industry news
Subscribe Now

Protecting Security-Sensitive Software From Spectre

Protection against Spectre attacks added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors.

Ithaca, NY (USA) — January 11, 2018 – GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, today announced that mitigation against Spectre attacks has been added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors, with support for ARM in development. This service allows legacy applications to be protected from branch target injection attacks without having to recompile the application.

This became an overnight necessity for cybersecurity practitioners that are concerned about Spectre, the recently announced security vulnerability in modern processors that can be leveraged to leak confidential information. The cyber community has been scrambling to make patches available for popular compilers to mitigate the attack. However, recompiling application or system firmware source code is not always an option in IoT, Defense, Consumer, Medical and Industrial systems. This leaves these systems vulnerable to exploits that leak information such as personal data, passwords or other confidential information from otherwise error-free applications.

Through GrammaTech’s Cyber Hardening Services, practitioners can protect critical applications and libraries from Spectre attacks. This service uses binary analysis to determine vulnerable locations in the code, then transforms the original application binary by adding mitigation code to these locations. The mitigation code follows the ‘retpolines’ approach published by Google.

“GrammaTech’s binary transformation technology is a key tool in the protection of today’s modern software systems,” says Alexey Loginov, VP of Research at GrammaTech, Inc. “The fact that applications can be protected without going back to the source code allows security professionals to turn around a fix much sooner. This mitigation for Spectre based on Google’s retpolines approach is one of the capabilities that make up GrammaTech’s Cyber Hardening solution. This technology can also protect against, or monitor for, buffer overruns and many other problems of the Common Weakness Enumeration list.”

Cyber professionals with legacy applications who need to ensure their information remains safe and need a quick turnaround – but are unable to modify source code – can benefit immediately from this technology. To ensure your applications remain safe, contact GrammaTech for more information on Cyber Hardening Services.

About GrammaTech:

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit or follow us on LinkedIn.

Leave a Reply

featured blogs
Mar 16, 2018
MICRO RUGGED CONNECTORS Most designers think the smaller the connector, the more fragile and delicate it is.  We don'€™t usually think of micro pitch connectors as being rugged, as being able to handle high mating cycles, or as having robust mechanical strength on the PCB,...
Mar 16, 2018
If you want to know why I made the trek from California to Shanghai to attend SEMICON China, it is well summed up in the press release that SEMI put out on opening day: SEMICON China 2018 opens today at SNIEC in Shanghai with a record 70,000 visitors expected with 3,600 booth...
Mar 16, 2018
Executive Insight: Wally Rhines Using thermofluid simulation to optimize liquid cooling of avionics power systems Mentor framework pulls devices into the cloud A Simple Way To Improve Automotive In-System Test The IIoT is Fragmented'€”How Will We Fix It? Executive Insigh...
Mar 5, 2018
Next-generation networking solutions are pushing processing out of the cloud and towards the network'€™s edge. At the same time, processing structures architected around programmable logic provide the ability to make computing much more data-centric. Programmable logic make...