计算机科学 ›› 2017, Vol. 44 ›› Issue (11): 87-90.doi: 10.11896/j.issn.1002-137X.2017.11.013
沈钦涛,张丽,罗磊,马俊,余杰,吴庆波
SHEN Qin-tao, ZHANG Li, LUO Lei, MA Jun, YU Jie and WU Qing-bo
摘要: 面对控制流劫持攻击的威胁,业界使用控制流完整性保护技术来保障进程的执行安全。传统的控制流完整性验证保护机制依赖于动态二进制改写技术,在分析、实施等过程中难度较大,且有可能带来二进制兼容的问题。通过研究近几年提出的上下文敏感的控制流保护技术PathArmor,分析了其检测进程控制流的时机。然后针对PathArmor只在进程做系统调用时才进行检测的机制,提出了改进的方法。该方法依据内核页错误中断处理机制,通过修改用户页面的保护属性主动触发可执行页面的执行错误;接着,修改页错误中断处理过程,钩挂do_page_fault以处理主动触发的执行错误。用户进程代码和数据的完整性得以保证的同时,得到了更多陷入内核接受检查的机会。在Nginx,bzip2,SQLite等典型应用环境下的实验结果表明,改进的方法能够明显增加系统安全分析的粒度,更好地保护程序的控制流。
[1] DESIGNER S.Return-to-libc attack[M].Bugtraq,1997. [2] SHACHAM H.The geometry of innocent flesh on the bone:Return-into-libc without function calls (on the x86)[C]∥Proceedings of the 14th ACM Conference on Computer and Communications Security.ACM,2007:552-561. [3] ROEMER R,BUCHANAN E,SHACHAM H,et al.Return-oriented programming:Systems,languages,and applications[J].ACM Transactions on Information and System Security,2012,15(1):1-34. [4] ABADI M,BUDIU M,ERLINGSSON U,et al.Control-flow integrity[C]∥Proceedings of the 12th ACM Conference on Computer and Communications Security.ACM,2005:340-353. [5] ZHANG M,SEKAR R.Control Flow Integrity for COTS Binaries[C]∥Usenix Security Symposium.2013:337-352. [6] ZHANG C,WEI T,Chen Z,et al.Practical control flow integrity and randomization for binary executables[C]∥2013 IEEE Symposium on Security and Privacy (SP).IEEE,2013:559-573. [7] TEAM P X.PaX address space layout randomization (ASLR).http://pax.grsecurity.net/docs/aslr.txt. [8] CHENG Y,ZHOU Z,MIAO Y,et al.ROPecker:A generic and practical approach for defending against ROP attack[C]∥ Network & Distributed System Security Sympoisum.2014. [9] VAN DER VEEN V,ANDRIESSE D,GKTAS, E,et al.Practical context-sensitive cfi[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:927-940. [10] GOKTAS E,ATHANASOPOULOS E,BOS H,et al.Out of control:Overcoming control-flow integrity[C]∥2014 IEEE Symposium on Security and Privacy (SP).IEEE,2014:575-589. [11] DAVI L,LEHMANN D,SADEGHI A R,et al.Stitching thegadgets:On the ineffectiveness of coarse-grained control-flow integrity protection[C]∥USENIX Security Symposium.2014. |
No related articles found! |
|