[Diffusion] rL225908: Insert random noops to increase security against ROP attacks (llvm)
sjcrane at uci.edu
Tue Jan 13 20:13:23 PST 2015
Adding llvm-commits. Sorry, didn't realize it wasn't on here.
On Tue, Jan 13, 2015 at 7:43 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> Here's a patch that should fix the RNG distribution initialization
> compilation failure on Windows. Relevant buildbot failure:
> I'm not even sure if this static initializer is allowed in LLVM's
> codebase. If not, we can just initialize a Distribution for each
> runOnMachineFunction or allocate a Distribution in the constructor.
> There are also test failures on Linux. I'll figure out why in a bit
> when I've finished recompiling on a linux machine. Relevant BB
> - stephen
> On Tue, Jan 13, 2015 at 5:18 PM, JF Bastien <jfb at chromium.org> wrote:
>> Insert random noops to increase security against ROP attacks (llvm)
>> A pass that adds random noops to X86 binaries to introduce diversity with the goal of increasing security against most return-oriented programming attacks.
>> Command line options:
>> -noop-insertion // Enable noop insertion.
>> -noop-insertion-percentage=X // X% of assembly instructions will have a noop prepended (default: 50%, requires -noop-insertion)
>> -max-noops-per-instruction=X // Randomly generate X noops per instruction. ie. roll the dice X times with probability set above (default: 1). This doesn't guarantee X noop instructions.
>> In addition, the following 'quick switch' in clang enables basic diversity using default settings (currently: noop insertion and schedule randomization; it is intended to be extended in the future).
>> This is the llvm part of the patch.
>> clang part: http://reviews.llvm.org/D3393
>> Patch by Stephen Crane (@rinon)
>> AFFECTED FILES
>> jfb (Author)
>> dsanders (Auditor)
>> EMAIL PREFERENCES
More information about the llvm-commits