[LLVMdev] SFI and Artificial Diversity

JF Bastien jfb at google.com
Fri Mar 27 14:28:19 PDT 2015

> Oops, I forgot a couple of things in my excitement. Please disregard the
> mainline question.
> I meant to include: I thought that PNaCL was just for compiling for
> browser based binaries?

No, it also works outside the browser but some of the more useful APIs
aren't available out-of-the box because Chrome usually provides them. Those
APIs can be made to work, but keep in mind that NaCl's model is
fundamentally an out-of-process single-sandbox-per-process model. PNaCl is
currently implemented using NaCl but that's an implementation detail: it
doesn't require NaCl and is also used to emit non-SFI code.

Thanks so so much! I'm very interested in doing some work with compilers.
>> Yeah, I'm considering writing a research proposal where I work for JIT-SFI,
>> SFI Evasion Technique and Mitigation, and a few other things. Considering
>> your experience working on modifying llvm, what would you say would be a
>> topic where I could start out doing some good work on, either in a new
>> direction or in improving what you have?
I recommend also looking at Peter Collingbourne's recent commits to LLVM on
vtable protections, as well as some of Mathias Payer's recent publications
on code pointer integrity, and David Brazdil's MinSFI work. SFI is a pretty
vast field, and approaches vary, so you'd have to figure out what you want
to do in more details.

And how has this research not made it into the official mainline branch? I
>> want to see it get shipped out to production. It would be fantastic if I
>> could recompile my software to stop attacks.
PNaCl isn't in upstream LLVM for a variety of reasons. There's a path where
PNaCl/NaCl's general approach could make it in to upstream but it has to be
clean, not be too intrusive in the codebase, be well supported (official
maintainer), generally useful, and not cause maintenance headaches (among
other things). Work like the UCI's folks -fdiversify randomization is
easier to upstream because it more generally meets the criteria I outlined.

On Fri, Mar 27, 2015 at 4:47 PM, Per Larsen <perl at uci.edu> wrote:
>>> Hi Kenneth,
>>> I'm part of a research group at UC Irvine that has been working on
>>> artificial software diversity for LLVM and clang. You can check our Github
>>> repositories here:
>>> https://github.com/securesystemslab/multicompiler
>>> https://github.com/securesystemslab/multicompiler-clang
>>> Our public version is based on LLVM 3.5 but we also have patches for
>>> LLVM 3.6 and beyond which I can share with you. In collaboration with JF
>>> Bastien and others, we are in the process of upstreaming these patches. So
>>> far the random  number generator and a machine-independent NOP-insertion
>>> pass have been accepted into LLVM mainline. We have several additional
>>> diversifying transformations that we want to contribute. If you are
>>> interested in participating in this effort, we're happy to collaborate with
>>> you.
>>> W.r.t. SFI, I believe the PNaCL source code is available.
>>> Cheers,
>>> Per
>>> http://www.ics.uci.edu/~perl/
>>> On Fri, Mar 27, 2015 at 7:22 AM Kenneth Adam Miller <
>>> kennethadammiller at gmail.com> wrote:
>>>> I read a lot of white papers, but is there not any open source
>>>> implementation of SFI or artificial diversity? I google around, but I can't
>>>> find anywhere anything regarding what I could openly download. In the same
>>>> respect, I would also like to make an innovation proposal to create such an
>>>> endeavor if there is not one already.
>>>> _______________________________________________
>>>> LLVM Developers mailing list
>>>> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150327/9213bc69/attachment.html>

More information about the llvm-dev mailing list