LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: Adding diversity for security (and testing)

[Posted August 28, 2013 by jake]

From:  Nick Kledzik <kledzik-AT-apple.com>
To:  Stephen Crane <sjcrane-AT-uci.edu>
Subject:  Re: Adding diversity for security (and testing)
Date:  Mon, 26 Aug 2013 14:01:20 -0700
Message-ID:  <A4A09073-5A31-497C-B653-051395E0D387@apple.com>
Cc:  Per Larsen <perl-AT-uci.edu>, stefan brunthaler <s.brunthaler-AT-uci.edu>, Andrei Homescu <ahomescu-AT-uci.edu>, LLVM Developers Mailing List <llvmdev-AT-cs.uiuc.edu>
Archive-link:  Article, Thread 


On Aug 26, 2013, at 11:39 AM, Stephen Crane <sjcrane@uci.edu> wrote:
> I am a PhD student in the Secure Systems and Software Lab at UC
> Irvine. We have been working on adding randomness into code generation
> to create a diverse population of binaries. This diversity prevents
> code-reuse attacks such as return-oriented-programming (ROP) by
> denying the attacker information about the exact code layout.

How is the "diverse population" of binaries generated and delivered?   The tradition 
software development model is to qualify one “golden master” which is then
duplicated to all customers.

-Nick
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds