|
||||||||||
 |
|
Home > Products > NanoDefender Features Benefits Architecture Mocana’s patent-pending new anti-malware product, NanoDefender, is a device-based intrusion detection system that is designed to instantly detect and shut down malware or viruses before they have a chance to spread throughout the network or hijack data -- and it does so while eliminating “false positives.” NanoDefender is the latest addition to the Device Security Framework, Mocana’s top-to-bottom architecture for planning, implementing and managing comprehensive device security across the enterprise. The Mocana NanoDefender Difference Mocana NanoDefender approaches intrusion detection in a completely different way. Unlike anti-malware products currently on the market that rely on attack databases for defense, NanoDefender tracks the function flow within the application. Designed to prevent malicious code execution in the context of an existing application or process, NanoDefender is focused on recognizing previously unknown attacks, especially on handheld and wireless devices. It isn’t an add-on. It’s designed to be integrated into the device or application during the manufacturing process to prevent damage from attacks, known or unknown. How NanoDefender Works In Mocana NanoDefender, every action an application takes is checked against a known “good behavior” model. Mocana NanoDefender maintains a database of behaviors and functions that are deemed “acceptable” for a given application, and if the function or behavior does not match the known “good behavior,” the application is terminated and the security breach is logged. Mocana NanoDefender provides protection to function flow and especially system calls. For example, if an attacker takes advantage of a buffer overflow in glob() in glibc and subsequently attempts to overwrite system configuration files with fwrite(), the attack would be stopped immediately by Mocana because glob() does not call fwrite() in normal operation. NanoDefender is basically a set of tools and code designed to “harden” executable images against arbitrary code execution. When a new application is compiled, NanoDefender performs a static analysis of the code to determine the call flow of the executable. In other words, NanoDefender determines which functions call which functions, and which functions make which system calls. Later, at link time, the executable is instrumented to track function calls. Finally, at runtime, NanoDefender runtime code and the (now specially modified) OS together enforce the proper call flow. NanoDefender™ Features NanoDefender is a comprehensive intrusion prevention that secures all aspects of a device: communications, identity, access, privilege, control and execution. It tracks the function flow within an application instead of relying on an “attack database” for defense. And, better yet, it delivers complete security without time-consuming false positives. Common Code Protection Applications that rely on general-purpose libraries like libc/glibc also inherit any vulnerability that may exist within those libraries. With NanoDefender, these general-purpose libraries can be “hardened” in advance, avoiding difficult and costly post-shipment library swap-outs. Minimal Footprint and CPU Usage NanoDefender delivers minimal impact at runtime with no hindrance to quality of performance. Instead of a large database that requires constant updating, It relies only on a small set of data describing the function flow and system calls within a given application. In an embedded or handheld environment where storage space is at a premium, this is an absolute necessity. Platform Independent Like all of Mocana's device security toolkits, NanoDefender is CPU-architecture and platform independent. Platforms supported include common platforms such as Linux and BSD, as well as real-time operating systems such as VxWorks. Other out-of-the-box supported platforms include Monta Vista Linux, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. NanoDefender™ Benefits Comprehensive Attack Protection Designed to prevent malicious code execution in the context of an existing application or process, NanoDefender can shut down any exploit changing the function flow within running code before it has the chance to do any damage. NanoDefender even provides protection from remote and local stack-based overflows, format string attacks/string exploits, heap overflows, and return-to-libc Integer overflows. No False Positives Because NanoDefender only acts if “disallowed” behavior is detected, false positives are impossible. Using a rules base of acceptable behavior for any applications running on the new device, NanoDefender only terminates an application if begins behaving erratically due to malware or some other security threat. Truly Painless Integration NanoDefender was built for ease-of-use and ease of installation from the ground up. It’s a snap to integrate into applications - just rebuild an application using a Mocana-provided code analyzer and linker. Absolutely no changes to your code are required. Plus Mocana's developer support team is available 24x7 to answer your questions about crypto, our toolkits, or embedded development in general. Architecture  Other Mocana Solutions In addition to NanoDefender, Mocana also provides the following: a secure firmware boot solution (NanoBoot™; NanoCert™ certificate management solution; NanoDTLS™, a fully embedded DTLS client and server; NanoEAP™, a comprehensive EAP solution for devices that includes wireless supplicants; NanoSec™ embeddable IPsec, IKE v1, v2 and MOBIKE solution; NanoRADIUS™ RADIUS client; NanoUpdate™ secure firmware updater; NanoSSH™, our super-fast, super small SSH client and server, and NanoSSL™, our ultra-efficient embedded SSL/TLS client and server. All of Mocana's solutions have an asynchronous core to fully leverage hardware acceleration and multicore environments and are designed with ease of use in mind. All come with Mocana’s comprehensive 24x7 development support and full maintenance.
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sales | Support | Library Info | Contact | Privacy Policy | FAQs | Site Map |
| Copyright © 2008 Mocana Corporation |