PEC-V:基于RISC-V协处理器的内存溢出防御机制被引量：1

PEC-V: Memory Overflow Defense Mechanism Based on RISC-V Coprocessor

下载PDF

导出

摘要内存溢出攻击是计算机系统中历史悠久且依旧广泛存在的攻击手段,而指针加密技术可以有效阻止此攻击.通过软件手段实现这一技术的方式将导致程序运行效率的显著降低并且产生额外的内存开销.所以本文基于RocketChip的RoCC (Rocket Custom Coprocessor)接口实现一个加解密指针的协处理器PEC-V.其通过RISC-V的自定义指令控制协处理器加解密返回地址和函数指针等值达到阻止溢出攻击的目的. PEC-V主要使用PUF(Physical Unclonable Function)来避免在内存中储存加密指针的键值,所以此机制在保证了加密键值的随机性的同时也减少了访问内存的次数.实验结果显示, PEC-V能够有效防御各类缓冲区溢出攻击,且程序平均运行效率仅下降3%,相对既往方案显著提高了性能. In computer systems, the memory overflow attack is a long-existing security problem and is still common nowadays, which can be effectively hindered by pointer encryption. Nevertheless, the implementation of the technique by software significantly lowers the program running efficiency and leads to additional memory overhead. In this study, we develop an encrypted/decrypted pointer coprocessor PEC-V based on the Rocket Custom Coprocessor(RoCC) interface of RocketChip. The overflow attack can be prevented through the control of encryption/decryption of the return address and function pointer by the coprocessor under the user-defined instruction of RISC-V. PEC-V mainly depends on Physical Unclonable Function(PUF) to avoid storing the key value of the encrypted pointer in memory. Thus, this mechanism not only ensures the randomness of the key value, but also reduces the times of accessing memory. The experimental results show that PEC-V is defensive against various buffer overflow attacks while the program running efficiency is only reduced by approximately 3% on average, which is better than previous mechanisms.

作者张雨昕芮志清李威威张画罗天悦吴敬征 ZHANG Yu-Xin;RUI Zhi-Qing;LI Wei-Wei;ZHANG Hua;LUO Tian-Yue;WU Jing-Zheng(Intelligent Software Research Center,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;The Grainger College of Engineering,University of Illinois at Urbana-Champaign,Urbana-Champaign,IL 61820,USA;PLCT Lab,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;SHENYUAN Honors College,Beihang University,Beijing 100191,China)

机构地区中国科学院软件研究所智能软件研究中心伊利诺伊大学香槟分校The Grainger College of Engineering 中国科学院软件研究所PLCT实验室北京航空航天大学高等理工学院

出处《计算机系统应用》 2021年第11期11-19,共9页 Computer Systems & Applications

基金中国科学院战略性先导科技专项(C类)(XDC05040100) 国家自然科学基金(61772507) 2020年工业互联网创新发展工程(TC200H030)。

关键词溢出攻击指针加密 RISC-V RocketChip PUF PEC-V overflow attack pointer encryption RISC-V RocketChip Physical Unclonable Function(PUF) PEC-V

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献1

1潘亦,吴春梅,武港山.防止缓冲区溢出攻击的增强编译技术分析[J].计算机科学,2005,32(3):156-158. 被引量：4

二级参考文献10

1Wilander J,Kamkar M. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention[EB/OL]. http://www.mcs.csuhayward.edu/?simon/security/boflo.html, 2003
2Cowan C, Wagle P, Pu C, Beattie S, Walpole J. Buffer overflows:Attacks and defenses for the vulnerability of the decade[C]. In:Proc. of the DARPA Information Survivability Conf. and Expo (DISCEX) ,Hilton Head, South Carolina, 2000.119-129
3Fayolle P A,Glaume V. A Buffer Overflow Study Attacks & Defenses [ EB/OL ]. http://www. enseirb. fr/? glaume/indexen.html,2002
4Jones R W M,Kelly P H J. Backwards-compatible bounds checking for arrays and pointers in C programs [C]. In: Third Intl.Workshop on Automated Debugging, 1997
5Cowan C,Beattie S,Day R,Pu C,Wagle P,Walthinsen E. Protecting systems from stack smashing attacks with StackGuard [EB/OL]. http://www.cse.ogi.edu/?crispin/, 1999
6Cowan C,Pu C,Maier D,Walpole J,Bakke P,Beattie S,Grier A,Wagle P ,Zhang Q,StackGuard H H. Automatic adaptive detection and prevention of buffer-overflow attacks [C]. In :Proc. of the 7thUSENIX Security Conf. San Antonio, Texas, 1998. 63 - 78
7Cowan C,McNamee D,Black A,Pu C,Walpole J,Krasic C,Marlet R,Zhang Q. A Toolkit for Specializing Production Operating System Code [R]: [Technical Report CSE-97-004]. Dept. of Computer Science and Engineering,Oregon Graduate Institute, 1997
8Cowan C,Beattie S,Johansen J,Wagle P. PointGuard: Protecting Pointers From Buffer Overflow [C]. In: the 12th USENIX Security Symposium,Washington DC,2003
9Chiueh T C,Hsu F H. RAD. A compile-time solution to buffer overflow attacks [C]. In: Proc. of the 21th Intl. Conf. on Distributed Computing Systems (ICDCS). Phoenix,Arizona,USA,2001
10Bulba, Kil3r. Bypassing StackGuard and Stackshield [J]. Phrack Magazine,1999(5): 56

