[llvm-dev] [GSoC'16] Introduction - SAFECode Memory Policy Hardening - Zhengyang Liu

[Zhengyang Liu via llvm-dev]

Dear LLVM Community,

My name is Zhengyang Liu, I am a graduate student at the Beijing University of Posts and Telecommunications. Thanks for approving my proposal for SAFECode Memory Policy Hardening. Dr. John Criswell will be mentoring me for this project.

Techniques like memory segmentation, address space layout randomization, etc., prevent a process from accessing memory that has not been allocated to it. However, monolithic kernels, like linux and freebsd, did not provide a validation mechanism on the kernel module memory accesses. Arbitrary write or read from kernel modules may cause system crashes, information leaks or even rootkit injections. Inspired by BBC [1] and BBAC [2], by adding related information to the memory object’s padding area, various memory checks can be performed efficiently and compactly. Therefore, I will mainly focus on creating compiler transforms and runtime supports to enable runtime memory access policy hardening. This work will prevent most of memory accesses on unowned addresses efficiently.

During this summer, I plan to do the following:
1. Test the existing BBAC [1] implementation on larger and more realistic applications. Study and try to improve the performance and robustness of the implementation.
2. Add SAFECode compiler passes to transform the original memory initialization and access functions to make target programs automatically maintain a memory access policy table on the padding area of each memory object.
3. Create runtime support to perform runtime checks on each memory access.
4. Run this scheme on malicious kernel modules and SPEC benchmark to evaluate the performance and accuracy.

I will report weekly at the llvm-dev and sva-dev lists.

For more details and plans about this project, please have a look at my project proposal [3]. Any kind of comments, suggestions and advices would be appreciated!

Best regards,
Zhengyang.

[1] Akritidis, Periklis, et al. "Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors." USENIX Security Symposium. 2009.
[2] Ding, Baozeng, et al. "Baggy bounds with accurate checking." Software Reliability Engineering Workshops (ISSREW), 2012 IEEE 23rd International Symposium on. IEEE, 2012.
[3] https://docs.google.com/document/d/1SNmdULUqN52zDhM1Odw93DW_vX-2WlL0VgceNWaMLP0/edit?usp=sharing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160512/41d4b86b/attachment.html>