期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于指令校验的软硬件协同代码重用攻击防护方法 被引量:1

An Instruction Verification Based Hardware/Software Co-design Approach for Mitigating Code-Reuse Attacks
下载PDF
导出
摘要 面向x86处理器的代码重用攻击难于防护的一个重要原因是,在x86程序代码中存在大量合法但非编程者预期要执行的指令.这些在代码中大量存在的非预期指令可被用于构造实现CRA的组件.先前研究均采用软件方法解决非预期指令问题,运行开销大且应用受限.本文的主要贡献之一是提出了一种低开销的软硬件协同方法来解决x86的非预期指令问题.实验表明,本文的实现方法仅给应用程序带来了-0.093%~2.993%的额外运行开销.此外,本文还提出采用硬件实现的控制流锁定作为一项补充技术.通过同时采用两个技术,可以极大降低x86平台遭受代码重用攻击的风险. Code-reuse attacks( CRAs) are difficult to detect and defend,especially on widely used x86 processors.One reason is that lots of unintended but legal instructions exist in x86 binary codes. The unintended instructions make the finding of so called gadgets for CRAs is much easier than that of RISC processors. Previous studies rely on software-only means to tackle the unintended instruction problem,which makes their approaches are either very costly or can only be applied under restricted conditions. In this paper,we propose a hardware / software co-design approach to tackle the unintended instruction problem. The proposed mechanism has little performance impact on the examined SPEC CPU 2006 benchmarks.We also propose using hardware control-flowlocking as a complementary technique. By using the two techniques together,an attacker will have little chance to carry out CRAs on x86 processors.
作者 吕雅帅
机构地区 中国人民解放军装备学院国防科技重点实验室
出处 《电子学报》 EI CAS CSCD 北大核心 2016年第10期2403-2409,共7页 Acta Electronica Sinica
基金 国家自然科学基金(No.61202129)
关键词 代码重用攻击 非预期指令 指令校验 code-reuse attack unintended instruction instruction verification
分类号 TP303 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献16

  • 1Shacham H. The geometry of innocent flesh on the bone: return-into-libc without function calls ( on the x86 )[ A ]. ACM Conference on Computer and Communications Secur- ity [ C ]. New York: ACM Press,2007. 552 - 561.
  • 2Davi L. Dynamic integrity measurement and attestation: to- wards defense against return-oriented programming attacks A ]. ACM Workshop on Scalable Trusted Computing[ C ]. New York: ACM Press,2009.49 - 54.
  • 3Chen P. Drop :Detecting return-oriented programming mali- cious code[ A ]. 5th International Conference on Informa- tion Systems Security[C ]. Berlin, Heidelberg: Springer- Verlag,2009,163 - 177.
  • 4Bletsch T. Jump-oriented programming: a new class of code-reuse attack [ A ]. ACM Symposium on InformAtion, Computer and Communications Security [C ]. New York: ACM Press ,2011.30 - 40.
  • 5Checkoway S. Retum-oriented programming without returns [ A]. ACM Conference on Computer and Communications Security [ C ]. New York: ACM Press,2010.559 - 572.
  • 6Davi L. ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks [ A]. ACM Symposi- um on InformAtion, Computer and Communications Securi- ty [ C ]. New.York: ACM Press,2011.40 - 51.
  • 7Francillon A. Defending embedded systems against control flow attacks[ A ]. Proceedings of the first ACM workshop on Secure execution of untrusted code [ C ], New York: ACM Press ,2011,19 - 26.
  • 8Chen P. Efficient Detection of the Return-Oriented Pro- gramming Malicious Code [ A ]. Information Systems Secu- rity :6th International Conference,ICISS 2010[ C ]. Berlin, Heidelberg : Springer-Verlag, 2010. 140 - 155.
  • 9Kayaalp M. Branch regulation: Low-overhead protection from code reuse attacks[ A ]. 39th Annual International Symposium on Computer Architecture [C ]. New York: ACM Press,2012.94 - 105.
  • 10Hiser J. ILR:Where'd My Gadgets Go? [A]. 2012 IEEE Symposium on Security and Privacy [ C ]. San Francisco, CA : IEEE,2012. 571 - 585.

同被引文献9

引证文献1

二级引证文献2

电子学报
2016年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部