In software security, balancing the need for robust protection with performance considerations is a critical challenge. Mitigation techniques are essential to defend against various types of attacks, but they can also introduce performance overheads. Meanwhile, compilers provide optimizations that aim to enhance performance but inadvertently introduce security vulnerabilities, such as double-fetches. This thesis explores the trade-offs associated with disabling compiler optimisation options to enhance security against such vulnerabilities. By examining various optimisation levels (-O1, -O2, -O3, -Ofast) in GNU Compiler Collectio (GCC) and LLVM compilers, we quantitatively analyse their impact on execution time, memory usage, and complexity of the binaries. Our study reveals that while opting out of optimisations can significantly improve security by eliminating double-fetch bugs, it also leads to increased execution time and larger binary sizes. These findings underscore developers' need to make informed choices about optimisations, balancing security concerns with performance requirements. This work contributes to a deeper understanding of the security-performance trade-offs in software development and provides a foundation for further research into compiler optimisations and security.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:umu-226836 |
| Date | January 2024 |
| Creators | Fransson, William |
| Publisher | Umeå universitet, Institutionen för datavetenskap |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
| Relation | UMNAD ; 1475 |
Page generated in 0.0017 seconds