Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/llsoftsec/llsoftsecbook

Low-Level Software Security for Compiler Developers
https://github.com/llsoftsec/llsoftsecbook

book compiler compiler-development security

Last synced: about 1 month ago
JSON representation

Low-Level Software Security for Compiler Developers

Awesome Lists containing this project

README

        

# llsoftsecbook: a book on Low-Level Software Security for Compiler Developers

[![License: CC BY 4.0](https://img.shields.io/badge/License-CC_BY_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by/4.0/)
[![Build book with docker container CI](https://github.com/llsoftsec/llsoftsecbook/actions/workflows/main.yml/badge.svg)](https://github.com/llsoftsec/llsoftsecbook/actions/workflows/main.yml)
[![Discord chat](https://img.shields.io/discord/1073537588234829845?logo=discord)](https://discord.gg/Bm55Z9Ppgn)

[![All Contributors](https://img.shields.io/badge/all_contributors-26-orange.svg?style=flat-square)](#contributors-)

This book aims to provide a structured, broad overview of all attacks and
security hardening techniques relevant for code generation tools.

## Purpose

Compilers, assemblers and similar tools generate all the binary code that
processors execute. Therefore, they play a crucial role in hardening binaries
against security threats.

The variety of attacks and hardening techniques has been rising sharply, and it
is becoming difficult to maintain a good broad basic understanding of all of
them.

The purpose of this book is to help every compiler developer that needs to learn
about software security relevant to compilers. It aims to achieve that by
providing a description of all relevant high-level aspects of attacks,
vulnerabilities, mitigations and hardening techniques. For further details, this
book provides pointers to material on specific techniques.

Even though the focus is on compiler developers, we expect that this book will
also be useful to other people working on low-level software.

## Why an open source book?

The idea for this book emerged out of a frustration of not finding a good
overview on this topic. Kristof Beyls and Georgia Kouveli, compiler engineers
working on security features from time to time, wished a book like this would
exist. After not finding such a book, we decided to try and write one ourselves.
We immediately realized that we do not have all necessary expertise ourselves to
complete such a daunting task. So we decided to try and create this book in an
open source style, seeking contributions from many experts.

As you read this, the book remains unfinished. This book may well never be
finished, as new vulnerabilities continue to be discovered regularly. Our hope
is that developing the book as an open source project will allow it to continue
to evolve and improve. It being open source increases the likelihood that it
remains relevant as new vulnerabilities and mitigations emerge.

Kristof and Georgia are far from experts on all possible vulnerabilities. So
what is the plan to get high quality content to cover all relevant topics? It is
two-fold.

First, by studying specific topics, we hope to gain enough knowledge to write
up a good summary for this book.

Second, we very much invite and welcome contributions. If you're interested
in potentially contributing content, please let us know.

As a reader, you can also contribute to making this book better. We highly
encourage feedback, both positive and constructive criticisms. You can share
your feedback by raising a GitHub
[Issue](https://github.com/llsoftsec/llsoftsecbook/issues), starting a GitHub
[Discussion](https://github.com/llsoftsec/llsoftsecbook/discussions), or by
sharing your thoughts on our [Discord server](https://discord.gg/Bm55Z9Ppgn).

## Live version

A live top-of-main version of the book is available as a webpage at
. A
[PDF](https://llsoftsec.github.io/llsoftsecbook/book.pdf) is also available.

## Build instructions

You can build the book by running

```console
$ make all
```

This requires pandoc, latex and necessary latex packages to be installed. The
easiest way to make sure you build the book with the right versions of those
tools is to use the script build_with_docker.sh:

```console
$ ./build_with_docker.sh
```

This builds a docker container with the exact versions of pandoc, latex and
necessary extra packages; and builds the book using that container.

You'll find the PDF and HTML versions of the book in build/book.pdf and
build/book.html if the build finishes successfully.

## Contributing

Please find contribution guidelines in .

## Contributors ✨

Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):



Kristof Beyls
Kristof Beyls

⚠️ πŸ’» πŸ–‹ πŸ“– πŸ€” πŸš‡ πŸ‘€
Francesco Petrogalli
Francesco Petrogalli

πŸ‘€ πŸ’» πŸš‡
g-kouv
g-kouv

πŸ‘€ πŸ€” πŸ’» πŸ–‹
Simon Tatham
Simon Tatham

πŸ‘€ πŸ€” πŸ’» πŸ–‹
Sam Ellis
Sam Ellis

πŸ’» πŸ–‹ πŸ› πŸ€” πŸ‘€
Lyndon Fawcett
Lyndon Fawcett

πŸ› πŸ€”
Jonathan Louis Kaplan
Jonathan Louis Kaplan

πŸ› πŸ€” πŸ’» πŸ‘€


Jacob Bramley
Jacob Bramley

πŸ€” πŸ’»
Joseph Yiu
Joseph Yiu

πŸ’» πŸ–‹
Arnaud de Grandmaison
Arnaud de Grandmaison

πŸ‘€
Fare9
Fare9

πŸ€”
Fernando Magno QuintΓ£o Pereira
Fernando Magno QuintΓ£o Pereira

πŸ› πŸ‘€
Reini Urban
Reini Urban

πŸ€” πŸ›
Saagar Jha
Saagar Jha

πŸ› πŸ€”


Bill Wendling
Bill Wendling

πŸ’»
acoplan-arm
acoplan-arm

πŸ’»
Lucian Popescu
Lucian Popescu

πŸ› πŸ€” πŸ’» πŸ–‹
Matt
Matt

πŸ› πŸ‘€
Kyle Anthony Williams
Kyle Anthony Williams

πŸ› πŸ€”
Swarn Priya
Swarn Priya

πŸ› πŸ€”
Kees Cook
Kees Cook

πŸ’»


Rommel Quintanilla
Rommel Quintanilla

πŸ’»
Anders Waldenborg
Anders Waldenborg

πŸ› πŸ€” πŸ’»
Sebastian Neubauer
Sebastian Neubauer

πŸ› πŸ€”
Koutheir Attouchi
Koutheir Attouchi

πŸ’»
BetaRays
BetaRays

πŸ’»

This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!

## License

Creative Commons License
This book is licensed under a Creative Commons Attribution 4.0 International License.