SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List RE: A notion This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Maybe in reply to ] [ Next in thread ] From: Tim Hollebeek <thollebeek_at_cigital.com> Date: Mon, 1 Oct 2001 19:46:10 -0400 I don't know if Crispin Cowan watches the selinux list, but this is exactly the sort of thinking that inspired stackguard. To paraphrase a recent comment of his, it seems that whenever you investigate a method of enhancing security using randomization, similar thinking will provide a protection mechanism which will perform even better than the randomization. > -----Original Message----- > From: Justin R. Smith [mailto:jsmith@mcs.drexel.edu] > Sent: Tuesday, October 02, 2001 4:43 AM > To: selinux@tycho.nsa.gov > Subject: A notion > > > It occurred to me that custom versions of software can be more secure > than standard versions because various exploits (like stack smashing, > etc.) require precise knowledge of certain sizes and distances in RAM > (for instance, the distance from the end of a buffer to the return > point...). > > Isn't it possible to develop a "randomizing C compiler" that randomly > varies these distances every time it compiles a program? No > two compiles > of the same source code would be exactly the same (but they would > execute the same way). > > This might involve inserting small random-sized blocks of > dead code, or > doing returns from subroutines through a level of indirection (i.e., > putting the actual return at some random location in the object code > with a branch to it). > > Done right, this might not degrade performance significantly. > > > -- > > > -- > You have received this message because you are subscribed to > the selinux list. > If you no longer wish to subscribe, send mail to > majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. > -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 1 Oct 2001 - 20:05:52 EDT This message: [ Message body ] Next message: Javier: "Re: A notion" Previous message: Phillip H. Zakas: "RE: A notion" Maybe in reply to: Justin R. Smith: "A notion" Next in thread: Javier: "Re: A notion" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom