Catalyzr provides unique features to evaluate and correct a software source code:
- Quickly assess the code against the most efficient attacks on software code
- Side-Channel Attacks, Micro-architectural
- Best attacker model considered (no noise, reproducible, perfect synchronization)
- Focused only on the relevant functions
- Evaluate the implementation of countermeasures
- Have a direct feedback on the vulnerabilities at the code level
- Integrate it in automated testing framework
- One tool for all cyber-physical attacks: Timing and Amplitude, Micro-architectural attacks
The tool allows going from a Source Code up to:
- The Leakage Assessment Report with the detail of the detected leakages and their criticality,
- The Leakage Investigation Report with the modules and lines of code to correct.
The Leakage Assessment is done with the state-of-the-art attacks on software implementations. It provides metrics to detect and quantify the leakages and try to exploit it from a hacker standpoint. This is done thanks to a library of advanced processing executed in an automatic and generic workflow.
With the Leakage Investigation, Secure-IC tool brings a huge added value to designers. It helps interpreting the results and understanding what the origin of the leakage is. It provides a full identification of vulnerabilities for an early correction.
Exclusive feature: Embedded Software Evaluation
Catalyzr is a software tool that aims at assessing the security of a Software (SW) implementation.
In fact, Catalyzr provides an end-to-end workflow that starts by a design input and ends by a security report generation. The design input is a pure software code that can be written in C or Assembly (ASM).
The tool has several advantages such as:
- It allows a security checking at different levels of the Software flow with fast correction:
- Static Analysis: that allows investigating the security leakages at an early stage before code compilation.
- Dynamic Analysis: that allows assessing the security leakage at the instruction level when the SW code is executed by the processor.
- It shows an image of the best ever attacker as it allows the analysis in the best environment conditions based on a noise free model. This mode is often called white-box evaluation. Therefore, we bypass the difficulties behind a real analysis like the noise and the desynchronization of the measurements. Moreover, this is significant gain in terms of evaluation cost, due to time acquisition and fabrication process cost.