security
SECURITY MIGRATION COMPLETE
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
Context Rail
Tags and Themes
On This Page
- 1. Migration Goal
- 2. Completed Migration Areas
- 2.1 Core Runtime Security
- 2.2 Anti-Reverse Engineering Pipeline
- 2.3 Process Protection
- 2.4 Remote Process Scan Integration
- 2.5 Runtime Integrity
- 3. Partially Completed Areas
- 3.1 Polymorphic Engine
- 3.2 Memory Hardening
- 4. Remaining Migration Backlog
- 4.1 Probe Depth and Correlation
- 4.2 Polymorphic Completion
- 4.3 Documentation and Operations
- 5. Migration Health Summary
Security Migration Status (Current)
This file is the current migration snapshot for Mutant security architecture.
1. Migration Goal
Move from basic protection to policy-driven, code-signed, telemetry-visible runtime security with staged enforcement.
2. Completed Migration Areas
2.1 Core Runtime Security
- Signed artifact verification paths integrated with runner.
- Trusted signer pinning is available through secure mode with
--signer-auth. - Tamper response policy abstraction in place.
- Secure/compat/dev posture handling implemented.
- Protection profile defaulting implemented.
2.2 Anti-Reverse Engineering Pipeline
- Anti-debug checks integrated at pre-decode and pre-execution stages.
- Sandbox detection integrated at pre-decode and pre-execution stages.
- Anti-tamper probe framework integrated and callable from runner and builtins.
2.3 Process Protection
- Runner process-protection enforcement path implemented.
- Windows-specific process protection probes implemented.
- Confidence thresholding for enforcement implemented (
>= 80). - Probe and process-protection telemetry counters implemented.
2.4 Remote Process Scan Integration
- Remote scan manager, config parsing, and correlator are implemented.
- Runner observe/enforce integration is implemented at pre-decode and pre-execution stages.
- Remote scan telemetry counters are implemented.
- Current windows scanner is scaffolding-safe (
nilverdict no-op), so detector depth remains partial.
2.5 Runtime Integrity
- VM integrity baseline registration implemented.
- Periodic/jitter/sweep integrity checks implemented.
- Integrity failure policy and telemetry path implemented.
3. Partially Completed Areas
3.1 Polymorphic Engine
- Engine integration and marker flow are implemented.
- CLI mutation level and seed are integrated.
- Advanced transform set is currently gated in config.
3.2 Memory Hardening
- VM runtime uses mutil object encrypt/decrypt storage path.
- Additional secure wrappers are available in
object/secure_memory.go. - Wrapper-first VM wiring is not the default path yet.
4. Remaining Migration Backlog
4.1 Probe Depth and Correlation
- Optional cross-process visibility (with sufficient privileges).
- Expand windows remote scanner from scaffolding to signal-rich inspectors.
- Allowlist tuning for operational environments.
4.2 Polymorphic Completion
- Enable advanced transforms with VM-safe compatibility checks.
- Strengthen deterministic seed reproducibility tests.
- Add stability/performance gates in CI.
4.3 Documentation and Operations
- Keep enablement gates and enforcement gates clearly separated in docs.
- Keep runbook and LLD traceability aligned with runner behavior.
- Add student-friendly diagrams and quick-reference paths.
5. Migration Health Summary
- Core security migration: complete.
- Enforcement architecture: complete.
- Advanced obfuscation depth: partial.
- Advanced process-protection depth: partial.
- Remote scan manager integration: complete.
- Remote scan detector depth: partial.
- Operational clarity and docs: now synchronized with code baseline.