Skip to content

lvwr/LORD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

lord

lord

 
 

qemu

qemu

 
 

README.md

README.md

 
 

Repository files navigation

LORD

LORD is a QEMU / DBT based Program Shepherding/Shadow Stack implementation for x86 processes. LORD is capable of detecting anomalous program-flows, such as it happens afeter control-flow hijacking attacks.

How does it work:

During x86 translation, QEMU instruments the generated source code with snippets that output traces to another process running in parallel, which we call LORD.

LORD implements different policies for verifying if the trace is correct or if there may have been an issue.

How do I compile the modified qemu:

First you have to pick a lord communication protocol version

SHEPH_NOPT_WRITE: Uses pipe for ipc, has no local buffer - 1 call/ret generates 1 ipc msg

SHEPH_BUFFER: Uses pipe for ipc, optimized with a local buffer to store consecutive calls Genrates ipc msgs with full buffer content on rets

SHEPH_STACK_WRITE: Same as SHEPH_BUFFER + WRITE debugging messages

SHEPH_STACK: Same as SHEPH_BUFFER Optimized with a local stack to assert consecutive calls/rets

SHEPH_SHARED: Uses shared memory for ipc

SHEPH_LEAF: No program shepherding / shadow stack here. Just an experiment for counting leaf functions.

For more information, see the [paper] (http://ieeexplore.ieee.org/document/6970646/?reload=true&arnumber=6970646)

After choosing one of the above, edit the file Makefile.target in LORD/qemu and make sure you include one of the agove options to QEMU_CFLAGS. As in:

QEMU_CFLAGS+= -DSHEPH_SHARED

Finally,

./configure --target-list=x86_64-linux-user make

How do I compile lord:

cd LORD/lord

Each file in this folder is a different version of the verifier. Pick one. The only version compatible with shared memory is lord-shared64.c. For more information on the different versions, see the paper.

Compile the desired verifier: gcc lord-shared64.c -o shared g++ lord-stack64.cpp -o stack

How do I run lord?

cd LORD/qemu/x86_64-linux-user/ ./qemu-x86_64 -sh

License

While QEMU holds its own licensing, all other source files in LORD are relased under GNU GPLv3 License. Licensing info can be found at LORD/lord/LICENSE

What else?

Not much else, enjoy :-)

Authors:

João Moreira - joao.moreira@lsc.ic.unicamp.br

Lucas Teixeira - lucas@fastmail.nl

Sandro Rigo - sandro@ic.unicamp.br

About

LORD is a QEMU / DBT based shadow-stack implementation for processes.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages