Awesome! Thanks so so much! I'm very interested in doing some work with compilers. Yeah, I'm considering writing a research proposal where I work for JIT-SFI, SFI Evasion Technique and Mitigation, and a few other things. Considering your experience working on modifying llvm, what would you say would be a topic where I could start out doing some good work on, either in a new direction or in improving what you have? And how has this research not made it into the official mainline branch? I want to see it get shipped out to production. It would be fantastic if I could recompile my software to stop attacks. On Fri, Mar 27, 2015 at 4:47 PM, Per Larsen <perl at uci.edu> wrote:> Hi Kenneth, > > I'm part of a research group at UC Irvine that has been working on > artificial software diversity for LLVM and clang. You can check our Github > repositories here: > https://github.com/securesystemslab/multicompiler > https://github.com/securesystemslab/multicompiler-clang > > Our public version is based on LLVM 3.5 but we also have patches for LLVM > 3.6 and beyond which I can share with you. In collaboration with JF Bastien > and others, we are in the process of upstreaming these patches. So far the > random number generator and a machine-independent NOP-insertion pass have > been accepted into LLVM mainline. We have several additional diversifying > transformations that we want to contribute. If you are interested in > participating in this effort, we're happy to collaborate with you. > > W.r.t. SFI, I believe the PNaCL source code is available. > > Cheers, > Per > > http://www.ics.uci.edu/~perl/ > > On Fri, Mar 27, 2015 at 7:22 AM Kenneth Adam Miller < > kennethadammiller at gmail.com> wrote: > >> I read a lot of white papers, but is there not any open source >> implementation of SFI or artificial diversity? I google around, but I can't >> find anywhere anything regarding what I could openly download. In the same >> respect, I would also like to make an innovation proposal to create such an >> endeavor if there is not one already. >> _______________________________________________ >> LLVM Developers mailing list >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150327/f6840875/attachment.html>
Oops, I forgot a couple of things in my excitement. Please disregard the mainline question. I meant to include: I thought that PNaCL was just for compiling for browser based binaries? On Fri, Mar 27, 2015 at 4:58 PM, Kenneth Adam Miller < kennethadammiller at gmail.com> wrote:> Awesome! > > Thanks so so much! I'm very interested in doing some work with compilers. > Yeah, I'm considering writing a research proposal where I work for JIT-SFI, > SFI Evasion Technique and Mitigation, and a few other things. Considering > your experience working on modifying llvm, what would you say would be a > topic where I could start out doing some good work on, either in a new > direction or in improving what you have? > > And how has this research not made it into the official mainline branch? I > want to see it get shipped out to production. It would be fantastic if I > could recompile my software to stop attacks. > > On Fri, Mar 27, 2015 at 4:47 PM, Per Larsen <perl at uci.edu> wrote: > >> Hi Kenneth, >> >> I'm part of a research group at UC Irvine that has been working on >> artificial software diversity for LLVM and clang. You can check our Github >> repositories here: >> https://github.com/securesystemslab/multicompiler >> https://github.com/securesystemslab/multicompiler-clang >> >> Our public version is based on LLVM 3.5 but we also have patches for LLVM >> 3.6 and beyond which I can share with you. In collaboration with JF Bastien >> and others, we are in the process of upstreaming these patches. So far the >> random number generator and a machine-independent NOP-insertion pass have >> been accepted into LLVM mainline. We have several additional diversifying >> transformations that we want to contribute. If you are interested in >> participating in this effort, we're happy to collaborate with you. >> >> W.r.t. SFI, I believe the PNaCL source code is available. >> >> Cheers, >> Per >> >> http://www.ics.uci.edu/~perl/ >> >> On Fri, Mar 27, 2015 at 7:22 AM Kenneth Adam Miller < >> kennethadammiller at gmail.com> wrote: >> >>> I read a lot of white papers, but is there not any open source >>> implementation of SFI or artificial diversity? I google around, but I can't >>> find anywhere anything regarding what I could openly download. In the same >>> respect, I would also like to make an innovation proposal to create such an >>> endeavor if there is not one already. >>> _______________________________________________ >>> LLVM Developers mailing list >>> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >>> >> >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150327/a431f60b/attachment.html>
