DARPA awarded GrammaTech, Inc. a contract to develop technology to detect Denial-of-Service (DoS) and other cyber security vulnerabilities, the company said on Thursday.
GrammaTech, working with DARPA, is set to identify two types of vulnerabilities. The first type, Algorithmic Complexity Vulnerabilities, allows an attacker to create inputs that can cause excessive resource consumption. This is often used to direct DoS attacks that disrupt a software application’s responsiveness.
The second type, Side-Channel Leaks, allows an attacker to infer confidential information by observing software’s usage of time and space. This is also known as “the spy in the sandbox.”
GrammaTech’s technology will detect these vulnerabilities in Java bytecode, which does not require access to program source code, the company said. GrammaTech will also collaborate with researchers at Yale University and the University of Wisconsin-Madison.
“DoS attacks on critical national infrastructure are particularly troublesome, for example, the recent attacks (attributed to Iran) on Wells Fargo, Bank of America, Chase, and other banks. This project, along with other contracts GrammaTech is currently working on with DARPA, is intended to solve a major cybersecurity threat to our nation,” Tim Teitelbaum, the CEO of GrammaTech, said in a statement.
The STAC project is sponsored by the Air Force Research Laboratory and DARPA.