Scientists at Yaroslav the Wise Novgorod State University (NovSU), in collaboration with the Institute for System Programming of the Russian Academy of Sciences, have developed a unique tool for identifying potential vulnerabilities in software during its creation. The program, called Natch, tracks dangerous sections of code before attackers can exploit them.
Natch's peculiarity lies in its comprehensive system approach to analysis. The program marks data coming from the outside and tracks its path through all processes and functions of the system in real time. For example, if a text file with a website address is transmitted through several programs and eventually goes online, Natch visualizes the entire chain, allowing developers to immediately see potentially dangerous sections of code.
The analysis results are displayed in a browser through a graphical interface showing function calls, data exchange between processes, and timestamps.
Existing security analysis methods have limitations. Static analysis checks the source code without running the program and does not take into account its real behavior, while dynamic analysis records the execution of functions but does not determine whether they process dangerous external data. Natch combines both approaches, creating a detailed map of potential threats without modifying the source code, which eliminates distortion of the program's operation.