There are different types of programming languages: high level languages and low level languages. Assembly is a low level language because it allows a programmer to deal directly with memory, I/O, registers, etc. So how assembly is powerful for security development? Assembly is a really fast language, the execution of a program written in assembly requires very little time; this is one of the most important pros of using assembly as coding language for a security software. It is not the only advantage that gives this programming language, because it also permits for example to mitigate memory attacks that can steal sensitive data, because with assembly you can directly manage the encryption (or, more in general, security) of data inserted for example in a window of the software; you can manage variables that are in registers or memory, and this is really fast. One of the cons of developing in assembly is that the development phase requires more time, because it's harder than other high level programming languages.
Assembly can be fundamental if you perform malware analysis because the analyst can really understand what a sample does (at memory level, etc.) but you can have also an in-depth analysis of each instruction. If you analyze a malware with its high level source code (for example Java) you can see the behaviour and what the malware does on the infected PC, but the instructions are very simplified, instead, if you analyze the assembly source code you can have the complete list of instructions done (an high level method call or operation is equals to a lot of lines of assembly code).
I want to do a very simplified example, but it is enough to understand the real difference beetwen high level and low level programming (this example doesn't work as-is because the method for encryption is not implemented in this short example):
Store a string securely with Java:
Store a string securely with Assembly (MIPS 32):
So, this is a simple and pratical example of how we can defeat attacks that can steal our sensitive and important variables from memory.
Assembly can be fundamental if you perform malware analysis because the analyst can really understand what a sample does (at memory level, etc.) but you can have also an in-depth analysis of each instruction. If you analyze a malware with its high level source code (for example Java) you can see the behaviour and what the malware does on the infected PC, but the instructions are very simplified, instead, if you analyze the assembly source code you can have the complete list of instructions done (an high level method call or operation is equals to a lot of lines of assembly code).
I want to do a very simplified example, but it is enough to understand the real difference beetwen high level and low level programming (this example doesn't work as-is because the method for encryption is not implemented in this short example):
Store a string securely with Java:
Java:
public static void main(String[] args) {
String stringWeWantSecure = "MalwareTips";
stringWeWantSecure = encryptSecureString(stringWeWantSecure); //the string becomes secure in memory, but the execution of the method requires very long time, also because of JVM, etc.
}
Store a string securely with Assembly (MIPS 32):
Code:
.data #this is the section reserved for the data of the program
string: .asciiz "MalwareTips"
.text #this is the part of the program reserved for the instructions and the intelligence of the software
la $a0, string #we save the string in the register $a0
jal encryptString
encryptString:
#here is the code of the encryption of the string, the execution is obviously really faster compared to the Java one
So, this is a simple and pratical example of how we can defeat attacks that can steal our sensitive and important variables from memory.