Skip to content

zhechkoz/stins4llvm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

stins4llvm

A State Inspection Tool for LLVM

StIns4LLVM is a protection tool based on a result checking technique intended to secure sensitive pure functions. It was developed during the Software Integrity Protection Practical Course, Summer Term 2017 at Technical University Munich.

The workflow of StIns4LLVM consists of three main phases. Firstly, it generates test cases using MACKE for every specified sensitive pure function. After that, a randomly constructed network of checkers determines the guards' place in the code. These guards attempt to verify whether a given function has been tampered with and if this is the case they call a response function. StIns4LLVM introduces delayed, probabilistic failures in the protected program in case of a tampering attempt. To be more precise, the response function is configured in such a way that in 20% of the times it does nothing and continues the normal execution path of the binary, while in the other 80% it terminates the program after 0 to 9 seconds. Finally, the last phase of the protection tool injects the guards in the corresponding places and compiles the protected program.

Authors

Getting Started

  1. Execute make in the project's top directory to build the tool.
  2. Compose a json configuration file according to this example (all keys are compulsory and self-explanatory):
{
  "functionsRC" : ["mul", "add", "sub", "isValidLicenseKey", "addChar"],
  "program" : ["src/InterestingProgram.c"],
  "binary" : "InterestingProgram-rewritten",
  "connectivityRC" : 2,
  "syminputC" : "syminput/syminputC.py",
  "syminputBC" : "syminput/syminputBC.py",
  "verbose" : true
}
  1. Finally, run StIns4LLVM which will execute the LLVM Pass on the provided source files, compile and place the resulting executable in the build folder.
./run.sh -f config.json

Requirements

We strongly recommend using the provided Dockerfile