Posted by Courtney E. Howard
TEWKSBURY, Mass., 23 Nov. 2010. Engineers at Raytheon Integrated Defense Systems (IDS) have joined a team led by GrammaTech Inc. to develop a technology that prevents the exploitation of vulnerabilities in software of uncertain origin. The contract is part of STONESOUP (Securely Taking On New Executable Software Of Uncertain Provenance), a program of the Intelligence Advanced Research Projects Activity designed to improve software security.
The $12.9 million, multiyear contract administered by the Air Force Research Laboratory. GrammaTech, a manufacturer of software-analysis tools, is located in Ithaca, N.Y. Other team members include: the University of Virginia and the Georgia Institute of Technology. Raytheon's piece of the contract is estimated at $2.5 million.
"Software developers often bundle software components from various sources, not knowing the vulnerabilities that these components bring with them," says Tom Bracewell, Raytheon's principal investigator. "An attacker may know how to exploit these vulnerabilities. Our goal is to eliminate the supply chain risk by removing these vulnerabilities or rendering them harmless."
The team's approach is to remove or mask vulnerabilities through automated analysis, repair, diversification, and visualization of executable code, says a spokesperson. Raytheon will perform its role of technology integration, test, evaluation, and transition at IDS’s Customer Integration Center in Arlington, Va