Embedded software security analysis gets visual

March 04, 2014 // By Julien Happich
Brought by GrammaTech, visual taint analysis technology is available in the company’s flagship static analysis product, CodeSonar, combining advanced tainted dataflow analyses with a proprietary visualization engine to clearly display notoriously hard-to-find tainted data pathways in embedded systems.

By accelerating the speed and accuracy of embedded development teams to trace these flows, this technology will help eliminate dangerous vulnerabilities such as buffer overruns that can be exploited by an attacker to inject code, claims the software tool vendor.

“Tainted data vulnerabilities are notoriously difficult for developers to find because applications often use code from different sources, which creates unexpected attack surfaces that malicious hackers can exploit,” explains Dr. Paul Anderson, GrammaTech VP of Engineering in a statement.

GrammaTech’s visual taint analysis tracks potentially hazardous data flows in C/C++ applications that are too complicated for developers to reliably find manually. When identified, CodeSonar records the paths the data can take through the application that can then cause unexpected or insecure program behaviour. Unlike other tools that provide simple warnings for tainted values, CodeSonar’s proprietary visualization engine presents vulnerabilities to developers in a more actionable and auditable interface.

By showing the tainted flows and by overlaying taint markers on renderings of source code, developers can see the effect of hazardous inputs on the behaviour of their code.

 

Check out the company’s whitepaper at http://www.grammatech.com/whitepapers/protecting-against-tainted-data-with-static-analysis.

 

Visit GrammaTech at www.grammatech.com