This shows you the differences between two versions of the page.
exploit-mitigation [2016/01/02 13:20] hanno [ASLR / pie] |
exploit-mitigation [2016/01/02 13:22] (current) hanno [Memory safety] |
||
---|---|---|---|
Line 24: | Line 24: | ||
Approaches that try to implement memory safety in C: | Approaches that try to implement memory safety in C: | ||
+ | * [[http://clang.llvm.org/docs/ControlFlowIntegrity.html|Control Flow Integrity]] and [[http://clang.llvm.org/docs/SafeStack.html|Safe Stack]] for clang/llvm, [[https://www.chromium.org/developers/testing/control-flow-integrity|plans for Chrome deployment]] | ||
* [[http://levee.epfl.ch/|Levee]] - tries to protect only memory containing code pointers (stack return adresses, function pointer variables), relatively small overhead, LLVM-based ([[http://media.ccc.de/browse/congress/2014/31c3_-_6050_-_en_-_saal_g_-_201412272030_-_code_pointer_integrity_-_gannimo.html|Code Pointer Integrity 31C3 talk]]). | * [[http://levee.epfl.ch/|Levee]] - tries to protect only memory containing code pointers (stack return adresses, function pointer variables), relatively small overhead, LLVM-based ([[http://media.ccc.de/browse/congress/2014/31c3_-_6050_-_en_-_saal_g_-_201412272030_-_code_pointer_integrity_-_gannimo.html|Code Pointer Integrity 31C3 talk]]). | ||
* [[http://code.google.com/p/address-sanitizer/|Address Sanitizer]] - mostly advertised as a debugging / fuzzing tool, could in theory also be used for production software, significant overhead, part of both LLVM and GCC in current versions (compiler flag -fsanitize=address). | * [[http://code.google.com/p/address-sanitizer/|Address Sanitizer]] - mostly advertised as a debugging / fuzzing tool, could in theory also be used for production software, significant overhead, part of both LLVM and GCC in current versions (compiler flag -fsanitize=address). |