LORD is a QEMU / DBT based Program Shepherding/Shadow Stack implementation for x86 processes. LORD is capable of detecting anomalous program-flows, such as it happens afeter control-flow hijacking attacks.
During x86 translation, QEMU instruments the generated source code with snippets that output traces to another process running in parallel, which we call LORD.
LORD implements different policies for verifying if the trace is correct or if there may have been an issue.
First you have to pick a lord communication protocol version
SHEPH_NOPT_WRITE: Uses pipe for ipc, has no local buffer - 1 call/ret generates 1 ipc msg
SHEPH_BUFFER: Uses pipe for ipc, optimized with a local buffer to store consecutive calls Genrates ipc msgs with full buffer content on rets
SHEPH_STACK_WRITE: Same as SHEPH_BUFFER + WRITE debugging messages
SHEPH_STACK: Same as SHEPH_BUFFER Optimized with a local stack to assert consecutive calls/rets
SHEPH_SHARED: Uses shared memory for ipc
SHEPH_LEAF: No program shepherding / shadow stack here. Just an experiment for counting leaf functions.
For more information, see the [paper] (http://ieeexplore.ieee.org/document/6970646/?reload=true&arnumber=6970646)
After choosing one of the above, edit the file Makefile.target in LORD/qemu and make sure you include one of the agove options to QEMU_CFLAGS. As in:
QEMU_CFLAGS+= -DSHEPH_SHARED
Finally,
./configure --target-list=x86_64-linux-user make
cd LORD/lord
Each file in this folder is a different version of the verifier. Pick one. The only version compatible with shared memory is lord-shared64.c. For more information on the different versions, see the paper.
Compile the desired verifier: gcc lord-shared64.c -o shared g++ lord-stack64.cpp -o stack
cd LORD/qemu/x86_64-linux-user/ ./qemu-x86_64 -sh
While QEMU holds its own licensing, all other source files in LORD are relased under GNU GPLv3 License. Licensing info can be found at LORD/lord/LICENSE
Not much else, enjoy :-)
João Moreira - joao.moreira@lsc.ic.unicamp.br
Lucas Teixeira - lucas@fastmail.nl
Sandro Rigo - sandro@ic.unicamp.br