GrammaTech

Last updated

GrammaTech, Inc.
Company type Private
IndustrySoftware Quality
Headquarters Ithaca, New York
Key people
CEO: Dan Goodwin
Website www.grammatech.com

GrammaTech is a cybersecurity research services company based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech software research services include the following; software analysis, vulnerability detection and mitigation, binary transformation and hardening, and autonomous computing. In September 2023, Battery Ventures acquired GrammaTech's software products division, including the CodeSonar and CodeSentry product lines. Thus establishing a new, independent entity that will operate under the CodeSecure, Inc. name and be headquartered in Bethesda, Maryland.

Contents

Research

GrammaTech's research division undertakes projects for private contractors, including several U.S. government agencies, such as NASA, the NSF, and many branches of the Department of Defense. GrammaTech's research is focused on both static analysis and dynamic analysis, on both source code and binaries.

GrammaTech participated and came in 2nd place in DARPA's 2016 Cyber Grand Challenge, earning $1 million as Team TECHx. [1] GrammaTech led Team TECHx, a collaboration with the University of Virginia, using their co-developed cyber-reasoning system called Xandra. [2]

History

GrammaTech is a 1988 spin-off from Cornell University, where its founders had developed an early Integrated Development Environment in 1978 (the Cornell Program Synthesizer [3] ) and a system for generating language-based environments from attribute-grammar specifications in 1982 (the Synthesizer Generator [4] [5] ). Commercial systems that have been implemented using the Synthesizer Generator include ORA's Ada verification system (Penelope [6] ), Terma's Rigorous Approach to Industrial Software Engineering (Raise [7] ), and Loral's checker of the SPC Quality and Style Guidelines for Ada. [8] GrammaTech co-founders Tom Reps and Tim Teitelbaum received the 2010 ACM SIGSOFT Retrospective Impact Award for their work on the Synthesizer Generator. [9]

GrammaTech commercialized the Wisconsin Program-Slicing Tool as CodeSurfer for C and C++ in 1999. CodeSonar for C and C++, a static analysis tool, has been available since 2005. GrammaTech co-founder Reps and two other company affiliates shared in a 2011 ACM SIGSOFT Retrospective Impact Award for their paper describing the Wisconsin slicing research. [10]

GrammaTech and the University of Wisconsin have been collaborating since 2001 to develop analysis, reverse-engineering, and anti-tamper tools for binary executables. Byproducts of this research are CodeSurfer/x86 [11] (a version of CodeSurfer for the Intel x86 instruction set), CodeSonar/x86 (a bug and vulnerability finding tool for stripped executables), and an approach to creating such systems automatically from formal semantic descriptions of arbitrary instruction set architectures. [12] This research was later commercialized into CodeSonar for Binaries and CodeSentry, a software composition analysis tool.

In 2019, GrammaTech was acquired by Five Points Capital. [13]

In September 2023, Grammatech announced that it was spinning off part of its software products division, specifically the CodeSonar and CodeSentry product lines, to venture capital firm Battery Ventures. The transaction establishes a new, independent entity that will operate under the CodeSecure, Inc. name and be headquartered in Bethesda, Maryland. [14] As part of the spin-off, Grammatech named Daniel Goodwin as CEO to lead the corporation going forward. Goodwin, who previously was General Manager of the research division of Grammatech, has experience in cyber security, software, systems, FPGAs, microelectronics, telecommunications, networking, and hardware in domains such as Information Assurance, SIGINT, and Platform Missions. [15]

Related Research Articles

In computing, a compiler is a computer program that translates computer code written in one programming language into another language. The name "compiler" is primarily used for programs that translate source code from a high-level programming language to a low-level programming language to create an executable program.

In computing, binary translation is a form of binary recompilation where sequences of instructions are translated from a source instruction set to the target instruction set. In some cases such as instruction set simulation, the target instruction set may be the same as the source instruction set, providing testing and debugging features such as instruction trace, conditional breakpoints and hot spot detection.

<span class="mw-page-title-main">PL/C</span> Programming language developed at Cornell University

PL/C is an instructional dialect of the programming language PL/I, developed at the Department of Computer Science of Cornell University in the early 1970s in an effort headed by Professor Richard W. Conway and graduate student Thomas R. Wilcox. PL/C was developed with the specific goal of being used for teaching programming. The PL/C compiler, which implemented almost all of the large PL/I language, had the unusual capability of never failing to compile a program, through the use of extensive automatic correction of many syntax errors and by converting any remaining syntax errors to output statements. This was important because, at the time, students submitted their programs on IBM punch cards and might not get their output back for several hours. Over 250 other universities adopted PL/C; as one late-1970s textbook on PL/I noted, "PL/C ... the compiler for PL/I developed at Cornell University ... is widely used in teaching programming." Similarly, a mid-late-1970s survey of programming languages said that "PL/C is a widely used dialect of PL/I."

