Message-ID: <5008AF9F.7060303@gce.com>
Date: Thu, 19 Jul 2012 21:08:47 -0400
From: Glenn and Mary Everhart <everhart@....com>
To: full-disclosure@...ts.grok.org.uk
Subject: A modest proposal

Hello, FD...
A thought occurred to me:
Why not use the same kind of polymorphism and software metamorphism that 
is used by malware writers as a protective measure?

If you have a piece of code that you don't want malware to be able to 
inspect, that might perhaps
have some "secrets" in it or that you want not to be trivial to have 
some other code patch,
why not arrange for that code to be different in form (but the same in 
function) with every copy?

(For places that insist on code that must be signed, you might need to 
have only perhaps scores or
hundreds of variants, and then make it clear that the "signed code" 
requirements were making
the systems that have them LESS secure than those without. <bwahahaha>. 
<grin>.)

There are many ways to achieve this kind of result. Many would result in 
somewhat larger
executables or the like, or possibly larger data, but some of the 
methods don't even need access
to source code. (I would suspect many systems like this will be clearest 
to those of us who have
worked in assembly languages and the like over the years, but that is a 
bit beside the point.)

If every copy of a program is laid out differently, and data gets moved 
around also from copy
to copy, the job of the attacker would seem to get much harder.

Glenn Everhart


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists