Menu
The Office of the National Cyber Director (ONCD) issued a report prescribing the use of formal methods to improve risks associated with memory safety in embedded code.
Welcome to the first installment of our three-part blog series, focusing on the critical aspect of memory safety within cybersecurity. Recently, a report titled “Back to the Building Blocks: A Path Toward Secure and Measurable Software” was published by the Office of the National Cyber Director (ONCD) that delves into industry changes needed to reduce memory safety vulnerabilities that have been abused by malicious actors for decades. Here, we will delve deeper into the persistent necessity for memory safety and how TrustInSoft Analyzer emerges as a crucial tool to guard against memory safety vulnerabilities.
The cybersecurity landscape is fraught with various threats, yet memory safety vulnerabilities consistently stand out due to their severity and pervasiveness. In the press release issued by the Whitehouse, Anjana Rajan, Assistant National Cyber Director for Technology Security explained “for thirty-five years, memory safety vulnerabilities have plagued the digital ecosystem, but it doesn’t have to be this way.” We tend to agree at TrustInSoft.
These vulnerabilities occur when there is an incorrect handling of memory operations, leading to unauthorized access or manipulation of memory like we see in buffer overflow attacks as one example. The repercussions can range from unexpected crashes to data breaches, to even complete system compromises.
The report underlines the enduring nature of these vulnerabilities, tracing back to historical cybersecurity incidents such as the Morris Worm and the Heartbleed vulnerability. These incidents underscore the fact that memory safety vulnerabilities have not only been longstanding but also have been at the heart of significant cyber threats. There are many other more recent examples outlined in the Crowdstrike Global Threat Report related to IoT and embedded devices which are increasingly becoming the focus of malicious actors.
Memory safety vulnerabilities are predominantly present in programming languages that are integral to critical systems but lack inherent memory safety features, notably C and C++. The report delineates two primary categories of memory safety vulnerabilities: spatial and temporal. Spatial issues occur when operations access memory regions outside of their intended bounds, while temporal issues happen when operations improperly access memory at incorrect times or states.
The persistence of these vulnerabilities over decades indicates a systemic issue within software development practices, emphasizing the necessity for a paradigm shift towards secure-by-design principles in software creation.
The report strongly advocates for adopting memory-safe programming languages as a proactive measure against memory safety vulnerabilities. This shift aligns with the Cybersecurity and Infrastructure Security Agency’s (CISA) recommendations and represents a foundational step towards developing inherently secure software.
However, the transition to memory-safe languages is fraught with challenges, particularly for legacy systems and specialized embedded systems used by the military defense, automotive, semiconductor and aerospace industries. The constraints and requirements of these systems often necessitate the use of languages like C and C++, which are not inherently memory safe. Rust is one example of a memory safe programming language, however further progress on development toolchains and use case viability is needed.
Transitioning to memory-safe programming languages is crucial but challenging and is going to take time, highlighting the need for transitionary solutions. Even with memory safe programming languages and memory safe chips, the need to test for persistent vulnerabilities at scale is still prevalent. One way to do this is to use formal methods to provide mathematically proven guarantees about your software’s safety and security and significantly reduce software testing efforts and costs.
Exhaustive static analysis represents an advanced alternative to traditional static analysis methods by leveraging mathematical formal methods to ensure code is free from errors and vulnerabilities. This approach was initially tailored for the verification of safety-critical systems, particularly in the aerospace sector, where failures could have dire consequences. It has been refined over two decades and is now recognized under DO-178C for aerospace software certification, broadening its application to cybersecurity and functional safety beyond its original safety-critical scope.
This methodology utilizes various formal methods to conduct a comprehensive analysis, answering specific questions about the code. It is designed to be a holistic solution, choosing and applying the most appropriate formal methods to each unique problem, thereby avoiding the limitations of single-method approaches. This adaptability makes exhaustive static analysis suitable for a range of devices from smartphones to critical medical technologies, providing a robust framework for ensuring software integrity.
Exhaustive static analysis is particularly effective for low-level code used in environments with strict performance and memory constraints, such as aerospace applications. These tools are “sound,” meaning they miss no defects, offering guarantees of bug-free and secure software. Furthermore, they are designed to be user-friendly, integrating seamlessly into existing development processes without disrupting workflow, allowing developers to expand test coverage efficiently. They are also ideal for verifying operating system kernels, ensuring that the foundational software layer of devices is secure and compliant with specifications.
Using formal methods, TrustInSoft Analyzer offers an immediate and effective solution for addressing memory safety vulnerabilities. The solution applies exhaustive static analysis to ensure that C and C++ codebases are devoid of memory safety issues, providing mathematical guarantees of code safety and security.
TrustInSoft Analyzer distinguishes itself by offering exhaustive undefined behavior detection, root cause analysis, and comprehensive test coverage, effectively addressing the key concerns highlighted in the report. By fitting seamlessly into existing development workflows, TrustInSoft Analyzer enables developers to enhance the security of their software without the need for a complete overhaul.
Integrating TrustInSoft Analyzer into software development practices allows organizations to tackle the challenges of verifying and validating increasingly complex software. By identifying and eliminating bugs early in the development phases and ensuring software conforms precisely to its specifications, TrustInSoft helps organizations align with the best practices advocated by the report. By providing mathematical proof of code correctness, TrustInSoft Analyzer aids in reducing the overall cybersecurity risk associated with memory safety vulnerabilities.
For organizations facing the daunting task of transitioning to memory-safe programming languages, TrustInSoft Analyzer serves as an essential tool that bridges the gap. It enables the detection and rectification of memory safety issues within existing codebases, ensuring a higher level of security without the immediate need for language migration.
As we navigate the complex world of cybersecurity, it’s clear that addressing memory safety vulnerabilities is not just a technical necessity but a strategic imperative to address the ever-changing threat landscape. TrustInSoft Analyzer offers a robust solution, providing the assurance needed to combat these evolving threats.
Interested in learning more about how TrustInSoft Analyzer can protect your software from memory safety vulnerabilities? Request a demo today and take a proactive step towards enhancing your software’s security.
Note: This blog is part of a three-part series aimed at addressing the critical aspects of memory safety in software development.
