Research Engineer, Tenable
Pushing Security Left By Mutating Byte Code
Building secure software takes a lot of time and effort. Developers have to go through many steps to ensure that their software is not vulnerable to any attacks. If the product is valuable enough, such that it may attract highly skilled attackers then they even have to go the extra mile by making their code harder to reverse engineer. These products include but are not limited to video games, antivirus, firewall, intrusion detection systems, animation, video making, and other such highly-priced software.
Developers tend to minify, obfuscate and encrypt their code to make sure no one else can reverse engineer it and use it the way it was not intended in the first place. They even go so far as to write inline or embedded assembly code to make sure that their source code changes every time it’s run so that its real algorithm is harder to figure out.
But adding those levels of protection is not an easy task. A lot of time and effort is required in learning and implementing those techniques, the same time can be spent being productive in the implementation of features or working on more business-oriented processes. Mutant here is a proposed solution for the above problem. It provides a new high-level programming language to write out-of-the-box secure code and a compiler that can help protect existing binaries.
Gaurav Gogia is a research engineer at Tenable. His interests are in shift-left security, forensics, and malware analysis. He completed his master's degree in Digital Forensics from Gujarat Forensic Sciences University (now National Forensic Sciences University). In his free time, he likes watching anime and exploring new food cuisines.