Rewriting the code has always been a defense technique for malware. Virus scanners are, for the most part, simple searches for a binary pattern (signature). Modeling biology, some use an evolutionary approach to replication, purposefully introducing mutations when replicating in order to defend against pattern detectors. This was the primary reason behind implementing code execution protection into CPUs to prevent executing code built in stack or data segments by self-modifying malware.
Will hackers discover that rewriting their code will enable them to avoid detection by emerging malware tools? While indeed existing malware may share certain attributes, I'd expect that once the tools are known to be detecting these features, the structures will get changed. We've already seen a hint of this trend with spam: large blocks of irrelevant "literary" text get inserted to "drown out" the spam content pattern.
[RE: "MLstones from Pacific Northwest Laboratories uses concepts and algorithms from the biology to detect malicious code. The program assumes that, as is true with proteins, code structure and its function are related in malware."]
Hi Rick. Usefulness of the hardware based security architecture seems to making huge strides: Microsoft just implemented it by default in the new Win8 RT OS, and has announced their new enterprise offering will be greatly relying on the new level of security this architecture enable - especially in the area of mobile connection to enterprise networks, based on dual factor authentication.
For those looking to learn more about the space, check the upcoming Trusted Computing Conference this coming September: the list of sponsoring companies - MSFT, CSCO, WAVX...- and the quality of the expected speakers seems very promising.
This new paradigm in "built-in" security seems about to be rolled out by heavy weights. To be looked at!
The security becomes utmost important when we talk about connected cars, driver-less cars, internet of things and such systems which will supposedly work without human intervention. Without a foolproof built-in security these systems could create havoc which we legally will not be able to pin point to a person.
The initiative by US labs is a move in right direction and by having security standards as mandatory in all of these systems the govt should encourage commercializing of such technologies.
Embedding security in embedded system is really a need of electronic industry, as the embedded elements grows and average awareness about the open source boards and embedded OS is spreading more among the users, it is likely to be more offending to the manufacturers as it will be draining/leaking the business of providing support and services.
Yes, security is a hard sell to people that have not had any problems. The same can be said for a home security system. Once you have a friend that has had a break in, you will be more likely to get your own security system. Once you have had a break in, you will get one immediately and berate yourself for not doing it sooner.