Take a look around: software is everywhere, and we trust much of our daily lives to it. Its failure – in particular at the hands of attackers – can be disastrous for our economy, our environment, and our civil rights. Frama-C is a tool that can systematically detect the most serious classes of software vulnerabilities. It was developed by a team of researchers, security specialists, technology providers and integrators as part of the EU-funded STANCE project.
About the Innovator
The List Institute at CEA Tech develops methods and tools for the verification and validation of software-intensive systems. These methods have been used worldwide to successfully address software safety and security challenges previously out of the range of traditional verification techniques. List research teams design and implement automated analysis in order to make software systems more trustworthy, to exhaustively detect their vulnerabilities, to guarantee conformity to their specifications, and accelerate their certification.
What is the innovation
Frama-C is a source code analysis platform that leverages mathematical reasoning techniques to provide bulletproof software guarantees. In the STANCE project the platform was extended to meet new software security challenges. Developments have included a C++ analyser and several original security analysis plug-ins. The new Frama-C toolbox and the new plug-ins have been evaluated, and demonstrated their effectiveness on securing industrial applications that range from avionics to telecommunications. Frama-C page on Facebook.
Out of the lab – Into the Market
We believe all engineers should be able to make their software safe and secure. The Frama-C platform is distributed freely on the internet under an open-source licence. STANCE results naturally follow the same route for the benefit of all users. The List Institute capitalizes on Frama-C through publicly-funded research and developments projects, and industrial development, expertise, and maintenance contracts. An international industrial ecosystem has grown around the platform, including technology and service providers, certification issuers, infrastructure operators, and tool editors.
Benefits of participation in the Framework Programme
The EU-funded STANCE project has contributed to List’s goals by fostering of a very fruitful collaboration between security experts, high-assurance tool providers and applications developers. The later challenged the project with industrial-grade code samples and high-level security properties to focus on. The former provided us with solutions to handle specific security properties and an assessment of Frama-C in the context of security assurance and evaluation.