BY-PASSABLE SECURITY IS NO SECURITY
Applications run in a single address space. This is true for all modern operating systems and all form factors from handheld devices to supercomputers. Today, virtually all applications have been written with no attention to protecting the operations of one part of an application from another part of the same application.
Consider the fact that even a small application typically contains a large quantity of third-party software, much of which is open source software found in some corner of the Internet by the author. Each of these third-party software components has its own flaws and, when combined with the author’s new code, creates an application with a large number of flaws, both already known and still to be discovered.
The industry has correctly accepted that writing bug-free software is not practical. Neither is writing an application from scratch, avoiding use of third-party software. Building large systems of any kind includes breaking down a large problem into manageable pieces. Software writers have done this by breaking the functionality of different parts of their software into modules and then into smaller abstractions to implement their software. However, all these modules and abstractions run in a single address space and thus a flaw in one part of an application has the ability to interfere with other parts of the application or to make the entire application crash. Some of these flaws have the unfortunate side effect of allowing an attacker to take total control of the application without being noticed by any security software running outside of the application, whether on the same computer or anywhere else.
This is how the majority of the most damaging software attacks happen today.
So how can these damaging attacks be stopped?
Computer security vendors know that unless they have some code running inside every application, they have no way of doing that. As a result, most of the well-known security products insert behavior monitoring software into every application they want to protect. That sounds good, right? Actually, it only sounds good. Remember that the security software is running inside of the same address space as the application and therefore it has no protection from other parts of the same application. The first thing the bad guys do is figure out what type of security software is loaded into the application, avoid doing whatever it’s looking for, and then proceed with their attack undetected.
In most applications, there are operations that have a security impact on the overall functionality that the application provides. One such operation that impacts all applications is the ability of the application to modify itself, i.e. change its data into executable code, while running. Most applications don't use this operation; however, it is the most destructive and effective method attackers use to take full control of applications.
Controlling self-modification is the first and most important universal problem that must be solved.
Selecting other operations to control is based on the functionality of an application. For example, a database server’s critical operations include directly manipulating backend data files, its privilege implementation mechanism, etc. Examples of important security operations that a security vendor may care about are:
- Turning on or turning off various security features
- Granting certain programs privilege to violate some of the policies being enforced
- Logging of important events
BY-PASSABLE SECURITY IS NO SECURITY.
OnSystem Logic's revolutionary, patent-pending technology allows the insertion of non-bypassable code into any application. The technology can be used by software makers during the creation of their software, during testing of their software or during its use by a customer, among other methods. The technology applies to any application, any operating system, and any hardware form factor.
OnSystem Defender, our first end user product incorporating this technology, solves the universal self-modification problem for the most widely used applications running on Windows 7 and above including:
- Microsoft Windows operating system components and applications
- Internet Explorer
- Microsoft Office
- Microsoft OneDrive
- Google Chrome
- Google Drive
- Adobe Reader
- Adobe Flash
These applications are the primary attack targets today because of their wide usage and plentiful software flaws. With the help of end users and the software industry we want to expand the protected application list to all applications and wipe out all existing and future self-modification attacks.
For the Community
Together what can we do as a community to create a substantially more secure computing environment?
You can use OnSystem Defender on your computers to help us gather the necessary information about applications from the list above and lock their self-modification and other security-impactful behavior. You can also help us prioritize additional applications as we expand the application list together.
We pledge to you that we will never gather any of your private or confidential data. We only monitor the internal operation of a program and we use that system level data for policy enforcement for your computer and others like it. This information only tells us what applications ran and how the application worked internally. It does not tell us anything about how you were using the application or what you were doing with it. We will always tell you what data we're collecting from your machine and why. The data from your machine and from the rest of the community will be used by our cloud processing software to learn the behavior of our supported applications. Most importantly for our community, we will update our protection policy across our entire community based on that new system data.
We also pledge to you that we will have a free version of our base technology available to you for non-commercial use for the foreseeable future.
Let's secure our computing environment, one application at a time, together.
For Software Makers
We want to work with you to use our technology in two ways:
- Add OnSystem Defender to your QA environment so that the self-modification requirements of your software are defined and included in our community policy database before your software is generally available.
- Work with us to define additional points of protection in your software and make your software more attack resistant.
The Beta version of OnSystem Defender will be ready in November. Stay tuned for more information.