[LLVMdev] Adding diversity for security (and testing)

[Stephen Crane]

Hi Nick,

On 08/26/2013 02:01 PM, Nick Kledzik wrote:
> How is the "diverse population" of binaries generated and delivered? 
> The tradition software development model is to qualify one “golden 
> master” which is then duplicated to all customers. -Nick 

Yes indeed. Adding diversity at compilation requires that the code 
producer create a population of variants. However, by introducing 
diversity at compile-time, we have much greater freedom in transforming 
the end result with lower performance impact. In addition, producing 
variants during distribution allows the distributor to use diversity to 
provide a certain amount of watermarking and protection against 
client-side tampering (jailbreaking, etc).

We initially forsee that this could be especially used where security 
was of the utmost concern. Open-source end users often have the option 
of compiling from source, and could create their own diversified 
versions, especially for criticial services. We think this would be an 
ideal situation to begin adopting diversity for security.

Of course, in the testing use-case, creating various versions is fairly 
trivial. These versions could then be compared for testing for 
micro-architectural and compiler corner cases, as well as performance.

Finally, for wide-spread adoption, we are currently researching ways to 
cache the bulk of the compilation effort and create many variants for 
distribution in a cost-effective manner using cloud compilation. In 
addition, error reporting can be normalized with knowledge of the secret 
random seed by regeneration of the particular binary.

Hope this helps to explain our ideas in more clarity.

- stephen