Embedded World, Booth 4-624 — Nuremberg, Germany — GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today introduced the industry’s first visual taint analysis technology. Available in CodeSonar, GrammaTech’s flagship static analysis product, this innovation combines advanced tainted dataflow analyses with GrammaTech’s proprietary visualization engine, to clearly display notoriously hard-to-find tainted data pathways in embedded systems. By accelerating the speed and accuracy of embedded development teams to trace these flows, this technology will help eliminate dangerous vulnerabilities such as buffer overruns that can be exploited by an attacker to inject code.
"Many embedded development teams struggle to reconcile the balance between internally-created code, third-party code, and open-source code – all the while trying to keep pace with the shifting multicore processor landscape and the increasing connectivity of devices," said Chris Rommel, Executive Vice President at VDC Research. "To build secure embedded applications for failure-intolerant devices, development teams need to leverage automated tools that accelerate their ability to stay ahead of the evolving capabilities of malicious hackers."
To showcase the value of visual taint analysis for embedded developers, GrammaTech’s Dr. Paul Anderson has been invited to be a featured speaker at Embedded World on February 27th at 3:30PM CET, based on his paper, 'Taint Analysis for Finding Programming Defects.'
"Tainted data vulnerabilities are notoriously difficult for developers to find because applications often use code from different sources, which creates unexpected attack surfaces that malicious hackers can exploit," said Dr. Paul Anderson, GrammaTech VP of Engineering. "The combination of sophisticated tainted data analysis with GrammaTech’s unique visualization engine greatly simplifies and accelerates developers’ ability to defend embedded systems against the growing threat of software’s most sophisticated security exploits."
GrammaTech’s visual taint analysis tracks potentially hazardous data flows in C/C++ applications that are too complicated for developers to reliably find manually. When identified, CodeSonar records the paths the data can take through the application that can then cause unexpected or insecure program behavior. Unlike other tools that provide simple warnings for tainted values, CodeSonar’s proprietary visualization engine presents vulnerabilities to developers in a more actionable and auditable interface.
By showing the tainted flows in GrammaTech’s visualization tool, and by overlaying taint markers on renderings of source code, developers benefit by being able to see the effect of hazardous inputs on the behavior of their code. To learn more about visual taint analysis, download the white paper Protecting Against Tainted Data in Embedded Apps with Static Analysis.
Designed for zero-tolerance embedded defect environments, CodeSonar analyzes source code as well as binary code to identify serious security and quality liabilities that cause system crashes, memory corruption, leaks, data races, and unexpected vulnerabilities.
GrammaTech tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software.