SlideShare a Scribd company logo

Iot london-2017-security-enhanced-compilers

J
Jeremy Bennett

The compiler is the one tool that sees all the code you write. It is perfectly place to help you write secure code for your IoT device. In this talk I explain the role of the compiler in warning of code that seems insecure and in providing heavy lifting for the professional software engineer. These are the slides for Jeremy Bennett's talk to IoT London on 21 February 2017.

Technology
1 of 11
Download to read offline
How Your Compiler Can Help You Write Secure Code for Your IoT Device Jeremy Bennett IoT London Meeting #63, 21 February 2017
Copyright © 2017 Embecosm. Freely available under a Creative Commons license Why?
Copyright © 2017 Embecosm. Freely available under a Creative Commons license Why the Compiler? C/C++ Java Assembler Scripts Raw machine code The compiler gets to look at (almost) all the code The compiler gets to look at (almost) all the code
Copyright © 2017 Embecosm. Freely available under a Creative Commons license How The Compiler Can Help Warning of bad practice Advising the programmer when code appears to follow bad practice Providing heavy lifting Automating complex tasks to make them easier for the programmer
Copyright © 2017 Embecosm. Freely available under a Creative Commons license Leakage Aware Design Automation The LADA Project ● EPSRC funded 4 year academic research project – supported by a team of RAs and PhD students ● Embecosm is the “industrial supporter” – providing summer PhD internships – writing open source implementations for GCC & LLVM Prof Elisabeth Oswald University of Bristol Dr Dan Page University of Bristol
Copyright © 2017 Embecosm. Freely available under a Creative Commons license What is Information Leakage “Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless.” Wikipedia
Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }
Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }
Copyright © 2017 Embecosm. Freely available under a Creative Commons license 8-Bit Processor Multiply Instruction Heat Map Image: Dr James Pallister, University of Bristol
Copyright © 2017 Embecosm. Freely available under a Creative Commons license How To Get Involved ● Contribute code to LLVM, GCC and others ● Apply for PhD/RA vacancies with LADA ● Attend compiler community events ● Join the IoT Security Foundation ● Talk to Embecosm about your compiler
Thank You www.embecosm.com jeremy.bennett@embecosm.com

Recommended

MCS51 Architecture
MCS51 ArchitectureMCS51 Architecture
MCS51 ArchitecturePisit Wisutmetheekorn
 
Introduzione ai test automatici con PHPunit
Introduzione ai test automatici con PHPunitIntroduzione ai test automatici con PHPunit
Introduzione ai test automatici con PHPunitFabio Giannese (Diodœ)
 
Final presentation
Final presentationFinal presentation
Final presentationahewes
 
venkat edit
venkat editvenkat edit
venkat editvenkat veera
 
1M1M_Pitch_HTxA
1M1M_Pitch_HTxA1M1M_Pitch_HTxA
1M1M_Pitch_HTxARalf Lippold
 
Student Portfolio
Student PortfolioStudent Portfolio
Student PortfolioIdomeneov
 
SGS Group Profile 2013
SGS Group Profile 2013SGS Group Profile 2013
SGS Group Profile 2013SGS
 
Panevezys strategy
Panevezys strategyPanevezys strategy
Panevezys strategyOleh Roznyuk
 

Recommended

MCS51 Architecture
MCS51 ArchitectureMCS51 Architecture
MCS51 ArchitecturePisit Wisutmetheekorn
 
Introduzione ai test automatici con PHPunit
Introduzione ai test automatici con PHPunitIntroduzione ai test automatici con PHPunit
Introduzione ai test automatici con PHPunitFabio Giannese (Diodœ)
 
Final presentation
Final presentationFinal presentation
Final presentationahewes
 
venkat edit
venkat editvenkat edit
venkat editvenkat veera
 
1M1M_Pitch_HTxA
1M1M_Pitch_HTxA1M1M_Pitch_HTxA
1M1M_Pitch_HTxARalf Lippold
 
Student Portfolio
Student PortfolioStudent Portfolio
Student PortfolioIdomeneov
 
SGS Group Profile 2013
SGS Group Profile 2013SGS Group Profile 2013
SGS Group Profile 2013SGS
 
Panevezys strategy
Panevezys strategyPanevezys strategy
Panevezys strategyOleh Roznyuk
 
Choice Art Group Web Transformation Project
Choice Art Group Web Transformation ProjectChoice Art Group Web Transformation Project
Choice Art Group Web Transformation ProjectBenjamin Berman
 
Small business
Small businessSmall business
Small businessNeetu Kumari
 
last version of cv
last version of cvlast version of cv
last version of cvmyallkoky
 
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid ThemThe 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Themcgreenleaf
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamWin Chu
 
