基于软硬件结合的控制流完整性保护技术

Control-flow integrity technology based on the combination of software and hardware

针对影子栈难以兼顾安全性和性能,软件实现的前向CFI(control-flow integrity)技术性能开销过大、难以进行实际部署,提出基于软硬件结合的CFI(control-flow integrity based on the combination of software and hardware,SHCFI)技术。通过二进制重写器对程序反编译,生成中间语言,并判断转移指令类型。对于后向控制流的保护,提出基于返回地址加密的平行影子栈方案,使用随机数对栈上的返回地址进行异或加密,将加密结果备份到原始栈固定偏移处的影子栈中,在函数返回时对影子栈中的地址异或解密,将解密结果作为实际的返回地址。对于前向控制流的保护,使用硬件ENDBRANCH状态机指令标记间接转移指令的目标地址,在运行时对目标地址进行合法性检查,以降低性能开销。实验结果表明,SHCFI加固后的程序能够有效地防御代码重用攻击,且具有良好的运行开销。

For shadow stack,balancing security and performance was difficult,and the forward CFI(control-flow integrity)scheme implemented by software was too expensive and difficult to be deployed in practice.A hybrid CFI scheme based on software and hardware integration,named SHCFI(control-flow integrity based on the combination of software and hardware),was proposed.Decompilation was undergone by the program using a binary rewriter to generate an intermediate representation,and various transfer instruction types were identified.For the protection of backward control flow,a novel parallel shadow stack scheme was introduced,featuring encrypted return addresses.This involved XOR encryption of return addresses on the stack using random numbers,with the encrypted results stored securely in a shadow stack located at a fixed offset on the original stack.During function re‐turns,addresses in the shadow stack underwent XOR decryption,and the decrypted results served as the actual return addresses.For forward control flow protection,the hardware ENDBRANCH state machine instruction was utilized to mark the target addresses of indirect transfer instructions.At runtime,legitimacy checks were applied to these target addresses,thereby reducing performance overhead.Experimental results demonstrated that programs fortified with SHCFI effectively defended against code reuse attacks,exhibiting favorable runtime overhead.