+49 8122 559170

An Ounce of Prevention

Agentur Lorenzoni Latest articles Details

Published by by Beate Lorenzoni

Software hardening for securing IoT devices

GrammaTech's hardening tools static rewrite binaries into more robust and secure applications.

Every IoT and embedded device manufacturer endeavors to field secure and safe products. However, even with the robust development processes, it's difficult to ensure complete security in finished products more so in legacy products. As the ever-expanding IoT marketplace puts a bigger emphasis on embedded device security, better techniques are required to improve security. GrammaTech's software hardening techniques complement our static analysis know-how to greatly improve the current and future robustness of embedded software. 

Binary Analysis and Static Rewriting

Analyzing application binaries allows GrammaTech's rewriting tools to discover the use of potentially problematic code patterns, libraries, or OS functions. The rewritten binaries have wrappers around such code to prevent erroneous behavior. For example, function call stack usage can be instrumented to prevent stack overflow and subsequent code injection. Another example would be preventing calls to known problematic library functions like strcpy() from causing buffer overflow errors.

Rewriting a binary executable into a robust hardened version provides quality and security assurance for any version of the application -- current and future versions are protected.

Confinement and Diversification: Binary Rewriting Techniques

The goal of confinement is to prevent undetected vulnerabilities from causing a failure in an executing application. Techniques to detect and prevent certain specific classes of vulnerabilities already exist to some extent, but often lead to a program failure state -- which, in turn, leads to a denial of service. Although an attack might be prevented, these consequences are unacceptable in critical systems. GrammaTech has been researching sophisticated confinement techniques that allow applications to detect the same kinds of attacks, but continue operation (while still containing the vulnerability). Combining binary analysis to detect the potential vulnerability with static rewriting to confine the exploit, it's possible to greatly reduce and even eliminate the impact.

Diversification techniques are used to alter the default code and memory layout to prevent potential exploits. By rearranging the subroutine calling sequence, stack, heap, and global data layout, it's possible to prevent vulnerabilities from being exploited. Stack overflow errors that lead to code injection exploits, for example, can be thwarted with these techniques. 

Protection Now and in the Future

Binary analysis and rewriting by nature doesn't require source and is version-independent. As such, IoT device manufacturers can use GrammaTech’s hardening techniques on every release of their applications, making software hardening a standard procedure in the software release process. In doing so, organizations can assure better robustness and security for even minor upgrades, without huge re-testing costs.

About GrammaTech, Inc.

About GrammaTech

GrammaTech tools are used by software developers worldwide, spanning a myriad of industries including avionics, automotive, government, medical, and other applications where reliability, safety, and security are paramount. Born from research carried out at Cornell University, GrammaTech continues to advance the science of software assurance, software hardening, and autonomic computing, providing techniques and technology for software teams to produce safer and more resilient software. More information about GrammaTech can be found here.

Go back

About us

Mutual trust is everything – which is why we maintain open, honest and cooperative partnerships. We look at things from the client's perspective. This allows us to speak credibly and competently on our clients’ behalf and to provide the best possible support. We also relish the challenge of developing integrated communication concepts and drive issues forward.

Contact

PR Ageny Lorenzoni GmbH
Landshuter Str. 29
85435 Erding
Germany
 
Ph: +49 8122 55917-0
Fax: +49 8122 55917-29
eMail: pr@lorenzoni.de

Latest article

Parasoft presentation on Functional Safety & Compliance

Parasoft presentation about accelerating compliance with sophisticated workflow management and the support of dedicated reporting. This presentation uses MISRA and CERT as examples, but this process can be applied to any coding standard.

Read more …