[PATCH] Adding diversity for security

Joe Abbey jabbey at arxan.com
Fri Jan 24 07:39:24 PST 2014 

Sean et al,

Thanks for pinging me to join the conversation.  

I'm adding a few of my colleagues to the group as well.  Aaron Lint has been using LLVM's disassembler for one of our products.  He and Gordon Keiser have upstreamed a few backend fixes over the years.  So this touches on an area where they have more expertise. I will briefly comment on the security side of things.

There is value in randomization of instruction layout, and we have built a successful product offering which goes beyond instruction randomization.  At Arxan, we believe in defense in depth and randomization of program appearance and behavior.  Our product's are based on Dr. Chang's research [1].   And of course, we've patented it [2].

This patch doesn't seem to add value to the broad LLVM community, and it feels more like offloading the tedious merges with an internal branch.  I feel this pain on a weekly basis, but as of yet there's no clear way to "plugin" add-ons to the compiler framework. Though with the modular codebase, I suspect it would be trivial to write a framework which decouples internals and allows registration of machine code functions and the like.

I'd suggest the patch not go in, only because there isn't sufficient value in adding this code.  The precedent of course makes it difficult for me and my team(s) to upstream similar patches.  We try to keep our patches focused on broadly applicable code areas. This patch is not benefiting any x86 users, and at the same time not directly affecting them.  However, there is a real cost in maintaining it, and it would be a shame if after 2015 it were ultimately reverted.  Thus since the value seems to be limited, and the cost appears to exceed value, I suggest we err on the side of omission.

Sincerely,

Joe
______________________________
Joe Abbey
Senior Director of Product Development
Arxan Technologies
jabbey at arxan.com www.arxan.com
Protecting the App Economy™

[1] http://dl.acm.org/citation.cfm?id=734775
[2] http://pimg-fpiw.uspto.gov/fdd/97/570/077/0.pdf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140124/9f620c05/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20140124/9f620c05/attachment.sig>

More information about the llvm-commits mailing list