COLLATE:控制相关数据的完整性保护

COLLATE:towards the integrity of control-related data

使用C/C++语言编写的程序可能包含安全漏洞。这些漏洞可以被用来劫持控制流。现存的控制流劫持攻击防御措施通常是对间接控制流跳转的目标进行校验,或保证代码指针的完整性。然而,此时攻击者依然可以通过修改函数指针的依赖将间接控制流跳转的目标弯曲为合法但是不符合预期的值。为了解决这个问题,引入了控制相关数据完整性来保证函数指针以及它们的依赖的完整性。这些依赖决定了函数指针的定义和间接控制流跳转之间潜在的数据流关系。首先,控制相关数据完整性保护系统识别出所有函数指针;然后,使用过程间静态污点分析收集它们所依赖的数据;最后,系统将这些控制相关数据分配到硬件保护的内存Ms中来阻止未授权的修改。在SPEC CPU 2006 benchmarks和Nginx上测量了控制相关数据完整性保护系统的开销,并在三个真实世界的漏洞和一个虚表指针劫持攻击的测试集测试了它的有效性。结果显示,设计的系统能够成功检测到所有攻击,同时在C/C++benchmarks上只有约10.2%的平均开销,在Nginx上约是6.8%,在可接受范围内。实验表明,控制相关数据完整性保护系统是有效且实用的。

Programs written in C/C++may contain bugs that can be exploited to subvert the control flow.Existing control-flow hijacking mitigations validate the indirect control-flow transfer targets,or guarantee the integrity of code pointers.However,attackers can still overwrite the dependencies of function pointers,bending indirect control-flow trans-fers(ICTs)to valid but unexpected targets.We introduce the control-related data integrity(COLLATE)to guarantee the integrity of function pointers and their dependencies.The dependencies determine the potential data-flow between function pointers definition and ICTs.The COLLATE identifies function pointers,and collects their dependencies with the inter-procedure static taint analysis.Moreover,the COLLATE allocates control-related data on a hardware-protected memory domain MS to prevent unauthorized modifications.We evaluate the overhead of the COLLATE on SPEC CPU 2006 benchmarks and Nginx.Also,we evaluate its effectiveness on three real-world exploits and one test suite for vtable pointer overwrites.The evaluation results show that the COLLATE successfully detects all attacks,and introduces a 10.2%performance overhead on average for the C/C++benchmark and 6.8%for Nginx,which is acceptable.Experiments prove that the COLLATE is effective and practical.