[PATCH] Insert random noops to increase security against ROP attacks (llvm)

Mehdi Amini mehdi.amini at apple.com
Mon Jan 5 21:53:24 PST 2015

Hi Stephen,

I think my comment was lost in the rather long discussion about the merit of this technique, so I ask again:

Independently of the randomization aspect, I think that the compiler should be able to deterministically get rid of the situation shown Figure 2 in https://www.ics.uci.edu/~ahomescu/multicompiler_cgo13.pdf ; i.e. when a gadget is formed by jumping in the middle of an instruction encoding. The compiler could break it by inserting a nop in these case. Now Iā€™m not sure if it is easy to identify these cases from the assembly code or if it has to be done on the binary code itself?


> On Dec 29, 2014, at 5:03 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> @jfb: I think I've addressed all of your feedback. Thank you so much, was really useful. I tend to forget about the shiny new C++11 things.
> I've set the default for NOOP insertion to be 25%. In our research we have empirically found this to result in the largest disruption of gadgets for the least performance impact.
> http://reviews.llvm.org/D3392
>  http://reviews.llvm.org/settings/panel/emailpreferences/
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits

More information about the llvm-commits mailing list