1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking Benchmarking Platform
Phoromatic Test Orchestration

DARPA Project Using LLVM For Better Code Security

Compiler

Published on 02 December 2012 03:37 PM EST
Written by Michael Larabel in Compiler
3 Comments

A software research project being funded by the United States' Defense Advanced Research Projects Agency (DARPA) with its Cyber Fast Track program is looking at ways for providing a flexible and integrated security infrastructure by using LLVM for dynamic and static security tasks.

For the past few weeks I have been sharing some of the interesting slides from last month's LLVM Developers' Meeting in San Jose, California. Among the interesting technical sessions covered so far were on ThreadSanitizer and MemorySanitizer, how Google treats Clang compiler errors, the state of 64-bit ARM, Clang analyzing code comments to auto-generate documentation, LLVM/Clang being ported to a super computer, and Intel's Shevlin Park project that uses LLVM/Clang to make Microsoft's C++ AMP framework cross-platform. There's one more interesting presentation that may interest many Phoronix readers and the slides for that session were recently uploaded.

Jared Carlson of GoToTheBoard has been involved with a research project being financed by DARPA, a division of the US Department of Defense. The talk comes down to leveraging LLVM and LLDB (the LLVM debugger) for dynamic and static security tasks. "The talk discusses incorporating both static and dynamic analysis techniques by using LLVM and LLDB components and that these can easily be integrated back into LLVM development workflow. These tools will help find exploitable bugs within the llvm development environment, illustrate their consequences and are customizable and easily shared within the community. Funded by DARPA as a Cyber Fast Track effort, we are currently incorporating LLDB and other open source python libraries along with re-written static analysis scripts so that the tools can be easily integrated and altered into a workflow...The talk will discuss how we use the tools to investigate bug severity, utilize artificial intelligence techniques to predispose fuzzing, draw conclusions, and utilize the LLVM technology quite to target various architectures if desired."

Project goals for the US government were to create a tool to find exploitable bugs within a "normal" environment, illustrate consequences of these bugs, educate and interact wit hthe developer, and allow for community improvement and sharing. The areas then covered in the presentation were on static analysis, function graph, data dependency, hypothesis engine, and the fuzzer.

An alpha version of this project was delivered to DARPA in September. A beta version was to be delivered around the end of November. After the project has finished, the plan is to release the code to the open-source community which should happen any day now -- the presentation states the release aim as "early December or thereabouts."

For those wanting to learn more about this LLVM research project, see the 41 PDF slides.

About The Author
Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via and or contacted via .
Latest Linux News
  1. Linux Benchmarks Of Intel's Atom Z3735F On The Compute Stick
  2. Fedora's Security Team Continues Closing Old Vulnerabilities
  3. HAMMER2 File-System Now Uses LZ4 Compression By Default
  4. HiSense Chromebook Benchmarks When Running Ubuntu Linux
  5. Mandriva Linux Was Allegedly Brought Down By Employee Lawsuits
  6. GNOME 3.17.2 Is Released As The Latest Look Towards GNOME 3.18
  7. Phoronix Turns 11 Years Old Next Week: How Should We Celebrate?
  8. Ubuntu Community Council Reaffirms Its Decision Against Kubuntu's Leader
  9. Future Plans For Changing Fedora's Installer
  10. Confusion Mounts Over Wayland's Actual License
Latest Articles & Reviews
  1. Btrfs RAID 0/1/5/6/10 Five-Disk Benchmarks On Linux 4.1
  2. Opening The Gates To Our Daily Open-Source Linux Benchmark Results
  3. The Latest Features For Linux Performance Management + Benchmark Monitoring
  4. Noctua NH-U12DX i4 + NF-F12
Most Viewed News This Week
  1. NVIDIA's Proprietary Driver Is Moving Closer With Kernel Mode-Setting
  2. Features Added To Mesa 10.6 For Open-Source GPU Drivers
  3. Ubuntu's LXD vs. KVM For The Linux Cloud
  4. Friction Building Around An Ubuntu Community Council Decision
  5. The Latest Linux Kernel Git Code Fixes The EXT4 RAID0 Corruption Problem
  6. The CompuLab Fitlet Is A Neat Little Linux PC With AMD SoC
  7. Russia's Baikal Chips End Up Going For A MIPS CPU
  8. Linux 4.1-rc5 Kernel Released