Catalyzr

Catalyzr provides unique features to evaluate and correct a software source code:

  • Quickly assess the code against the most efficient attacks on software code
  • Side-Channel Attacks, Micro-architectural
  • Best attacker model considered (no noise, reproducible, perfect synchronization)
  • Focused only on the relevant functions
  • Evaluate the implementation of countermeasures
  • Have a direct feedback on the vulnerabilities at the code level
  • Integrate it in automated testing framework
  • One tool for all cyber-physical attacks: Timing and Amplitude, Micro-architectural attacks

 

 Secure-IC Evaluate Software evaluation

 

The tool allows going from a Source Code up to:

  • The Leakage Assessment Report with the detail of the detected leakages and their criticality,
  • The Leakage Investigation Report with the modules and lines of code to correct.

 

The Leakage Assessment is done with the state-of-the-art attacks on software implementations. It provides metrics to detect and quantify the leakages and try to exploit it from a hacker standpoint. This is done thanks to a library of advanced processing executed in an automatic and generic workflow.

With the Leakage Investigation, Secure-IC tool brings a huge added value to designers. It helps interpreting the results and understanding what the origin of the leakage is. It provides a full identification of vulnerabilities for an early correction.

SOFTWARE EVALUATION

Exclusive feature: Embedded Software Evaluation

Catalyzr is a software tool that aims at assessing the security of a Software (SW) implementation.
In fact, Catalyzr provides an end-to-end workflow that starts by a design input and ends by a security report generation. The design input is a pure software code that can be written in C or Assembly (ASM).

The tool has several advantages such as:

  • It allows a security checking at different levels of the Software flow with fast correction:
    • Static Analysis: that allows investigating the security leakages at an early stage before code compilation.
    • Dynamic Analysis: that allows assessing the security leakage at the instruction level when the SW code is executed by the processor.
  • It shows an image of the best ever attacker as it allows the analysis in the best environment conditions based on a noise free model. This mode is often called white-box evaluation. Therefore, we bypass the difficulties behind a real analysis like the noise and the desynchronization of the measurements. Moreover, this is significant gain in terms of evaluation cost, due to time acquisition and fabrication process cost.