引用本文
  • 马梦雨,陈李维,史岗,孟丹.基于配件加权标记的代码重用攻击防御框架[J].信息安全学报,2018,3(5):75-91    [点击复制]
  • MA Mengyu,CHEN Liwei,SHI Gang,MENG Dan.A Framework based on Gadget Weighted Tagging (GWT) to Protect Against Code Reuse Attacks[J].Journal of Cyber Security,2018,3(5):75-91   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 5019次   下载 5323 本文二维码信息
码上扫一扫!
基于配件加权标记的代码重用攻击防御框架
马梦雨1,2, 陈李维1,2, 史岗1,2, 孟丹1,2
0
(1.中国科学院信息工程研究所 北京 中国 100093;2.中国科学院大学 网络空间安全学院 北京 中国 100049)
摘要:
代码重用攻击(Code Reuse Attack,CRA)目前已经成为主流的攻击方式,能够对抗多种防御机制,给计算机安全带来极大的威胁和挑战。本文提出一种基于配件加权标记(Gadget Weighted Tagging,GWT)的CRAs防御框架。首先,GWT找到代码空间中所有可能被CRAs利用的配件。其次,GWT为每个配件附加相应的权值标记,这些权值可以根据用户需求灵活地配置。最后,GWT在程序运行时监控配件的权值信息,从而检测和防御CRAs。另外,我们结合粗粒度CFI的思想,进一步提出GWT+CFI的设计框架,相比基础的GWT,GWT+CFI能够提高识别配件开端的精确性并减少可用配件的数量。我们基于软件和硬件模拟的方案实现GWT和GWT+CFI系统,结果表明其平均性能开销分别为2.31%和3.55%,且GWT理论上能够防御大多数CRAs,特别是使用自动化工具生成配件链的CRAs。
关键词:  代码重用攻击  配件加权标记  控制流完整性
DOI:10.19363/J.cnki.cn10-1380/tn.2018.09.07
投稿时间:2017-06-19修订日期:2017-11-21
基金项目:本课题得到国家自然科学基金(No.61602469),中国科学院信息工程研究所和信息安全国家重点实验室(No.Y7Z0411105)资助。
A Framework based on Gadget Weighted Tagging (GWT) to Protect Against Code Reuse Attacks
MA Mengyu1,2, CHEN Liwei1,2, SHI Gang1,2, MENG Dan1,2
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)
Abstract:
Code reuse attacks(CRAs) become the primary attack vector nowadays. CRAs are able to bypass a variety of security mechanisms so that CRAs pose a great challenge in the field of security research. In this paper, we propose Gadget Weighted Tagging(GWT), a flexible framework to protect against CRAs. First, we find all possible gadgets, which can be used in CRAs. Then, we attach weighted tags to these gadgets, and the weighted values are configurable as the need. At last, we monitor the weighted tag information at runtime to detect and prevent CRAs. Furthermore, combining with the rule-based CFI, GWT+CFI can precisely confirm the gadget start and greatly reduce the number of possible gadgets, compared to the baseline GWT. We implement a software and emulation-based hardware framework to support GWT and GWT+CFI. The results show that the average performance overheads of GWT and GWT+CFI are 2.31% and 3.55% respectively, and GWT can defeat the majority of CRAs, especially those generated by automated tools.
Key words:  code reuse attack  gadget weighted tagging  control flow integrity