计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 417-420.
帕尔哈提江·斯迪克, 马建峰, 孙聪
SIDIKE Pa-erhatijiang, MA Jian-feng, SUN Cong
摘要: 控制流完整性是预防控制流劫持攻击的安全技术。出于性能开销的考虑,多数现有的控制流完整性解决方案为粗粒度的控制流完整性。文中提出一种面向二进制的控制流完整性保护方案Bincon。通过静态分析从二进制程序中提取控制流信息,在控制流发生转移处植入检验代码,根据静态分析的数据判断控制流转移的合法性。针对间接函数调用,分析目标二进制并根据参数寄存器和函数返回值寄存器的状态信息重构函数原型和调用点签名,通过限制间接函数调用点只调用类型兼容的函数来有效地降低间接调用指令合法目标的数量。与基于编译器的方案Picon对比,所提方法在无源码前提下能有效地控制精度损失,并显著减少了时间开销。
中图分类号:
[1]ABADI M,BUDIU M,ERLINGSSON U,et al.Control-flow integrity[C]∥Proceedings of the 12th ACM Conference on Computer and Communications Security.ACM,2005:340-353. [2]GE X,TALELE N,PAYER M,et al.Fine-grained control-flow integrity for kernel software[C]∥2016 IEEE European Symposium on Security and Privacy (EuroS&P).IEEE,2016:179-194. [3]BUROW N,CARR S A,NASH J,et al.Control-flow integrity:Precision,security,and performance[J].ACM Computing Surveys (CSUR),2017,50(1):16-55. [4]NAKAYAMA T,MISONO M,SHINAGAWA T.High-per-formance and Secure Just-in-time Compiler Protection (preliminary version)[J].Bulletin of Networking,Computing,Systems,and Software,2018,7(1):59-65. [5]NIU B,TAN G.Per-input control-flow integrity[C]∥Procee-dings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:914-926. [6]MASHTIZADEH A J,BITTAU A,MAZIERES D,et al.Cryptographically enforced control flow integrity[J].arXiv:1408.1451,2014. [7]BOUNOV D,KICI R G,LERNER S.Protecting C++ Dynamic Dispatch Through VTable Interleaving[C]∥NDSS.2016. [8]ELSABAGH M,FLECK D,STAVROU A.Strict Virtual CallIntegrity Checking for C++ Binaries[C]∥Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security.ACM,2017:140-154. [9]VEEN V V D,ANDRIESSE D,GÖKTA E,et al.Practical context-sensitive CFI[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:927-940. [10]YAMADA K,SHANMUGAVELAYUTHAM P,KONDA S.Techniques for enforcing control flow integrity using binary translation:U.S.Patent Application 15/430,652[P].2017-11-02. [11]TICE C,ROEDER T,COLLINGBOURNE P,et al.EnforcingForward-Edge Control-Flow Integrity in GCC & LLVM[C]∥USENIX Security Symposium.2014:941-955. [12]BLACK R J,BURRELL T W,DE CASTRO M O T,et al.Control flow integrity enforcement at scale:U.S.Patent Application 13/450,487[P].2013-10-24. [13]DAVI L,SADEGHI A R,WINANDY M.ROPdefender:A detection tool to defend against return-oriented programming attacks[C]∥Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security.ACM,2011:40-51. [14]COUDRAY T,FONTAINE A,CHIFFLIER P.Picon:Control Flow Integrity on LLVM IR[C]∥Symposium on security of information and communications technology (SSTIC).2015. [15]BERNAT A R,MILLER B P.Anywhere,any-time binary in-strumentation[C]∥Proceedings of the 10th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools.ACM,2011:9-16. [16]王明华,尹恒,苏璞睿,等.二进制代码块:面向二进制程序的细粒度控制流完整性校验方法[J].信息安全学报,2016(2):61-72. [17]ZHANG M,SEKAR R.Control Flow Integrity for COTS Binaries[C]∥Proceedings of the 22nd USENIX Security Symposium.USENIX,2013:337-352. |
