[LLVMdev] SFI and Artificial Diversity

Kenneth Adam Miller kennethadammiller at gmail.com
Fri Mar 27 13:59:38 PDT 2015 

Oops, I forgot a couple of things in my excitement. Please disregard the
mainline question.

I meant to include: I thought that PNaCL was just for compiling for browser
based binaries?

On Fri, Mar 27, 2015 at 4:58 PM, Kenneth Adam Miller <
kennethadammiller at gmail.com> wrote:

> Awesome!
>
> Thanks so so much! I'm very interested in doing some work with compilers.
> Yeah, I'm considering writing a research proposal where I work for JIT-SFI,
> SFI Evasion Technique and Mitigation, and a few other things. Considering
> your experience working on modifying llvm, what would you say would be a
> topic where I could start out doing some good work on, either in a new
> direction or in improving what you have?
>
> And how has this research not made it into the official mainline branch? I
> want to see it get shipped out to production. It would be fantastic if I
> could recompile my software to stop attacks.
>
> On Fri, Mar 27, 2015 at 4:47 PM, Per Larsen <perl at uci.edu> wrote:
>
>> Hi Kenneth,
>>
>> I'm part of a research group at UC Irvine that has been working on
>> artificial software diversity for LLVM and clang. You can check our Github
>> repositories here:
>> https://github.com/securesystemslab/multicompiler
>> https://github.com/securesystemslab/multicompiler-clang
>>
>> Our public version is based on LLVM 3.5 but we also have patches for LLVM
>> 3.6 and beyond which I can share with you. In collaboration with JF Bastien
>> and others, we are in the process of upstreaming these patches. So far the
>> random  number generator and a machine-independent NOP-insertion pass have
>> been accepted into LLVM mainline. We have several additional diversifying
>> transformations that we want to contribute. If you are interested in
>> participating in this effort, we're happy to collaborate with you.
>>
>> W.r.t. SFI, I believe the PNaCL source code is available.
>>
>> Cheers,
>> Per
>>
>> http://www.ics.uci.edu/~perl/
>>
>> On Fri, Mar 27, 2015 at 7:22 AM Kenneth Adam Miller <
>> kennethadammiller at gmail.com> wrote:
>>
>>> I read a lot of white papers, but is there not any open source
>>> implementation of SFI or artificial diversity? I google around, but I can't
>>> find anywhere anything regarding what I could openly download. In the same
>>> respect, I would also like to make an innovation proposal to create such an
>>> endeavor if there is not one already.
>>> _______________________________________________
>>> LLVM Developers mailing list
>>> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150327/a431f60b/attachment.html>

More information about the llvm-dev mailing list