It is a challenge to verify integrity of dynamic control flows due to their dynamic and volatile nature. To meet the challenge, existing solutions usually implant an "attachment" in each control transfer. However, t...It is a challenge to verify integrity of dynamic control flows due to their dynamic and volatile nature. To meet the challenge, existing solutions usually implant an "attachment" in each control transfer. However, the attachment introduces additional cost except performance penalty. For example, the attachment must be unique or restrictedly modified. In this paper, we propose a novel approach to detect integrity of dynamic control flows by counting executed branch instructions without involving any attachment. Our solution is based on the following observation. If a control flow is compromised, the number of executed branch instructions will be abnormally increased. The cause is that intruders usually hijack control flows for malicious execution which absolutely introduces additional branch instructions. Inspired by the above observation, in this paper, we devise a novel system named DCFI- Checker, which detect integrity corruption of dynamic control flows with the support of Performance Monitoring Counter (PMC). We have developed a proof-of-concept prototype system of DCFI-Checker on Linux fedora 5. Our experiments with existing kemel rootkits and buffer overflow attack show that DCFI- Checker is effective to detect compromised dynamic control transfer, and performance evaluations indicate that performance penaltyinduced by DCFI-Checker is acceptable.展开更多
Control performance monitoring has attracted great attention in both academia and industry over the past two decades. However, most research efforts have been devoted to the performance monitoring of linear control sy...Control performance monitoring has attracted great attention in both academia and industry over the past two decades. However, most research efforts have been devoted to the performance monitoring of linear control systems, without considering the pervasive nonlinearities(e.g. valve stiction) present in most industrial control systems. In this work, a novel probability distribution distance based index is proposed to monitor the performance of non-linear control systems. The proposed method uses Hellinger distance to evaluate change of control system performance. Several simulation examples are given to illustrate the effectiveness of the proposed method.展开更多
基金The work is supported in part by the National Natural Science Foundation of China,Natural Science Foundation of Beijing,National 863 High-Tech Research Development Program of China
文摘It is a challenge to verify integrity of dynamic control flows due to their dynamic and volatile nature. To meet the challenge, existing solutions usually implant an "attachment" in each control transfer. However, the attachment introduces additional cost except performance penalty. For example, the attachment must be unique or restrictedly modified. In this paper, we propose a novel approach to detect integrity of dynamic control flows by counting executed branch instructions without involving any attachment. Our solution is based on the following observation. If a control flow is compromised, the number of executed branch instructions will be abnormally increased. The cause is that intruders usually hijack control flows for malicious execution which absolutely introduces additional branch instructions. Inspired by the above observation, in this paper, we devise a novel system named DCFI- Checker, which detect integrity corruption of dynamic control flows with the support of Performance Monitoring Counter (PMC). We have developed a proof-of-concept prototype system of DCFI-Checker on Linux fedora 5. Our experiments with existing kemel rootkits and buffer overflow attack show that DCFI- Checker is effective to detect compromised dynamic control transfer, and performance evaluations indicate that performance penaltyinduced by DCFI-Checker is acceptable.
基金Supported by the National Natural Science Foundation of China(61134007,61203157)the National Science Fund for Outstanding Young Scholars(61222303)+1 种基金the Fundamental Research Funds for the Central Universities(22A20151405)Shanghai R&D Platform Construction Program(13DZ2295300)
文摘Control performance monitoring has attracted great attention in both academia and industry over the past two decades. However, most research efforts have been devoted to the performance monitoring of linear control systems, without considering the pervasive nonlinearities(e.g. valve stiction) present in most industrial control systems. In this work, a novel probability distribution distance based index is proposed to monitor the performance of non-linear control systems. The proposed method uses Hellinger distance to evaluate change of control system performance. Several simulation examples are given to illustrate the effectiveness of the proposed method.