Pedagogic implications of wider purpose of HE
Pedagogic implications of wider purpose of HEPedagogic implications of wider purpose of HE
Pedagogic implications of wider purpose of HETansy Jessop
 
Challenges & Opportunitities for Digital TV In Africa
Challenges & Opportunitities for Digital TV In AfricaChallenges & Opportunitities for Digital TV In Africa
Challenges & Opportunitities for Digital TV In AfricaBSP Media Group
 
AIX_Administrator_Prerna Arvind_updated Resume
AIX_Administrator_Prerna Arvind_updated ResumeAIX_Administrator_Prerna Arvind_updated Resume
AIX_Administrator_Prerna Arvind_updated ResumePrerna Arvind
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!luisaph
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2Laura Price
 
Audience theories
Audience theoriesAudience theories
Audience theorieslcfcball
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

More Related Content

Viewers also liked

Choice Art Group Web Transformation Project
Choice Art Group Web Transformation ProjectChoice Art Group Web Transformation Project
Choice Art Group Web Transformation ProjectBenjamin Berman
 
last version of cv
last version of cvlast version of cv
last version of cvmyallkoky
 
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid ThemThe 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Themcgreenleaf
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamWin Chu
 
Pedagogic implications of wider purpose of HE
Pedagogic implications of wider purpose of HEPedagogic implications of wider purpose of HE
Pedagogic implications of wider purpose of HETansy Jessop
 
Challenges & Opportunitities for Digital TV In Africa
Challenges & Opportunitities for Digital TV In AfricaChallenges & Opportunitities for Digital TV In Africa
Challenges & Opportunitities for Digital TV In AfricaBSP Media Group
 
AIX_Administrator_Prerna Arvind_updated Resume
AIX_Administrator_Prerna Arvind_updated ResumeAIX_Administrator_Prerna Arvind_updated Resume
AIX_Administrator_Prerna Arvind_updated ResumePrerna Arvind
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!luisaph
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2Laura Price
 
Audience theories
Audience theoriesAudience theories
Audience theorieslcfcball
 

Viewers also liked (11)

Choice Art Group Web Transformation Project
Choice Art Group Web Transformation ProjectChoice Art Group Web Transformation Project
Choice Art Group Web Transformation Project
 
Small business
Small businessSmall business
Small business
 
last version of cv
last version of cvlast version of cv
last version of cv
 
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid ThemThe 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them
 
International sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh VietnamInternational sales training- English language in Hochiminh Vietnam
International sales training- English language in Hochiminh Vietnam
 
Pedagogic implications of wider purpose of HE
Pedagogic implications of wider purpose of HEPedagogic implications of wider purpose of HE
Pedagogic implications of wider purpose of HE
 
Challenges & Opportunitities for Digital TV In Africa
Challenges & Opportunitities for Digital TV In AfricaChallenges & Opportunitities for Digital TV In Africa
Challenges & Opportunitities for Digital TV In Africa
 
AIX_Administrator_Prerna Arvind_updated Resume
AIX_Administrator_Prerna Arvind_updated ResumeAIX_Administrator_Prerna Arvind_updated Resume
AIX_Administrator_Prerna Arvind_updated Resume
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2
 
Audience theories
Audience theoriesAudience theories
Audience theories
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

Iot london-2017-security-enhanced-compilers

  • 1. How Your Compiler Can Help You Write Secure Code for Your IoT Device Jeremy Bennett IoT London Meeting #63, 21 February 2017
  • 2. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Why?
  • 3. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Why the Compiler? C/C++ Java Assembler Scripts Raw machine code The compiler gets to look at (almost) all the code The compiler gets to look at (almost) all the code
  • 4. Copyright © 2017 Embecosm. Freely available under a Creative Commons license How The Compiler Can Help Warning of bad practice Advising the programmer when code appears to follow bad practice Providing heavy lifting Automating complex tasks to make them easier for the programmer
  • 5. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Leakage Aware Design Automation The LADA Project ● EPSRC funded 4 year academic research project – supported by a team of RAs and PhD students ● Embecosm is the “industrial supporter” – providing summer PhD internships – writing open source implementations for GCC & LLVM Prof Elisabeth Oswald University of Bristol Dr Dan Page University of Bristol
  • 6. Copyright © 2017 Embecosm. Freely available under a Creative Commons license What is Information Leakage “Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless.” Wikipedia
  • 7. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }
  • 8. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }
  • 9. Copyright © 2017 Embecosm. Freely available under a Creative Commons license 8-Bit Processor Multiply Instruction Heat Map Image: Dr James Pallister, University of Bristol
  • 10. Copyright © 2017 Embecosm. Freely available under a Creative Commons license How To Get Involved ● Contribute code to LLVM, GCC and others ● Apply for PhD/RA vacancies with LADA ● Attend compiler community events ● Join the IoT Security Foundation ● Talk to Embecosm about your compiler