RE: Preventing exploitation with rebasing

["Jason Coombs" <jasonc () science org>]

We expect software developers to test their products before shipping them,
but we don't require any proof they have done so. If the developer has never
executed each potential path through their code, why should we run it as
field testers when our desire instead is to be customers who rely on
trustworthy products?

As customers we should not pay for products that are being tested on us. We
should pay for products that have already been tested, and we should be
given the results of that testing to use as a tool of security auditing and
threat containment.

A system of forensic profiling for compiled code would enable numerous
countermeasures to the threats that arise today out of the necessity to
leave our microprocessors and OS APIs open to arbitrary utilization. These
resources can and should be closed to the run-time execution of code that
does not have an accompanying forensic profile created by the developer as
they carefully tested each logical path through the authentic compiled
product.

With such a fundamental shift in the way that we receive and use software
from developers, rebasing and other techniques to randomize the run-time
execution environment would be unnecessary because we would have the tools
and the information necessary to reign in our microprocessors and OS APIs.

Arbitrary malicious code can cause a CPU to do math, but it can't cause a
CPU to do harm unless it is able to communicate with or control a willing
victim (such as a device driver).

Jason Coombs
jasonc () science org