by Fabien Chouteau – Mar 28, 2023

The End of Binary Protocol Parser Vulnerabilities

This week we announced a new tool called RecordFlux. The goal of RecordFlux is to address one of the most critical parts of the software stack in terms of security, binary protocol parsers/serializers.From a protocol specification written in the RecordFlux Domain Specific Language (DSL), the tool can generate provable SPARK code. This means memory safety (no buffer overruns), absence of integer overflow errors, and even proof of functional properties. In this blog post I will try to explain how this is a game changer for cybersecurity.

by Maxim Reznik – Mar 23, 2023

Introduction to VSS library

The VSS (as an abbreviation for Virtual String Subsystem) library is designed to provide advanced string and text processing capabilities. It offers a convenient and robust API that allows developers to work with Unicode text, regardless of its internal representation. In this article, we will introduce you to the library and explain its purpose, highlighting its usefulness for developers working in this area.

#Unicode #strings #Libraries #vss

by Paul Butcher – Mar 07, 2023

Automated Assurance through Differential Fuzzing

This blog describes the concept and benefits of differential fuzz testing. In addition, the post describes setting up, executing and analyzing the results of a differential fuzzing campaign for the Libkeccak and XKCP cryptographic libraries.

#Fuzzing #SPARK #Testing #Security

by Daniel King – Nov 04, 2022Guest Author

Avoiding Vulnerabilities in Crypto Code with SPARK

Writing secure software in C is hard. It takes just one missed edge case to lead to a serious security vulnerability, and finding such edge cases is difficult. This blog post discusses a recent vulnerability in a popular SHA-3 library and how the same problems were avoided in my own SHA-3 library written in SPARK.

#Security #SPARK #Cryptography #Formal Verification

by Johannes Kliemann – Oct 25, 2022

Adding Ada to Rust

While implementing application logic in Ada or SPARK is an improvement over a pure C project, its weakest link is still the C code in the SDK. On the other hand, there are many libraries, board support packages, and SDKs written in Rust, easily usable with Cargo. So instead of building the Ada application on top of a C base, one could use a Rust base instead to combine the large catalog of ready-to-use software with Rust's safety features, providing a much more solid base for an Ada project.

by Yannick Moy – Oct 12, 2022

When Formal Verification with SPARK is the Strongest Link

Security is only as strong as its strongest link. That's important to keep in mind for software security, with its long chain of links, from design to development to deployment. Last year, members of NVIDIA's Offensive Security Research team (aka "red team") presented at DEF CON 29 their results on the evaluation of the security of a firmware written in SPARK and running on RISC-V. The ended up not finding vulnerabilities in the code, but in the RISC-V ISA instead. This year, the same team presented at DEF CON 30 a retrospective on the security evaluation of 17 high-impact projects since 2020. TL;DR: using SPARK makes a big difference for security, compared to using C/C++.

#Security #SPARK #Formal Verification

by Paul Butcher – Sep 02, 2022

Fuzzing Out Bugs in Safety-Critical Embedded Software

Fuzzing Out Bugs in Safety-Critical Embedded Software: Paul Butcher from AdaCore talks to Brandon Lewis from Embedded Toolbox

#Security #Fuzzing #Ada

by Fabien Chouteau – Aug 25, 2022

Embedded Ada/SPARK, There's a Shortcut

For years in this blog my colleagues and I have published examples, demos, and how-to’s on Ada/SPARK embedded (as in bare-metal) development. Most of the time, if not always, we focused on one way of doing things: to start from scratch and write everything in Ada/SPARK, from the low level drivers to the application. While this way of doing Ada/SPARK embedded will yield the best results in terms of software quality, it might not be the most efficient in all cases. In this blog post I want to present an alternative method to introduce Ada/SPARK into your embedded development projects.

#Embedded

by Quentin Ochem – Jul 26, 2022

Announcing Publication of the Draft Ferrocene Language Specification

We are pleased to announce the publication of the initial draft of the Ferrocene Language Specification (FLS) - a qualification-oriented document that details the Rust language as it specifically relates to Ferrocene.

#rustlang #softwaresecurity

by Yannick Moy , Lionel Matias – Jun 23, 2022

I can’t believe that I can prove that it can sort

When an enthusiastic Ada programmer and a SPARK expert pair up to prove the most "stupid" sorting algorithm, lessons are learned! Join us in this eye-opening journey.

