I want to create an experiment to show the effectiveness of cfi :
For example ,
I first need a program with vulnerability so that we can hijack its control
flow;
then I enforce cfi of llvm and we can't hijack its control flow.
Do you have any advice for me?
- mudongliang
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20150901/c217604a/attachment.html>
On 8/31/15 10:43 PM, 慕冬亮 via llvm-dev wrote:> I want to create an experiment to show the effectiveness of cfi : > For example , > I first need a program with vulnerability so that we can hijack its > control flow; > > then I enforce cfi of llvm and we can't hijack its control flow. > > Do you have any advice for me?The CFI implementation we updated to work with x86-64 for the KCoFI project is available at https://github.com/jtcriswell/SVA. You'll need to create the exploit code (and potentially the vulnerability) yourself. If you read the literature on CFI and memory safety (some of which is cataloged at http://sva.cs.illinois.edu/menagerie), you should be able to find programs and vulnerabilities that have been used in such experiments. That said, doing an experiment will not show that CFI is effective; it will only show that CFI stops that one particular attack that you are demonstrating. While this was done in past research papers, it was only done because it was one of the few methods of evaluating CFI available. More recent work is showing the deficiencies of evaluating CFI in this way (in a nutshell, simple CFI defenses can be thwarted). Determining how to measure the effectiveness of defenses against code-reuse attacks (such as Return-Oriented programming, Return to Libc attacks, and Non-Control data attacks) is an active area of research. My students and I are working to devise methods of evaluating defenses, but as the work is in its very early stages, that's all I can say about it at present. Regards, John Criswell> - mudongliang > > > > > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev-- John Criswell Assistant Professor Department of Computer Science, University of Rochester http://www.cs.rochester.edu/u/criswell -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150831/ba34ade8/attachment.html>
2015-09-01 11:38 GMT+08:00 John Criswell <jtcriswel at gmail.com>:> On 8/31/15 10:43 PM, 慕冬亮 via llvm-dev wrote: > > I want to create an experiment to show the effectiveness of cfi : > For example , > I first need a program with vulnerability so that we can hijack its > control flow; > > then I enforce cfi of llvm and we can't hijack its control flow. > > Do you have any advice for me? > > > The CFI implementation we updated to work with x86-64 for the KCoFI > project is available at https://github.com/jtcriswell/SVA. You'll need > to create the exploit code (and potentially the vulnerability) yourself. > If you read the literature on CFI and memory safety (some of which is > cataloged at http://sva.cs.illinois.edu/menagerie), you should be able to > find programs and vulnerabilities that have been used in such experiments. > > I think there are lots of program fragment in the literature. Is there anycomplete program to show that cfi can protect control flow? It's just a basic theory display, not academic paper!> That said, doing an experiment will not show that CFI is effective; it > will only show that CFI stops that one particular attack that you are > demonstrating. While this was done in past research papers, it was only > done because it was one of the few methods of evaluating CFI available. > More recent work is showing the deficiencies of evaluating CFI in this way > (in a nutshell, simple CFI defenses can be thwarted). > > Determining how to measure the effectiveness of defenses against > code-reuse attacks (such as Return-Oriented programming, Return to Libc > attacks, and Non-Control data attacks) >I don't think Non-Control data attacks is a kind of code-reuse attack. It is better to call it Data-Oriented attacks.> is an active area of research. My students and I are working to devise > methods of evaluating defenses, but as the work is in its very early > stages, that's all I can say about it at present. > > This is an interesting topic I think.Thank you for your reply. - mudongliang -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150901/09ae4821/attachment.html>
On Mon, Aug 31, 2015 at 11:38:00PM -0400, John Criswell via llvm-dev wrote:> On 8/31/15 10:43 PM, 慕冬亮 via llvm-dev wrote: > >I want to create an experiment to show the effectiveness of cfi : > >For example , > >I first need a program with vulnerability so that we can hijack its > >control flow; > > > >then I enforce cfi of llvm and we can't hijack its control flow. > > > >Do you have any advice for me?For completeness: the following paper also implements some kind of CFI over LLVM, maybe worth have a look? https://www.sstic.org/media/SSTIC2015/SSTIC-actes/control_flow_integrity_on_llvm_ir/SSTIC2015-Article-control_flow_integrity_on_llvm_ir-fontaine_chifflier_coudray_esfrDAl.pdf
Take a look at clang.llvm.org/docs/ControlFlowIntegrityDesign.html clang.llvm.org/docs/ControlFlowIntegrity.html And the tests: https://github.com/llvm-mirror/compiler-rt/tree/master/test/cfi On Mon, Aug 31, 2015 at 7:43 PM, 慕冬亮 via llvm-dev <llvm-dev at lists.llvm.org> wrote:> I want to create an experiment to show the effectiveness of cfi : > For example , > I first need a program with vulnerability so that we can hijack its > control flow; > > then I enforce cfi of llvm and we can't hijack its control flow. > > Do you have any advice for me? > > - mudongliang > > > > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150901/d7e01a65/attachment.html>
Ask a simple question :
I svn checkout compiler-rt in llvm/project. And I compile llvm through
cmake.
How can I make for all those testing files?
make test?
- mudongliang
2015-09-02 0:58 GMT+08:00 Kostya Serebryany <kcc at google.com>:
> Take a look at
>
> clang.llvm.org/docs/ControlFlowIntegrityDesign.html
> clang.llvm.org/docs/ControlFlowIntegrity.html
>
> And the tests:
> https://github.com/llvm-mirror/compiler-rt/tree/master/test/cfi
>
> On Mon, Aug 31, 2015 at 7:43 PM, 慕冬亮 via llvm-dev <llvm-dev at
lists.llvm.org
> > wrote:
>
>> I want to create an experiment to show the effectiveness of cfi :
>> For example ,
>> I first need a program with vulnerability so that we can hijack its
>> control flow;
>>
>> then I enforce cfi of llvm and we can't hijack its control flow.
>>
>> Do you have any advice for me?
>>
>> - mudongliang
>>
>>
>>
>>
>>
>> _______________________________________________
>> LLVM Developers mailing list
>> llvm-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20150902/903bbb6f/attachment.html>