摘要: |
代码重用攻击(Code Reuse Attack,CRA)目前已经成为主流的攻击方式,能够对抗多种防御机制,给计算机安全带来极大的威胁和挑战。本文提出一种基于配件加权标记(Gadget Weighted Tagging,GWT)的CRAs防御框架。首先,GWT找到代码空间中所有可能被CRAs利用的配件。其次,GWT为每个配件附加相应的权值标记,这些权值可以根据用户需求灵活地配置。最后,GWT在程序运行时监控配件的权值信息,从而检测和防御CRAs。另外,我们结合粗粒度CFI的思想,进一步提出GWT+CFI的设计框架,相比基础的GWT,GWT+CFI能够提高识别配件开端的精确性并减少可用配件的数量。我们基于软件和硬件模拟的方案实现GWT和GWT+CFI系统,结果表明其平均性能开销分别为2.31%和3.55%,且GWT理论上能够防御大多数CRAs,特别是使用自动化工具生成配件链的CRAs。 |
关键词: 代码重用攻击 配件加权标记 控制流完整性 |
DOI:10.19363/J.cnki.cn10-1380/tn.2018.09.07 |
投稿时间:2017-06-19修订日期:2017-11-21 |
基金项目:本课题得到国家自然科学基金(No.61602469),中国科学院信息工程研究所和信息安全国家重点实验室(No.Y7Z0411105)资助。 |
|
A Framework based on Gadget Weighted Tagging (GWT) to Protect Against Code Reuse Attacks |
MA Mengyu,CHEN Liwei,SHI Gang,MENG Dan |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
Code reuse attacks(CRAs) become the primary attack vector nowadays. CRAs are able to bypass a variety of security mechanisms so that CRAs pose a great challenge in the field of security research. In this paper, we propose Gadget Weighted Tagging(GWT), a flexible framework to protect against CRAs. First, we find all possible gadgets, which can be used in CRAs. Then, we attach weighted tags to these gadgets, and the weighted values are configurable as the need. At last, we monitor the weighted tag information at runtime to detect and prevent CRAs. Furthermore, combining with the rule-based CFI, GWT+CFI can precisely confirm the gadget start and greatly reduce the number of possible gadgets, compared to the baseline GWT. We implement a software and emulation-based hardware framework to support GWT and GWT+CFI. The results show that the average performance overheads of GWT and GWT+CFI are 2.31% and 3.55% respectively, and GWT can defeat the majority of CRAs, especially those generated by automated tools. |
Key words: code reuse attack gadget weighted tagging control flow integrity |