SafeLLVM: LLVM Without The ROP Gadgets!

Abstract: Memory safety is a cornerstone of secure and robust software systems, as it prevents a wide range of vulnerabilities and exploitation techniques. Among these, we focus on Return-Oriented Programming (ROP). ROP works as such: the attacker takes control of the program's execution flow via a memory corruption attack, then takes advantages of code snippets already in the program's memory, dubbed "gadgets," to achieve the attacker's desired effect. In this paper, we introduce SafeLLVM, an approach to minimize the number of gadgets in x86-64 binaries compiled with the LLVM infrastructure. Building upon the techniques outlined in previous works, we implement a series of passes within the LLVM compiler's backend to minimize the number of gadgets present and thus prevent ROP attacks. We evaluated our approach by compiling a number of real-world applications, including cJSON, zlib, curl, and mimalloc. The results show our solution is able to prevent any form of ROP on the binaries compiled with SafeLLVM while maintaining the same functionality as the original binaries.