Building Your Own Clang LibTool: A Step-by-Step Tutorial

Technically, Clang receives an Abstract Syntax Tree (AST), build by Clang Parser (clang/Parse/*), not the input C/C++ code (although Parser is part of Clang code base). There is obviously a Lexer in between this process, but neither Lexer nor Parser is our focus in this tutorial. Clang is responsible to convert the AST to LLVM…

Research Review: Type Confusion Attack

HexType: Efficient Detection of Type Confusion Errors for C++ Link: https://dl.acm.org/citation.cfm?id=3134062Source Code: https://github.com/HexHive/HexType Summary: In a type-based programming language, typecasting is a common phenomenon. With the object-oriented programming paradigm, this feature turns into a dangerous attack surface. When a derived class object cast to parent class object (upcast), it is usually safe, considering parent class…

Research Review: Memory Bound Protection

Stack Bounds Protection with Low Fat Pointers Link: https://www.comp.nus.edu.sg/~gregory/papers/ndss17stack.pdfSource Code: https://github.com/GJDuck/LowFat Summary: The research work is an extension of their another work (Heap bounds protection with low-fat pointers). The concept of low-fat pointers are originated in the previous paper, they provide well-details of that too. The basic concept of low-fat pointers is: use the pointer memory itself to…

System and Software Security Research Conference

Several conferences focus on security, including top-tier and flagship events, where publishing your work should be a priority. Additionally, individual top-tier systems and software conferences can also be good choices for publishing your research. I have categorized the conferences accordingly: Top-tier Security Conference * IEEE Symposium on Security and Privacy (S&P/Oakland)* ACM Computer and Communications Security (CCS) * USENIX…

Research Review: Exploit Generation

Block Oriented Programming: Automating Data-Only Attacks Link: https://dl.acm.org/citation.cfm?id=3243739Source Code: https://github.com/HexHive/BOPC Summary: Vulnerable software with an active defense system (e.g. Control-Flow Integrity, Shadow Stack, Address Space Randomization etc.) is hard to exploit. Control Flow Integrity (CFI) restrict execution within valid control flows, although because of the weak control flow graph (CFG), the coarse-grained CFI system allows…

SVF: Interprocedural Static Value-Flow Analysis in LLVM

SVF is a static analysis framework implemented in LLVM that allows value-flow construction and pointer analysis to be performed in an iterative manner (sparse analysis – analysis conducted into stages, from overapproximate analysis to precise, expensive analysis). It uses (default) points-to information from Andersen’s analysis and constructs an interprocedural memory SSA (Static-Single Assignment) form where…

Research Review: Information Leak

k-hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces Link: http://web.cse.ohio-state.edu/~lin.3021/file/CCS18.pdfSource Code: https://github.com/GoSSIP-SJTU/k-hunt Summary: It would be useful for attackers if they can identify the memory location where an application store its cryptographic keys. It will be more useful to do taint analysis for various purpose (e.g. identify if a key is insecure). This research uses…

Road Trips Summer’19: Florida ↔ California

In summer 2019, I went to Silicon Valley for my internship at Baidu USA. I decided to make a road trip with my 2005 Nissan Altima. All alone, the trip was awesome and adventurous. To Silicon Valley To Florida State