Security Enhancing Compilation for Use in Real Environments

Sep 10, 2017

Speakers

About

We have a proliferation of small, networked devices, rich in sensors - "the Internet of Things". Recent events have shown how such devices are vulnerable to attack. We have seen children's dolls hacked remotely to spout profanities, internet connected light bulbs which can be used to hijack a home network and the Mirai botnet using IoT devices to mount DDoS attacks. We need to make it easy for professional software engineers to write secure code for such devices. Beyond the trivial system failings (lack of passwords, use of open communication protocols), we need to be able to protect against attacks based on information leakage and make is easy to implement defensive programming techniques. Security is a system wide issue, and the compiler is the one tool which gets to look at all the code. SECURE is a one year research project led by Embecosm and supported by Innovate UK, which aims to extend popular open source compilers to help in writing secure code. We can do this in two ways. 1. We can warn the user of dangerous code constructs, for example when a critical variable is used to control program flow, thus leaking information. 2. We can provide features to assist the program, for example by wiping the stack on return from a function to avoid leaving data in memory. We'll be submitting patches to add such features, using ARM and RISC-V architectures as demonstrator. In this talk I'll describe the progress with GCC in the first two months of the project. I'll also look at the system we are using to test the effectiveness of these techniques.

Organizer

Categories

About GNU

The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, and Go, as well as libraries for these languages (libstdc++,...). GCC was originally written as the compiler for the GNU operating system. The GNU system was developed to be 100% free software, free in the sense that it respects the user's freedom.

Like the format? Trust SlidesLive to capture your next event!

Professional recording and live streaming, delivered globally.

Sharing

Recommended Videos

Presentations on similar topic, category or speaker

Interested in talks like this? Follow GNU