计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (8): 314-320.doi: 10.11896/jsjkx.220800098

• 信息安全 • 上一篇    下一篇

编译支持的程序栈空间布局运行时随机化方法

朱鹏喆1, 姚远2, 刘子敬1, 席睿成1   

  1. 1 信息工程大学网络空间安全学院 郑州 450001
    2 网络通信与安全紫金山实验室 南京 211100
  • 收稿日期:2022-08-10 修回日期:2023-02-13 出版日期:2023-08-15 发布日期:2023-08-02
  • 通讯作者: 姚远(1196207482@qq.com)
  • 作者简介:(1696207482@qq.com)

Compiler-supported Program Stack Space Layout Runtime Randomization Method

ZHU Pengzhe1, YAO Yuan2, LIU Zijing1, XI Ruicheng1   

  1. 1 College of Cyber and Space Security College,Information Engineering University,Zhengzhou 450001,China
    2 Purple Mountain Lab of Network Communications and Security,Nanjing 211100,China
  • Received:2022-08-10 Revised:2023-02-13 Online:2023-08-15 Published:2023-08-02
  • About author:ZHU Pengzhe,born in 2000,postgra-duate.His main research interests include compiler technology and multi-variant execution.
    YAO Yuan,born in 1972,Ph.D,professor.His main research interests include parallel compilation and mimic defense.

PDF (PC)

483

摘要: 多变体执行(Multi-Variant Execution,MVX)是目前最流行的主动防御技术之一,其通过并行运行一组功能等价的异构变体,检测不同变体之间不一致的状态转换实现对攻击行为的识别。多变体执行的防御效果在很大程度上依赖于程序变体之间的异构性,程序变体之间的异构性越高多变体执行的防御效果就越好。为了提高程序变体之间的异构性,文中提出了一种编译支持动静态相结合的程序栈空间布局随机化方法,该方法基于LLVM 12.0编译框架,首先在静态编译阶段根据外部输入获取函数识别程序中的关键变量,定位其栈空间分配指令,并在这些分配指令前添加额外的调用和分配指令,其次在程序运行阶段,利用静态编译时添加的指令在栈空间中的关键变量前进行内存块的随机化填充,从而实现程序运行时内存空间布局随机化。仿真实验结果表明,所提动静结合程序栈空间布局随机化方法可有效提高多变体执行程序间的异构性,对于基于程序内存地址溢出类攻击,不仅提升了其本身的攻击难度,也使得其不能通过不断试探程序地址来进行攻击,有效提高了程序的防御能力。

关键词: 网络安全, 主动防御, 编译器, 多变体执行, 随机化

Abstract: Multi-variant execution is one of the most popular active defense technologies.MVX identifies attack behavior by running a set of functionally equivalent heterogeneous variants parallelly and detecting inconsistent state transitions between different variants.The defense effect of MVX depends on the heterogeneity between program variants in a large extent.Generally,the higher the heterogeneity between program variants,the better the defense effect of MVX.To improve the heterogeneity between program variants,this paper proposes a compiler-supported,dynamic and static program stack space layout randomization me-thod.The method is based on LLVM 12.0 compilation framework.At static compile stage,the method identifies the key variables in program based on external input acquisition functions,locates their stack space allocation instructions,and adds additional call and allocation instructions before these allocation instructions.At program runtime,the method uses the instructions added during static compilation to randomly fill memory blocks before the key variables in stack space,realizing program memory space layout runtime randomization.Simulation experiment results indicate that the dynamic and static program stack space layout randomization method proposed in this paper can effectively improve the heterogeneity between MVX programs.For attacks based on program memory address overflow,the method not only increases their own attack difficulty,but also makes it impossible to conduct attacks by constantly testing program addresses,improving the defense ability of program effectively.

Key words: Cyber security, Active defense, Compiler, Multi-variant execution, Randomization

中图分类号: 

  • TP311
[1]KRUEGER T,GEHL C,RIECK K,et al.TokDoc:A self-hea-ling web application firewall[C]//Proceedings of the 2010 ACM Symposium on Applied Computing.2010:1846-1853.
[2]CLINCY V,SHAHRIAR H.Web application firewall:Network security models and configuration[C]//2018 IEEE 42nd Annual Computer Software and Applications Conference(COMPSAC).IEEE,2018:835-836.
[3]LU K,SONG C,LEE B,et al.ASLR-Guard:Stopping address space leakage for code reuse attacks[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.2015:280-291.
[4]ABADI M,BUDIU M,ERLINGSSON U,et al.Control-flow integrity principles,implementations,and applications[J].ACM Transactions on Information and System Security(TISSEC),2009,13(1):1-40.
[5]BUROW N,CARR S A,NASH J,et al.Control-flow integrity:Precision,security,and performance[J].ACM Computing Surveys(CSUR),2017,50(1):1-33.
[6]HUND R,WILLEMS C,HOLZ T.Practical timing side channel attacks against kernel space ASLR[C]//2013 IEEE Symposium on Security and Privacy.IEEE,2013:191-205.
[7]HU H,SHINDE S,ADRIAN S,et al.Data-oriented program-ming:On the expressiveness of non-control data attacks[C]//2016 IEEE Symposium on Security and Privacy(SP).IEEE,2016:969-986.
[8]COX B,EVANS D,FILIPI A,et al.N-Variant Systems:A Secretless Framework for Security through Diversity[C]//USENIX Security Symposium.2006:105-120.
[9]JIANG W,FANG B X,TIAN Z H,et al.Evaluating network security and optimal active defense based on attack-defense game model[J].Chinese Journal of Computers,2009,32(4):817-827.
[10]VOLCKAERT S,COPPENS B,DE SUTTER B.Cloning your gadgets:Complete ROP attack immunity with multi-variant execution[J].IEEE Transactions on Dependable and Secure Computing,2015,13(4):437-450.
[11]ÖSTERLUND S,KONING K,OLIVIER P,et al.kMVX:Detecting kernel information leaks with multi-variant execution[C]//Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Opera-ting Systems.2019:559-572.
[12]VOULIMENEAS A,SONG D,LARSEN P,et al.dMVX:secure and efficient multi-variant execution in a distributed setting[C]//Proceedings of the 14th European Workshop on Systems Security.2021:41-47.
[13]HOMESCU A,JACKSON T,CRANE S,et al.Large-Scale Automated Software Diversity-Program Evolution Redux[J].IEEE Transactions on Dependable and Secure Computing,2015,14(2):158-171.
[14]BIGELOW D,HOBSON T,RUDD R,et al.Timely Rerando-mization for Mitigating Memory Disclosures[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.2015:268-279.
[15]LYERLY R,WANG X,RAVINDRAN B.Dynamic and Secure Memory Transformation in Userspace[C]//European Sympo-sium on Research in Computer Security.Cham:Springer,2020:237-256.
[16]SINGH S,KRISHNAN S.Filter Response Normalization La-yer:Eliminating Batch Dependence in the Training of Deep Neural Networks[C]//2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).IEEE,2020:11237-11246.
[17]SONG D,LETTNER J,RAJASEKARAN P,et al.SoK:Sanitizing for Security[C]//2019 IEEE Symposium on Security and Privacy (SP).IEEE,2019:1275-1295.
[18]WANG Z,WU C,ZHANG Y,et al.Safehidden:an efficient and secure information hiding technique using re-randomization[C]//USENIX Security Symposium.USENIX Association,2019:1239-1256.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发