TrustInSoft technology meets NIST high assurance standards
March 18, 2014
National Institute of Standards and Technology launches SATE.
How is it possible to protect smartphones, information systems, and computers from cyber threats? How is it possible to develop high-quality software able to resist common cyber threats? To answer these questions, the National Institute of Standards and Technology (NIST) launched the Static Analysis Tool Exposition (SATE). This exposition is designed to compare static analysis tools that find security-relevant defects in source code. This year, for the first time, the NIST introduced the SATE V Ockham Sound Analysis Criteria.
How is it possible to develop high-quality software able to resist common cyber threats?
These criteria are meant to rule out tools that report even a single incorrect finding. TrustInSoft technology was the only one to attempt to meet Ockham criteria requirements running on the Juliet 1.2 test suite from NIST. Moreover, TrustInSoft technology succeeded in satisfying the Ockham criteria for all five of NIST’s classes of weaknesses.
Technology behind the success
In the last 10 years, TrustInSoft Technology was designed by CEA LIST and INRIA using funding from aeronautics and nuclear industries. The technology allows for comprehensive mathematical security guarantees on real software implementations.
Now, TrustInSoft brings the reliability of critical systems software to the IT industry
TrustInSoft technology is able to achieve this level of quality because it relies on advanced collaboration mechanisms between formal methods. Collaboration between these state-of-the-art algorithms creates a new dimension in formal methods.
Now, TrustInSoft brings the reliability of critical systems software to the IT industry. For instance, several open-source modules have been validated thanks to TrustInSoft technology and are now immune to common cyber threats.
So, what will change?
Collaborative formal methods are now able to ensure the immunity of widely used pieces of software against the most common threats. This means that any organization in charge of designing or integrating software must deploy such state-of-the-art static analysis methods. This habit will significantly reduce the impact of cyber threats.