search for: menageri

...ay they do; I'd recommend run-time checks on indirect function calls and a split-stack approach that allows checks on stores to just mask off bits in the pointer address to prevent them from overwriting the return address on the stack. As an aside, I have a web site called the Memory Safety Menagerie (http://sva.cs.illinois.edu/menagerie/index.html) that lists papers on the topic of memory safety attack mitigation. Those interested in exploring the mitigation options might find it useful. -- John T. (*) Attacks that only change data-flow are possible and practical, but I think these are...

...ecommend > run-time checks on indirect function calls and a split-stack approach > that allows checks on stores to just mask off bits in the pointer > address to prevent them from overwriting the return address on the stack. > > As an aside, I have a web site called the Memory Safety Menagerie > (http://sva.cs.illinois.edu/menagerie/index.html) that lists papers on > the topic of memory safety attack mitigation. Those interested in > exploring the mitigation options might find it useful. > > -- John T. > > (*) Attacks that only change data-flow are possible and pra...

...en better since they also stop non-control data attacks. Getting good performance out of them is difficult, though, and depending on what sorts of overhead you're willing to tolerate, getting good performance is still an open research question. You might want to check out the memory safety menagerie (http://sva.cs.illinois.edu/menagerie). It has lots of papers on various techniques and optimizations for those techniques. You might find something that will give you the security you want at the performance you need. In short, I think working on something that provides more comprehensive...

Hi Kostya, I'm also curious to know where Nuno is going with this, and the details of his design. I'm worried he might be reinventing the wheel. I'm also worried that he may be inventing a square wheel :) > I noticed your commits related to -fbounds-checking and have some questions. > The functionality of this new phase seems to (partially?) overlap with > AddressSanitizer

Hello, As far as I know, there is no MPX pass in LLVM (though the x86-64 backend already declares MPX registers and instructions). I wonder if anyone is currently working on the LLVM pass for MPX instrumentation, similar to Pointer Checker in gcc. If yes, could anyone elaborate on the status and accessability to other researchers? And if any help is needed? Prof. Santosh Nagarakatte, the author

...x86-64 for the KCoFI > project is available at https://github.com/jtcriswell/SVA. You'll need > to create the exploit code (and potentially the vulnerability) yourself. > If you read the literature on CFI and memory safety (some of which is > cataloged at http://sva.cs.illinois.edu/menagerie), you should be able to > find programs and vulnerabilities that have been used in such experiments. > > I think there are lots of program fragment in the literature. Is there any complete program to show that cfi can protect control flow? It's just a basic theory display, not academi...

Hi John, On 25 May 2016 at 16:11, John Criswell <jtcriswel at gmail.com> wrote: > Dear Pierre, > > Stepping up a level, what is your goal in replacing calls to malloc() and > free()? Is it any different than what SAFECode, SoftBound, or ASan do? > That's a good question. I didn't knew about SoftBound until now, so thank you for the name =). Anyway here is what I

Hello, I am currently writing my Master's Thesis on a topic regarding the analysis of memory safety and termination of LLVM programs. This includes alignments in LLVM IR, but I am not sure if I understand their semantics correctly. I have written a program (see attachment) which uses the instruction store i32 1, i32* %7, align 4 to store an integer at an address that I forced to be

I want to create an experiment to show the effectiveness of cfi : For example , I first need a program with vulnerability so that we can hijack its control flow; then I enforce cfi of llvm and we can't hijack its control flow. Do you have any advice for me? - mudongliang -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello, I plan to implement "Stack Smashing Protection - Strong" support in LLVM. Below is a description of this feature and an overview of the implementation plan. I have divided up the implementation into stages that can be delivered incrementally. I'm looking for any feedback (suggestions, requests, etc) before I actually begin the work. Thank you! Josh

On 29 August 2013 15:29, Stephen Crane <sjcrane at uci.edu> wrote: > On 08/28/2013 02:37 PM, Nick Lewycky wrote: > >> 1. I'm concerned about the deployment problem. I realize that being in >> the compiler means you can transform the program in more exciting ways, but >> it gives you a much worse deployment story than something which modifies >> the program

Hi Nuno, I noticed your commits related to -fbounds-checking and have some questions. The functionality of this new phase seems to (partially?) overlap with AddressSanitizer and SAFECode, so I am curious how would you compare the two existing tools with the new one. Earlier you wrote: >> So the main idea of this new flag is not for debugging, but rather for production. >> This means

...; tool project off the open projects page as there are now several memory safety tools built using LLVM. If you want my opinion, I think the static array bounds checker or the monotonic loop optimization make nice, self-contained projects. Finally, you might be interested in the Memory Safety Menagerie (http://sva.cs.illinois.edu/menagerie/). This web page contains a whole list of papers on the subject of memory safety transforms. -- John T. > > > ================================================ > Adding memory safety checks to the LLVM bitcodes > ============================...

On 08/28/2013 02:37 PM, Nick Lewycky wrote: > 1. I'm concerned about the deployment problem. I realize that being in > the compiler means you can transform the program in more exciting > ways, but it gives you a much worse deployment story than something > which modifies the program on disk like "prelink". Yes, definitely. Deployment is an issue which users will need

Package: libxen-dev Version: 3.2.0-2 Severity: wishlist Tags: patch Hi, libvirt needs privcmd.h to build. Please apply. Thanks for building a libxen-dev package, -- Guido Index: xen-3-3.2.0/debian/libxen-dev.install =================================================================== --- xen-3-3.2.0.orig/debian/libxen-dev.install 2008-01-28 18:43:43.000000000 +0000 +++

Dear LLVMers, My name is Raphael Ernani, and I am doing my MsC at the Federal University of Minas Gerais, Brazil. I have been using LLVM for a while, and I would like to participate in this year's Summer of Code. One particular idea, in your "open projects" page caught my eye, and I decided to write a proposal about it. The line that I liked in the page was "Create an LLVM

Hi all Does Digium make a quad BRI card? I can't see anything of the sort on their page but I thought they might call it something else in the States. Failing that, can anyone recommend a make/model that would handle 4 BRI ports? -- Cheers Wayne

[message cross posted to the pkg-xen and xen-devel list] Dear everyone, Bastian Blank - which is the person (among others, but mainly him) that is packaging Xen in Debian -, has decided last summer that he doesn't want to deal with the qemu-dm of Xen, thus removing Xen Qemu and support for HVM in Debian. Here is what he wrote:

[message cross posted to the pkg-xen and xen-devel list] Dear everyone, Bastian Blank - which is the person (among others, but mainly him) that is packaging Xen in Debian -, has decided last summer that he doesn't want to deal with the qemu-dm of Xen, thus removing Xen Qemu and support for HVM in Debian. Here is what he wrote:

...it involves separate objects, is encoded in special instructions, or is actually just annotations on BasicBlocks --- is something I leave open. IPO would be able to just move appropriate segments from this DAG between functions as it moves the affected code.] Languages and unwinders may support a menagerie of kinds of handlers and cleanups; for example, __gxx_personality_v0 allows the efficient encoding of a handler which calls std::terminate(). It can be a significant optimization to use these. Requirement: The representation should be capable of carrying an opaque channel of data about unw...