#SPARK #Proof #Algorithms

by Paul Jarrett – Mar 17, 2022Guest Author

Ada Crate of the Year: Interactive code search

A retrospective on learning Ada and developing a tool with it in 2021 from 2021 Ada Crate of the Year Winner Paul Jarrett.

#Ada #Alire #Crate

by Fabien Chouteau , Joffrey Huguet – Mar 10, 2022

Quite Proved Image Format

A few weeks ago a piece of code went viral in the online dev community. The “Quite OK Image Format” (QOI) is a fast, lossless image compression designed to have a very simple implementation (about 300 lines of C). Shortly, a few alternative implementations popped up here and there, and in this kind of situation we are eager to show what Ada/SPARK can bring to the table.

by Fabien Chouteau – Mar 08, 2022

Ada GameDev Part 2: Making 2D maps with Tiled

In this second post of the Ada GameDev series we will see how to create game maps and export them to a format that is compatible with the GESTE library.

#Embedded #GameDev

by Manuel Hatzl (B&R) – Mar 02, 2022Guest Author

SPARK Crate of the Year: Unbounded containers in SPARK

Manuel Hatzl is the winner of the 2021 SPARK Crate of the year! In this blog post he shares his experience using Ada/SPARK and how he created the spark_unbound library

#SPARK #Unbound #Data Structures

by Fabien Chouteau – Feb 28, 2022

Ada GameDev Part 1: GEneric Sprite and Tile Engine (GESTE)

In this first entry of the series, I want to present my GEneric Sprite and Tile Engine (GESTE) project. The goal of GESTE is to bring the rendering and anesthetic of 8bit era game consoles to modern microcontrollers.

#Embedded #GameDev

by Yannick Moy , Claire Dross – Feb 10, 2022

Proving the Correctness of GNAT Light Runtime Library

The GNAT light runtime library is a version of the runtime library targeted at embedded platforms and certification, which has been certified for use at the highest levels of criticality in several industrial domains. It contains around 180 units focused mostly on I/O, numerics, text manipulation, memory operations. We have used SPARK to prove the correctness of 40 of them: that the code is free of runtime errors, and that it satisfies its functional specifications.

#SPARK #Runtime #Proof

by Yannick Moy – Dec 15, 2021

SPARKNaCl - Two Years of Optimizing Crypto Code in SPARK (and counting)

SPARKNaCl is a SPARK version of the TweetNaCl cryptographic library, developed by formal methods and security expert Rod Chapman. For two years now, Rod has been developing and optimizing this open-source cryptographic library while preserving the automatic type-safety proof across code changes and tool updates. He has recently given a talk about this experience that I highly recommend.

#SPARK #Cryptography #Formal Verification

by Paul Butcher – Dec 06, 2021

Fuzz Testing in International Aerospace Guidelines

Through the HICLASS UK research group, AdaCore has been developing security-focused software development tools that are aligned with the objectives stated within the avionics security standards. In addition, they have been developing further guidelines that describe how vulnerability identification and security assurance activities can be described within a Plan for Security Aspects of Certification.

#Fuzzing #Cyber Security #Civil Avionics #DO-356A #ED-203A

by Fabien Chouteau – Oct 18, 2021

Starting micro-controller Ada drivers in the Alire ecosystem

A few days ago, someone asked on the Ada Drivers Library repository how to add support for the SAMD21 micro-controller. Nowadays, I would rather recommend people to contribute this kind of micro-controller support project to the Alire ecosystem. I started to write a few instructions on how to get started, but it quickly became a blog-worthy piece of text.

by Yannick Moy – Oct 12, 2021

Enhancing the Security of a TCP Stack with SPARK

The developers of CycloneTCP library at Oryx Embedded partnered with AdaCore to replace the TCP part of the C codebase by SPARK code, and used the SPARK tools to prove both that the code is not vulnerable to the usual runtime errors (like buffer overflow) and that it correctly implements the TCP automaton specified in RFC 793. As part of this work, we found two subtle bugs related to memory management and concurrency. This work has been accepted for publication at the upcoming IEEE SecDev 2021 conference.

#SPARK #Security #Formal Verification

« Previous Page Next Page »

AdaCore Blog

An Insight Into the AdaCore Ecosystem