Low-Level Software Security for Compiler Developers
- Added on 2024-06-23
- Page: https://llsoftsec.github.io/llsoftsecbook/
- See on Internet Archive
- #compiler #security
Compilers, assemblers and similar tools generate all the binary code that processors execute. It is no surprise then that these tools play a major role in security analysis and hardening of relevant binary code.
Often the only practical way to protect all binaries with a particular security hardening method is to have the compiler do it. And, with software security becoming more and more important in recent years, it is no surprise to see an ever increasing variety of security hardening features and mitigations against vulnerabilities implemented in compilers. Indeed, compared to a few decades ago, today’s compiler developer is much more likely to implement security features than not.
Furthermore, with the ever-expanding range of techniques implemented, it’s very hard to gain a basic understanding of all security features implemented in typical compilers.
This poses a practical problem: compiler developers must be able to work on security hardening features, yet it’s hard to gain a good, basic understanding of such compiler features.
There are a lot of materials that explain individual vulnerabilities or attack vectors. There are also lots of presentations explaining specific exploits. But there seems to be a limited set of materials that give a structured overview of all vulnerabilities and exploits against which a code generator plays a role in protecting.
This book aims to provide such a structured, broad overview. It does not necessarily go into full details, instead aiming to give a thorough description of all relevant high-level aspects of attacks, vulnerabilities, mitigations, and hardening techniques. For further details, this book provides pointers to materials with more details on specific techniques.
The purpose of this book is to serve as a guide to every compiler developer that needs to learn about software security relevant to compilers. Even though the focus is on compiler developers, we expect that this book will also be useful to people working on other low-level software.