Code Security
We specialize in modern instrumentation tools, especially in LLVM sanitizers (Address Sanitizer, Leak Sanitizer, Memory Sanitizer, Thread Sanitizer), Hardened Allocators and Stack Hardening.
LLVM sanitizers are compiler features that help find common software bugs. The following sanitizers are available:
- TSan: Finds threading bugs,
- MSan: Finds uninitialized memory reads,
- ASan: Finds invalid address usage bugs,
- UBSan: Finds unspecified code semantics in runtime,
- LSan: Finds memory leaks.
We have ported and verified the LLVM sanitizer runtimes to NetBSD/amd64, and where possible to i386 and other CPUs. We have managed to reach almost the full Linux feature-parity, while being better or faster to implement in certain other parts, especially when sanitizing early startup executables with sanitizers. The Linux runtime included this feature after NetBSD, and with inferior feature set as they are unavailable before full system startup (especially before mounting the /proc virtual filesystem).
This is especially important for embedded (IOT in particular) customers with a stripped down basesystem runtime and reduced kernel configuration that needs to fit into thin constrained flash memory.
One of our innovations is the µUBSan library that was placed in the NetBSD source code in a permissively-license and soon later ported to a wide range of other kernels (at least FreeBSD, OpenBSD, Haiku, XNU) and thick embedded runtimes (EFI, bootloaders, custom kernels, etc).
We have also innovated a full-distribution sanitization , a distinct feature of the NetBSD Operating System, unavailable (and sometimes almost impossible) in other popular Operating Systems. This allows execution, stress testing and fuzzing of the basesystem programs worth every piece of the userland instrumented with a selected sanitizer and also opens brilliant chances to develop and audit minimal stripped down environments with sanitizers.
Our customers ask us for security code audits and security hardening.
If you are interested to learn more, contact us.