[LLVMdev] Adding diversity for security (and testing)
Stephen Crane
sjcrane at uci.edu
Mon Aug 26 13:38:29 PDT 2013
Hi Nadav,
Thanks for your interest!
On 08/26/2013 11:51 AM, Nadav Rotem wrote:
> Which scheduler did you modify ? The plan is to disable the
> SelectionDAG scheduler and move to the MI Scheduler soon. Also, have
> you looked at randomizing register-allocation ?
Yes, we modified the SelectionDAG scheduler. This was before the MI
scheduler was around, but we will look into porting our ideas over to
the new scheduler.
Register allocation randomization is in fact another of our existing
transformations. We thought we would propose just a few simple
transforms initially, but we can certainly include register
randomization as well if there is enough interest.
>> We would also include a secure random number generator which links
>> against OpenSSL. This would of course be an optional module disabled
>> by default, but is necessary so the randomization is cryptographically
>> secure and useful in security applications.
> I am not sure why you need this feature. You can provide LLVM with a SEED value that can be controlled from the command line. A wrapper (such as a build-script) can control this value.
We do in fact seed the RNG with a command line parameter (we reuse the
-frandom-seed param that gcc implemented). However, we need some
reproducible, cryptographically secure source of randomness for the each
random decision made during our transformations. We have found that the
system randomness (/dev/random) is insufficient for this purpose since
reproducible builds (given the secret seed) are preferable. The only way
to provide this reproducible stream of randomness is to have a
process-specific RNG, which we implement on top of OpenSSL for simplicity.
> Please make sure that the LLVM nightly test suite passes with
> randomization enabled.
Of course. Our patched version currently passes the existing test suite
on x86_64, and after adding additional tests we will certainly make sure
that the final patch passes the latest test suite.
Thanks,
Stephen
More information about the llvm-dev
mailing list