• About SwRI
  • Facts
  • Conferences & Workshops
  • Exhibits
  • Mission Statement
  • Awards & Honors
  • In the Community
  • Map
  • Annual Report
• Technical Divisions
  • Aerospace Electronics, Systems Engineering & Training
    • Avionics & Support Systems
    • Electronics Integration & Cyber Technology
      • Engineering Services
      • Automatic Test Systems
      • Large-scale Database Development
      • Reliability & Maintainability Improvements
      • Program Development & Operations
    • Aerospace Engineering
      • Systems & Sensors
      • Autonomous Systems & Controls
      • Aerospace Systems Engineering
    • Learning Sciences & Systems
  • Applied Physics
    • Electronics Systems & Robotics
      • Hardware Design & Construction
      • Electronic & Electrical Component Analysis
      • Engineering & Logistics Support
      • Small Robotic Vehicle Evaluation & Applications
      • Electromagnetic Modeling
    • Electromechanical & Optical Systems
      • Packaging & Rapid Prototyping
      • Special Mechanical Systems
      • Microelectromechanical Systems
      • Photonic, Optical & Laser Systems
    • Engineering Applications & Systems Development
      • Advanced Systems Engineering
      • Software Development
      • Advanced Electronics Laboratory
    • Earth Characterization & Geophysical Measurements
  • Applied Power
  • Automation & Data Systems
    • Communications & Embedded Systems
      • Advanced Instrumentation & Telemetry Systems
      • High Reliability Software
      • Security & Energy Systems
      • Tactical Networks & Communications
    • Intelligent Systems
      • Intelligent Vehicle Systems
      • Transportation Systems
      • Decision Support Technologies
    • Manufacturing Systems
      • Process Improvement Engineering
      • Robotics & Automation Engineering
  • Chemistry & Chemical Engineering
    • Microencapsulation & Nanomaterials
      • Microencapsulation
      • Materials & Bioengineering
      • Biochemistry
      • Synthesis & Process Chemistry
      • Chemical Defense
      • Analytical & Regulated Projects
    • Analytical & Environmental Chemistry
      • Bioanalytical Chemistry & Environmental Health
      • Organic
      • Inorganics/Radiochemistry
    • Environmental & Demilitarization Technology
      • Environmental Engineering & Monitoring
      • Demilitarization Laboratory Support
    • Fire Technology
      • Fire Testing Services
      • Material Flammability Testing
      • Engineering & Research Services
      • Listing, Labeling, & Follow-Up Inspection Services
    • Chemical Engineering
      • Process Chemistry Laboratory
      • Chemical & Refining Process Development
      • Fuels & Energy Development
  • Engine, Emissions & Vehicle Research
    • Engine & Vehicle R&D
      • Aftertreatment R&D
      • Diesel Technology
      • Powertrain Controls
      • Advanced Vehicle Technology
      • Advanced Combustion & Emissions
    • Emissions R&D
      • Engine Certification & Emission Development
      • Medium Speed Diesel Engines
      • Light-Duty Vehicle Emissions
      • Emissions Chemistry
      • Particle Science & Technology
    • Design & Development
      • Powertrain Design & Analysis
      • Drivetrain Development
      • PTL
  • Fuels & Lubricants Research
    • Engine Lubricants Research
      • Heavy-Duty Engine Oil Evaluations
      • Passenger Car Engine Oil Evaluations
      • International Lubricant Testing
      • Specialized Lubricant Evaluations
    • Fuels & Driveline Lubricants Research
      • Fleet & Field Evaluations
      • Fuels Performance Evaluations
      • Specialty & Driveline Fluid Evaluations
    • Fuels & Lubricants Technology
      • Fluids Filtration & Handling Research
      • Fuels, Lubricants, & Fluids Applications
      • Filtration & Fine Particle Technology
      • Fuel Systems & Contamination Research
    • Petroleum Products Research
      • Fuel Analysis
      • Fuel Conformance
      • Lubricant Analysis
  • Geosciences & Engineering
    • Center for Nuclear Waste Regulatory Analyses
      • Geochemistry
      • Geology
      • Geophysics
      • Hydrology
      • Mining, Geotechnical, & Facility Engineering
      • Corrosion Science & Process Engineering
      • Risk Assessment
    • Earth, Material & Planetary Sciences
      • Geochemistry
      • Geology
      • Geophysics
      • Hydrology
      • Mining, Geotechnical, & Facility Engineering
      • Corrosion Science & Process Engineering
      • Risk Assessment
    • Rockville Office
  • Mechanical Engineering
    • Engineering Dynamics
      • Computational Mechanics
      • Ballistics & Explosives Engineering
      • Ballistics & Explosives Range
    • Structural Engineering
      • Aerospace Structures
      • Ocean Simulation Lab
      • Marine Structures & Engineering
      • Structural Dynamics & Product Assurance
    • Materials Engineering
      • Mechanics & Materials
      • Surface Engineering & Materials Chemistry
      • Environmental Performance of Materials
      • Materials Science & Failure Analysis
      • Musculoskeletal Biomechanics
    • Fluids & Machinery Engineering
      • Fluid Dynamics & Multiphase Flow
      • Machinery
    • Sensor Systems & Nondestructive Evaluation (NDE) Technology
  • Signal Exploitation & Geolocation
    • SIGINT Solutions
      • Signal Exploitation
      • Systems Engineering
      • Electromagnetic Apertures & Radiolocation
      • Program Management
      • SIGINT Solutions Product Highlights
    • Surveillance & Geolocation
      • Mission Systems
      • Tracking Systems
    • Tactical Products
      • Land & Airborne Systems
      • Maritime Systems
      • Program Management
    • Software Engineering
      • Mission Development & Management
      • Information Exploitation
      • Signal Processing
    • Maryland Operations
  • Space Science & Engineering
    • Space Science
      • Science
      • Instrument Systems
      • Data Analysis & Science Support Software
      • Space Support Systems & Software
      • Power Systems
    • Space Systems
      • Electromechanical Systems
      • Avionics Systems
      • Lighter-than-Air Systems
    • Planetary Science Directorate
• Areas of Technology
  • Search Technologies
  • Patents
  • Software
  • Internal Research & Development
• Doing Business
  • Patents
  • GSA Contract Schedules
  • SeaPort-e
  • TARDEC
  • Consortia
  • Subsidiaries & Joint Ventures
  • Quality Programs
• IR&D
• Newsroom
  • News Releases
  • Videos
  • Media Contacts
  • Technology Today^®
  • Publications
  • Annual Report
• Careers
  • Job Opportunities
  • Diversity
  • SwRI & San Antonio
  • SwRI Sites
• Contact Us
  • Map to SwRI

