Catalyzr

The CATALYZR provides unique features to evaluate and correct a software source code:

  • Quickly assess the code against the most efficient attacks on software code
  1. Side-Channel Attacks, Micro-architectural
  2. Best attacker model considered (no noise, reproducible, perfect synchronization)
  3. Focused only on the relevant functions
  • Evaluate the implementation of countermeasures
  • Have a direct feedback on the vulnerabilities at the code level
  • Integrate it in automated testing framework
  • One tool for all cyber-physical attacks: Timing and Amplitude, Micro-architectural attacks

 

 

The tool allows going from a Source Code up to:

  • the Leakage Assessment Report with the detail of the detected leakages and their criticality
  • the Leakage Investigation Report with the modules and lines of code to correct

 

The Leakage Assessment is done with the state-of-the-art attacks on software implementations. It provides metrics to detect and quantify the leakages and try to exploit it from a hacker standpoint. This is done thanks to a library of advanced processing executed in an automatic and generic workflow.

 

With the Leakage Investigation, Secure-IC tool brings a huge added value to designers. It helps interpreting the results and understanding what the origin of the leakage is. It provides a full identification of vulnerabilities for an early correction.

Software Evaluation

Exclusive feature: Embedded Software Evaluation

The CATALYZR is a software tool that aims at assessing the security of a Software (SW) implementation.
In fact, the CATALYZR provides an end-to-end workflow that starts by a design input and ends by a security report generation. The design input is a pure software code that can be written in C or Assembly (ASM).

The tool has several advantages such as:

• It allows a security checking at different levels of the Software flow with fast correction:
a) Static Analysis: that allows investigating the security leakages at an early stage before code compilation.
b) Dynamic Analysis: that allows assessing the security leakage at the instruction level when the SW code is executed by the processor.

• It shows an image of the best ever attacker as it allows the analysis in the best environment conditions based on a noise free model. This mode is often called white-box evaluation. Therefore, we bypass the difficulties behind a real analysis like the noise and the desynchronization of the measurements. Moreover, this is significant gain in term of evaluation cost, due to time acquisition and fabrication process cost.