A cybersecurity approach using systemic functional grammars

Cybersecurity Assessment and Risk Enumeration for Systems (CARES)

CARES helps designers and cyber analysts build cybersecurity into components for Navy systems. CARES uses systemic functional grammars (SFGs), a technique from computational linguistics, to provide an expressive enumeration of the entire attack space. Then CARES automatically generates a quantitative list of security vulnerabilities for the system, along with consistent recommendations for fixing vulnerabilities. These recommendations account for other system and design needs, such as performance and cost.

Fleet Cyber Command Sailors Stand Watch in the Fleet Operations Center
Sailors stand watch at the headquarters of US Fleet Cyber Command/US 10th Fleet. Our CARES approach helps system designers create cybersecurity components for Navy systems. (U.S. Navy photo by Mass Communication Specialist 1st Class Samuel Souvannason)
“During the system design stage, designers and cyber analysts need detailed information to accurately assess and model cybersecurity. However, cybersecurity is typically ‘bolted on’ to deployed systems and rarely built during early design stages. Bolted-on cybersecurity components are costly and often produce conflicting recommendations.”
Brian Gzemski
Software Engineer and Principal Investigator on the CARES effort

Our CARES approach provides risk assessment and cyberattack mitigations for systems early in the design stage. This cost-effective and reliable solution helps designers and cyber analysts better equip Navy systems with cybersecurity before they are deployed.

CARES reflects our commitment to developing novel, intelligent solutions for cyber defense. In addition, under our GearCASE effort, we are using SFGs to automatically generate cybersecurity requirements.

Contact us to learn more about CARES and our other cybersecurity capabilities.

This material is based upon work supported by the Naval Sea Systems Command under Contract No. N6833519C0724. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Naval Sea Systems Command. Statement A: Approved for Release. Distribution is unlimited.

Our passion for science and engineering drives us to find impactful, actionable solutions.