GrammaTech Awarded NIST Contract to Develop Java Security Toolkit

11/22/2002 - GrammaTech announced that it has been awarded a $300,000 Small Business Innovative Research (SBIR) Phase II contract by the National Institute of Standards and Technology (NIST). Under the terms of the agreement, GrammaTech will develop a system that permits efficient and fully automatic insertion of Inlined Reference Monitors (IRMs) into Java bytecode for the purposes of enforcing security policies.

The proposed system will allow arbitrary policies to be specified independently by different policy-setting authorities. IRMs work by inserting fragments of code into programs in order to monitor their state and prevent them from violating security policies. Advanced static analysis will be used to help reduce the overhead of doing reference monitoring.

The problem of information security has become critical because of the growing dependence of the economy on complex networked information systems. Specification and enforcement of security policies is difficult even when policy-setting authorities have complete control over and knowledge of the target software. In an environment where mobile code is being used, security policy enforcement is even more difficult because little is known about the code being executed. The IRM approach is important because administrators and users can transparently tailor policies on a per-application basis, without requiring access to source code or operating system internals.

About GrammaTech
GrammaTech was founded in 1988 to design, develop, and market language-based productivity tools for software engineers. The company has an active research agenda sponsored by the Defense Advanced Research Projects Agency (DARPA), the Office of Naval Research (ONR), the National Science Foundation (NSF), the Air Force Research Laboratory (AFRL), the Missile Defense Agency (MDA), the National Institute of Standards and Technology(NIST) and the National Aeronautics and Space Administration (NASA). The company has conducted previous research on dependence graphs, formal methods, and language-based programming, and has successfully transitioned its research into commercial software tools. GrammaTech currently markets CodeSurfer, a software-understanding tool, Ada-ASSURED, a language-sensitive editor, Ada-Utilities, a language-sensitive toolset for project-wide quality and standards auditing, and the Synthesizer Generator, a tool for developing language-sensitive program-development environments. These products are available directly from GrammaTech.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on:

 
Embedded Star Newsletter
Don't have time to visit Embedded Star everyday? Then sign up for our free newsletter. We'll send you an email when we have something to share with you. Your email address will be kept confidential and we will not share, sell, or rent it to anyone. You can unsubscribe at any time by clicking a link in the email.

Enter your email address to sign up for our free newsletter:   

If you are familiar with RSS feeds, you can also sign up for our free blog feed. Our RSS feed is updated in real-time while our newsletter is updated daily.