BinSide is a static program analysis platform for finding defects in binary code. It is useful when checking programs without source code, such as closed source 3rd party libraries, as well as assisting with required static information to dynamic analysis tools.
Casr creates automatic reports for crashes happened during program testing or deployment. The tool works by analyzing Linux coredump files. The resulting reports contain the crash’s severity and additional data that is helpful for pinpointing the error cause.
Protosphere is a system of deep packet inspection (DPI). It can serve as a part of intrusion and information leak protection systems. Protosphere detects inconsistencies between a protocol specification and the actual traffic. It allows you to add support quickly for new protocols (either open or closed) due to the flexibility of its internal representation.
Svace is an essential tool of the secure software development life cycle, the main static analyzer that is used in Samsung Corp. It detects more than 50 critical error types as well as hundreds of coding issues. Svace supports C, C++, C#, Java, Kotlin, and Go. Svace is included in the Unified Register of Russian Programs (No.4047).
The safe compiler avoids introducing new vulnerabilities in program’s binary code w.r.t. its source code when aggressively optimizing (e.g., when making use of source code constructs exhibiting undefined behavior). The compiler tries to restrict optimizations as little as possible, which allows avoiding the large performance drop compared to the solution with all optimizations turned off.
ISP Crusher is a toolset that combines various dynamic analysis approaches. It includes ISP Fuzzer, a fuzzing tool, and Sydr, an automatic test generation tool for complex programs. In the near future Crusher will also include the BinSide analyzer, another ISP RAS technology. Crusher allows organizing a development process that is fully compliant with GOST R 56939-2016 and other regulatory requirements of FSTEC of Russia.
Obfuscator is a set of technologies to prevent mass exploitation of vulnerabilities resulting from errors or backdoors. In case a hacker has attacked one of the devices that has a certain software installed, the rest will remain protected by changes to the code that the tool made.
ISP RAS Foundation Platform for creating program analysis systems is built on top of open source QEMU emulator. This framework is essential for organizing cross platform development. It supports reverse debugging and introspection features, as well as full system emulation mode for debugging low-level software.
ISP RAS provides cloud infrastructure that supports development lifecycle of Russian Tizen platform. This infrastructure provides tools for community development of the platform components. It enables performing regular automatic builds and testing of Tizen platform images, and helps developers to make adaptations of the OS and build Tizen platform images for new hardware architectures.