Insecure code often sits as the root cause for application vulnerabilities and exploitation.
What if you could prevent that insecure code from ever being a risk?
In the future, it just might be possible to wrap insecure code with protection that will mitigate risk and help prevent exploitation. That’s the goal of a research effort that Symantec’s research labs are currently engaged in, known as MINESTRONE.
“The acronym doesn’t mean anything actually, so don’t try and figure out what the acronym stands for,” Marc Dacier, Senior Director at Symantec Research Labs told InternetNews.com. “It’s a joint research project with people from Columbia University, George Mason, and Stanford University.”
Dacier explained that the general idea behind MINESTRONE is to help protect against vulnerabilities in applications. The software can have vulnerabilities that have not yet been found, but that could potentially be discovered at a future point and leveraged for exploitation.
Symantec’s piece of the MINESTRONE effort is focused on C programs, running on Linux machines in particular.
“The approach we have developed is that we take advantage of diversification techniques,” Dacier said.
He added that each of the research partners have developed different techniques to protect code and make it more secure by wrapping something around it or via instrumentation.
“We combine all these techniques to eventually produce a new application which is supposed to be completely resistant and resilient to attacks,” Dacier said. “We don’t try to fix all the problems, but we make it such that the vulnerability can still be there, but it can not be exploited anymore.”