共引文献3

1赵秀凤,郭渊博,方青坡.基于信息流分析的C代码安全编译技术研究[J].微电子学与计算机,2006,23(z1):152-153.
2赵秀凤,方青坡.基于容忍入侵的C代码安全编译技术[J].郑州大学学报（理学版）,2007,39(2):142-144.
3汪晓茵,蒋中国.Fedora系统溢出防护与利用原理分析[J].信息工程大学学报,2007,8(3):357-359.

同被引文献7

1黎明,吴丹,戴葵,邹雪城.高性能可扩展公钥密码协处理器研究与设计[J].电子学报,2011,39(3):665-670. 被引量：11
2李辉楷,韩军,翁新钎,贺中柱,曾晓洋.精简指令集计算机协处理器设计[J].计算机工程,2012,38(23):240-242. 被引量：3
3吕述望,苏波展,王鹏,毛颖颖,霍利利.SM4分组密码算法综述[J].信息安全研究,2016,2(11):995-1007. 被引量：71
4韩光,陈光化,曾为民,刘晶晶.基于可信计算应用的双域椭圆曲线密码协处理器研究与实现[J].微电子学与计算机,2020,37(12):53-58. 被引量：7
5杨伊,何德彪,文义红,罗敏.密钥管理服务系统下的多方协同SM4加/解密方案[J].信息网络安全,2021(8):17-25. 被引量：4
6罗庆斌,李晓瑜,杨国武.SM4密码算法S盒的量子电路实现[J].电子科技大学学报,2021,50(6):820-826. 被引量：3
7王腾飞,张海峰,许森.SM2专用指令协处理器设计与实现[J].计算机工程与应用,2022,58(2):102-109. 被引量：5

引证文献1

1武文彪,韩跃平,唐道光.RISCV指令集的SM4专用协处理器设计[J].单片机与嵌入式系统应用,2022,22(8):24-28.

1《微计算机应用》2005年总目录[J].微计算机应用,2005,26(6):765-768.
2陈彦平,汪丽.重要领域密码应用解决方案[J].信息技术与标准化,2018(9):19-22. 被引量：6
3柴群.基于区块链的云存储加密数据共享方案[J].电子乐园,2020(12):0020-0020.
4顾亦然,陈禹洲.基于SOM-K-means算法的商品评论研究[J].软件导刊,2021,20(10):68-72. 被引量：1
5李艺志.云存储加密数据检索技术研究[J].信息与电脑,2021,33(10):185-187.
6Songchao Zhang,Xinyu Xue,Chen Chen,Zhu Sun,Tao Sun.Development of a low-cost quadrotor UAV based on ADRC for agricultural remote sensing[J].International Journal of Agricultural and Biological Engineering,2019,12(4):82-87. 被引量：1
7蔡昊君,牛少彰.基于机器学习的动静结合的二进制漏洞检测[J].新一代信息技术,2021,4(20):1-10.
8翟继强,徐晓,陈攀,杨海陆.基于元数据和指令流的64位Windows堆栈取证[J].哈尔滨理工大学学报,2021,26(5):51-59.
9王震,李哲,李占山.优化简单表缩减算法求解因子分解编码实例[J].软件学报,2021,32(11):3530-3540. 被引量：1
10郝佳晶.数字化学籍管理中二维码技术的应用研究[J].山西电子技术,2021(6):77-78.

计算机系统应用

2021年第11期

浏览历史

内容加载中请稍等...

PEC-V:基于RISC-V协处理器的内存溢出防御机制被引量：1

参考文献1

二级参考文献10

共引文献3

同被引文献7

引证文献1

相关作者

相关机构

相关主题

浏览历史

PEC-V:基于RISC-V协处理器的内存溢出防御机制 被引量：1

参考文献1

二级参考文献10

共引文献3

同被引文献7

引证文献1

相关作者

相关机构

相关主题

浏览历史

PEC-V:基于RISC-V协处理器的内存溢出防御机制被引量：1