[PATCH] Insert random noops to increase security against ROP attacks (llvm)
Stephen Crane
sjcrane at uci.edu
Mon Jan 5 16:32:59 PST 2015
Hi Mehdi,
I looked around for a good (not-paywalled) intro, and I think
"Profile-guided Automated Software Diversity" from CGO'13 has a good
background on inserting noops to randomize the code layout:
https://www.ics.uci.edu/~ahomescu/multicompiler_cgo13.pdf
A better reference is
http://link.springer.com/chapter/10.1007%2F978-1-4614-5416-8_8 if you
have access to the Springer library.
In a nutshell, the idea is to create functionally equivalent copies of
the software with different code layouts to prevent attackers from
knowing where the code they want to reuse is located.
- stephen
On Mon, Jan 5, 2015 at 3:57 PM, Mehdi Amini <mehdi.amini at apple.com> wrote:
> Hi,
>
> I don’t have much background on this topic, but I’m interested to understand how inserting a random number of noops help addressing ROP attacks. Do you have a link that explains this “counter-measure”?
>
> Thanks,
>
> Mehdi
>
>> On Jan 5, 2015, at 2:59 PM, Stephen Crane <sjcrane at uci.edu> wrote:
>>
>> - Revert loop termination back to include insertion slot before terminators.
>> - Fix spelling
>> - Update tests to reflect new default insertion percentage.
>> - Formatting fixes
>>
>>
>> http://reviews.llvm.org/D3392
>>
>> Files:
>> include/llvm/CodeGen/CommandFlags.h
>> include/llvm/CodeGen/NoopInsertion.h
>> include/llvm/CodeGen/Passes.h
>> include/llvm/InitializePasses.h
>> include/llvm/Support/RandomNumberGenerator.h
>> include/llvm/Target/TargetInstrInfo.h
>> include/llvm/Target/TargetOptions.h
>> lib/CodeGen/CMakeLists.txt
>> lib/CodeGen/CodeGen.cpp
>> lib/CodeGen/NoopInsertion.cpp
>> lib/CodeGen/Passes.cpp
>> lib/Target/X86/X86InstrInfo.cpp
>> lib/Target/X86/X86InstrInfo.h
>> test/CodeGen/Mips/noop-insert.ll
>> test/CodeGen/PowerPC/noop-insert.ll
>> test/CodeGen/X86/noop-insert-percentage.ll
>> test/CodeGen/X86/noop-insert.ll
>>
>> EMAIL PREFERENCES
>> http://reviews.llvm.org/settings/panel/emailpreferences/
>> <D3392.17815.patch>_______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
More information about the llvm-commits
mailing list