<div dir="ltr">I also recommend:<blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><a href="http://matasano.com/research/Attacking_Clientside_JIT_Compilers_Paper.pdf">http://matasano.com/research/Attacking_Clientside_JIT_Compilers_Paper.pdf</a></div></blockquote></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 5, 2015 at 4:32 PM, Stephen Crane <span dir="ltr"><<a href="mailto:sjcrane@uci.edu" target="_blank">sjcrane@uci.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Mehdi,<br>
<br>
I looked around for a good (not-paywalled) intro, and I think<br>
"Profile-guided Automated Software Diversity" from CGO'13 has a good<br>
background on inserting noops to randomize the code layout:<br>
<a href="https://www.ics.uci.edu/~ahomescu/multicompiler_cgo13.pdf" target="_blank">https://www.ics.uci.edu/~ahomescu/multicompiler_cgo13.pdf</a><br>
<br>
A better reference is<br>
<a href="http://link.springer.com/chapter/10.1007%2F978-1-4614-5416-8_8" target="_blank">http://link.springer.com/chapter/10.1007%2F978-1-4614-5416-8_8</a> if you<br>
have access to the Springer library.<br>
<br>
In a nutshell, the idea is to create functionally equivalent copies of<br>
the software with different code layouts to prevent attackers from<br>
knowing where the code they want to reuse is located.<br>
<span class="HOEnZb"><font color="#888888"><br>
- stephen<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
On Mon, Jan 5, 2015 at 3:57 PM, Mehdi Amini <<a href="mailto:mehdi.amini@apple.com">mehdi.amini@apple.com</a>> wrote:<br>
> Hi,<br>
><br>
> I don’t have much background on this topic, but I’m interested to understand how inserting a random number of noops help addressing ROP attacks. Do you have a link that explains this “counter-measure”?<br>
><br>
> Thanks,<br>
><br>
> Mehdi<br>
><br>
>> On Jan 5, 2015, at 2:59 PM, Stephen Crane <<a href="mailto:sjcrane@uci.edu">sjcrane@uci.edu</a>> wrote:<br>
>><br>
>> - Revert loop termination back to include insertion slot before terminators.<br>
>> - Fix spelling<br>
>> - Update tests to reflect new default insertion percentage.<br>
>> - Formatting fixes<br>
>><br>
>><br>
>> <a href="http://reviews.llvm.org/D3392" target="_blank">http://reviews.llvm.org/D3392</a><br>
>><br>
>> Files:<br>
>>  include/llvm/CodeGen/CommandFlags.h<br>
>>  include/llvm/CodeGen/NoopInsertion.h<br>
>>  include/llvm/CodeGen/Passes.h<br>
>>  include/llvm/InitializePasses.h<br>
>>  include/llvm/Support/RandomNumberGenerator.h<br>
>>  include/llvm/Target/TargetInstrInfo.h<br>
>>  include/llvm/Target/TargetOptions.h<br>
>>  lib/CodeGen/CMakeLists.txt<br>
>>  lib/CodeGen/CodeGen.cpp<br>
>>  lib/CodeGen/NoopInsertion.cpp<br>
>>  lib/CodeGen/Passes.cpp<br>
>>  lib/Target/X86/X86InstrInfo.cpp<br>
>>  lib/Target/X86/X86InstrInfo.h<br>
>>  test/CodeGen/Mips/noop-insert.ll<br>
>>  test/CodeGen/PowerPC/noop-insert.ll<br>
>>  test/CodeGen/X86/noop-insert-percentage.ll<br>
>>  test/CodeGen/X86/noop-insert.ll<br>
>><br>
>> EMAIL PREFERENCES<br>
>>  <a href="http://reviews.llvm.org/settings/panel/emailpreferences/" target="_blank">http://reviews.llvm.org/settings/panel/emailpreferences/</a><br>
>> <D3392.17815.patch>_______________________________________________<br>
>> llvm-commits mailing list<br>
>> <a href="mailto:llvm-commits@cs.uiuc.edu">llvm-commits@cs.uiuc.edu</a><br>
>> <a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
><br>
</div></div></blockquote></div><br></div>