基于函数签名的控制流监控方法

Control-flow Monitoring Method Based on Function Signature

针对恶意篡改程序控制流攻击方式,提出一种监控程序控制流完整性的方法。对程序源代码进行扫描,以函数作为识别程序行为的基本粒子,利用函数调用执行的序列信息,建立表现程序原意的行为轨迹模型,利用该模型在运行期监控程序的执行流程。实验结果表明,该方法对篡改控制流的攻击起到了很好的防御作用。

Current software attacks often build on exploits that subvert machine-code execution. This paper proposes a new signature monitoring technique to enhance the control-flow integrity of program. It uses the execution of function as the basic item of the control-flow of the program. To get more exact intent of program, it scans the source code. and gets the information of function call sequence. According to the information, the model of program＇s intent can be built. The model is used to monitor the program in runtime. Experimental results show the monitoring system makes the program more secure to reject the control-flow attacks.