An opportunity to discuss and explore all ares where LLVM (and indeed other compilers) are being used to support the creation of secure code. Some of the techniques/projects I know of include the following.
- Existing in-tree techniques: Stack protector, stack checking, stack clash protection, pointer bounds checking, control flow protection.
- Existing out-of-tree techniques: Return address protection (RAP), structure constification, latent entropy extraction, kernel stack leak reduction, integer overflow detect
- Verification of passes.
- Academic work: masking with random data, automatic power analysis countermeasures.
I'll record notes and share them after the BoF.
