AdaCore + Security

Security in software has become a major concern. Every week we hear of hacks, intrusions and completely avoidable bugs being found in critical software systems, from cars to medical devices, cryptographic products, and the growing list of connected devices we use every day. Governments and regulators have come to realize that the current approaches for developing secure software systems are not working and have promised to intervene.

In addition to the obvious dangers and direct costs associated with software security breaches, organizations and developers face additional risks such as loss of reputation, litigation and liability (even at a personal level) and delay and cost in regulatory approval for their products.

Is your development team ready to meet these challenges?

“Security” in software cuts across all industries – not just traditional regulated applications like rail and avionics. Systems must be developed that can operate in a connected and openly malicious environment and, worse, in an environment where the attackers are smarter than you, and have more time and more money than you. Engineering in such an environment requires a world-class combination of people, languages, tools and processes.

A “Zero Tolerance” Approach to Software Development

History shows that a traditional “test and patch” approach is a first step but only a bandaid solution at best. What’s needed is a lean methodology focused on disciplines that aim to prevent all the defects and vulnerabilities. AdaCore technologies, such as SPARK Pro and CodePeer generate verifiable evidence that the job is done right, beyond the usual  “tested it lots”. This approach also reduces risk and cost by reducing dependence on the most expensive activities such as integration test and (ultimately) failure of product in the field.

The Ada programming language has always placed an emphasis on software quality and security by its very design. Our approach takes that further, with the most advanced compilers and verification tools on the market.

Common Weakness Enumeration

“CWE™ is a community-developed list of common software security weaknesses. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.” - mitre.org

Through the Ada language and AdaCore tools, a number of the most dangerous SANS Top 25 CWE can be detected and corrected early in the software development cycle before they become active vulnerabilities.

Proven Solutions for Developing Advanced, Verifiably Secure Software Systems

GNAT Pro

GNAT Pro is far more than just an Ada compiler. It specifically  supports the needs of high-security development. For secure systems, GNAT Pro offers the most advanced support of any development system, including:

  • Runtime type and data validity checking.
  • Configurable runtime library, from “full Ada” to “zero footprint” for ultimate control of your application’s trusted codebase.

SPARK Pro

SPARK 2014 offers the pre-eminent language design and static verification toolset for secure systems. Based on Ada’s strengths, SPARK adds a design discipline and a suite of static verification tools that prevent most security vulnerabilities once and for all. SPARK is designed to offer verification evidence that can be trusted by you, your customer and your regulator. SPARK can guarantee absence of some of the SANS Top 25 CWE (buffer overflows in particular). Messages related to CWE are specially identified for better review. SPARK can also detect all unintended data flows in your program. SPARK has been assessed by the U.S. National Institute for Standards and Technology (NIST) as being more secure than many other commonly used programming languages.

CodePeer

The MITRE Corporation has approved CodePeer as CWE-Compatible in its Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. CodePeer detects a variety of code weaknesses, including several that are among the CWE’s Top 25 Most Dangerous Software Errors.

Customer Projects: Security

  • Smartward

    Hospital Information System Development

    Smartward has adopted the GNAT Pro development environment, along with several complementary tools to implement a state-of-the-art patient care management system. Ada was chosen as the implementation language because of the benefits in reliability, safety, and security.

  • Rockwell Collins

    Cross Domain Guard for Military Tactical Systems

    Rockwell Collins successfully used SPARK Pro and GNAT Pro High-Security in the development of the SecureOne™ Guard, a high assurance cross domain guard for military tactical systems.

  • EADS CASA

    nEUROn Unmanned Aircraft

    EADS CASA is using the GNAT Pro High-Integrity Edition to implement the data exchange and air-to-ground data links systems for the nEUROn Unmanned Combat Air Vehicle (UCAV) demonstrator.

  • Secunet

    Multi-Level Security Workstation

    To develop a robust multi-level security workstation, Secunet Security Networks chose the SPARK Pro development environment. The security station concurrently handles information of different security domains, maintains confidentiality and integrity of all processed data, and enforces Multiple Independent Levels of Security (MILS) on a single hardware platform.

View all customer projects »