SPLASH 2021
Sun 17 - Fri 22 October 2021 Chicago, Illinois, United States
Wed 20 Oct 2021 14:35 - 14:50 at Zurich B - Security Chair(s): Yannis Smaragdakis
Wed 20 Oct 2021 22:35 - 22:50 at Zurich B - Security - mirror Chair(s): Chandrakana Nandi

Despite extensive testing and correctness certification of their functional semantics, a number of compiler optimizations have been shown to violate security guarantees implemented in source code. While prior work has shed light on how such optimizations may introduce semantic security weaknesses into programs, there remains a significant knowledge gap concerning the impacts of compiler optimizations on non-semantic properties with security implications. In particular, little is currently known about how code generation and optimization decisions made by the compiler affect the availability and utility of reusable code segments called gadgets required for implementing code reuse attack methods such as return-oriented programming.

In this paper, we bridge this gap through a study of the impacts of compiler optimization on code reuse gadget sets. We analyze and compare 1,187 variants of 20 different benchmark programs built with two production compilers (GCC and Clang) to determine how their optimization behaviors affect the code reuse gadget sets present in program variants with respect to both quantitative and qualitative metrics. Our study exposes an important and unexpected problem; compiler optimizations introduce new gadgets at a high rate and produce code containing gadget sets that are generally more useful to an attacker than those in unoptimized code. Using differential binary analysis, we identify several undesirable behaviors at the root of this phenomenon. In turn, we propose and evaluate several strategies to mitigate these behaviors. In particular, we show that post-production binary recompilation can effectively mitigate these behaviors with negligible performance impacts, resulting in optimized code with significantly smaller and less useful gadget sets.

Wed 20 Oct

Displayed time zone: Central Time (US & Canada) change

13:50 - 15:10
SecurityOOPSLA at Zurich B +8h
Chair(s): Yannis Smaragdakis University of Athens
13:50
15m
Talk
SpecSafe: Detecting Cache Side Channels in a Speculative WorldVirtual
OOPSLA
Robert Brotzman-Smith Pennsylvania State University, Danfeng Zhang Pennsylvania State University, Mahmut Taylan Kandemir Pennsylvania State University, Gang (Gary) Tan Pennsylvania State University
DOI
14:05
15m
Talk
Interpretable Noninterference Measurement and Its Application to Processor DesignsVirtual
OOPSLA
Ziqiao Zhou Microsoft Research, Michael K. Reiter Duke University
DOI
14:20
15m
Talk
Reconciling Optimization with Secure CompilationVirtual
OOPSLA
Son Tuan Vu Sorbonne University; CNRS; LIP6, Albert Cohen Google, Arnaud de Grandmaison ARM, Christophe Guillon STMicroelectronics, Karine Heydemann Sorbonne University; CNRS; LIP6
DOI
14:35
15m
Talk
Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget SetsIn-Person
OOPSLA
Michael D. Brown Georgia Institute of Technology, Matthew Pruett Georgia Institute of Technology, Robert Bigelow Georgia Institute of Technology, Girish Mururu Georgia Institute of Technology, Santosh Pande Georgia Institute of Technology
DOI
14:50
20m
Live Q&A
Discussion, Questions and Answers
OOPSLA

21:50 - 23:10
Security - mirrorOOPSLA at Zurich B
Chair(s): Chandrakana Nandi Certora, inc.
21:50
15m
Talk
SpecSafe: Detecting Cache Side Channels in a Speculative WorldVirtual
OOPSLA
Robert Brotzman-Smith Pennsylvania State University, Danfeng Zhang Pennsylvania State University, Mahmut Taylan Kandemir Pennsylvania State University, Gang (Gary) Tan Pennsylvania State University
DOI
22:05
15m
Talk
Interpretable Noninterference Measurement and Its Application to Processor DesignsVirtual
OOPSLA
Ziqiao Zhou Microsoft Research, Michael K. Reiter Duke University
DOI
22:20
15m
Talk
Reconciling Optimization with Secure CompilationVirtual
OOPSLA
Son Tuan Vu Sorbonne University; CNRS; LIP6, Albert Cohen Google, Arnaud de Grandmaison ARM, Christophe Guillon STMicroelectronics, Karine Heydemann Sorbonne University; CNRS; LIP6
DOI
22:35
15m
Talk
Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget SetsIn-Person
OOPSLA
Michael D. Brown Georgia Institute of Technology, Matthew Pruett Georgia Institute of Technology, Robert Bigelow Georgia Institute of Technology, Girish Mururu Georgia Institute of Technology, Santosh Pande Georgia Institute of Technology
DOI
22:50
20m
Live Q&A
Discussion, Questions and Answers
OOPSLA