Improving low level software security

"As compiler and JIT developers implementing security hardening techniques, we found it hard to find a single source explaining the security-related aspects system software developers should be aware of.

Therefore, we started an open source project to create a book to educate ourselves and other developers caring about low-level software security. The project lives at https://github.com/llsoftsec/llsoftsecbook/.

In this presentation we'll briefly discuss the motivation for creating this book, including how we hope this will further improve implementation of security hardening techniques in compilers, JITs etc. across the industry. We'll then focus on one security domain in the book: memory vulnerabilities. We will explain what ROP attacks are and why attackers frequently make use of them. We'll finish the presentation by showing how system software can make use of new features in the Arm architecture to mitigate against such attacks, making life significantly harder for attackers.