Proposal and Implementation of a Reduced Assembly Set Compiler for Enabling CPU Security Measures
DAY 1
14:00-
14:40
In embedded systems, various CPU architectures are used. On the other hand, one of the software vulnerability countermeasures is CPU-based security measures. This can involve adding dedicated security instructions or designing and developing new CPU architectures with security in mind, but developing compilers that support these becomes a barrier. Furthermore, compiler security mechanisms, represented by stack protectors, are effective because they can be applied without modifying the source code, but verifying and introducing new security mechanisms requires compiler modification. Moreover, when performing vulnerability analysis on a new CPU, understanding the CPU’s operation is necessary, and for that, the existence of a compiler that can generate executable code for that CPU is crucial.
For these reasons, a compiler that can quickly adapt to new CPU architectures is required. While some conventional open-source compilers, such as GCC, support multiple CPU architectures, many of them are highly optimized, making it extremely difficult and impractical to adapt them to new CPU architectures.
Therefore, we propose the Reduced Assembly Set Compiler (RASC), which facilitates adaptation to new CPU architectures by limiting the patterns of assembly to be generated, and have developed the C compiler NLCC as an implementation of RASC.
NLCC can support new CPU architectures by simply registering 64 types of assembly patterns, and furthermore, 24 types of patterns can be omitted by built-in functions. As a result of adapting to 12 types of CPU architectures, including x86 and ARM, it was possible to adapt in an average of about 8 hours, making it usable as a “1-day compiler” that can support new CPU architectures in one day. We will examine and discuss the possibilities of RASC and the security functions in NLCC.
-
Location :
-
Track 3(Room 3)
-
-
Category :
-
Bluebox
-
-
Share :
Speakers
-
Hiroaki Sakai
坂井 弘亮
Having been familiar with programming since childhood, and having engaged in activities such as developing the original embedded OS "KOZOS" and deciphering the assembly of various CPUs, he is currently developing the original standard C library (nllibc), original C compiler (nlcc), and original programming language (nll), etc., within the original Unix-compatible environment project (NLUX). One of the Six Poetic Sages of Assembly Tanka (Shirakaba School) Binary Karuta / Binary Pun Evangelist In addition, he is active as an instructor and organizer for Security Camp and SecHack365, develops various open source software, and presents at events and seminars. Numerous magazine articles and books authored. ("12 Steps to Build Your Own Embedded OS" (Cut System), "Super Passionate! Introduction to Assembly Language" (Shuwa System), "Linker/Loader Practical Development Techniques" (CQ Publishing), etc.) Professional Engineer (Information Engineering Department)