[LLVMdev] Adding diversity for security (and testing)
Stephen Checkoway
s at pahtak.org
Wed Aug 28 15:11:43 PDT 2013
On Aug 28, 2013, at 5:36 PM, Stephen Crane <sjcrane at uci.edu> wrote:
> Rather than inserting NOP sleds before functions, we actually insert various NOP-like instructions randomly between existing MachineInstrs, in order to provide more fine-grained diversity.
Right. I assumed it was something like the multibyte NOPs in <http://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en/us/pubs/archive/37204.pdf> (Section 5.4).
> This gives the attacker as little information as possible about the exact layout of the final binary. In terms of RNG selection, we were especially concerned about partial leakage of binary contents (or leakage of some but not all binary files from a build sharing the same seed) revealing the initial seed and therefore, by recompilation, the entire binary.
Oh interesting. I hadn't thought about partial information in that way.
One thought I had about seed selection is if it ends up being based on time (when not chosen by command line flags), then do you have issues with files that use the __TIME__ macro? Or did you have a better seeding mechanism?
--
Stephen Checkoway
More information about the llvm-dev
mailing list