Michael D. Brown - The Impact of Compiler-Based Performance Optimizations on Security
From Kathryn Gentilello on February 17th, 2020
The security impacts of compiler-based software optimizations are typically not considered during their design and implementation. As a result, a number of well-intentioned compiler optimizations have been shown to introduce security weaknesses into programs despite maintaining the semantic correctness of the corresponding source code. These weaknesses are particularly troubling because they are not the result of programmer errors that can be identified in source code using industry standard techniques such as static code analysis. In this lecture, I will first highlight prior work focused on identifying an mitigating these weaknesses in compiler optimizations. I will then present the results of a study conducted at GTRI that explores the mechanisms by which compiler optimizations can introduce useful code reuse gadgets into the program binaries they produce. Finally, I will introduce potential solutions and mitigations for this problem and an analysis of their potential performance drawbacks.