Compiler Security Optimization | |||||||||||||||||
One of the problems with patching security holes is that the bad guys can compare two recent versions, discover the change and create an exploit (in some cases automatically). If a victim is not using the latest version of the software, then they're toast. Normally, a compiler will optimize a program/library for space or speed. If, however, the optimizer included randomized register assignments, conditional ordering, selection of optimizations, etc.; then new versions would have huge numbers of changes from older ones and analysis of the change would be much more complicated and expensive. With sufficient work, automated comparisons of differently optimized code may be possible, but this is a long way off.
nihil, Apr 18 2008
What do you think of this idea or comment? | |||||||||||||||||
Users who liked this idea also liked: | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
Add your comment
Clever! And just a little such variation would do the job, at least for three years, and give the defense some breathing time.