News

GrammaTech Awarded NIST Contract to Develop A Security Toolkit for Mobile Code

Posted on

by

Ithaca, NY — GrammaTech, Inc. announced today that it has been awarded a $74,956 Small Business Innovative Research (SBIR) Phase I contract by the National Institute of Standards and Technology (NIST). Upon completion of this six-month contract, GrammaTech will be eligible to compete for up to $300,000 in Phase II SBIR funding. Under terms of the agreement, GrammaTech will develop mechanisms for specifying and enforcing security policies for mobile code, such as Java Applets.

The problem of information security has become critical because of the growing dependence of the economy on complex networked information systems. Specification and enforcement of security policies is difficult even when policy-setting authorities have complete control over and knowledge of the target software. In an environment where mobile code is being used, security policy enforcement is even more difficult because little is known about the code being executed.

GrammaTech will develop mechanisms for specifying and enforcing security policies for mobile code that work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. We will apply this approach, named Inlined Reference Monitors (IRMs), to Java bytecodes. We believe that advanced static-analysis techniques, in particular those embodied in our own dependence-graph technology, are crucial to allow this to be done efficiently and fully automatically.

About GrammaTech:
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now