摘要
使用C/C++语言编写的程序可能包含安全漏洞。这些漏洞可以被用来劫持控制流。现存的控制流劫持攻击防御措施通常是对间接控制流跳转的目标进行校验,或保证代码指针的完整性。然而,此时攻击者依然可以通过修改函数指针的依赖将间接控制流跳转的目标弯曲为合法但是不符合预期的值。为了解决这个问题,引入了控制相关数据完整性来保证函数指针以及它们的依赖的完整性。这些依赖决定了函数指针的定义和间接控制流跳转之间潜在的数据流关系。首先,控制相关数据完整性保护系统识别出所有函数指针;然后,使用过程间静态污点分析收集它们所依赖的数据;最后,系统将这些控制相关数据分配到硬件保护的内存Ms中来阻止未授权的修改。在SPEC CPU 2006 benchmarks和Nginx上测量了控制相关数据完整性保护系统的开销,并在三个真实世界的漏洞和一个虚表指针劫持攻击的测试集测试了它的有效性。结果显示,设计的系统能够成功检测到所有攻击,同时在C/C++benchmarks上只有约10.2%的平均开销,在Nginx上约是6.8%,在可接受范围内。实验表明,控制相关数据完整性保护系统是有效且实用的。
Programs written in C/C++may contain bugs that can be exploited to subvert the control flow.Existing control-flow hijacking mitigations validate the indirect control-flow transfer targets,or guarantee the integrity of code pointers.However,attackers can still overwrite the dependencies of function pointers,bending indirect control-flow trans-fers(ICTs)to valid but unexpected targets.We introduce the control-related data integrity(COLLATE)to guarantee the integrity of function pointers and their dependencies.The dependencies determine the potential data-flow between function pointers definition and ICTs.The COLLATE identifies function pointers,and collects their dependencies with the inter-procedure static taint analysis.Moreover,the COLLATE allocates control-related data on a hardware-protected memory domain MS to prevent unauthorized modifications.We evaluate the overhead of the COLLATE on SPEC CPU 2006 benchmarks and Nginx.Also,we evaluate its effectiveness on three real-world exploits and one test suite for vtable pointer overwrites.The evaluation results show that the COLLATE successfully detects all attacks,and introduces a 10.2%performance overhead on average for the C/C++benchmark and 6.8%for Nginx,which is acceptable.Experiments prove that the COLLATE is effective and practical.
作者
邓颖川
张桐
刘维杰
王丽娜
DENG Yingchuan;ZHANG Tong;LIU Weijie;WANG Lina(Ministry of Education Key Laboratory of Aerospace Information Security and Trusted Computing,School of Cyber Science and Engineering,Wuhan University,Wuhan 430040,China;Ant Group,Hangzhou 310012,China)
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2023年第5期199-211,共13页
Journal of Xidian University
基金
国家重点研发计划(2020YFB1805400,2021YFB3100700)
国家自然科学基金(61876134)。
关键词
静态分析
网络安全
控制流完整性
代码指针完整性
static analysis
network security
control-flow integrity
code pointer integrity