[1] | 张光华, 高天娇, 陈振国, 于乃文. 基于N-Gram静态分析技术的恶意软件分类研究 Study on Malware Classification Based on N-Gram Static Analysis Technology 计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203 |
[2] | 赵静文, 付岩, 吴艳霞, 陈俊文, 冯云, 董继斌, 刘嘉琪. 多线程数据竞争检测技术研究综述 Survey on Multithreaded Data Race Detection Techniques 计算机科学, 2022, 49(6): 89-98. https://doi.org/10.11896/jsjkx.210700187 |
[3] | 李明磊, 黄晖, 陆余良, 朱凯龙. SymFuzz:一种复杂路径条件下的漏洞检测技术 SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions 计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128 |
[4] | 陈晨, 周宇, 王永超, 黄志球. 基于情境感知的API个性化推荐 Context-aware Based API Personalized Recommendation 计算机科学, 2021, 48(12): 100-106. https://doi.org/10.11896/jsjkx.201000127 |
[5] | 谢念念, 曾凡平, 周明松, 秦晓霞, 吕成成, 陈钊. 多维敏感特征的Android恶意应用检测 Android Malware Detection with Multi-dimensional Sensitive Features 计算机科学, 2019, 46(2): 95-101. https://doi.org/10.11896/j.issn.1002-137X.2019.02.015 |
[6] | 姬秀娟, 孙晓卉, 许静. 基于复杂控制流的源代码内存泄漏静态检测 Source Code Memory Leak Static Detection Based on Complex Control Flow 计算机科学, 2019, 46(11A): 517-523. |
[7] | 朱朝阳,陈相舟,闫龙,张信明. 基于主成分分析法的人工免疫识别软件缺陷预测模型研究 Research on Software Defect Prediction Based on AIRS Using PCA 计算机科学, 2017, 44(Z6): 483-485. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.107 |
[8] | 宁卓,邵达成,陈勇,孙知信. 基于签名与数据流模式挖掘的Android恶意软件检测系统 Android Static Analysis System Based on Signature and Data Flow Pattern Mining 计算机科学, 2017, 44(Z11): 317-321. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.067 |
[9] | 缪旭东,王永春,曹星辰,方峰. 基于模式匹配的安全漏洞检测方法 Detection Approach for Security Vulnerability Based on Pattern Matching 计算机科学, 2017, 44(4): 109-113. https://doi.org/10.11896/j.issn.1002-137X.2017.04.024 |
[10] | 魏苗,吴毅坚,沈立炜,彭鑫,赵文耘. 基于静态分析的JavaScript类型失配缺陷查找 Finding Type Mismatch Defects of JavaScript Based on Static Analysis 计算机科学, 2017, 44(4): 223-228. https://doi.org/10.11896/j.issn.1002-137X.2017.04.048 |
[11] | 吕照进,沈立炜,赵文耘. 面向场景的安卓应用代码定位方法 Scenario-oriented Location Method of Android Applications 计算机科学, 2017, 44(2): 216-221. https://doi.org/10.11896/j.issn.1002-137X.2017.02.035 |
[12] | 张弛,黄志球,丁泽文. 支持抽象解释的静态分析方法的形式化体系研究 Research on Static Analysis Formalism Supporting Abstract Interpretation 计算机科学, 2017, 44(12): 126-130. https://doi.org/10.11896/j.issn.1002-137X.2017.12.025 |
[13] | 沈钦涛,张丽,罗磊,马俊,余杰,吴庆波. 上下文敏感的控制流完整性保护的改进方法 Improved Method of Context-sensitive Control Flow Integrity Protection 计算机科学, 2017, 44(11): 87-90. https://doi.org/10.11896/j.issn.1002-137X.2017.11.013 |
[14] | 王涛,韩兰胜,付才,邹德清,刘铭. 软件漏洞静态检测模型及检测框架 Static Detection Model and Framework for Software Vulnerability 计算机科学, 2016, 43(5): 80-86. https://doi.org/10.11896/j.issn.1002-137X.2016.05.015 |
[15] | 梁家彪,李兆鹏,朱玲,沈咸飞. 支持形状分析的符号执行引擎的设计与实现 Symbolic Execution Engine with Shape Analysis 计算机科学, 2016, 43(3): 193-198. https://doi.org/10.11896/j.issn.1002-137X.2016.03.036 |
|