GrammaTech Awarded NIST Contract to Develop Java Security Toolkit

11/22/2002 - GrammaTech announced that it has been awarded a $300,000 Small Business Innovative Research (SBIR) Phase II contract by the National Institute of Standards and Technology (NIST). Under the terms of the agreement, GrammaTech will develop a system that permits efficient and fully automatic insertion of Inlined Reference Monitors (IRMs) into Java bytecode for the purposes of enforcing security policies.

The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. IRMs work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. Advanced static analysis will be used to help reduce the overhead of doing reference monitoring.

The problem of information security has become critical because of the growing dependence of the economy on complex networked information systems. Specification and enforcement of security policies is difficult even when policy-setting authorities have complete control over and knowledge of the target software. In an environment where mobile code is being used, security policy enforcement is even more difficult because little is known about the code being executed. The IRM approach is important because administrators and users can transparently tailor policies on a per-application basis, without requiring access to source code or operating system internals.

About GrammaTech
GrammaTech was founded in 1988 to design, develop, and market language-based productivity tools for software engineers. The company has an active research agenda sponsored by the Defense Advanced Research Projects Agency (DARPA), the Office of Naval Research (ONR), the National Science Foundation (NSF), the Air Force Research Laboratory (AFRL), the Missile Defense Agency (MDA), the National Institute of Standards and Technology(NIST) and the National Aeronautics and Space Administration (NASA). The company has conducted previous research on dependence graphs, formal methods, and language-based programming, and has successfully transitioned its research into commercial software tools. GrammaTech currently markets CodeSurfer, a software-understanding tool, Ada-ASSURED, a language-sensitive editor, Ada-Utilities, a language-sensitive toolset for project-wide quality and standards auditing, and the Synthesizer Generator, a tool for developing language-sensitive program-development environments. These products are available directly from GrammaTech.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: