CybersecurityONR awards GrammaTech $9 million for cyber-hardening security research

Ithaca-based GrammaTech, Inc. said it has been awarded a $9 million, three-year contract from the Office of Naval Research (ONR), a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks.

GrammaTech says its contribution to the overall Navy program is to advance the field of transforming existing software applications so that they are tailored for specific new situations. The tailoring produces simplified programs that are safer, more secure, and more efficient. GrammaTech’s approach will automate the removal of irrelevant layers of abstraction, indirection, and other inefficiencies that are introduced into applications as a consequence of modern software-development practices. It will also support removal of program features and options that are not needed in the specific setting where the transformed program is to run that if left in the program only make it less safe, less secure, and less efficient.

GrammaTech says its system will be built from binary code transformation technologies that contributed to the firm’s success at the DARPA Cyber Grand Challenge in 2016, where GrammaTech was awarded a million-dollar prize for its second-place finish.

The goal is for end users to be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity—all without breaking the application or disrupting operations. This same technology can also be used to reduce the time between detecting a vulnerability and re-deployment of a repaired system.

As threats emerge and evolve more quickly, it is crucial for organizations to take a proactive approach to protecting their software. “Binary code transformation is a key capability for many legacy Naval applications,” said Tim Teitelbaum, CEO of GrammaTech. “It allows the Navy to re-use existing applications in new contexts in a very affordable fashion, while protecting systems from ever-evolving cyber threats.”

This contract will be part of the DHS Science and Technology Directorate (S&T) projects on Late-stage Software Customization and Complexity Reduction for Legacy Naval Systems under the Total Platform Cyber Protection Innovative Naval Prototype Program.

“The Office of Naval Research has a history of initiating prescient research efforts on computer-security problems, well before the issues have bubbled up to the public’s attention,” says Thomas Reps, President of GrammaTech. “The larger ‘Software Customization and Complexity Reduction’ program that we are part of is a creative effort to build the technology base for a win-win: for software to be made to run faster at the same time as its ‘attack surface’—the number of potentially attackable features—is reduced.”

Those benefits become magnified in a military setting, underscoring the position of the Office of Naval Research in providing research funding to the nation’s leading computer scientists.

GrammaTech says it will be subcontracting Rutgers University for a portion of the project.

GrammaTech, originally developed within Cornell University, is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions.