New Tool for Checking Software SecurityCategory: Science & Technology
Posted: August 25, 2014 08:53AM
Some say that information is the most valuable commodity in the world currently, so naturally it has to be protected. This can be challenging though, especially with complex software systems that handle information of multiple safety levels. Researchers at Karlsruhe Institute of Technology have recently created a new tool that checks for possible security leaks, and help keep data safe.
The tool is called JOANA and works by checking the data channels a piece of software will run data through. It will identify channels that are publicly visible and those that are secured, and find where they may cross. As you can guess, secure data is most likely to be exposed at these crosses of secret and public information. There the data can get out by explicit leaks, by implicit leaks that expose patterns in the encryption, and by probabilistic leaks that could allow data to be reconstructed. Even though that last type of leak is particularly hard to identify, JOANA is able to catch it and even has a low false alarm for it.
As it stands now, JOANA is the only software analysis tool for finding all three kinds of security gaps without having a high false alarm rate. Low false alarm rates are very important, as we do not want resources to be wasted hunting a nonexistent issue or for real issues to be erroneously dismissed.