Subject: Adding diversity for security (and testing)
Date: Monday 26th August 2013 18:39:26 UTC (over 3 years ago)
Greetings LLVM Devs! I am a PhD student in the Secure Systems and Software Lab at UC Irvine. We have been working on adding randomness into code generation to create a diverse population of binaries. This diversity prevents code-reuse attacks such as return-oriented-programming (ROP) by denying the attacker information about the exact code layout. ROP has been used is several high-profile recent attacks, and has also been used as a jailbreaking avenue. We believe our transformations would provide a significant security benefit for LLVM users who choose to use diversity. For more details see  (although we are currently proposing to upstream only a simplified subset of our work). We would like to contribute some of our work back to the community, and are preparing a small patch adding two new features: NOP insertion and schedule randomization. The NOP insertion pass randomly adds NOPs after each MachineInstr according to a command-line parameter. Currently NOP insertion is implemented for X86, and we are adding support for ARM. The schedule randomizer randomly picks a valid instruction to schedule at every point, bypassing the scheduling heuristics. These passes result in a binary which, while slightly slower, is far more secure against code-reuse attacks. In addition, schedule randomization may be useful for randomized compiler and micro-architecture testing. We would also include a secure random number generator which links against OpenSSL. This would of course be an optional module disabled by default, but is necessary so the randomization is cryptographically secure and useful in security applications. We are in the process of writing test cases and double checking formatting to produce a useful patch, but would like to solicit feedback on our proposed changes before submitting patches for detailed consideration. Thanks, Stephen Crane Secure Systems and Software Lab UC Irvine  A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz; “Profile-guided Automated Software Diversity,” in 2013 International Symposium on Code Generation and Optimization (CGO 2013), Shenzhen, China; February 2013.