing and discovery tool (SPEEDY) for C/C++ that will assist software developers with modular formal verification tasks by- providing active user interface guidance in writing and editing software specifications, integrated into a common, open IDE… More

Multi-Abstractions System Reasoning Infrastructure toward Achieving Adaptive Computing Systems

Award Year / Program / Phase:
2013 / SBIR / Phase I
Award Amount:
$150,000.00
Agency:
DOD
Principal Investigator:
Brad Arant, Chief Technology Officer – (949) 573-8814
Abstract:
"The complexity of modern computer systems has grown to the point of stressing human ability to understand their behavior completely. The sheer number of software components (and the myriad interactions between them) that are present on a single desktop computer presents a difficult security… More

Progressive Model Generation for Adaptive Resilient System Software

Award Year / Program / Phase:
2013 / STTR / Phase I
Award Amount:
$80,000.00
Agency:
DOD
Principal Investigator:
Michael McDougall, Senior Scientist – (607) 273-7340
Research Institution:
University of Pennsylvania
RI Contact:
W. S. Watson
Abstract:
Software continues to be a weak link in our critical systems. A prudent operator should employ a defense-in-depth strategy whereby"safe"systems are still monitored to detect breaches and respond to them. Unfortunately, such monitoring is challenging in practice, since there is no universal… More

Deterministic Detection for Hijacked Program Execution

Award Year / Program / Phase:
2013 / SBIR / Phase II
Award Amount:
$487,080.00
Agency:
DOD
Principal Investigator:
Thomas Johnson, Software Engineer – (607) 273-7340
Abstract:
Modern computer systems are employed in numerous environments and are capable of performing a wide range of tasks. To support such capabilities economically, software developers have introduced a wide variety of functionality in modular chunks that can be rapidly reconfigured to create new… More

Enhancing Code Awareness in Software Development Environment

Award Year / Program / Phase:
2013 / SBIR / Phase II
Award Amount:
$958,701.00
Agency:
DOD
Principal Investigator:
Michael McDougall, Senior Scientist – (607) 273-7340
Abstract:
A programmer is usually focused on the code on his screen, leading to a kind of tunnel vision where large-scale interactions are missed. The proposed Code Awareness Assistant (CA2) will automatically provide programmers with an additional level of awareness as they program in C/C++. CA2 builds on… More

Automatic Detection and Patching of Vulnerabilities in Embedded Systems

Award Year / Program / Phase:
2013 / SBIR / Phase I
Award Amount:
$99,949.00
Agency / Branch:
DOD / DARPA
Principal Investigator:
Denis Gopan, Senior Scientist – (608) 827-0657
Abstract:
Recent studies have shown that embedded systems are extremely vulnerable to security attacks. Some published exploits include remote hijacking of the electronic systems in a modern car and using IP phones and smart televisions to perform covert surveillance of their owners. In this project, we… More

GenPatcher: Automatically Evolving Invulnerable Systems

Award Year / Program / Phase:
2014 / SBIR / Phase I
Award Amount:
$99,999.99
Agency:
DHS
Principal Investigator:
Denis Gopan, Sr. Scientist – (607) 273-7340
Abstract:
Modern civilization relies on a network of embedded devices that are (i) riddled with security vulnerabilities and (ii) remotely hackable. Unfortunately, there seems to be near universal neglect for ensuring the security of these devices. Moreover, the existing IT solutions, such as antivirus… More

Fault Isolation in Hypervisors with Live Migration

Award Year / Program / Phase:
2014 / SBIR / Phase I
Award Amount:
$150,000.00
Agency / Branch:
DOD / USAF
Principal Investigator:
Michael McDougall, Senior Scientist – (607) 273-7340
Abstract:
ABSTRACT: Cloud computing promises dramatic savings through economies of scale for the government and private sectors, but is also brings security concerns. There is a particular need to prevent faults in or attacks occuring on a virtual machine (VM) from affecting the virtual machines of other… More

ANTSS Analysis Tools for System Surety

Award Year / Program / Phase:
2014 / SBIR / Phase I
Award Amount:
$150,000.00
Agency / Branch:
DOD / USAF
Principal Investigator:
David Cok, VP of Technology – (607) 273-7340
Abstract:
ABSTRACT: This project, Analysis Tools for Software Surety (ANTSS) will improve both requirements management and program analysis tools for critical software development and V & V. First, building from existing products and technology, GrammaTech will construct an integrated tool suite of… More

Obfuscation to Thwart Un-Trusted Hardware

Award Year / Program / Phase:
2014 / SBIR / Phase I
Award Amount:
$150,000.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Thomas Johnson, Research Scientist – (607) 273-7340
Abstract:
As supply chains expand globally, there is a growing risk that computer systems may contain counterfeit hardware components. For subverting trust, a malicious hardware component could automatically identify and exfiltrate sensitive computation and data du

Multi-Abstractions System Reasoning Infrastructure toward Achieving Adaptive Computing Systems

Award Year / Program / Phase:
2014 / SBIR / Phase II
Award Amount:
$990,697.00
Agency / Branch:
DOD / OSD
Principal Investigator:
Michael McDougall, Senior Scientist – (607) 273-7340
Abstract:
A modern computer system consists of a complex combination of applications cooperating with the operating system and each other to accomplish a mission. Components of the system are subject to disruption from accidental malfunctions and deliberate attacks