Meeting Notes 11 12 2018

"What good shall I do this day?" - Benjamin Franklin

Clang randstruct Meeting Notes 2018

Meeting Name:Workshop (Group Mail/Group Mail) (Project Slides)

Date: 11/12/2018

Attendees and Key: P=present, A=absent, S=scribe, N=not required

Member	Status	Member	Status	Member	Status
Kees Cook	(N)	Bart Massey	(N)	Tim Pugh	(P)
Connor Kuehl	(P)	Cole Nixon	(P)	Nikk Forbus	(S)
Jordan Cantrell	(P)	James Foster	(P)	Jeff Takahashi	(P)

Meeting Agenda & Summary

1. Confirm you’re on the github repo

   • https://github.com/connorkuehl/clang_randstruct
   • AR: (Nikk) get on github repo

2. http://wiki.cs.pdx.edu/capstone/checklist.html

   • AR: (All) check that out later

3. Updates from Workshop:

   • Make a git repo prototype,see if we can convert it into Subversion - Cole/Jeff
   • CAT Resources - Jeff
   • Charles Wright -Tim
     • Noda, not too familiar with it. We’re on our own team
   • Team Drive - bank your files if you have them (only document owners can)
   • Github Resources - Lets stay in the ecosystem.
   • Just providing a link, we’ve already decided this.
   • Minimum Viable Product - Tim
     • In progress. No update yet
   • License compatibility - Tim
     • Waiting to hear back from Bart. I’ll ask again tonight.
   • Jeff: We’re getting a VM from CAT to test on when needed

4. Stand alone plugin or into Clang - Team (Continue research, don’t need to beat a dead horse, we’ll circle back Friday on foot)

   • LLVM pass. Compiled with Clang tree
   • We’ll send Kees an email with other questions
     • I still plan to ask him about this, but as discussed, we want to bug him to a minimal. Do we not have any further questions at the moment? Deadline is Friday
   • Narrow possible approaches to project (eliminate time sinks)
   • Waiting for any remaining questions/concenrs to compile updates into an email to Kees.

5. Research vector of approach for this project! - ALL MEMBERS

6. We will begin to use github resources

   • Jordan Cantrell - Github guru
   • Use what's useful, avoid what isn’t.

7. Risk Management plan

   • James Foster - assigned
     • The capstone wiki has an idea of this, and google, and books
   • We’ll review it as a team of course

8. Architecture

   • Connor - assigned
   • Waiting until we determine whether we’re doing a plugin or a pass. Method doesn’t matter to the sponsor, so its up to the team to determine.
   • Comparison document in important_document file.
   • Plugins need to be maintained after release, but can also be a ‘stopping point’ to fall back on if denied to upstream
   • It might be not possible to do this with a plugin
   • AR: (all) Determine which method is even possible/feasible. (Most leaning Plugin (if possible!) so far with the understanding that it likely won’t go upstream that way, but that getting upstream is probably not realistic)

9. Infrastructure

   • Jeff and Cole - already been doing it
   • Are we missing any infrastructure we absolutely need

10. Scheduler

    • Nikk Forbus
    • Pencil poll-schedule into google calendar
    • Friday same time, will determine whether this workshop time will be weekly or not.
    • “The Pace Picks up dramatically at this point. From here on it’s a race to the finish”
    • Team Status Presentations : 3 Weeks away.
    • Yeah, it’s that close, therefore, more workshops.

11. Doxygen

    • We’re going with doxygen for self-documenting code-comments.
    • https://llvm.org/doxygen/
    • There is better ways of searching that website if we use it (Google)
    • We will do this to the best of our ability
    • Else, people will get upset :(

12. https://www.cs.cornell.edu/~asampson/blog/llvm.html

    • The ELI5 site. Very useful so far

13. Official github mirror of LLVM

    • https://github.com/llvm-mirror/llvm
    • Build it (untested) →
    • Takes 1+ hours, up to “all night” to build

14. Did someone start this project before?

    • https://github.com/AndroidHardeningArchive/linux-hardened
    • Isn’t Kees apart of the Kernel Self Protection project?
    • https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
    • Should ask to add to the Wiki

15. Backups - Do not take this for granted

    • I believe our project may be we simply pull code, and build.
    • What would we need to backup?····
    • Documentation is a backup!
    • Threat Level: Minimum (All of us will have our own version of the repo, and what really is the chance that github is going away?)
    • In case of san andreas fault erupting and consuming us all, take time to regret not backing up this project as the Old Gods turn us into Naga
    • AR (All): Determine on Friday during workshop whether we need to do more for backups
    • Gsync, a tool for automatically backing up code into something similar to Google Drive

16. Closing items:

    • Questions
    • Quote via Eric Schmidt
    • Tune