引用本文
  • 姚东,张铮,张高斐,邬江兴.MVX-CFI:一种实用的软件安全主动防御架构[J].信息安全学报,2020,5(4):44-54    [点击复制]
  • YAO Dong,ZHANG Zheng,ZHANG Gaofei,WU Jiangxing.MVX-CFI: a practical active defense framework for software security[J].Journal of Cyber Security,2020,5(4):44-54   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 5954次   下载 6343 本文二维码信息
码上扫一扫!
MVX-CFI:一种实用的软件安全主动防御架构
姚东1, 张铮1, 张高斐1, 邬江兴2
0
(1.数学工程与先进计算国家重点实验室 郑州 中国 450001;2.国家数字交换系统工程技术研究中心 郑州 中国 450002)
摘要:
软件安全是网络空间安全中最重要的环节。早期的软件安全解决方案大多是发现安全威胁后再逐一解决的被动防御方案。为了有效应对各类安全威胁,防御方法逐渐从被动过渡到主动。在众多的主动防御方法中,从系统执行架构角度出发构建内生防御能力的软件多变体执行架构技术受到了广泛关注,它通过异构、冗余执行体之间的相对正确性检查发现攻击行为,不依赖于具体安全威胁的特征检测,可实时检测并防御大多数已知、甚至未知安全威胁。然而,该方法面向实际应用部署存在较大的性能瓶颈。控制流完整性(CFI)是一种理想的安全解决方案,但由于其性能损失和兼容性问题也未被广泛采用。本文将两者有效结合提出一种基于多变体执行架构的CFI (MVX-CFI)。MVX-CFI是一种基于执行架构的、动态、透明的CFI实施方法,它能够有效捕获软件整个运行时控制流的走向并发现由攻击等恶意行为引起的非法路径转移。MVX-CFI通过MVX可形式化验证的高可信表决机制在运行时动态建立描述应用程序高频执行路径的控制流子图(Sub-CFG),并作为检测模型正向反馈到MVX用于辅助检测,减少了传统MVX大量重复的表决工作,提高了MVX的执行性能。Sub-CFG具有在线分离软件执行过程中高频路径和低频路径的能力,这一特性为软件预置后门的检测提供了一种思路。实验评估表明,本文的改进方法提高了原架构的执行效率,同时保证了在安全防御方面的有效性。
关键词:  多变体执行  软件安全  安全架构
DOI:10.19363/J.cnki.cn10-1380/tn.2020.07.04
投稿时间:2020-03-27修订日期:2020-06-02
基金项目:本课题得到国家重点研发计划网络空间安全专项(No.2018YFB0804003,No.2017YFB0803204)资助。
MVX-CFI: a practical active defense framework for software security
YAO Dong1, ZHANG Zheng1, ZHANG Gaofei1, WU Jiangxing2
(1.State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China;2.National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China)
Abstract:
Software security plays an important role in cyberspace security. Software security solutions in the early days are mostly passive defense solutions that are addressed one after the other when security threats are discovered. To deal with various security threats effectively, the defense method gradually changes from passive to active. Among many active defenses, the technique of software multi-variant execution architecture has been widely concerned. It can detect and defend most known attacks, not depending on the feature of specific threats. By checking the relative correctness between heterogeneous and redundant variants, it can find attacks and other abnormal behaviors. However, there is a big performance bottleneck in this method. Control flow integrity (CFI) is another ideal security solution, but it is not widely used in practice because of performance loss and compatibility problems. In this paper, we propose a multi-variant execution framework called MVX-CFI. MVX-CFI is a dynamic and transparent CFI implementation method based on the execution framework. It can effectively capture the control flow of the target software and find illegal path transfer caused by malicious acts such as attacks. MVX-CFI uses MVX formalized high trust voting mechanism to dynamically construct control flow subgraph (Sub CFG) to describe the high-frequency execution path of the target at runtime, and feedback to MVX as a detection model for assisted detection, which reduces a lot of repetitive voting work of traditional MVX and improves the performance. Sub-CFG can separate the high-frequency path and low-frequency path in the process of software execution online, and it provides a probability to detect preset back door in a software. Experimental evaluation shows that the proposed framework can improve the efficiency of the original MVX framework and perform security defense effectively.
Key words:  multi-variant execution  software security  security architecture