Improving the security of source code – whether it’s developed in-house, licensed from a vendor, or lost altogether – poses a number of challenges. Even if source code is available, it’s more efficient and secure to make changes at the compiler level with LLVM. It saves time. It reduces chances for errors. It allows for effective whole-program security enhancements.
Why we should work together
We can help your organization take advantage of new, fundamental and proprietary research on the application of compiler engineering to computer security problems. For example:
- Correct mistakes in binary code without having access to the source code.
- Prove properties that could indicate vulnerabilities.
- Ensure continuity between the programmer’s intended behavior and actual program behavior.
- Remove obsolete code whose presence represents an unnecessary risk.
- Support the validation of vendor source code by lifting binary code – statically or dynamically – to an intermediate representation.
- Support the generation of application tests with high code coverage without the need for source code.
- Enhance our open-source tools to satisfy your organization’s particular needs.
Looking ahead, we plan to advance the field of LLVM analysis, apply symbolic execution to LLVM, develop a process to make vulnerable code unreachable, push decompilation from binary back to useful source code, and generally improve the speed and performance of our tools.
What we’ve contributed
- Cyber Fault-tolerant Attack Recovery (CFAR) uses multiple CPU cores for security. Each core runs a functionally identical variants of the same program, but mutated at the binary level. Exploit attempts cause the afflicted variant to diverge in execution from the others, at which point the system knows it is under attack and can take precautions.
- Let’s talk about CFI: clang edition, a blog post that explained clang’s Control Flow Integrity at a high level, and how to use it.
- Let’s talk about CFI: Microsoft Edition, a companion blog post that explored Microsoft’s implementation of control flow integrity, Control Flow Guard (CFG).
- Microx serves as a single-instruction “micro execution” framework. It enables a program to safely execute an arbitrary x86 or x86-64 instruction.
- Static Translation of X86 Instruction Semantics to LLVM with McSema
Contact us with your Compiler engineering needs.