Software Assurance            Software Hardening            Autonomic Computing
GrammaTech Blog

The Cyber Grand Challenge

Posted by Eric Rizzi on September 26, 2016




Several of us at GrammaTech, along with many talented people from UVA, recently participated in DARPA's Cyber Grand Challenge (CGC) as Team TECHx. The challenge in CGC was to build an autonomous Cyber Reasoning System (CRS) capable of playing in a "Capture The Flag" (CTF) hacking competition. Our system was called Xandra.

Each system was responsible for defending network services while proving vulnerabilities ("capturing flags") in other systems' defended services.

The challenge started back in 2014. In two years, what was initially over 100 teams whittled down through qualifying events to just 7 teams in the final event. During the final event, DARPA distributed Challenge Binaries (CBs) that implemented network services and that had been specifically crafted to have different vulnerabilities1. Each CRS was responsible for fielding a version of each of these CBs, which could be attacked by competitor CRSes. The trick was that CRSes could both re-write CBs to make them less vulnerable while simultaneously trying to exploit the vulnerabilities in other systems' CBs. Each time a CRS was able to successfully attack another CRS's CB, it gained points. Each time a CRS's fielded CB was successfully attacked, it lost points. In the end, our system, Xandra, did very well (2nd place!) with what I would classify a combination of good defense, good availability, and average offense.

Xandra on the CGC stage.

Read More

Topics: Research, Software Hardening

CodeSonar for JIRA (Plugin)

Posted by Travis Hidlay on September 23, 2016


Read More

Topics: CodeSonar

Static Analysis, Safety-Critical Railway Software, and EN 50128

Posted by Bill Graham on August 22, 2016




Transportation systems and, in particular, railway systems, are growing markets that increasingly rely on software for command, communication, and control. Due to the impact of errors and accidents in this environment, software is developed to strict standards such as EN 50128. The standard is very specific on the use of good programming practices, tools, and techniques. In this post, I’ll discuss how a static analysis tool like GrammaTech CodeSonar satisfies various EN 50128 requirements.


Read More

Topics: Safety, Static Analysis, CodeSonar, EN 50128

The Human Internet of Things (HIoT)

Posted by Laurel Stewart on August 18, 2016


Read More

Topics: Cyber Security, IoT

Understanding DARPA's Cyber Grand Challenge: Laundromat Edition

Posted by Amy Gale on August 15, 2016


Read More

Topics: Software Assurance, News, Autonomic Computing, Research, Software Hardening