Full Disclosure mailing list archives
A modest proposal
From: Glenn and Mary Everhart <everhart () gce com>
Date: Thu, 19 Jul 2012 21:08:47 -0400
Hello, FD... A thought occurred to me: Why not use the same kind of polymorphism and software metamorphism that is used by malware writers as a protective measure? If you have a piece of code that you don't want malware to be able to inspect, that might perhaps have some "secrets" in it or that you want not to be trivial to have some other code patch, why not arrange for that code to be different in form (but the same in function) with every copy? (For places that insist on code that must be signed, you might need to have only perhaps scores or hundreds of variants, and then make it clear that the "signed code" requirements were making the systems that have them LESS secure than those without. <bwahahaha>. <grin>.) There are many ways to achieve this kind of result. Many would result in somewhat larger executables or the like, or possibly larger data, but some of the methods don't even need access to source code. (I would suspect many systems like this will be clearest to those of us who have worked in assembly languages and the like over the years, but that is a bit beside the point.) If every copy of a program is laid out differently, and data gets moved around also from copy to copy, the job of the attacker would seem to get much harder. Glenn Everhart _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A modest proposal Glenn and Mary Everhart (Jul 19)
- Re: A modest proposal Gage Bystrom (Jul 19)
- Message not available
- Re: A modest proposal Gage Bystrom (Jul 20)
- Message not available
- Re: A modest proposal Gage Bystrom (Jul 19)
- Re: A modest proposal valdis . kletnieks (Jul 19)
- Re: A modest proposal Memory Vandal (Jul 19)
- Re: A modest proposal Thor (Jul 20)
- Re: A modest proposal Christian Sciberras (Jul 20)
- Re: A modest proposal Thor (Jul 20)
- Re: A modest proposal Ben Laurie (Jul 20)
- Re: A modest proposal Bzzz (Jul 20)
- Re: A modest proposal Christian Sciberras (Jul 20)
- Re: A modest proposal valdis . kletnieks (Jul 20)