LLVM's BOLT Being Adapted To Analyze Security Hardening Of Binaries

Written by Michael Larabel in LLVM on 4 April 2024 at 07:35 AM EDT. 4 Comments
LLVM
LLVM's BOLT is an amazing tool for optimizing the layout of binaries and in turn can lead to some mighty useful performance improvements. But now an Arm compiler engineer has taken to leveraging BOLT for creating a binary analysis tool to vet the correctness of security hardening options.

Arm compiler engineer Kristof Beyls has taken to coming up with an initial proof of concept for a BOLT-based solution to evaluate the security hardening of binary files.
"We lack good tools to verify correct code generation for security hardening features. Most security hardening features are tested by just a small number of regression tests. Just running large amounts of code compiled with security hardening features doesn’t test them well: it checks if the program still produces the expected output for a given input, but it does not check if it makes it harder to maliciously exploit the binary.

This RFC proposes building a static binary analyzer that can scan binaries to verify that a given hardening feature has been applied correctly across the whole binary. I’ve built a prototype on top of BOLT and propose to improve it enough to be able to upstream it."

In an RFC posting on the LLVM Discourse, Kristof Beyls outlines his initial work on leveraging BOLT for this security hardening analysis purposes -- well outside the original BOLT performance intentions when developed by Facebook/Meta.

The tool would aim to verify features like the stack protector, stack clash protection, branch protection, control flow protections, and more.The binary analysis tool would verify the hardening features across the entire program and be much more verbose than the limited security hardening tests used today.

The initial code is called the "llvm-bolt-gadget-scanner" and is in prototype form. Results so far are promising and hopeful that a useful binary scanner can be built. With support of other upstream LLVM developers, there is hope of being able to upstream such a tool into the codebase.

In addition to the aforelinked RFC message, the prototype code of this gadget scanner can be found on GitHub.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week