Cyber Security Solutions
- Bindle
- Automatic harness generation and seed-input collection to eliminate the need
for reverse engineering and domain knowledge in dynamic testing of software
binaries.
- Proteus
- Automatically find and fix vulnerabilities in software binaries.
Use exploitability analysis to prioritize software weaknesses for
remediation.
- REAFFIRM
- REAFFIRM (Reverse Engineer, Analyze and Fix Firmware) is a platform
for firmware analysis, component identification and extraction, and
testing.
Research Areas
Projects by use case, development stage, and research area.
|
Develop |
Test/Integrate |
Deploy/Execute |
Reuse |
| Automate |
Merge Resolver, Mnemosyne, Software Search Replace |
Bindle, Bug-Injector, Mnemosyne, Proteus, REAFFIRM, Swap Detector |
|
|
| Optimize |
|
Binary-Reduce |
|
Binary-Reduce |
| Repair |
GenPatcher |
Proteus, REAFFIRM |
AMBER, ARTCAT, SySense |
Proteus, REAFFIRM, GTIRB-VSCode |
| Diversify |
Variegate |
|
|
|
| Harden |
Mnemosyne, CRAM |
Binary-Reduce, Proteus, REAFFIRM, Stack-Stamp, To-Static |
AMBER, ARTCAT, ConfINE, SySense |
Binary-Reduce, Proteus, REAFFIRM, Stack-Stamp, To-Static |
| Assure |
|
A-CERT |
|
A-CERT |
| Assess |
Spec-Map |
A-CERT, Discover, Mnemosyne, Proteus, REAFFIRM |
AMBER, ARTCAT, ConfINE, SySense |
A-CERT, Bin2Math, DDisasm, Discover, FVA, Proteus, REAFFIRM, TBDC, TFPGA, GTIRB-VSCode |
- Application Security and Reverse Engineering
- Combine state-of-the-art program-analysis techniques to construct
an understanding of the functionality, strengths, and weaknesses
of executable software and firmware (with or without hardware).
Apply that understanding to improve software security and
performance, for instance, to find and fix vulnerabilities in
critical systems.
- Binary Rewriting
- Using high-fidelity binary ingestion, perform automated
transformation of binary software executables and libraries to
improve functionality, security, maintainability, and performance.
Specific aims include software hardening, optimization,
diversification, and attack-surface reduction.
- Machine Learning and Big Code
- Combine machine-learning techniques with program analysis to
increase software security, reliability, and maintainability.
Mine the collective wisdom in massive code repositories to speed
up, automate, and enhance developer processes.
- Machine Programming
- Leverage machine-learning, formal methods, and evolutionary
computation to automate the software-development lifecycle through
source-code synthesis, evaluation, and transformation. Build
automated tools that integrate into the modern software development
environment.
- Platform Security
- Ensure trust in the computing platform, including hardware, from design through deployment. Assess
risk due to use of untrusted supply chains of FPGA and ASIC
devices.
Open Source Software
We are a commercial company and we develop and sell proprietary
software products. However, we release the core technology underlying
these products — the libraries on which these products' power and
correctness depend. GrammaTech recognizes that only by encouraging
outside use and review of our software can we achieve the
reproducibility, objectivity, accuracy, quality, and security our
customers require.
- DDisasm
- A fast and accurate disassembler. DDisasm is able to disassemble
real-world stripped binaries with accuracy sufficient to enable modification
and reassembly.
- Mnemosyne
- An extensible software development assistant bringing cutting edge
program synthesis research to bear against real-world programming
tasks in the modern integrated development environment.
- Swap Detector
- A library to check swapped arguments in function calls, and a Clang
Static Analyzer plugin used to demonstrate the library.
- GTIRB
- An intermediate representation for binary analysis and rewriting.
GTIRB seeks to be an LLVM-IR for reverse engineering.
- SEL
- Software Evolution Library (SEL) provides a programmatic interface
for the parsing, analysis, and rewriting of software source code in
many programming languages through a single generic API.
We not only publish but participate in the open-source community,
through
multiple
contributions to
significant
open-source projects, and accepting significant
contributions
to projects we maintain in return. Find more of our open-source
repositories on GitHub/GrammaTech and
GitLab/GrammaTech.
