similar to: [LLVMdev] Adding diversity for security (and testing)

Displaying 20 results from an estimated 6000 matches similar to: "[LLVMdev] Adding diversity for security (and testing)"

2013 Sep 20
0
[LLVMdev] Adding diversity for security (and testing)
Stephen Crane wrote: > Thanks for all the feedback! It seems there is some interest, so I thought I'd try to summarize discussions so far, and provide patches for closer inspection. I'm not sure if patches should end up here or on a different list in this instance, so if I should instead send this to a different list, I'm happy to do so. > > - Is diversity needed, or are
2013 Sep 20
2
[LLVMdev] Adding diversity for security (and testing)
Nick, Thanks so much for such a detailed review. I definitely missed a few of the details of the LLVM standards. Sorry. Here's a new patch that should resolve the issues you pointed out. I've also included a few comments below -- anything I haven't replied to has been fixed. In particular, I'd like to discuss RNG seeding with the list. I currently use a static singleton to make
2017 Jul 17
2
Is clang+llvm deterministisc?
I searched source code of LLVM/Clang 4.0.0 for 'random_seed' with grep. It seems the -frandom-seed option is not supported. The -rng-seed option appears to be defined in ./lib/Support/RandomNumberGenerator.cpp, which is source code for class RandomNumberGenerator. The constructor of class RandomNumberGenerator is private and is only called by Module::createRNG (defined in
2013 Aug 28
0
[LLVMdev] Adding diversity for security (and testing)
On 08/28/2013 12:01 PM, Stephen Checkoway wrote: > 2. Local attacker who cannot read the contents of the binary. (This is a pretty strange one, but it's possible.) The attacker is forced to rely on side channel information such as timing channels in an attempt to discover the length of the inserted NOP sleds. This sounds like an extraordinarily difficult task, but possibly doable. With a
2013 Aug 28
2
[LLVMdev] Adding diversity for security (and testing)
On Aug 28, 2013, at 1:50 PM, Paul Robinson <pogo.work at gmail.com> wrote: > On Mon, Aug 26, 2013 at 9:14 PM, Todd Jackson <quantum.skyline at gmail.com>wrote: > >> Personally, I think it is necessary to go for the strongest random number >> generator possible. Cryptographically secure pseudorandom number >> generators have good properties that make them
2013 Aug 26
0
[LLVMdev] Adding diversity for security (and testing)
Hi Stephen, > Greetings LLVM Devs! > > I am a PhD student in the Secure Systems and Software Lab at UC > Irvine. We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by > denying the attacker information about the exact code layout.
2013 Aug 29
3
[LLVMdev] Adding diversity for security (and testing)
On 08/28/2013 02:37 PM, Nick Lewycky wrote: > 1. I'm concerned about the deployment problem. I realize that being in > the compiler means you can transform the program in more exciting > ways, but it gives you a much worse deployment story than something > which modifies the program on disk like "prelink". Yes, definitely. Deployment is an issue which users will need
2013 Aug 26
10
[LLVMdev] Adding diversity for security (and testing)
Greetings LLVM Devs! I am a PhD student in the Secure Systems and Software Lab at UC Irvine. We have been working on adding randomness into code generation to create a diverse population of binaries. This diversity prevents code-reuse attacks such as return-oriented-programming (ROP) by denying the attacker information about the exact code layout. ROP has been used is several high-profile recent
2013 Aug 28
0
[LLVMdev] Adding diversity for security (and testing)
On Mon, Aug 26, 2013 at 9:14 PM, Todd Jackson <quantum.skyline at gmail.com>wrote: > > > We would also include a secure random number generator which links >> > against OpenSSL. This would of course be an optional module disabled >> > by default, but is necessary so the randomization is cryptographically >> > secure and useful in security applications.
2013 Aug 27
4
[LLVMdev] Adding diversity for security (and testing)
> > We would also include a secure random number generator which links > > against OpenSSL. This would of course be an optional module disabled > > by default, but is necessary so the randomization is cryptographically > > secure and useful in security applications. > > I am not sure why you need this feature. You can provide LLVM with a > SEED value that can be
2013 Aug 28
0
[LLVMdev] Adding diversity for security (and testing)
On 26 August 2013 11:39, Stephen Crane <sjcrane at uci.edu> wrote: > Greetings LLVM Devs! > > I am a PhD student in the Secure Systems and Software Lab at UC > Irvine. We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by >
2008 Nov 18
2
matrix for diversity functions?
Hi, I have a small simple data frame (attached) - to compare diversity of insects encountered in disturbed and unditurbed site. What i have is the count of insects - the total number of times they were encountered over 30 monitoring slots. Can someone please check for me to make sure how the 'community data matrix' for the diversity function needs to be oriented so that i'm
2011 Sep 07
1
diversity map in r
Hi   I want to make a grid map using diversity indices. I have a soil grid map with 7 class in r. how can I make a diversity map based on soil map in r?  I found something for calculation diversity in a table (.csv).   Thanks [[alternative HTML version deleted]]
2013 Sep 09
0
[LLVMdev] Adding diversity for security (and testing)
On 29 August 2013 15:29, Stephen Crane <sjcrane at uci.edu> wrote: > On 08/28/2013 02:37 PM, Nick Lewycky wrote: > >> 1. I'm concerned about the deployment problem. I realize that being in >> the compiler means you can transform the program in more exciting ways, but >> it gives you a much worse deployment story than something which modifies >> the program
2020 Feb 19
2
EuroLLVM'20: Diversity and Inclusion in Compilers and Tools workshop announcement
Hi All, It's my pleasure to announce the Diversity and Inclusion in Compilers and Tools workshop that will be held on the afternoon of April 5th, at the same venue as the EuroLLVM'20. This event features speakers and discussion aiming to increase diversity and inclusion within the LLVM community, attendee's workplace or university, and within the field of compilers and tools. It is
2012 Sep 25
1
calculation of diversity confidence interval
Dear R-help members. Maybe this is not the right platform to ask this, but I'm looking desperately for a test which is calculating confidence intervals from diversity measurements (non-normaly distributed) (fishers alpha diversity). I was checking the package "vegan" but there seems to be nothing useful. Does anyone of you know with what package I easily could calculate such a
2013 Aug 26
0
[LLVMdev] Adding diversity for security (and testing)
On Aug 26, 2013, at 11:39 AM, Stephen Crane <sjcrane at uci.edu> wrote: > I am a PhD student in the Secure Systems and Software Lab at UC > Irvine. We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by > denying the attacker
2017 Jul 16
4
Is clang+llvm deterministisc?
Hi, there, I am working on a project on software control flow checking, which instruments a program to check if the control flow at runtime matches the control flow graph computed at compile-time. My instrumentation process has to make use of control flow information, including as control flow graph and dominator/post-dominator trees, so it is better part of the compiler. On the other
2013 Aug 27
0
[LLVMdev] Adding diversity for security (and testing)
On Aug 26, 2013, at 2:39 PM, Stephen Crane <sjcrane at uci.edu> wrote: > We have been working on adding randomness into code generation > to create a diverse population of binaries. This diversity prevents > code-reuse attacks such as return-oriented-programming (ROP) by > denying the attacker information about the exact code layout. Putting on my security hat (as opposed to
2015 Mar 27
3
[LLVMdev] SFI and Artificial Diversity
I read a lot of white papers, but is there not any open source implementation of SFI or artificial diversity? I google around, but I can't find anywhere anything regarding what I could openly download. In the same respect, I would also like to make an innovation proposal to create such an endeavor if there is not one already. -------------- next part -------------- An HTML attachment was