15 June 2016
GrammaTech CodeSonar®: Cyber-Security with Visual Taint AnalysisThe increasing number of networked components in embedded systems creates larger attack surfaces that allow hackers to target software.
As a result embedded programmers need to defend their software against highly advanced malicious attacks by adopting a full-spectrum approach to securing the application. This requires a test of the source code with static analysis, an execution of the application with dynamic analysis, and open-source and third-party components and libraries with binary analysis.
Understanding your Attack Surface with Visual Taint Analysis
CodeSonar implements an analysis that tracks potentially hazardous data flows in code. The results of this "taint" analysis are shown as an overlay directly on the code or superimposed on a high-level graphical visualization of the program architecture. Hereby engineers can see notoriously hard-to-find tainted data pathways.
This technology helps to find dangerous vulnerabilities, including buffer over/underrun, integer overflow of allocation size, command injections and SQL injections that an attacker could exploit. CodeSonar manage this by accelerating the speed and accuracy of pinpointing these flows.
Benefits of GrammaTech's embedded software security analyses:
- Comprehensive Application Security
The embedded application technology of CodeSonar combines cutting edge cyber-security capabilities for static analysis in a single interface that delivers unmatched breadth and depth of software security.
- Protection Against Code Injections
The industry-leading tainted data analysis makes it possible to efficiently find and eliminate dangerous information flows in the code.
- Defense Against Compromised 3rd Party Components
Embedded systems increasingly become a collection of network components. This leads to an alarming rate of compromised program components you aren´t responsible for. CodeSonar provides a definitive, auditable, and objective security analysis outside any broader system it may become part of.
- Reputation Defense
Improving the security of your software protects the reputation of your organization. To protect data and also their reputation most sophisticated U.S. Government agencies rely on CodeSonar and other GrammaTech technologies.
CodeSonar 4 for Embedded Systems
CodeSonar for C/C++ (PDF, 1.5 MB)
CodeSonar for Java (PDF, 1.1 MB)
Automate the Verification of Your Code
CodeSonar for Java
Compliant to standards
CWE- and BSI-regulations
"Power of Ten" and JPL-regulations
How Static Code Analysis works