<span class="mw-page-title-main">Ada Semantic Interface Specification</span> Interface

The Ada Semantic Interface Specification (ASIS) is a layered, open architecture providing vendor-independent access to the Ada Library Environment. It allows for the static analysis of Ada programs and libraries. It is an open, published interface library that consists of the Ada environment and their tools and applications.

A structure editor, also structured editor or projectional editor, is any document editor that is cognizant of the document's underlying structure. Structure editors can be used to edit hierarchical or marked up text, computer programs, diagrams, chemical formulas, and any other type of content with clear and well-defined structure. In contrast, a text editor is any document editor used for editing plain text files.

Frame technology (FT) is a language-neutral system that manufactures custom software from reusable, machine-adaptable building blocks, called frames. FT is used to reduce the time, effort, and errors involved in the design, construction, and evolution of large, complex software systems. Fundamental to FT is its ability to stop the proliferation of similar but subtly different components, an issue plaguing software engineering, for which programming language constructs or add-in techniques such as macros and generators failed to provide a practical, scalable solution.

<span class="mw-page-title-main">Incremental computing</span> Software feature

Incremental computing, also known as incremental computation, is a software feature which, whenever a piece of data changes, attempts to save time by only recomputing those outputs which depend on the changed data. When incremental computing is successful, it can be significantly faster than computing new outputs naively. For example, a spreadsheet software package might use incremental computation in its recalculation feature, to update only those cells containing formulas which depend on the changed cells.

<span class="mw-page-title-main">Reinhard Wilhelm</span> German computer scientist

Reinhard Wilhelm is a German computer scientist.

Astrée is a static analyzer based on abstract interpretation. It analyzes programs written in the programming languages C and C++, and emits an exhaustive list of possible runtime errors and assertion violations. The defect classes covered include divisions by zero, buffer overflows, dereferences of null or dangling pointers, data races, deadlocks, etc. Astrée includes a static taint checker and helps finding cybersecurity vulnerabilities, such as Spectre. It is proprietary software written in the language OCaml.

AbsInt is a software-development tools vendor based in Saarbrücken, Germany. The company was founded in 1998 as a technology spin-off from the Department of Programming Languages and Compiler Construction of Prof. Reinhard Wilhelm at Saarland University. AbsInt specializes in software-verification tools based on abstract interpretation. Its tools are used worldwide by Fortune 500 companies, educational institutions, government agencies and startups.

Thomas W. Reps is an American computer scientist known for his contributions to automatic program analysis. Dr. Reps is Professor of Computer Science in the Computer Sciences Department of the University of Wisconsin–Madison, which he joined in 1985. Reps is the author or co-author of four books and more than one hundred seventy-five papers describing his research. His work has covered a wide variety of topics, including program slicing, data-flow analysis, pointer analysis, model checking, computer security, instrumentation, language-based program-development environments, the use of program profiling in software testing, software renovation, incremental algorithms, and attribute grammars.

(Ray) Tim Teitelbaum is an American computer scientist known for his early work on integrated development environments (IDEs), syntax-directed editing, and incremental computation. He is Professor Emeritus at Cornell University. As an educator and faculty member of the Cornell University Computer Science Department since 1973, he was recognized for his large-scale teaching of introductory programming, and for his mentoring of highly successful graduate students. As a businessman, he is known for having co-founded GrammaTech, Inc. and for having been its sole CEO from 1988 to 2019.

Susan Beth Horwitz was an American computer scientist noted for her research on programming languages and software engineering, and in particular on program slicing and dataflow-analysis. She had several best paper and an impact paper award mentioned below under awards.

Alexander L. Wolf is an American computer scientist known for his research in software engineering, distributed systems, and computer networking. He is credited, along with his collaborators, with introducing the modern study of software architecture, content-based publish/subscribe messaging, content-based networking, automated process discovery, and the software deployment lifecycle. Wolf's 1985 Ph.D. dissertation developed language features for expressing a module's import/export specifications and the notion of multiple interfaces for a type, both of which are now common in modern computer programming languages.

