This model-generation tool will allow developers to specify expected behaviors in their code for enhanced protection against attacks on large and complex systems.
Officials with GrammaTech said that in this project, the company’s researchers will use a combination of automatic program analysis and manual tuning techniques to develop a tool for creating a model of a system's intended behavior, capturing its most important properties and determining what low level events must be tracked in order to observe the system's critical behavior.
Teitelbaum said that as the developer codes, the tool will capture his or her notion of what behavior is expected by creating a model that specifies a boundary the application shouldn't cross.
“Our runtime monitors will then look for any unexpected behavior and take corrective action, even if the application has been compromised," he said.
Company officials said that the development of this tool will provide security-critical systems with an extra layer of protection against attacks, including attacks that don't involve unusual system call activity.
Earlier in July, GrammaTech, a developer specializing in software assurance tools, announced that Crank Software, Inc., an innovator of embedded graphical user interface (GUI) solutions, is using GrammaTech’s CodeSonar to advance the integrity of its code.
Crank Software's products and services enable R&D teams and user interface (UI) designers to quickly and collaboratively develop rich, animated UIs for resource-constrained embedded devices. These embedded software solutions are used in safety-critical applications, such as animated global positioning systems, in-car graphical displays and user interfaces on factory floors, so software quality and security are paramount.