Security is an every increasing concern across the computing industry, mostrecently in the emerging Internet of Things market. The compiler is the onetool that sees just about every piece of code, and is a position to both checkfor security and improve security. LLVM cannot magically write secure code,but it can help a professional programmer write really good secure code. In this talk we will introduce our joint research program with BristolUniversity to add such features to LLVM. This project is still in its earlystages, but we will present our initial work and discuss our future plans. Aparticular goal is community feedback on the priorities for this researchprogram. Security is an every increasing concern across the computing industry, mostrecently in the emerging Internet of Things market. LLVM cannot magicallywrite secure code, but it can help a good programmer write secure code. The Leakage Aware Design Automation project is an EPSRC funded programmerunning over four years at Bristol University led by Elizabeth Oswald and DanPage. It is looking at how all aspects of software tooling can improvesecurity of systems, particularly by minimizing information leakage. Animportant part of this project is extending compiler technology, and theprogramme includes a postdoctoral post to research this area. Embecosm are the "industrial supporters" of this project. Our role is to takethe research ideas and make them work in real compilers - including LLVM. Someof this will be about guiding the programmer - warning of coding styles thatare insecure. The other part of the project is providing assistance to theprogrammer in implementing advanced cryptographic techniques. Many of the areas the compiler can warn about are related to informationleakage which can be detected by variation in power usage, program timing ormemory access. Where we see control flow, cycle times or memory accesses whichdepend on critical variables (such as cryptographic keys). Such variables canbe marked with a "sensitive" attribute and the compiler warn if they or theiraliases are involved in control flow, impact cycle timing or affect memoryaccess. There are a great many techniques that users can adopt to make their code moresecure. Some of these are straightforward for the compiler to implement. Forexample ensuring that critical functions clear their stack frame on return orlongjmp. It is not difficult to slice the top off a memory chip and use a scanningelectron microscope to read values. A (relatively) easy way to scan forcandidate cryptographic keys. Bit-splitting defends against this, butscattering individual bits of critical values throughout memory, combiningthem on the fly for a calculation and scattering them back out to memory. Byhand this is laborious in the extreme, but the compiler can reduce this to asimple "bit-split" attribute on a variable. Other attacks use intense radiation to disrupt a processor or memory. The hopeis that a critical variable will be impacted. To fix this, code will oftenrepeat important operations. A standard compiler optimizer will promptlyremove such operations, so such code is used unoptimized. But it would be muchbetter to tell the compiler which bits of code to leave in place. Or evenbetter to identify code at danger and let the compiler insert the duplicateoperations automatically. There are many other techniques which we hope to explore in this project,including \- atomicity - balancing control flow paths to minimize informationleakdave \- shuffling - varying the time at which particular instructions areexecuted \- algorithmic variation - using different algorithms at random toperform operations. \- machine learning and superoptimization to minimizeinformation leakage? \- automated identification of instruction set extensionsto improve cryptographic robustness? Some of these techniques are not new, but none are yet in mainstreamcompilers. We plan to add these features and new ideas which our academiccolleagues are researching. The project is still in its early stages and thepurpose of this talk is to raise awareness and get community feedback on someof the areas we will be working on, and suggestions for other areas toconsider.