| |
Other News:
Download Free Trial of SofCheck Inspector™...
SofCheck Chairman and CTO Tucker Taft presents at Ada Europe 2010: An Introduction to ParaSail:
Parallel Specification and Implementation Language
SofCheck Chairman and CTO Tucker Taft authors "Integrating static analysis with a compiler and database" for Embedded Computing Design
Jack Ganssle of Embedded.com gives CodePeer™ high marks!
CodePeer™, a static analysis tool for GNAT, launched using SofCheck technology
SofCheck Chairman and CTO Tucker Taft presents at SIGAda 2009: The New Semantic Model in ASIS for Ada 2005
SofCheck Chairman and CTO Tucker Taft Is Simple Talks Geek of the Week!
SofCheck Chairman and CTO Tucker Taft presents at Ada UK 2009: Using Static Analysis as part of Code Review
SofCheck Chairman and CTO Tucker Taft presents at Ada Europe 2008:
Automatic Storage Management and Persistence of Complex Data Structures.
SofCheck Chairman and CTO Tucker Taft is interviewed by Techworld about the development and maintenance of Ada
SofCheck Chairman and CTO Tucker Taft presents at Ada UK 2007. Watch the video!
SofCheck has selected DevQuality as their European Sales and integration partner for their SofCheck Inspector&trade Static Analysis tool for Ada and Java
SofCheck Chairman and CTO Tucker Taft speaks at IEEE Homeland Security Conference
SofCheck Chairman and CTO Tucker Taft is keynote speaker at SIGAda 2006 in Albuquerque, NM
SofCheck Inspector™ for Java Ranks High in Fault Detection, Low in False Positives, Says Recent Research Study...
SofCheck Expands International Reach Through Distribution Agreement with Praxis High Integrity Systems...
SofCheck Names Caruso to Advisory Board...
SofCheck Joins Ada Resource Association...
Ada Helps Churn Out Less-Buggy Code...
|
|
BURLINGTON, Mass. (2008)
Systematic Scanning for Malicious Source Code
2008 IEEE Homeland Security Conference
Software and CyberSecurity
For an organization that depends on software for
important parts of its mission, safety and security flaws in such
software are major concerns. Although there is a growing number of
tools that can be helpful in identifying unintentionally inserted safety
or security flaws, the possibility of intentionally inserted "flaws" or
back doors can no longer be ignored.
Fundamentally, an intentionally inserted back door can only be
recognized by the fact that it does more rather than less of what it is
supposed to do. For example, a function that is expected to only
query the balance of a bank account, may also, as a side-effect under
special circumstances that are unlikely to be encountered during
testing, transfer money between accounts. To locate such hidden
side-effects, it requires that the semantics of each function somehow
be extracted from the source code and presented to a reviewer in a
way that allows them to recognize inappropriate actions.
In this paper we describe scanning technology that can
automatically extract the pre- and post-conditions of every function
in the system, including both direct and indirect effects of each
function, and present these to a reviewer in human-comprehensible
terms. For each external entry point into the system, the postconditions
in particular may then be compared against the expected
effects of the function, and where potentially inappropriate sideeffects
are identified, these effects may be traced down through the
program to the point where they occur.
Click here for the full paper
2008 IEEE Homeland Security Conference
For further information, visit
www.sofcheck.com, or contact SofCheck by phone +1 (781) 750-8068, Fax +1 (781)
750-8064 or E-mail info@sofcheck.com.
Media Contact:
Eileen Pacheco
eileen@tango-group.com
+1 (781) 556-1026
|
|
