GrammaTech announces binary analysis support for ARM
GrammaTech announced expansion of CodeSonar’s static analysis engine to include binary analysis for ARM, the dominant processor of the Internet of Things. CodeSonar is the only commercially-available static analysis tool on the market to provide binary analysis, allowing engineering teams to analyze application software, middleware, and firmware.
Today’s systems are at significant risk without knowing exactly what defects and vulnerabilities may lie within operating systems, drivers, middleware, or supplier applications. CodeSonar’s binary analysis allows you to analyze your x86 or ARM system via binary-only or mixed-mode analysis, identifying both source and binary defects hazardous to your device.
CodeSonar’s analysis tracks potentially hazardous input data, to further mitigate risks from third-party and open-source code. With binary analysis, CodeSonar can identify potential exploitable data flows within an application, or between the application and libraries and drivers — so you can track potentially tainted inputs not just throughout your own code but also into or out from something you’re not writing but is critical to your potential functional flow (such as the many users of openssl discovered when the Heartbleed vulnerability was brought to light). Results of this analysis can be superimposed on a high-level graphical visualization of the architecture of the whole system, to allow engineers to see those notoriously hard-to-find tainted data pathways.
By analyzing the machine code, teams can find anomalies that may not exist in source, created by unexpected build optimizations or through backdoors created by the build tool chain.