Compilers play a crucial role in hardening software against security attacks. As compiler engineers we experience an increase in demand for security-related features: we simply work on security-related features more often. We find it tough to analyze whether the hardenings we implement are easy or hard to circumvent by attackers. After chatting about this with many compiler developers, our experience is that most feel their work would benefit from a deeper understanding of attacks and hardening techniques. After having looked around, we didn't find much educational material that gives a broad overview, covering all aspects compiler developers ought to know about. Therefore, we recently started an open source book titled "Low Level Software Security for Compiler developers" at https://github.com/llsoftsec/llsoftsecbook/. It aims to improve the industry-wide knowledge about security hardening in compilers and related tools; ultimately leading to more innovation and better implementations of security features. In this presentation, we'll explain the rationale for this new open source project in more detail. We will discuss what content we have so far and what content we plan to add. The project very much welcomes new contributors: we need more new content, more review of content, discussion of ideas for how to make the book better, improvement in the design and layout of the produced HTML and PDF output, etc. We hope this presentation will reach both anyone interested in learning more about low-level software security and anyone interested in helping to grow this project further.
Speakers: Kristof Beyls