Fraunhofer Institute Spinoff Company Develops Platform for Cloud Security and Machine Programming

June 09, 2021 by Alessandro Mascellino

The spinoff company, CodeShield, has developed a new system that can automatically detect and fix security vulnerabilities in cloud applications.

Named after the company that created this cloud program, the new Codeshield tool is based on a fingerprinting method. It can recognize insecure code immediately after it is integrated into an application. The start-up is funded by the BMBF's StartUpSecure program and the European START-UP transfer.NRW program.


CodeShield: A Fraunhofer Institute Spin-off

CodeShield is a spin-off of the Germany-based Fraunhofer Institute for Mechatronic Systems Design (IEM). The start-up was established by Professor Eric Bodden, a scientist from Fraunhofer IEM, in 2020 and his colleagues from the Heinz Nixdorf Institute at Paderborn University.


The CodeShield dashboard. Image used courtesy of CodeShield


CodeShield was co-founded by Manuel Benz, Andreas Dann, and Dr. Johannes Späth, with the company now reportedly counting nine employees. A year after its creation, they released the first version of its CodeShield platform, designed to offer automated security features for cloud services or programming applications.

"Often, we see insecure web interfaces, incorrectly configured interfaces, or vulnerable access protocols that are open to exploitation by cybercriminals," Bodden explained. "This can result in the loss of sensitive data, to name one example."

According to the CodeShield co-founder, hacker attacks can target companies' publicly writable buckets, a type of cloud container that store data in the form of objects. 


From the left: Dr. Johannes Späth, Prof. Dr. Eric Bodden, Manuel Benz, Andreas Dann. Image used courtesy of CodeShield


Boden also noted that these cyberattacks could be possible if the bucket is not "read-only," which can be accessed by the public. This can happen because these interfaces, or modular toolboxes, are not particularly easy to use. 

"Although they enable programmers to develop new applications within a short space of time, private data can end up being published inadvertently if the interfaces are configured incorrectly."

By exploiting these vulnerabilities, they can result in data leaks and substantial financial losses for companies.


Automating Vulnerabilities' Detection

To tackle these issues, CodeShield designed a platform that automatically uncovers security vulnerabilities in cloud-native applications. The platform discovers these vulnerabilities in real-time using automated technology and presents the entire cloud infrastructure in diagrams, allowing programmers to identify weaknesses quickly.


CodeShield can create dynamic tables to illustrate the type and impact of vulnerabilities. Image used courtesy of CodeShield


When applied to industrial systems, CodeShield could potentially detect several vulnerabilities before they are exploited, particularly concerning remotely-operated autonomous systems.


The Fingerprinting Method

To spot vulnerabilities, the software utilized a method called fingerprinting. This involves downloading open-source components from the cloud and calculating a fingerprint for each of them. The fingerprint is then utilized to identify any changes or insecure processes during the applications' integration phase with a reported false positive rate below five percent.

"Many IT security tools deliver false positives of between 70 and 80 percent, which is a huge problem for developers," Bodden said. 

Automated vulnerability detection is not new in cloud or industrial automation applications, as shown by the latest security framework recently released by Cisco's subsidiary AppDynamics. However, utilizing a fingerprinting method to detect vulnerabilities automatically is a relatively unexplored field. That's why CodeShield started developing this technology. Codeshielf offers a free trial for those interested in testing out this cloud software.