| 引用本文: |
-
应佳蒙,侯锐,赵世军,孟丹.释放后重用漏洞防御方法综述[J].信息安全学报,已采用 [点击复制]
- Ying Jiameng,Rui Hou,Shijun Zhao,Dan Meng.The Defenses of Use-After-Free Vulnerabilities: A Survey[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着系统安全攻防技术的发展,内存安全问题的重要性日益凸显,因此探索内存安全漏洞的发生机理以及防御措施具有重要的现实意义。释放后重用漏洞作为内存安全漏洞中的一种重要类型,近年来被曝光的数量呈上升趋势,涉及到操作系统等重要的系统软件以及各种常见的用户应用。释放后重用攻击是控制流劫持、数据流劫持、信息泄漏攻击的根源之一,因此如何高效地防御释放后重用漏洞也逐渐成为研究的热点。本文总结并举例分析了现有释放后重用攻击的常见攻击步骤。通过调研现有的释放后重用攻击的防御机制,并根据这些机制针对的攻击步骤将其分为三大类,包括内存释放前检查或者清空悬空指针、限制被释放的内存块的重分配操作和访问内存时检查指针和内存块元数据是否匹配。根据防御方法的不同,本文将各大类机制进行进一步细分,并对不同防御方法的相关工作的发展进行梳理。之后本文总结了相关研究工作不同的关注点,包括性能损失、内存开销、安全性、兼容性、可调性、软硬件协同设计等。针对这些特征,本文系统性地比较了各类释放后重用漏洞防御机制的优劣,并分析了各类特征在实现过程中存在的挑战和已有的解决方法。最后,本文提出未来值得关注的研究方向,包括针对IoT设备和操作系统内核的释放后重用攻击防御机制的设计,不同种类的防御机制对于不同类型的内存管理库的兼容性问题,和未来软硬件协同设计需要注意的问题等。 |
| 关键词: 释放后重用漏洞,漏洞防御,硬件安全,系统安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.02.17 |
| 投稿时间:2022-04-28修订日期:2022-07-28 |
| 基金项目:国家杰出青年科学基金 |
|
| The Defenses of Use-After-Free Vulnerabilities: A Survey |
|
Ying Jiameng, Rui Hou, Shijun Zhao, Dan Meng
|
| (State Key Laboratory of Information Security, Institute of Information Engineering) |
| Abstract: |
| With the development of system security attack and defense technology, the importance of memory security issues has become increasingly prominent. Therefore, it is of great practical significance to explore the attack methods and defense measures of memory security vulnerabilities. As an important type of memory security vulnerability, the number of use-after-free vul-nerabilities exposed in recent years has been on the rise, involving important system software such as operating systems and various common user applications. The use-after-free attack is one of the root causes of control-flow hijacking, data-flow hijacking and information leakage attacks. Therefore, how to efficiently defend against use-after-free vulnerabilities has gradually become a research hotspot. This paper summarizes and analyzes the common attack steps of use-after-free attacks with the example. After investigating the existing defense mechanisms for use-after-free attacks, this paper divides them into three categories according to the attack steps they target, including checking or clearing dangling pointers before freeing memory chunks, restricting the reallocation of freed memory blocks and checking whether the pointer and memory block metadata match before accessing memory. According to the different defense methods, this paper further subdivides these categories of mechanisms and summarizes the development of the related works on different defense methods. Then this paper summarizes the different concerns of related research works, including performance overhead, memory overhead, security, compatibility, tunability, software-hardware co-design and so on. According to these characteristics, this paper systematically compares the advantages and disadvantages of various kinds of use-after-free defense mechanisms and analyzes the challenges and existing solutions of various types of characteristics when implementing defense mechanisms. Finally, this paper proposes future research directions worthy of attention, including the design of use-after-free defense mechanisms for IoT devices and operating system kernels, the compatibility of different types of defense mechanisms for different kinds of memory management libraries, and issues needing attention for future software-hardware co-design and so on. |
| Key words: use-after-free vulnerability vulnerability defense hardware security system security |
