[LLVMdev] JIT and security
Vikram S. Adve
vadve at illinois.edu
Fri Oct 23 10:28:32 PDT 2009
On part 1), there are also many papers on "system call interposition"
or "system call monitoring." Google or Bing followed by tracking back
references should uncover them.
--Vikram
Associate Professor, Computer Science
University of Illinois at Urbana-Champaign
http://llvm.org/~vadve
On Oct 23, 2009, at 11:04 AM, Renato Golin wrote:
> 2009/10/18 Oleg Knut <oleg77 at gmail.com>:
>> Maybe some of you can guide me on how to do following operations:
>> 1) prevent system calls
>> 2) memory allocation management (set some limits that can't be used
>> by JIT)
>> 3) CPU power limiting
>
> Hi Oleg,
>
> This is totally system dependent, it'd be *very* hard to do it
> multi-platform. On Unix, a good part of it is resolved with jails and
> user control, so it's more of an "installation and basic checks before
> runing" issue. But for Windows and Mac, I have no idea, not even if
> it's possible.
>
> Normally, the kernel will try to hide statistics of running processes
> from one another and themselves, so it's very unlikely that you'll be
> able to restrict CPU usage without the help of the kernel.
>
> Memory allocation is the easiest, STL and boost are full of allocators
> that you can override. I'm just not sure how far can you go when the
> JIT is running and allocating huge blocks, it might be too late until
> you get back to your allocation routines.
>
> I suggest you take a look at what Java does (http://gcc.gnu.org/java/
> and Sun's, if possible), they do all sorts of security checks...
>
> cheers,
> --renato
>
> Reclaim your digital rights, eliminate DRM, learn more at
> http://www.defectivebydesign.org/what_is_drm
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
More information about the llvm-dev
mailing list