[LLVMdev] Adding diversity for security (and testing)

Stephen Checkoway s at pahtak.org
Mon Aug 26 22:16:02 PDT 2013


On Aug 26, 2013, at 2:39 PM, Stephen Crane <sjcrane at uci.edu> wrote:

> We have been working on adding randomness into code generation
> to create a diverse population of binaries. This diversity prevents
> code-reuse attacks such as return-oriented-programming (ROP) by
> denying the attacker information about the exact code layout. 

Putting on my security hat (as opposed to my lurking-on-compiler-mailing-lists hat), note that artificial software heterogeneity doesn't actually prevent ROP, it makes it harder in a qualitatively similar way to ASLR. With ASLR, the attacker needs to discover a single memory address in order to construct a return-oriented program. What you're proposing requires reading out more of the address space.

A recent paper at Oakland proposed a "just-in-time code reuse" attack that repeatedly uses a memory disclosure and JITs an attack based on the results [1]. So while it does make the attackers job harder, it doesn't prevent such attacks.

1. Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. Just-In-Time Code Resule: On the Effectiveness of Find-Grained Address Space Layout Randomization. In Proceedings of the IEEE Symposium on Security and Privacy ("Oakland") 2013. <http://cs.unc.edu/~fabian/papers/oakland2013.pdf>

-- 
Stephen Checkoway







More information about the llvm-dev mailing list