In my previous mail I mentioned the project on KCoFI( the control FLow integrity methods for commodity hardware http://sva.cs.illinois.edu/pubs/KCoFI-Oakland-2014.pdf ).
Will it be more helpful to the community if I do the improvements number #1 and #3 mentioned in my previous mail to the mailing list or if i try to port it to arm architecture?
I have decided to go ahead with the improvements #1 and #3 that are improving the call graph and porting the KCoFI SFI methods to the ones used in NaCl and PNaCl. It seems to me the community is more interested towards the SFI methods.
If the course of the project permits I may also contribute to the fourth improvement that you mentioned.
Earlier I mentioned three modifications to improve the KCoFI project.
After the valuable feedback from the members I am deciding to go ahead with
Implementing a stronger call graph: in this part of the project the FreeBSD kernel will be compiled using the libTO tool. This will involve writing some patches that build to IR, use llvm-link to run LTO and then link the resulting binary. This project will involve delving further into the llvm bundle.
PNacl and NaCL both are open source.The SFI approach NaCl takes expects a single sandbox per process, which doesn’t seem very suitable to kernel use. It can be made to support multiple sandboxes in the same address space, which is the work that I will undertake as a part of the project. I will be trying to integrate the Forward Edge Call Graph techniques also in this project.
porting the newer version of FreeBSD kernel to SVA-OS instruction set.
As a brief timeplane
Since it is a big project and I will be using the existing code of KCoFI I will be going ahead with the Iterative Enhancement model of Software Development Process
Week 1:Discussion with my mentor on documentation style and the code.
Week 2 to Week 3: Writing the patches that build to IR and use llvm- link to run LTO with FreeBSD
Week 4: Compiling the kernel with libLTO tool. In this week I will write the methods to build a strong call graph.
Week 5: Testing the call graphs.
Week 6-7: using the PNaCl and NaCL SFI techniques and implementing them in the kernel.
Week 8: using the NaCl to support multiple sandboxing in same address space for for multiple processes in an os kernel.
Week 9: testing the new sandboxing techniques together with the previous techniques of stronger call graph imlemntation with proper benchmarking of the compile time.
Week 10-11: Porting the newer version of the FReeBSD kernel to SVA-OS instruction set.
WEEK 12: testing of the complete project with real world malicious programs.
What exactly should i do in the porting to the SFI techniques of PNacl and Nacl. Will it sandbox each process using its call graph or will it sandbox some unprivileged processes making the use of capabilities?
How much will the project involve writing into the llvm code bundle?
Should I apply in llvm or in FreeBSD? If I apply in FreeBSD then I believe the project of porting the kernel to arm architecture will be of more use there. Or should I submit proposals to both the organizations?
I just want to ask how should I try to convince other mentors that this project will be useful for the llvm community as a whole?
The things that I am not able to write in my proposal are how to give strong reasons to convince the mentors that this project will be useful for the llvm community as a whole. Also I need some more suggestions about the timeline and the roadmap if you can help.
Sorry for being late I was busy with my mid semester examinations.
And unfortunately while installing FreeBSD on my system something went wrong with the EFI file system and my entire HDD and windows was lost.
I will be uploading the proposal soon.
IDD Computer Sc & Engg