[PATCH] Insert random noops to increase security against ROP attacks (llvm)
mehdi.amini at apple.com
Mon Jan 5 21:53:24 PST 2015
I think my comment was lost in the rather long discussion about the merit of this technique, so I ask again:
Independently of the randomization aspect, I think that the compiler should be able to deterministically get rid of the situation shown Figure 2 in https://www.ics.uci.edu/~ahomescu/multicompiler_cgo13.pdf ; i.e. when a gadget is formed by jumping in the middle of an instruction encoding. The compiler could break it by inserting a nop in these case. Now I’m not sure if it is easy to identify these cases from the assembly code or if it has to be done on the binary code itself?
> On Dec 29, 2014, at 5:03 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> @jfb: I think I've addressed all of your feedback. Thank you so much, was really useful. I tend to forget about the shiny new C++11 things.
> I've set the default for NOOP insertion to be 25%. In our research we have empirically found this to result in the largest disruption of gadgets for the least performance impact.
> EMAIL PREFERENCES
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
More information about the llvm-commits