<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Oops, I forgot a couple of things in my excitement. Please disregard the mainline question.<div><br></div><div>I meant to include: I thought that PNaCL was just for compiling for browser based binaries?</div></div></blockquote><div><br></div><div>No, it also works outside the browser but some of the more useful APIs aren't available out-of-the box because Chrome usually provides them. Those APIs can be made to work, but keep in mind that NaCl's model is fundamentally an out-of-process single-sandbox-per-process model. PNaCl is currently implemented using NaCl but that's an implementation detail: it doesn't require NaCl and is also used to emit non-SFI code.</div><div> </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>Thanks so so much! I'm very interested in doing some work with compilers. Yeah, I'm considering writing a research proposal where I work for JIT-SFI, SFI Evasion Technique and Mitigation, and a few other things. Considering your experience working on modifying llvm, what would you say would be a topic where I could start out doing some good work on, either in a new direction or in improving what you have?</div></div></blockquote></div></div></div></div></blockquote><div><br></div><div>I recommend also looking at Peter Collingbourne's recent commits to LLVM on vtable protections, as well as some of Mathias Payer's recent publications on code pointer integrity, and David Brazdil's MinSFI work. SFI is a pretty vast field, and approaches vary, so you'd have to figure out what you want to do in more details.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>And how has this research not made it into the official mainline branch? I want to see it get shipped out to production. It would be fantastic if I could recompile my software to stop attacks.<br></div></div></blockquote></div></div></div></div></blockquote><div><br></div><div>PNaCl isn't in upstream LLVM for a variety of reasons. There's a path where PNaCl/NaCl's general approach could make it in to upstream but it has to be clean, not be too intrusive in the codebase, be well supported (official maintainer), generally useful, and not cause maintenance headaches (among other things). Work like the UCI's folks -fdiversify randomization is easier to upstream because it more generally meets the criteria I outlined.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div></div></div><div><div><div class="gmail_extra"><div class="gmail_quote">On Fri, Mar 27, 2015 at 4:47 PM, Per Larsen <span dir="ltr"><<a href="mailto:perl@uci.edu" target="_blank">perl@uci.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi Kenneth,<br><br>I'm part of a research group at UC Irvine that has been working on artificial software diversity for LLVM and clang. You can check our Github repositories here: <div><a href="https://github.com/securesystemslab/multicompiler" target="_blank">https://github.com/securesystemslab/multicompiler</a><br></div><div><a href="https://github.com/securesystemslab/multicompiler-clang" target="_blank">https://github.com/securesystemslab/multicompiler-clang</a><br></div><div><br></div><div>Our public version is based on LLVM 3.5 but we also have patches for LLVM 3.6 and beyond which I can share with you. In collaboration with JF Bastien and others, we are in the process of upstreaming these patches. So far the random number generator and a machine-independent NOP-insertion pass have been accepted into LLVM mainline. We have several additional diversifying transformations that we want to contribute. <span style="font-size:13.1999998092651px;line-height:1.5">If you are interested in participating in this effort, we're happy to collaborate with you. </span></div><div><span style="font-size:13.1999998092651px;line-height:1.5"><br></span></div><div><span style="font-size:13.1999998092651px;line-height:1.5">W.r.t. SFI, I believe the PNaCL source code is available.</span></div><div><span style="font-size:13.1999998092651px;line-height:1.5"><br></span></div><div>Cheers,</div><div>Per</div><div><br></div><a href="http://www.ics.uci.edu/~perl/" target="_blank">http://www.ics.uci.edu/~perl/</a><div><br><div class="gmail_quote"><span>On Fri, Mar 27, 2015 at 7:22 AM Kenneth Adam Miller <<a href="mailto:kennethadammiller@gmail.com" target="_blank">kennethadammiller@gmail.com</a>> wrote:<br></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span><div dir="ltr">I read a lot of white papers, but is there not any open source implementation of SFI or artificial diversity? I google around, but I can't find anywhere anything regarding what I could openly download. In the same respect, I would also like to make an innovation proposal to create such an endeavor if there is not one already.</div></span>
______________________________<u></u>_________________<br>
LLVM Developers mailing list<br>
<a href="mailto:LLVMdev@cs.uiuc.edu" target="_blank">LLVMdev@cs.uiuc.edu</a> <a href="http://llvm.cs.uiuc.edu" target="_blank">http://llvm.cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev" target="_blank">http://lists.cs.uiuc.edu/<u></u>mailman/listinfo/llvmdev</a><br>
</blockquote></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:LLVMdev@cs.uiuc.edu">LLVMdev@cs.uiuc.edu</a> <a href="http://llvm.cs.uiuc.edu" target="_blank">http://llvm.cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev</a><br>
<br></blockquote></div><br></div></div>