Cybersecurity on legacy systems


In 1976, Belady and Lehman 'laws of of software evolution' stated that, a software lifecycle will be continuously modified, and its unstructuredness and entropy will increase with time, unless system renovation is done to improve the system’s structure, and make it more comprehensible, extensible and reusable. The initial phase of these renovation - and probably the most difficult - is a description of the global structure of a software, and an inventory of its technical dependencies and connections to other systems and data sources. Moreover, this investigation phase must be continuously done on development platforms, during reengineering works, to ensure that extra and undesired dependencies and components are not added to a system already over-burdened.

One of the most neglected part in this process is cybersecurity, for several reasons. Obfuscation hides security leaks; it is difficult to understand what is the exact behaviour of an undocumented software components, and also, security being rarely part of the core and visible features, it is almost never specifically tested - and it can be very difficult to test. Also, key features of a software may rely on legacy components, external library releases or protocols, deprecated for security reasons. Before any re-engineering step, it is therefore necessary to understand the precise point where an intrusion might happen: Unprotected resource, visible credentials, unsecure communication protocol. It might well be possible that only a few changes  are necessary.

Primhill Computers'tool Survol provides a completely safe - but deeply intrusive - analysis of running systems and their environments, allowing to have an exact understanding of the overall impact of a system and its possible side-effects with other applications. It is very easy to customize, to add new analysis tools, in open-source or proprietary code.