摘要: |
随机化技术防御进程控制流劫持攻击, 是建立在攻击者无法了解当前内存地址空间布局的基础之上, 但是, 攻击者可以利用内存信息泄露绕过随机化防御获得 gadget 地址, 向程序注入由 gadget 地址构造的 payload, 继续实施控制流劫持攻击, 窃取敏感数据并夺取或破坏执行软件的系统。目前, 异构冗余执行系统是解决该问题的方法之一, 基本思想是同一程序运行多个多样化进程, 同时处理等效的程序输入。随机化技术使冗余的进程对恶意输入做出不同的输出, 同时正常功能不受影响。近年来,一些符合上述描述的系统已经被提出, 分析进程异构冗余执行系统的表决设计可以发现, 基于 ptrace 的实现方法会引入大量的上下文切换, 影响系统的执行效率。率先直接修改内核设计出一种进程异构冗余执行系统, 表决过程完全在内核中完成, 冗余的进程独立地采用内存地址空间随机化技术, 构建相互异构的内存地址空间布局, 在与内存信息泄露相关的系统调用处进行表决,发现泄露信息不一致, 阻断进程控制流劫持攻击。即使攻击者跳过内存信息泄露进行漏洞利用, 异构内存空间布局也使得注入由 gadget 地址构造的 payload 无法同时在冗余的进程中有效, 阻断进程控制流劫持攻击。实现了原型系统 KMBox, 实验证明该系统能够有效抵御进程控制流劫持攻击, 性能相较于基于 ptrace 的进程异构冗余执行系统有所提高。 |
关键词: 控制流劫持攻击 异构冗余执行系统 随机化 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.01.02 |
投稿时间:2021-10-10修订日期:2021-12-17 |
基金项目:本课题得到国家自然科学基金项目(No. 61521003)与国家重点研发计划项目(No. 2018YF0804003)资助。 |
|
KMBox: Linux Kernel-based Heterogeneous Redundant Execution System Designed for Processes |
MA Bolin,ZHANG Zheng,SHAO Yuwen,LI Bingzheng,PAN Chuanxing,JIANG Peng,WU Jiangxing |
PLA Information Engineering University, Zhengzhou 450001, China;Purple Mountain Laboratories, Nanjing 211100, China |
Abstract: |
The randomization technology to defeat process control-flow hijacking attacks is based on the fact that attackers are unable to know about the memory address space layout. However, attackers can exploit information disclosure to bypass the randomization defense and obtain gadget address. So that attackers can still launch process control-flow hijacking attacks to steal sensitive data and to seize or disrupt the system on which the software is executed. At present, the heterogeneous redundant execution system is one of the methods to solve this problem. The underlying idea of heterogeneous redundant execution system is to run several diversified processes of the same program, side by side on equivalent program inputs. The randomization techniques make the redundant processes respond differently to malicious inputs, while leaving the behavior under normal operating conditions unaffected. In recent years, some systems have been proposed that match the above description. The voting designs of heterogeneous redundant execution systems for processes are analyzed, the implementation based on ptrace introduces a large number of context switches, which affects the execution efficiency of the system. It is the first to design a kernel-based heterogeneous redundant execution system which directly modifies the kernel for processes. The redundant processes adopt memory address space layout randomization independently, besides, the system calls related information disclosure will be voted to find abnormality and to defeat process control-flow hijacking attacks. Even if attackers skip information disclosure to exploit other vulnerabilities, the heterogeneous memory address space layouts prevent the injected payload from being effective in redundant processes at the same time, which can also defeat process control-flow hijacking attacks. The prototype system KMBox is implemented and experiments show that the prototype can effectively defeat process control-flow hijacking attacks. Comparative performance tests show that KMBox is better than the heterogeneous redundant execution system based on ptrace. |
Key words: control-flow hijacking attack heterogeneous redundant execution system randomization |