40 likes | 213 Vues
Casper / Codiva. Compiler-assisted securing of programs at runtime Code diversity Protection from most stack-smashing attacks. Compiler-assisted securing of programs at runtime Code diversity Protection from most stack-smashing attacks Available as patches: Compiler: gcc-2.95
E N D
Casper / Codiva • Compiler-assisted securing of programs at runtime • Code diversity • Protection from most stack-smashing attacks • Compiler-assisted securing of programs at runtime • Code diversity • Protection from most stack-smashing attacks • Available as patches: • Compiler: gcc-2.95 • Debugger: gdb-5.2.1 PC ret. addr := 32-bit XOR ret. addr 0xBadAdda0 ... ... ... (“/bin/sh”) exec void function(int x, float y, char* s) { int a; int b; char buffer[SIZE]; int c; ... ; strcpy(buffer, s); ... }
Casper – future work • Activation records • automatically managed • randomised layout • Heap smashing techniques • break type-system • corrupt malloc data • Diversified research • Languages, Compilers: C++, Sun CC, Visual C++ • Other architectures: Solaris, Alpha (DLX ;-)
Worklets • Java-based mobile agent system • Code transportation and dynamic integration mechanism
Worklets – past projects • Dan Phung, Alex Bogomolov • Micro-control of junctions • repeat, start-condition, etc. • Registration and discovery mechanism • Security • encryption, authentication and authorisation • Optimised Worklet transportation • Workgroup Cache • Partial compression