WhyNot?

Compiler Security Optimization

Category: Software
Responses: 4 (4 in support, 0 neutral, 0 in opposition)
Number of views: 847
Tracking: Track this idea
Community Rating:Average AverageYour Rating:

One of the problems with patching security holes is that the bad guys can compare two recent versions, discover the change and create an exploit (in some cases automatically). If a victim is not using the latest version of the software, then they're toast.

Normally, a compiler will optimize a program/library for space or speed. If, however, the optimizer included randomized register assignments, conditional ordering, selection of optimizations, etc.; then new versions would have huge numbers of changes from older ones and analysis of the change would be much more complicated and expensive.

With sufficient work, automated comparisons of differently optimized code may be possible, but this is a long way off.

nihil, Apr 18 2008

What do you think of this idea or comment?
(You can change your vote at any time)

agree I agree no opinion No opinion disagree I disagree

Users who liked this idea also liked:

Better Brake Light (441 votes) Very strong
Ending the war on drugs (245 votes) Very strong
Aerial pictures in flight (216 votes) Very strong
GPS and Digital Photos (172 votes) Very strong
Elevator DeSelect (160 votes) Very strong
This concept is great! (141 votes) Very strong
like IMDB but for government (108 votes) Very strong
Movie Theater Membership (20 votes) Very strong
worst rated ideas (69 votes) Very strong
Automatic off for turn signals (36 votes) Very strong

Other ideas in category (Software):

Invention Management Software (3 votes) Average
Auto crash folder (1 votes) Average
Attachment Notation (137 votes) Very strong
Fight Recognition Software (3 votes) Average
Economics Simulation (9 votes) Strong
Make Photo Slideshow yourself (2 votes) Average
mute a web page (10 votes) Strong
Studying leaf patterns (3 votes) Average
Encryption (3 votes) Weak
Searching for images (6 votes) Average
Compiler Security Optimization (4 votes) Average
Vector Datatype (3 votes) Weak
LIP-C (1 votes) Average
Spell checker collector (2 votes) Average
Cascading search (3 votes) Average
Software Formula for 2000 Years (3 votes) Weak
Triangular Pixels (4 votes) Average
Forwarding sent email message (5 votes) Average
Organise the Start menu (6 votes) Average
Simple Shared Key Setup (1 votes) Average
DDR-style piano software (4 votes) Average
root means suid (2 votes) Average
Scorchware (2 votes) Average
Six Degrees of Computation (2 votes) Average
X-drive ==> 2 physical drives (3 votes) Average
Fast parallel secure hashing (1 votes) Average
Standardized EULA (2 votes) Average
Description field for email (3 votes) Average
Honeypot feedback/automation (1 votes) Average
Audio bass and treble (3 votes) Average
Extension that highlights tags (1 votes) Average
Upper-lower case (2 votes) Average
New image file format (2 votes) Average
dual scroll bars (6 votes) Average
Tabbed Working (3 votes) Average
Temporary file highlight (5 votes) Strong
Better Search Engine Links (2 votes) Average
Smarter Programming (5 votes) Strong
Linux Distro for Business (2 votes) Average
File multiple rev eliminator (3 votes) Average
Mech. Design Software (2 votes) Average
Checking email addresses (3 votes) Average
Why Powerpoint? Be nonlinear (6 votes) Strong
Chat with iTunes Listeners (3 votes) Average
Ebay database (2 votes) Average
Encrypts the whole OS (2 votes) Average
Wind offset for car (3 votes) Weak
Collaborative License Rating (4 votes) Average
Multiscopic image modeler (2 votes) Average
Simple fix for posting here (1 votes) Average
Torrent-based podcasting (2 votes) Average
Browser Preloads Next Page (4 votes) Average
Officepets (3 votes) Average
Salty encryption (1 votes) Average
Self Authentication & Decryptn (1 votes) Average
Ductile disk encryption (2 votes) Average
Printing Cost per Page (2 votes) Average
Community Font Classification (1 votes) Average
Ubiquitous virtual honeypots (7 votes) Strong
MS Outlook spouses (1 votes) Average
MS Outlook Contacts updates (1 votes) Average
One card for the wallet (12 votes) Strong
Camera as A4 Scanner (6 votes) Strong
Ogg/PCM (3 votes) Average
Keyboard equivalents (1 votes) Average
OS for visually impaired (4 votes) Average
Window Size Limiter (1 votes) Average
Print Police (1 votes) Average
MS Outlook Highlighter (1 votes) Average
Eye-Tracking Video Drivers (2 votes) Average
Linipedea (3 votes) Weak
MS Word Bookmarks & Summaries (3 votes) Average
anti-virus T-cells (2 votes) Average
savable scroll bars (2 votes) Average
save changes dialog options (3 votes) Average
Viral Marketing in Open Source (7 votes) Weak
Microsoft CD Bug Fixes (4 votes) Average
Virtual Scanner Software (5 votes) Average
Better Shrink Wrapped License (3 votes) Average
Bayesian learning for (4 votes) Average
enclosures (2 votes) Average
Chat Prog & Problem Solving (2 votes) Average
Comments from other members:

Add your comment

Clever! And just a little such variation would do the job, at least for three years, and give the defense some breathing time.

Roger Knights, Jun 24 2008

You have stumbled upon an area of much research in the field of reversing. Generally speaking, it's a tough task to do but it's even harder to reverse.

What I believe would help more is if your compiler could produce several value flow controls using some modules that are real and necessary but also using some modules that are fake and do only similar items. The key would be that they must be valid controls of flow, or at least ones that take a long time to terminate.

Static code analysis on the resulting binaries would be much more difficult in this manner, but I support your efforts.

nameless_centurian, May 28 2009