SFI and Artificial Diversity

I read a lot of white papers, but is there not any open source implementation of SFI or artificial diversity? I google around, but I can’t find anywhere anything regarding what I could openly download. In the same respect, I would also like to make an innovation proposal to create such an endeavor if there is not one already.

Hi Kenneth,

I’m part of a research group at UC Irvine that has been working on artificial software diversity for LLVM and clang. You can check our Github repositories here:
https://github.com/securesystemslab/multicompiler

https://github.com/securesystemslab/multicompiler-clang

Our public version is based on LLVM 3.5 but we also have patches for LLVM 3.6 and beyond which I can share with you. In collaboration with JF Bastien and others, we are in the process of upstreaming these patches. So far the random number generator and a machine-independent NOP-insertion pass have been accepted into LLVM mainline. We have several additional diversifying transformations that we want to contribute. If you are interested in participating in this effort, we’re happy to collaborate with you.

W.r.t. SFI, I believe the PNaCL source code is available.

Cheers,
Per

http://www.ics.uci.edu/~perl/

Awesome!

Thanks so so much! I’m very interested in doing some work with compilers. Yeah, I’m considering writing a research proposal where I work for JIT-SFI, SFI Evasion Technique and Mitigation, and a few other things. Considering your experience working on modifying llvm, what would you say would be a topic where I could start out doing some good work on, either in a new direction or in improving what you have?

And how has this research not made it into the official mainline branch? I want to see it get shipped out to production. It would be fantastic if I could recompile my software to stop attacks.

Oops, I forgot a couple of things in my excitement. Please disregard the mainline question.

I meant to include: I thought that PNaCL was just for compiling for browser based binaries?

Working on it :slight_smile: You can track status here:
http://reviews.llvm.org/D1802. It's been slow, mostly because it's not
been a top priority for me... Any comments or improvements are welcome
in the patch discussion.

- stephen

PNaCl source:

Oops, I forgot a couple of things in my excitement. Please disregard the
mainline question.

I meant to include: I thought that PNaCL was just for compiling for
browser based binaries?

No, it also works outside the browser but some of the more useful APIs
aren't available out-of-the box because Chrome usually provides them. Those
APIs can be made to work, but keep in mind that NaCl's model is
fundamentally an out-of-process single-sandbox-per-process model. PNaCl is
currently implemented using NaCl but that's an implementation detail: it
doesn't require NaCl and is also used to emit non-SFI code.

Thanks so so much! I'm very interested in doing some work with compilers.

Yeah, I'm considering writing a research proposal where I work for JIT-SFI,
SFI Evasion Technique and Mitigation, and a few other things. Considering
your experience working on modifying llvm, what would you say would be a
topic where I could start out doing some good work on, either in a new
direction or in improving what you have?

I recommend also looking at Peter Collingbourne's recent commits to LLVM on
vtable protections, as well as some of Mathias Payer's recent publications
on code pointer integrity, and David Brazdil's MinSFI work. SFI is a pretty
vast field, and approaches vary, so you'd have to figure out what you want
to do in more details.

And how has this research not made it into the official mainline branch? I

want to see it get shipped out to production. It would be fantastic if I
could recompile my software to stop attacks.

PNaCl isn't in upstream LLVM for a variety of reasons. There's a path where
PNaCl/NaCl's general approach could make it in to upstream but it has to be
clean, not be too intrusive in the codebase, be well supported (official
maintainer), generally useful, and not cause maintenance headaches (among
other things). Work like the UCI's folks -fdiversify randomization is
easier to upstream because it more generally meets the criteria I outlined.