[llvm-dev] llvm cfi
John Criswell via llvm-dev
llvm-dev at lists.llvm.org
Mon Aug 31 20:38:00 PDT 2015
On 8/31/15 10:43 PM, 慕冬亮 via llvm-dev wrote:
> I want to create an experiment to show the effectiveness of cfi :
> For example ,
> I first need a program with vulnerability so that we can hijack its
> control flow;
>
> then I enforce cfi of llvm and we can't hijack its control flow.
>
> Do you have any advice for me?
The CFI implementation we updated to work with x86-64 for the KCoFI
project is available at https://github.com/jtcriswell/SVA. You'll need
to create the exploit code (and potentially the vulnerability)
yourself. If you read the literature on CFI and memory safety (some of
which is cataloged at http://sva.cs.illinois.edu/menagerie), you should
be able to find programs and vulnerabilities that have been used in such
experiments.
That said, doing an experiment will not show that CFI is effective; it
will only show that CFI stops that one particular attack that you are
demonstrating. While this was done in past research papers, it was only
done because it was one of the few methods of evaluating CFI available.
More recent work is showing the deficiencies of evaluating CFI in this
way (in a nutshell, simple CFI defenses can be thwarted).
Determining how to measure the effectiveness of defenses against
code-reuse attacks (such as Return-Oriented programming, Return to Libc
attacks, and Non-Control data attacks) is an active area of research.
My students and I are working to devise methods of evaluating defenses,
but as the work is in its very early stages, that's all I can say about
it at present.
Regards,
John Criswell
> - mudongliang
>
>
>
>
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
--
John Criswell
Assistant Professor
Department of Computer Science, University of Rochester
http://www.cs.rochester.edu/u/criswell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150831/ba34ade8/attachment.html>
More information about the llvm-dev
mailing list