Sep 10, 2017
We have a proliferation of small, networked devices, rich in sensors - "the Internet of Things". Recent events have shown how such devices are vulnerable to attack. We have seen children's dolls hacked remotely to spout profanities, internet connected light bulbs which can be used to hijack a home network and the Mirai botnet using IoT devices to mount DDoS attacks. We need to make it easy for professional software engineers to write secure code for such devices. Beyond the trivial system failings (lack of passwords, use of open communication protocols), we need to be able to protect against attacks based on information leakage and make is easy to implement defensive programming techniques. Security is a system wide issue, and the compiler is the one tool which gets to look at all the code. SECURE is a one year research project led by Embecosm and supported by Innovate UK, which aims to extend popular open source compilers to help in writing secure code. We can do this in two ways. 1. We can warn the user of dangerous code constructs, for example when a critical variable is used to control program flow, thus leaking information. 2. We can provide features to assist the program, for example by wiping the stack on return from a function to avoid leaving data in memory. We'll be submitting patches to add such features, using ARM and RISC-V architectures as demonstrator. In this talk I'll describe the progress with GCC in the first two months of the project. I'll also look at the system we are using to test the effectiveness of these techniques.
The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, and Go, as well as libraries for these languages (libstdc++,...). GCC was originally written as the compiler for the GNU operating system. The GNU system was developed to be 100% free software, free in the sense that it respects the user's freedom.
Professional recording and live streaming, delivered globally.
Presentations on similar topic, category or speaker