Tech Focus Newsletter 7-14-14: Tracking tained software code

As embedded designs become more complex, heterogeneous, and connected, the code they use will require even more attention as to its provenance and whether it is tainted, no matter what its source.

Systems which make use of a combination of components with different sources are at particular risk of the code and security vulnerabilities associated with tainted data. Modern static analysis tools can make it easier to track down eliminate those threats.

This article describes an approach to visualizing large software dependency relationships using scalable and intuitive techniques developed originally for geospatial visualization.

Verifying your application's compiled object code can mean the difference between success and failure, quality and crap. Skipping the step because a standard doesn't require it or it eats into profits is not only shortsighted but no longer valid.

Code problems in distributed systems such as wireless sensor networks cannot be easily located with a debugger. The author explains how to find them by capturing the call stack in real time and using it to stack dump at the point of failure.

A static analysis technique for performing taint analysis on those parts of a program dependent on user input which is then used as a starting point in any bug finding tool.

A hybrid framework which integrates dynamic and static taint analysis to discoversoftware flaws or vulnerabilities.

A C-language based dynamic taint analysis technique to detect the input validation attacks on online web apps by tracking the flow of taint information from untrusted inputs into the parts of the generated output (or commands).

A new form of interactive call graph visualization which rather than leaving developers to manually traverse the call graph, instead allows developers to search along a program's control flow.

A static code analyzer for Java,that uses a a graph-based visualization approach for understanding static dependencies between source code entities.

A stand-alone Codemap prototype for use in the Eclipse IDE which incorporates novelthematic overlays that support the most important development tasks with visual feedback.

A tool set for visual programming analysis that supports static analysis, quality metrics computation, and clone detection, using table lenses, bundled graph layouts, cushion treemaps, and dense pixel charts.