<span class="mw-page-title-main">Larry Druffel</span>

Larry E. Druffel is an American engineer, Director Emeritus and visiting scientist at the Software Engineering Institute (SEI) at Carnegie Mellon University. He has published over 40 professional papers/reports and authored a textbook. He is best known for leadership in: (1) bringing engineering discipline and supporting technology to software design and development, and (2) addressing network and software security risks.

The 2016 Cyber Grand Challenge (CGC) was a challenge created by The Defense Advanced Research Projects Agency (DARPA) in order to develop automatic defense systems that can discover, prove, and correct software flaws in real-time.

<span class="mw-page-title-main">Shmuel Sagiv</span> Israeli computer scientist (born 1959)

Mooly (Shmuel) Sagiv is an Israeli computer scientist known for his work on static program analysis. He is currently Chair of Software Systems in the School of Computer Science at Tel Aviv University, and CEO of Certora, a startup company providing formal verification of smart contracts.

CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.

<span class="mw-page-title-main">Yannis Smaragdakis</span> American computer scientist

Yannis Smaragdakis is a Greek-American software engineer, computer programmer, and researcher. He is a professor in the Department of Informatics and Telecommunications at the University of Athens. He is the author of more than 130 research articles on a variety of topics, including program analysis, declarative languages, program generators, language design, and concurrency. He is best known for work in program generation and program analysis and the Doop framework.

References

  1. "Cyber Grand Challenge". DARPA. Retrieved February 29, 2020.
  2. "Hackers Don't Have to be Human Anymore. This Bot Battle Proves It". Wired. August 5, 2016.
  3. Teitelbaum, T.; T. Reps (September 1981). "The Cornell Program Synthesizer: A syntax-directed programming environment". Communications of the ACM. 24 (9): 563–573. doi: 10.1145/358746.358755 . S2CID   14317073.
  4. Reps, T. (1984). Generating Language-Based Environments. Cambridge, MA: The M.I.T. Press. ISBN   978-0-262-18115-0. (Awarded the 1983 ACM Doctoral Dissertation Award.).
  5. Reps, Thomas W.; Teitelbaum, Tim (1988). The Synthesizer Generator: A System for Constructing Language-Based Editors. Cambridge, MA: Springer-Verlag. ISBN   978-0-387-96857-5.
  6. Guaspari, D. (1989). "Proceedings of the conference on Tri-Ada '89 Ada technology in context: Application, development, and deployment - TRI-Ada '89". TRI-Ada '89: Proceedings of the conference on Tri-Ada '89. Pittsburgh, PA: ACM. pp. 216–224. doi: 10.1145/74261.74277 . ISBN   0897913299.
  7. The RAISE Language Group, CORPORATE (1993). The RAISE specification language. Upper Saddle River, NJ: Prentice-Hall, Inc. ISBN   978-0-13-752833-2.
  8. Software Productivity Consortium (1995). Ada 95 Quality and Style Guide: Guidelines for Professional Programmers (SPC-94093-CMC Version 01.00.10 ed.). Herndon, VA: SPC.
  9. Reps, T.; Teitelbaum, T. (1984). "The Synthesizer Generator". In SDE 1 Proc. of the first ACM SIGSOFT/SIGPLAN Software Engineering Symposium on Practical Software Development Environments.
  10. Reps, T.; Horowitz, S.; Sagiv, M.; Rosay, G. (December 1994). "Speeding Up Slicing" (PDF). Proc. Second ACM SIGSOFT Symposium on Foundations of Software Engineering. New Orleans, LA, USA.
  11. Balakrishnan, G.; Reps, T. (2004). "Analyzing memory accesses in x86 executables" (PDF). Proc. Int. Conf. on Compiler Construction. New York, NY: Springer-Verlag. pp. 5–23. (Awarded the EAPLS Best Paper Award at ETAPS 2004.).
  12. Lim, J.; Reps, T. (April 2008). "A system for generating static analyzers for machine instructions" (PDF). Proc. Int. Conf. on Compiler Construction (CC). New York, NY: Springer-Verlag. (Awarded the EAPLS Best Paper Award at ETAPS 2008.).
  13. "Five Points Capital Completes Acquisition of GrammaTech". PR Newswire. November 12, 2019. Retrieved May 14, 2020.
  14. "Battery Ventures Acquires GrammaTech's Application Security Testing Software Business, Forming CodeSecure". www.businesswire.com. September 5, 2023. Retrieved September 7, 2023.
  15. "Meet our Leaders". Grammatech. Retrieved September 7, 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.