<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 24, 2014 at 3:33 PM, Alp Toker <span dir="ltr"><<a href="mailto:alp@nuanti.com" target="_blank">alp@nuanti.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
On 24/01/2014 20:20, Stephen Crane wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Fri, Jan 24, 2014 at 10:58 AM, Daniel Berlin <<a href="mailto:dberlin@dberlin.org" target="_blank">dberlin@dberlin.org</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thu, Jan 23, 2014 at 7:07 PM, Alp Toker <<a href="mailto:alp@nuanti.com" target="_blank">alp@nuanti.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It's a killer feature for anyone who has to support copy protection<br>
mechanisms in commercial software.<br>
</blockquote>
For exactly how many seconds will that last? :)<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Software "cracks" are smart enough to find and patch patterns even when<br>
binaries change between releases, but nops and register shuffling will block<br>
the kind of automated "farming" organised criminals use.<br>
<br>
A feature that's so easy to deploy (just switch compiler flag every point<br>
release) is a valuable tool in giving the edge back to individuals and<br>
companies who have to earn some or all of their living through commercial<br>
software.<br>
</blockquote>
Honestly, I think you are seriously overselling it, but that's not the<br>
main point i want to address:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Who is going to be deploying this? If nobody is deploying, then how do we<br>
know it will be maintained? It seems like the initial patch submitter has<br>
already jumped ship on this patch; doesn't exactly inspire confidence.<br>
</blockquote>
<br>
Clearly the two use cases are copy protection and security through obscurity<br>
so genuine users aren't going to be at liberty to join an open debate here.<br>
</blockquote>
This I seriously disagree with. Even on the GCC mailing lists, there<br>
were plenty of people who were copy protection folks who spoke up<br>
about features that were going to be deprecated or added. The idea<br>
that "there are plenty of users, but they can't speak here" seems a<br>
bit suspect to me. Saying "this feature would be useful to us" is not<br>
something that harms either of the sets of users you are talking<br>
about, since it's completely and totally obvious that they are doing<br>
it anyway. There is no obscurity at all<br>
</blockquote>
I think copy protection is a bit off-topic, but an interesting idea. I<br>
would like to point out that we were originally not targeting this at<br>
copy protection, and I think defending against code-reuse attacks is a<br>
much stronger use case and a better fit. Creating differing binaries<br>
could have interesting uses for watermarking, but we really haven't<br>
thought about that much. However, by creating unpredictable binaries<br>
</blockquote>
<br>
<br></div></div>
Hi Stephen,<br>
<br>
That's a good observation. Clearly there are multiple use cases for the feature which is a good indicator that it has a place in a general-purpose backend like LLVM.<br>
<br>
I don't want to trivialise your work and its significance in the security field, but if I can get a few nops out of it that's already something that makes my life easier so I'm willing to support the effort and put in resource from our end (both as a commercial entity, and personally as a developer on the project) if we decide to go with this.<br>
<br>
There's every indication that a little unpredictability will go a long way to preventing the simplistic binary patching used in production-line software piracy operations. If we save 100 units from now to 2015 that already justifies the time we'd put into helping maintain the code with you upstream.<br>
</blockquote><div><br></div><div>Hi Alp,</div><div><br></div><div>There seems to be significant disagreement whether what you describe is actually a real threat at all. Could you maybe provide some references or rope in another interested party? At this point you seem to be the only person getting behind this patch as a "killer feature" for copy protection.</div>
<div><br></div><div>-- Sean Silva</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
The patches look tidy and I feel it'll be a pleasure to work on.<span class="HOEnZb"><font color="#888888"><br>
<br>
Alp.</font></span><div class="im HOEnZb"><br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
,<br>
we can defend against code-reuse attacks since these attacks require<br>
detailed knowledge of the attacked binary. This is not security<br>
through obscurity, since the attacker cannot exploit our defenses even<br>
if he knows to expect it. Instead, it more resembles protection by<br>
blinding or encrypting secret values (in this case, the binary<br>
layout).<br>
<br>
As such, users who are interested in protecting against code-reuse<br>
attacks such as return-oriented programming should be free to discuss<br>
and promote diversity, since it is a legitimate defense.<br>
<br>
- stephen<br>
</blockquote>
<br></div><div class="im HOEnZb">
-- <br>
<a href="http://www.nuanti.com" target="_blank">http://www.nuanti.com</a><br>
the browser experts<br>
<br></div><div class="HOEnZb"><div class="h5">
______________________________<u></u>_________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@cs.uiuc.edu" target="_blank">llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/<u></u>mailman/listinfo/llvm-commits</a><br>
</div></div></blockquote></div><br></div></div>