[LLVMdev] JIT and security
Oleg Knut
oleg77 at gmail.com
Sun Oct 18 13:46:44 PDT 2009
Hello,
I'm writing JIT compiler that will run a third party code. My goal is
to build it with security layer that will allow me to prevent some
basic operation that possibly can harm JIT application host computer.
Maybe some of you can guide me on how to do following operations:
1) prevent system calls
2) memory allocation management (set some limits that can't be used
by JIT)
3) CPU power limiting
I have a guess on how to prevent system calls or some known function
calls by parsing IR and picking up functions calls that maybe
unwanted. Another way is to check list of functions in object model.
Maybe there is already implemented mechanism like that. So, anyone
could give me a clue.
About RAM and CPU management I have no idea how to do that.
Ideally my JIT compiler have to become a BlackBox, that hosting party
can configure to his needs.
I hope I can find some help here. That would be great!
Thank you for your time,
Oleg.
More information about the llvm-dev
mailing list