[LLVMdev] GSOC project on KCoFI

Aditya Verma IDD M Tech Computer Sc & Engg., IIT(BHU), Varanasi (U.P.) aditya.verma.cse12 at iitbhu.ac.in
Thu Mar 26 14:56:50 PDT 2015

In my previous mail I mentioned the project on KCoFI( the control FLow
integrity methods for commodity hardware
http://sva.cs.illinois.edu/pubs/KCoFI-Oakland-2014.pdf ).
Will it be more helpful to the community if I do the improvements number #1
and #3 mentioned in my previous mail to the mailing list or if i try to
port it to arm architecture?
I have decided to go ahead with the improvements #1 and #3 that are
improving the call graph and porting the KCoFI SFI methods to the ones used
in NaCl and PNaCl. It seems to me the community is more interested towards
the SFI methods.
If the course of the project permits I may also contribute to the fourth
improvement that you mentioned.

Earlier I mentioned three modifications to improve the KCoFI project.
After the valuable feedback from the members I am deciding to go ahead with
1. Implementing a stronger call graph: in this part of the project the
FreeBSD kernel will be compiled using the libTO tool. This will involve
writing some patches that build to IR, use llvm-link to run LTO and then
link the resulting binary. This project will involve delving further into
the llvm bundle.
2. PNacl and NaCL both are open source.The SFI approach NaCl takes expects
a single sandbox per process, which doesn't seem very suitable to kernel
use. It can be made to support multiple sandboxes in the same address
space, which is the work that I will undertake as a part of the project. I
will be trying to integrate the Forward Edge Call Graph techniques also in
this project.
3. porting the newer version of FreeBSD kernel to SVA-OS instruction set.

As a brief timeplane
Since it is a big project and I will be using the existing code of KCoFI I
will be going ahead with the Iterative Enhancement model of Software
Development Process
Week 1:Discussion with my mentor on documentation style and the code.
Week 2 to Week 3: Writing the patches that build to IR and use llvm- link
to run LTO with FreeBSD
Week 4: Compiling the kernel with libLTO tool. In this week I will write
the methods to build a strong call graph.
Week 5: Testing the call graphs.
Week 6-7: using the PNaCl and NaCL SFI techniques and implementing them in
the kernel.
Week 8: using the NaCl to support multiple sandboxing in same address space
for for multiple processes in an os kernel.
Week 9: testing the new sandboxing techniques together with the previous
techniques of stronger call graph imlemntation with proper benchmarking of
the compile time.
Week 10-11: Porting the newer version of the FReeBSD kernel to SVA-OS
instruction set.
WEEK 12: testing of the complete project with real world malicious programs.

What exactly should i do in the porting to the SFI techniques of PNacl and
Nacl. Will it sandbox each process using its call graph or will it sandbox
some unprivileged processes making the use of capabilities?

How much will the project involve writing into the llvm code bundle?
Should I apply in llvm or in FreeBSD? If I apply in FreeBSD then I believe
the project of porting the kernel to arm architecture will be of more use
there. Or should I submit proposals to both the organizations?
I just want to ask how should I try to convince other mentors that this
project will be useful for the llvm community as a whole?

The things that I am not able to write in my proposal are how to give
strong reasons to convince the mentors that this project will be useful for
the llvm community as a whole. Also I need some more suggestions about the
timeline and the roadmap if you can help.

Sorry for being late I was busy with my mid semester examinations.
And unfortunately while installing FreeBSD on my system something went
wrong with the EFI file system and my entire HDD and windows was lost.
I will be uploading the proposal soon.

Aditya Verma
Junior Undergraduate
IDD Computer Sc & Engg
IIT(BHU), Varanasi(UP)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150326/05cfc063/attachment.html>

More information about the llvm-dev mailing list