Protecting Security-Sensitive Software From Spectre

Protection against Spectre attacks added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors

JANUARY 2018

ITHACA, NY.

GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, today announced that mitigation against Spectre attacks has been added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors, with support for ARM in development. This service allows legacy applications to be protected from branch target injection attacks without having to recompile the application. 

This became an overnight necessity for cybersecurity practitioners that are concerned about Spectre, the recently announced security vulnerability in modern processors that can be leveraged to leak confidential information. The cyber community has been scrambling to make patches available for popular compilers to mitigate the attack. However, recompiling application or system firmware source code is not always an option in IoT, Defense, Consumer, Medical and Industrial systems. This leaves these systems vulnerable to exploits that leak information such as personal data, passwords or other confidential information from otherwise error-free applications.

Through GrammaTech’s Cyber Hardening Services, practitioners can protect critical applications and libraries from Spectre attacks. This service uses binary analysis to determine vulnerable locations in the code, then transforms the original application binary by adding mitigation code to these locations. The mitigation code follows the ‘retpolines’ approach published by Google.

“GrammaTech’s binary transformation technology is a key tool in the protection of today’s modern software systems,” says Alexey Loginov, VP of Research at GrammaTech, Inc. “The fact that applications can be protected without going back to the source code allows security professionals to turn around a fix much sooner. This mitigation for Spectre based on Google’s retpolines approach is one of the capabilities that make up GrammaTech’s Cyber Hardening solution. This technology can also protect against, or monitor for, buffer overruns and many other problems of the Common Weakness Enumeration list.”

Cyber professionals with legacy applications who need to ensure their information remains safe and need a quick turnaround – but are unable to modify source code – can benefit immediately from this technology. To ensure your applications remain safe, contact GrammaTech for more information on Cyber Hardening Services.

About GrammaTech

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.