[LLVMdev] JIT and security

Oleg Knut oleg77 at gmail.com
Sun Oct 18 22:33:41 PDT 2009


Hi Chris,
Thank you for your quick answer!

I knew, that my question is not easy enough.

Maybe anyone know such projects or implementation examples on how to do a
memory and CPU management in C++? This could be a good start point for me.

Thanks,
Oleg.

2009/10/19 Chris Lattner <clattner at apple.com>

>
> On Oct 18, 2009, at 1:46 PM, Oleg Knut wrote:
>
>  Hello,
>>
>> I'm writing JIT compiler that will run a third party code. My goal is
>> to build it with security layer that will allow me to prevent some
>> basic operation that possibly can harm JIT application host computer.
>>
>> Maybe some of you can guide me on how to do following operations:
>>  1) prevent system calls
>>  2) memory allocation management (set some limits that can't be used
>> by JIT)
>>  3) CPU power limiting
>>
>> I have a guess on how to prevent system calls or some known function
>> calls by parsing IR and picking up functions calls that maybe
>> unwanted. Another way is to check list of functions in object model.
>> Maybe there is already implemented mechanism like that. So, anyone
>> could give me a clue.
>>
>
> Hi Oleg,
>
> I don't think that a JIT has anything to do with this.  These are all
> properties of the code running in the JIT (e.g. C, Java, etc).  If you can
> solve these (hard!) problems in a statically compiled language, the
> solutions would translate over directly.
>
> -Chris
>
>
>> About RAM and CPU management I have no idea how to do that.
>>
>> Ideally my JIT compiler have to become a BlackBox, that hosting party
>> can configure to his needs.
>>
>> I hope I can find some help here. That would be great!
>>
>> Thank you for your time,
>> Oleg.
>> _______________________________________________
>> LLVM Developers mailing list
>> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20091019/56532421/attachment.html>


More information about the llvm-dev mailing list