On Fri, Mar 27, 2015 at 1:58 PM, Kenneth Adam Miller <kennethadammiller at gmail.com> wrote:> Awesome! > > Thanks so so much! I'm very interested in doing some work with compilers. > Yeah, I'm considering writing a research proposal where I work for JIT-SFI, > SFI Evasion Technique and Mitigation, and a few other things. Considering > your experience working on modifying llvm, what would you say would be a > topic where I could start out doing some good work on, either in a new > direction or in improving what you have?Working on it :) You can track status here: http://reviews.llvm.org/D1802. It's been slow, mostly because it's not been a top priority for me... Any comments or improvements are welcome in the patch discussion. - stephen
> > Oops, I forgot a couple of things in my excitement. Please disregard the > mainline question. > > I meant to include: I thought that PNaCL was just for compiling for > browser based binaries? >No, it also works outside the browser but some of the more useful APIs aren't available out-of-the box because Chrome usually provides them. Those APIs can be made to work, but keep in mind that NaCl's model is fundamentally an out-of-process single-sandbox-per-process model. PNaCl is currently implemented using NaCl but that's an implementation detail: it doesn't require NaCl and is also used to emit non-SFI code. Thanks so so much! I'm very interested in doing some work with compilers.>> Yeah, I'm considering writing a research proposal where I work for JIT-SFI, >> SFI Evasion Technique and Mitigation, and a few other things. Considering >> your experience working on modifying llvm, what would you say would be a >> topic where I could start out doing some good work on, either in a new >> direction or in improving what you have? >> >I recommend also looking at Peter Collingbourne's recent commits to LLVM on vtable protections, as well as some of Mathias Payer's recent publications on code pointer integrity, and David Brazdil's MinSFI work. SFI is a pretty vast field, and approaches vary, so you'd have to figure out what you want to do in more details. And how has this research not made it into the official mainline branch? I>> want to see it get shipped out to production. It would be fantastic if I >> could recompile my software to stop attacks. >> >PNaCl isn't in upstream LLVM for a variety of reasons. There's a path where PNaCl/NaCl's general approach could make it in to upstream but it has to be clean, not be too intrusive in the codebase, be well supported (official maintainer), generally useful, and not cause maintenance headaches (among other things). Work like the UCI's folks -fdiversify randomization is easier to upstream because it more generally meets the criteria I outlined. On Fri, Mar 27, 2015 at 4:47 PM, Per Larsen <perl at uci.edu> wrote:>> >>> Hi Kenneth, >>> >>> I'm part of a research group at UC Irvine that has been working on >>> artificial software diversity for LLVM and clang. You can check our Github >>> repositories here: >>> https://github.com/securesystemslab/multicompiler >>> https://github.com/securesystemslab/multicompiler-clang >>> >>> Our public version is based on LLVM 3.5 but we also have patches for >>> LLVM 3.6 and beyond which I can share with you. In collaboration with JF >>> Bastien and others, we are in the process of upstreaming these patches. So >>> far the random number generator and a machine-independent NOP-insertion >>> pass have been accepted into LLVM mainline. We have several additional >>> diversifying transformations that we want to contribute. If you are >>> interested in participating in this effort, we're happy to collaborate with >>> you. >>> >>> W.r.t. SFI, I believe the PNaCL source code is available. >>> >>> Cheers, >>> Per >>> >>> http://www.ics.uci.edu/~perl/ >>> >>> On Fri, Mar 27, 2015 at 7:22 AM Kenneth Adam Miller < >>> kennethadammiller at gmail.com> wrote: >>> >>>> I read a lot of white papers, but is there not any open source >>>> implementation of SFI or artificial diversity? I google around, but I can't >>>> find anywhere anything regarding what I could openly download. In the same >>>> respect, I would also like to make an innovation proposal to create such an >>>> endeavor if there is not one already. >>>> _______________________________________________ >>>> LLVM Developers mailing list >>>> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >>>> >>> >> > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150327/9213bc69/attachment.html>