Ruhr University Bochum researchers are developing a new method for detecting and fixing vulnerabilities in applications that run on different devices, regardless of the processor used.
The researchers note the software running on a device often remains the manufacturer's corporate secret, so they did not analyze the original source code and instead analyzed the binary code of 0s and 1s, which they can read directly from a device.
However, different devices are equipped with different complexities.
In order to perform processor-independent security analyses, the researchers translated the different binary languages into an intermediate language. This technique enables the researchers to look for security-critical programming errors on the intermediate-language level. The researchers plan to automatically close the gaps they detect.
Although this approach does not yet work for any software, the researchers already have demonstrated the method is sound in principle.
The method is expected to be completely processor-independent by the time the project concludes in 2020.
"Sometimes, it can take a while until security gaps in a device are noticed and fixed by the manufacturers," says Ruhr University Bochum researcher Thorsten Holz.
From Ruhr-University Bochum (Germany)
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found