industry news
Subscribe to EE Journal Daily Newsletter
7 + 7 =

Protecting Security-Sensitive Software From Spectre

Protection against Spectre attacks added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors.

Ithaca, NY (USA) — January 11, 2018 – GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, today announced that mitigation against Spectre attacks has been added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors, with support for ARM in development. This service allows legacy applications to be protected from branch target injection attacks without having to recompile the application.

This became an overnight necessity for cybersecurity practitioners that are concerned about Spectre, the recently announced security vulnerability in modern processors that can be leveraged to leak confidential information. The cyber community has been scrambling to make patches available for popular compilers to mitigate the attack. However, recompiling application or system firmware source code is not always an option in IoT, Defense, Consumer, Medical and Industrial systems. This leaves these systems vulnerable to exploits that leak information such as personal data, passwords or other confidential information from otherwise error-free applications.

Through GrammaTech’s Cyber Hardening Services, practitioners can protect critical applications and libraries from Spectre attacks. This service uses binary analysis to determine vulnerable locations in the code, then transforms the original application binary by adding mitigation code to these locations. The mitigation code follows the ‘retpolines’ approach published by Google.

“GrammaTech’s binary transformation technology is a key tool in the protection of today’s modern software systems,” says Alexey Loginov, VP of Research at GrammaTech, Inc. “The fact that applications can be protected without going back to the source code allows security professionals to turn around a fix much sooner. This mitigation for Spectre based on Google’s retpolines approach is one of the capabilities that make up GrammaTech’s Cyber Hardening solution. This technology can also protect against, or monitor for, buffer overruns and many other problems of the Common Weakness Enumeration list.”

Cyber professionals with legacy applications who need to ensure their information remains safe and need a quick turnaround – but are unable to modify source code – can benefit immediately from this technology. To ensure your applications remain safe, contact GrammaTech for more information on Cyber Hardening Services.

About GrammaTech:

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.

Leave a Reply

featured blogs
Jan 16, 2018
The Sunday of IEDM is always two full-day short courses. One is on the future of memory technology, one is on the future of logic technology. This year the logic one was titled Boosting Performance, Ensuring Reliability, Managing Variation in Sub-5nm CMOS . I have to admit I ...
Jan 16, 2018
Samtec will be introducing several new products at DesignCon 2018. All of these products are designed to increase data rates, increase system density, and shrink product footprints, so designers can meet their system signal integrity needs. NovaRay™ High Bandwidth, High ...
Jan 5, 2018
When visitors to CES 2018 want to travel to the Las Vegas Convention Center across town, it will likely be in a fully autonomous vehicle from Lyft getting them there. While this futurist trip will certainly be a first for many riders, this type of point-to-point travel will s...
Jan 10, 2018
Recently, Electronics Products Magazine announced their 42nd Annual Product of the Year award winners, with Cadence Design Systems winning for their Virtuoso® System Design Platform. According to the article, the editors “have chosen [products] they......
Jan 15, 2018
This is the seventh in a series of blog posts showcasing the winning designs from the 27th Annual PCB Technology Leadership Awards. The 1st place winner in the Telecom, Network Controllers & Line Cards  category is Altice Labs, Portugal. This Switching Matrix card is a...