Locked History Actions

Diff for "Related Publications"

Differences between revisions 1 and 6 (spanning 5 versions)
Revision 1 as of 2016-05-30 09:54:27
Size: 329
Editor: pacap
Comment:
Revision 6 as of 2016-05-30 14:39:17
Size: 1799
Editor: paravengers
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Implementations of automated Masking =
 * Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. '''Compiler Assisted M''''''asking'''. In Emmanuel Prouff and Patrick Schaumont, editors, CHES, volume 7428 of LNCS, pages 58–75. Springer, 2012

 * G. Agosta, A. Barenghi, M. Maggi and G. Pelosi, "'''Compiler-based side channel ''''''vulnerability analysis and optimized countermeasures application'''" Design Automation Conference (DAC), 2013 50th ACM/EDAC/IEEE, Austin, TX, 2013, p. 1-6.
Line 3: Line 8:
 * LLVM obfuscator
 *
 * Obfuscator-LLVM:
   * Bogus Control Flow (https://github.com/obfuscator-llvm/obfuscator/wiki/Bogus-Control-Flow) Average overhead performance ➡ 28 %
   * Control Flow Flattening (https://github.com/obfuscator-llvm/obfuscator/wiki/Control-Flow-Flattening) Average overhead performance ➡ 860 %
   * Instruction Substitution (https://github.com/obfuscator-llvm/obfuscator/wiki/Instructions-Substitution) Average overhead performance ➡ 13.5 %
   * A commercial version of this project with more features is available at https://strong.codes/
Line 8: Line 16:
Line 10: Line 19:
   * buffer overflow, canari, ASLR, CFI   * buffer overflow, canari, ASLR, CFI
  * Canaries with Clang: -fstack-protector, -fstack-protector-strong, -fstack-protector-all
  * ASLR with Clang: -fpie -pie
  * Safe stack with Clang: -fsanitize=safe-stack. More information : http://dslab.epfl.ch/proj/cpi/ (research prototype)
  * CFI with Clang: -fsanitize=cfi. More information : http://clang.llvm.org/docs/ControlFlowIntegrity.html
  * Global Offset Table (GOT) Protection with Clang: -Wl,-z,now -Wl,-z,relro

Implementations of automated Masking

  • Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. Compiler Assisted Masking. In Emmanuel Prouff and Patrick Schaumont, editors, CHES, volume 7428 of LNCS, pages 58–75. Springer, 2012

  • G. Agosta, A. Barenghi, M. Maggi and G. Pelosi, "Compiler-based side channel vulnerability analysis and optimized countermeasures application" Design Automation Conference (DAC), 2013 50th ACM/EDAC/IEEE, Austin, TX, 2013, p. 1-6.

Obfuscation

Model of attacker

In the case of cyber attacks

  • Attacker can run programs on the same machine
  • Attacker interacts with remote machine
    • buffer overflow, canari, ASLR, CFI
    • Canaries with Clang: -fstack-protector, -fstack-protector-strong, -fstack-protector-all
    • ASLR with Clang: -fpie -pie
    • Safe stack with Clang: -fsanitize=safe-stack. More information : http://dslab.epfl.ch/proj/cpi/ (research prototype)

    • CFI with Clang: -fsanitize=cfi. More information : http://clang.llvm.org/docs/ControlFlowIntegrity.html

    • Global Offset Table (GOT) Protection with Clang: -Wl,-z,now -Wl,-z,relro