In the case of cyber attacks
- Attacker can run programs on the same machine
attack on the branch predictor.
(in French, has links) https://interstices.info/jcms/c_25753/une-faille-de-securite-dans-les-processeurs- attack on the Dcache (need ref)
- Attacker interacts with remote machine
- buffer overflow, canari, ASLR, CFI
- Canaries with Clang: -fstack-protector, -fstack-protector-strong, -fstack-protector-all
- ASLR with Clang: -fpie -pie
Safe stack with Clang: -fsanitize=safe-stack. More information : http://dslab.epfl.ch/proj/cpi/ (research prototype)
CFI with Clang: -fsanitize=cfi. More information : http://clang.llvm.org/docs/ControlFlowIntegrity.html
- Global Offset Table (GOT) Protection with Clang: -Wl,-z,now -Wl,-z,relro