Безопасность информационных технологий (Nov 2024)
Information security threats of optimizing compilers’ plugins
Abstract
The subject of the article is plugins for optimizing compilers, which are connected through standard software interfaces provided to improve the functionality of such compilers and the efficiency of the software developed with their help. The purpose of the article is to analyze information security threats in software development related to the possibility of creating and using such extension modules by hackers, as well as to form recommendations that help neutralize the threats considered. The relevance of the work is determined by the current regulatory and technical requirements for developers of secure software to analyze information security threats from software development tools, the key element of which are optimizing compilers. The article provides a brief overview of the existing regulatory and technical requirements for secure software development environments. The features of the analysis and transformation of the source code by modern optimizing compilers in the process of optimizing the source code are considered. Using the example of the LLVM development environment in the Linux operating system environment, the possibility of practical implementation of information security threats from the extension module for the optimizing compiler, which changes the optimization pipeline in such a way that the algorithm of the target application functioning fundamentally changes, is shown. As a result, the difficulties of identifying such threats are also analyzed, as well as recommendations for their neutralization are given. The information presented in the article can be used in the design and implementation of secure software development tools, as well as in the implementation of appropriate processes.
Keywords
