Embedded Security

polyspace^®产品系列提供静态代码分析solution that addresses cyber security challenges. These challenges are often faced by the software developers and security engineers working on embedded applications. Polyspace products enable engineers to:

• 符合CWE，CERT C和ISO/IEC 17961等安全标准
• 检测各种关键软件缺陷和安全漏洞
• 证明没有某些关键漏洞

符合安全标准

软件编码标准如MISRA played an important role in preventing unreliable programming constructs in software development processes. CERT C, ISO/IEC 17961, and CWE are coding rule guidelines developed specifically to address the growing number of cyber security concerns within embedded systems. Common weakness enumeration (CWE) is an evolving security standard that provides common characterizations of exploitable software constructs that can make your software vulnerable to exploitation. CERT C is a set of secure coding guidelines for software development in C. It was developed by the CERT community, and it has a significant overlap with CWE. ISO/IEC 17961 is the formal ISO standard for secure coding in C.

根据任何这些准则检查代码可以帮助减少软件的攻击表面并防止安全漏洞。在确保其软件符合一个或多个网络安全标准时，这些检查正迅速成为软件供应商的公认（甚至需要）的标准。polyspace bug Finder™帮助您根据上述所有编码指南检查代码，并生成报告以记录合规性。

学习更多关于遵守证书c与多频道静态分析。

Detecting Security Vulnerabilities

开发过程的编码阶段引入了软件中发现的很大一部分缺陷和安全漏洞。Polyspace错误查找器有助于早日找到此类漏洞和缺陷。您可以检测到与静态和动态内存有关的问题，例如缓冲区溢出和使用被交易的指针，也可以检测到诸如种族条件之类的并发违规行为。此外，Polyspace错误查找器可以检查特定的安全检查，例如污染的数据，资源和内存泄漏以及脆弱的编码。您可以在IDE中解决这些问题作为编码过程的一部分。

有关更多信息，请参阅软件漏洞和缺陷结果列表。

证明缺乏关键漏洞

一些最被剥削的漏洞包括缓冲区溢出或非法指针删除。可以利用缓冲区溢出来进行多种攻击，例如堆叠粉碎或代码注入。因此，重要的是要检测这些缺陷的所有实例，而不仅仅是少数。黑客可以进行许多尝试寻找软件漏洞的尝试 - 他们所需要的只是找到一个漏洞，以便对您的应用造成破坏。

Polyspace Code Prover™can identify every such instance and prove that none remain in your software. This is possible due to the detailed run time control and data flow behavior, which can help you make your software modules robust independent of one another.

其他资源