search for: kcofi

Hi I want to pursue a project based to improve the existing KCoFI method which is the Control Flow integrity method for commodity os. Since KCoFI is a llvm based project I plan to undertake the project to improve the existing KCoFI method. Following are the improvements that I want to pursue: 1. To improve the call graph used in KCoFI. Implement a stronger call...

Hi In my previous mail I mentioned the project on KCoFI( the control FLow integrity methods for commodity hardware http://sva.cs.illinois.edu/pubs/KCoFI-Oakland-2014.pdf ). Will it be more helpful to the community if I do the improvements number #1 and #3 mentioned in my previous mail to the mailing list or if i try to port it to arm architecture? I hav...

...e the use of combined safe/unsafe languages for OS kernels (without letting C code violate the safety provided by the safe language), and enforce dynamic security policies on kernel modules (to thwart rootkits). If you're interested in security projects on the kernel, you could enhance the KCoFI prototype to use a more accurate control-flow graph or to use code pointer integrity, or you could write optimizations for the software-fault isolation instrumentation (which would improve both KCoFI and Virtual Ghost, if you are familiar with those papers of mine). Does any of these projects s...

.../unsafe > languages for OS kernels (without letting C code violate the safety > provided by the safe language), and enforce dynamic security policies > on kernel modules (to thwart rootkits). > > If you're interested in security projects on the kernel, you could > enhance the KCoFI prototype to use a more accurate control-flow graph > or to use code pointer integrity, or you could write optimizations for > the software-fault isolation instrumentation (which would improve both > KCoFI and Virtual Ghost, if you are familiar with those papers of > mine). > > D...

Hi, everyone. I'm a senior at Swarthmore College and would love to work with LLVM this summer. I'm interested in systems languages and security, and I'll start a PhD on these topics this fall. I also do a good deal of open source development and auditing with OpenBSD and a variety of other projects. I spent last year's GSoC doing security auditing for Pidgin/libpurple. GSoC seems

...example , > I first need a program with vulnerability so that we can hijack its > control flow; > > then I enforce cfi of llvm and we can't hijack its control flow. > > Do you have any advice for me? > > > The CFI implementation we updated to work with x86-64 for the KCoFI > project is available at https://github.com/jtcriswell/SVA. You'll need > to create the exploit code (and potentially the vulnerability) yourself. > If you read the literature on CFI and memory safety (some of which is > cataloged at http://sva.cs.illinois.edu/menagerie), you shou...

I want to create an experiment to show the effectiveness of cfi : For example , I first need a program with vulnerability so that we can hijack its control flow; then I enforce cfi of llvm and we can't hijack its control flow. Do you have any advice for me? - mudongliang -------------- next part -------------- An HTML attachment was scrubbed... URL: