Case Studies

All Categories

Secure Code Review in LabVIEW

Posted in Energy and Utilities, LabVIEW, Test & Measurement Automation

Summary

DMC provided a third-party review of our client’s LabVIEW application code to verify that it met source code security standards for their industry. This audit provided the client and their end customer with necessary feedback to ensure the application did not contain malicious code and could not be easily manipulated to change its behavior.

Solution

An electrical corporation hired DMC to be their third-party cybersecurity code reviewer. DMC provided the necessary checks of all source code for their LabVIEW application to ensure that the code met a high standard for quality and integrity.

DMC used a combination of manual inspection, LabVIEW VI Scripting, and VI Analyzer to inspect and flag each VI. For example, VI Scripting identified all password-protected VIs. This ensured that a malicious actor did not conceal insecure code in the client’s project. Custom VI Scripts were also written to identify the use of system calls and external libraries, in order to ensure that the application was not accessing other code on the system at runtime.

LabVIEW VI Analyzer is a LabVIEW software add-on that performs static analysis and can be customized for automated code review. LabVIEW VI Analyzer runs diagnostics checking for violations of LabVIEW code best practices. Violations of best practices can conceal insecure LabVIEW code since its graphical nature allows code to be visually obscured or otherwise hidden. Once the LabVIEW VI Analyzer identifies suspicious code, manual inspection can be used to thoroughly investigate.

DMC’s own LabVIEW code also leverages VI Analyzer to provide quality feedback. This enforces our in-house coding style and best practices, ensuring that subsequent in-person code reviews are efficient and targeted toward application-specific requirements.

LabVIEW CLADMC was a good fit for this project because of the number of Certified LabVIEW Architects we have on staff. Although all code was developed by the client, the expertise of our CLAs provided an in-depth understanding of LabVIEW software architecture, the LabVIEW runtime, VI Scripting, VI Analyzer, best practices, and potential vulnerabilities.

DMC also provided extensive documentation capturing the results of the code review. This included screenshots, descriptions of potential vulnerabilities, and mitigation paths. The documentation provided actionable information for improving the reviewed software as well as any future code.

Learn more about DMC's LabVIEW Programming Expertise and our partnership with NI

Customer Benefits

  • Access to a full team of LabVIEW experts
  • Thorough documentation that can be used to improve the given code as well as future projects
  • Quick turnaround to meet the client’s tight timeline

Technologies

  • LabVIEW VI Scripting
  • LabVIEW VI Analyzer