update presentation and delete old one.

leonardo-leecaprio · Mar 26, 2018 · 846bc51 · 846bc51
1 parent b240633
commit 846bc51
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 576 deletions.
diff --git a/README.md b/README.md
@@ -1,17 +1,35 @@
  # XOM-Switch
+ **(eXecutable-Only Memory Switch)**
+
+xom-switch is the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux system. It aims to mitigate code disclosure guided ROP attacks. This is is the 1st tool using Intel's Memory Protection Keys (MPK) feature for XOM enabling. xom-switch protects all code modules in the runtime including executable and dependent libraries without requiring source code or heavyweight binary translation/rewriting. xom-switch uses non-intrusive way to intercept program runtime by instrumenting program loader (ld.so).
+
+## Background
+
+### Why eXecutable-Only Memory
+ - Protect randomized code.
+ - Defend against [JIT-ROP Attack](https://cs.unc.edu/~fabian/papers/oakland2013.pdf).
+ - Defend against [Hacking Blind Attack](http://www.scs.stanford.edu/~sorbo/brop/bittau-brop.pdf).
+
+### Hardware Support
+ - [LWN: Memory Protection Keys](https://lwn.net/Articles/643797/)
+ - [Intel's Memory Protection Keys Specification](https://software.intel.com/sites/default/files/managed/7c/f1/253668-sdm-vol-3a.pdf)
+ - [ARM's eXecutable-Only Memory](http://infocenter.arm.com/help/topic/com.arm.doc.dui0471j/chr1368698326509.html)
+
+### Software Enabling
+ - [XOM Enabling on Intel: BlackHat Asia 2018 Presentation](../presentation/xom-switch-mingwei-v1.3)
+ - [XOM Enabling on ARM: NORAX](https://www.longlu.org/downloads/NORAX.pdf)
 
-xom-switch is the eXecutable-Only-Memory (XOM) enabling tool for x86 Linux
-system. It aims to mitigate code disclosure guided ROP attacks by using Intel
-Protection Keys feature in recent Intel CPU models. xom-switch protects all
-code modules in the runtime including executable and dependent libraries
-without requiring source code or heavyweight binary translation/rewriting.
-xom-switch protects programs in non-intrusive way by patching only program
-loader (ld.so).
 
 ## Getting Started
 
-### Prerequsites
+### Platform Prerequsites
+To run xom-switch properly, you need to have hardware and OS support first:
+  - Intel CPU with protection keys feature on, e.g, [INTEL® XEON® SCALABLE PROCESSORS](https://www.intel.com/content/www/us/en/products/processors/xeon/scalable.html) **AND**
+  - Linux kernel 4.9 or later.
+  **OR**
+  - Use VM in AWS, choose Amazon Linux 2 LTS Candidate AMI 2017.12.0 (HVM) and then **C5 Instance**.
 
+### Software Prerequsites
 xom-switch requires two tools:
   - gcc
   - python 2.7
@@ -39,13 +57,17 @@ Note: patching your libc allows you to apply XOM to their child processes spawne
 
 This code is published under GPLv2 version.
 
-## Clarification
 
-This code is for demo purpose only and the status of code is "alpha".
+## Project Status
+
+This code is for demo purpose only and the status of code is **alpha**.
+
 
 ## Task List
 
 - [x] Support CentOS 7.2.
 - [x] Support CentOS 7.4.
 - [x] Support Ubuntu 17.04.
 - [ ] Support Amazon Linux 2 LTS Candidate AMI 2017.12.0 (HVM) with C5 instance.
+
+
diff --git a/presentation/blackhat-xom-switch-win32.txt b/presentation/blackhat-xom-switch-win32.txt