Tech Focus Newsletter 7-14-14: Tracking tained software code

July 14, 2014

Visualizing, tracking down and dealing with tainted software

As embedded designs become more complex, heterogeneous, and connected, the code they use will require even more attention as to its provenance and whether it is tainted, no matter what its source.

Tracking down the tainted data in your embedded app with static analysis

Systems which make use of a combination of components with different sources are at particular risk of the code and security vulnerabilities associated with tainted data. Modern static analysis tools can make it easier to track down eliminate those threats.

Geospatial visualization helps manage million-line-plus embedded code bases

This article describes an approach to visualizing large software dependency relationships using scalable and intuitive techniques developed originally for geospatial visualization.

Tracing requirements through to object-code verification

Verifying your application's compiled object code can mean the difference between success and failure, quality and crap. Skipping the step because a standard doesn't require it or it eats into profits is not only shortsighted but no longer valid.

How to debug elusive software code problems without a debugger

Code problems in distributed systems such as wireless sensor networks cannot be easily located with a debugger. The author explains how to find them by capturing the call stack in real time and using it to stack dump at the point of failure.

Detecting Software Vulnerabilities with Static Taint Analysis

A static analysis technique for performing taint analysis on those parts of a program dependent on user input which is then used as a starting point in any bug finding tool.

A Hybrid Taint Analysis Framework for Diagnosing Attacks on Binary Programs

A hybrid framework which integrates dynamic and static taint analysis to discoversoftware flaws or vulnerabilities.

Practical Dynamic Taint Analysis for Countering Attacks on Web

A C-language based dynamic taint analysis technique to detect the input validation attacks on online web apps by tracking the flow of taint information from untrusted inputs into the parts of the generated output (or commands).

Visualizing Call Graphs

A new form of interactive call graph visualization which rather than leaving developers to manually traverse the call graph, instead allows developers to search along a program's control flow.

A Tool for Visual Understanding of Source Code Dependencies

A static code analyzer for Java,that uses a a graph-based visualization approach for understanding static dependencies between source code entities.

Embedding Spatial Software Visualization in the IDE

A stand-alone Codemap prototype for use in the Eclipse IDE which incorporates novelthematic overlays that support the most important development tasks with visual feedback.

Software visual analytics for program structure and metrics comprehension

A tool set for visual programming analysis that supports static analysis, quality metrics computation, and clone detection, using table lenses, bundled graph layouts, cushion treemaps, and dense pixel charts.



UBM Tech

This e-mail was sent to EmailAddress

Go to Embedded.com
A UBM TechNewsletter ©2014. All rights reserved.
Privacy Policy I Advertising Information I Unsubscribe
UBM Tech , 303 Second Street, Suite 900 South, San Francisco, CA 94107

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.