基于软硬协同的程序运行时安全保护机制

A security protection mechanism on program runtime based on software and hardware cooperation

内存篡改(Memory Corruption)是现代各类攻击的主要原因,通过修改内存中的数据,达到劫持控制流的目的.使用不安全语言暴露内存细节给开发者,导致很多的敏感数据可以任意被修改.现有的解决方案针对安全攻击主要包括两个方面,软件检查和硬件机制保护.基于软件检查的机制虽然灵活,但是存在严重的性能问题.基于硬件的方法可以大幅度解决性能问题,而且要比软件的方式安全性更高.因此提出了很多的硬件相关的保护机制.但现有的硬件机制大都仅仅针对单一的攻击,而且缺乏灵活性.在本文中,我们提出了一种软硬件结合的解决方案,通过对程序运行时敏感数据进行加密隐藏,在访问这些敏感数据时进行解密,然后做安全检查,判断敏感数据是否被修改.在硬件实现上,本文设计了安全的Load和Store类指令,以及硬件加密解密模块.同时在软件编译器上对此类安全指令支持,针对不同的使用场景提出了两种安全策略:全局约束策略和上下文执行约束策略.相比于前者,后者提供了更加严格的约束,可适用于安全度更高的程序保护.本文的安全机制能够抵御多种攻击向量,比如针对CFI类攻击,最近的DOP攻击,GOT表和虚函数表指针感染攻击等.还可以抵御缓冲区溢出类的攻击,支持信息隐藏等.通过SPEC2006的测试程序表明,本文提出的安全机制性能损耗仅仅为4.5%.

Memory corruption is the root cause of modern attacks.The purpose of hijacking the control flow is achieved by modifying the data in memory.Using unsafe languages to expose memory to developers results in a lot of sensitive data that can be modified arbitrarily.The existing solutions against security attacks mainly include two aspects,software-based and hardware mechanism protection.Although the software-based mechanism is flexible,it has serious performance overheads.The hardware-based method can greatly cut down the performance loss,and it is safer than the software method.Therefore,many hardware protection mechanisms have been proposed.However,most of the existing hardware mechanisms only target a single attack and lack flexibility.In this paper,we propose a solution that combines software and hardware by encrypting and hiding sensitive data when the program is running.The mechanism decrypts these sensitive data when accessing,and then does security checks to determine whether the sensitive data has been modified.We design secure Load and Store instructions in terms of hardware implementation,as well as encryption and decryption hardware modules.Software compiler supports such security instructions.At the same time,two security strategies are proposed for different usage scenarios:global restriction strategy and context execution restriction strategy.Compared with the former,the latter provides more stringent constraints and can be applied to program protection with higher security priority.Our security mechanism can resist a variety of attack vectors,such as CFI attacks,recent DOP attacks,GOT table and virtual function table infection attacks,etc.It can also mitigate buffer overflow attacks and support information hiding.The experiments of SPEC2006 show that the performance overhead of our proposed safety mechanism is only 4.5%.