Reading time ( words)
SMFS, Inc., DBA GRIMM, a cybersecurity research firm, has been awarded a DARPA subcontract to research Assured MicroPatching (AMP). The research is intended to advance the generation of custom security patches, with the added benefit of improving the binary analysis tooling required for such cybersecurity research.
GRIMM is part of the AMP Technical Area 3 (TA3) team, which is responsible for developing and providing vulnerability-patching challenges created to test the wares of other contract performers on both TA1 and TA2, which are responsible for taking vulnerability research, patch generation and patch testing to a new level. GRIMM’s role on the team will help validate the cybersecurity elements of the project. In doing so, GRIMM will be providing a heavy-trucking Electronic Control Unit (ECU) simulator, emulating a PowerPC system, while leveraging real-world firmware.
GRIMM’s Principal Security Researcher, Matthew Carpenter, says, “The virtual ECU will allow the performers access to ECUs wherever they are, without needing to manage custom and closed hardware, and will support power systems and networking modules.” This work is based on research and PowerPC emulation GRIMM developed in 2019.
Carpenter also states, “In addition to making software patching more of a reality, this project is advancing the very tools used to identify cybersecurity vulnerabilities, making high-tech bug hunting easier and more powerful.”