Compiler-Based Static Analysis Tools
Network & System Security

Compiler-based static analysis tools at SwRI employ a security policy defined by an expert to automatically transform an untrusted application into a security hardened application.

Build-it-right and remediation are two popular approaches to enhance application security. Southwest Research Institute (SwRI) engineers are developing new techniques that fall within these two areas.

Remediation

Together with the Computer Science Department at the University of Texas in Austin, SwRI engineers are researching and developing a compiler infrastructure that uses a complementary combination of static and dynamic dataflow analysis to:

• Detect security vulnerabilities
• Eliminate threats
• Mitigate security

This “remediation” approach is applied at the end of the development cycle, just before deployment.

Compiler-Based Static Analysis Tools

Compiler-based static analysis tools at SwRI employ a security policy defined by an expert to automatically transform an untrusted application into a security hardened application. Many vulnerabilities can be detected and eliminated at compile time through static analysis. For those that cannot be eliminated, special code is inserted into the application to thwart or mitigate an attack at runtime using dynamic dataflow analysis.

Benefits of SwRI's Security Enhanced Application Services

SwRI's system goes beyond conventional static analysis tools and taint tracking systems that detect vulnerabilities at compile time and runtime respectively, by providing many further benefits such as:

• Very low runtime and memory overhead
• Separation of concerns (security policy separate from development)
• Configurable “fight through” capabilities
• Simultaneous hardening for broad range of vulnerabilities

The following are some of the vulnerabilities or services our system can protect against/provide:

• Format string
• Structured query language (SQL) injection and cross-site scripting
• File disclosure
• Role-based access control

Related Terminology

static analysis  •  dynamic dataflow analysis  •  format string  •  SQL injection •  cross-site scripting  •  tamper-proof software  •  code obfuscation  •  data dithering  •  role-based access control