Explore a cutting-edge approach to software security in this 20-minute IEEE conference talk. Delve into compiler-assisted code randomization (CCR), a hybrid technique that enables rapid and robust fine-grained code randomization on end-user systems while maintaining compatibility with existing software distribution models. Learn how CCR augments binaries with transformation-assisting metadata to facilitate code transformation and maintain compatibility with mechanisms relying on original code references. Discover the implementation of this approach using the LLVM compiler toolchain and a binary rewriter, and examine its practical benefits, including modest file size increase, negligible runtime overhead, and compatibility with link-time optimization and control flow integrity.
Overview
Syllabus
Compiler-assisted Code Randomization
Taught by
IEEE Symposium on Security and Privacy