引用本文
  • 李秉政,张铮,马博林,邢福康,邬江兴.编译支持的多变体融合执行设计与实现[J].信息安全学报,2022,7(4):114-123    [点击复制]
  • LI Bingzheng,ZHANG Zheng,MA Bolin,XING Fukang,WU Jiangxing.Design and Implementation of Integrated Multi-Variant Execution Supported by Compiler[J].Journal of Cyber Security,2022,7(4):114-123   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 3673次   下载 2834 本文二维码信息
码上扫一扫!
编译支持的多变体融合执行设计与实现
李秉政1, 张铮1, 马博林2, 邢福康1, 邬江兴2
0
(1.数学工程与先进计算国家重点实验室 郑州 中国 450001;2.国家数字交换系统工程技术研究中心 郑州 中国 450002)
摘要:
多变体执行是由异构冗余变体并行执行来检测攻击的一种技术。作为一种主动防御技术,多变体执行(multi-variant execution,MVX)通过并行运行的异构执行体之间一致性检查发现攻击行为。相较于补丁式的被动防御,MVX可在不依赖攻击特征信息的情况下防御已知漏洞乃至未知漏洞威胁,在网络安全领域具有广泛的应用前景。然而该技术在实际部署中,由于多变体执行架构的边界不清晰,将随机数、进程PID号等被动地纳入到了表决范围,从而产生误报,导致多变体执行无法兼容更多的软件系统。本文分析了多变体执行假阳问题产生的原因,提出I-MVX,一种编译支持的多变体融合执行架构,包括多变体同步编程框架和运行时同步模块。I-MVX通过添加少量编译指示,在编译阶段对程序内部引起假阳性问题的代码和变量进行插桩标识,在运行时由监视器对变体进程内部和外部的变量及资源进行同步处理,消除多变体执行中的误报。本文基于LLVM/Clang编译器和Linux内核加载模块设计实现了I-MVX的编译器和同步监视器。性能实验评估显示,I-MVX在SPEC 2006基准测试集和tinyhttpd测试程序下引入的平均开销分别为2.13%和13.2%。多变体融合执行架构能够以少量的性能损耗为代价有效解决多变体执行中的假阳问题,提升多变体执行的可用性。基于真实CVE漏洞的安全性测试表明,I-MVX在保证多变体执行安全防御有效性基础上提升了多变体执行的兼容性。
关键词:  多变体执行  编译指示  网络空间安全
DOI:10.19363/J.cnki.cn10-1380/tn.2022.07.09
投稿时间:2021-06-15修订日期:2021-09-22
基金项目:本课题得到国家自然科学基金项目(No.61521003)与国家重点研发项目(No.2018YF0804003,No.2017YFB0803204)资助。
Design and Implementation of Integrated Multi-Variant Execution Supported by Compiler
LI Bingzheng1, ZHANG Zheng1, MA Bolin2, XING Fukang1, WU Jiangxing2
(1.State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China;2.National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China)
Abstract:
Multi-variant execution (MVX) is a technique in which heterogeneous redundant variants are executed in parallel to detect attacks. As an active defenses technique, MVX can detect attacks by monitoring the consistency of heterogeneous variants with parallel execution. Compared with patch-style passive defense, MVX can defend against known and even unknown vulnerabilities without relying on attack feature information, which has broad application prospects in the field of cyberspace security. However, in the actual deployment of the MVX framework, due to the unclear boundary of multi-variant execution, random numbers, process PID numbers, etc. are passively included in the voting range, resulting in false alarms, which make some software systems cannot be compatible with the MVX framework. We analyze the causes of the false positive problem of MVX and proposes I-MVX, a MVX framework supported by compilation, including MVX synchronization programming framework and a runtime synchronization module. I-MVX framework adds a small number of pragmas to instrument code and variables that cause false positives in the program during the compilation phase. At runtime, the monitor synchronizes the variables and resources from the inside and outside of variant processes to eliminate false alarms in the MVX framework. Based on the LLVM/Clang compiler and Linux kernel loading module, we design and implement the I-MVX compiler and synchronization monitor respectively. Performance experimental evaluation indicates that the average overhead introduced by I-MVX under the SPEC 2006 benchmark and Tinyhttpd program is 2.13% and 13.2%, respectively. At the cost of a small amount of performance loss, the integrated multi-variant execution framework can effectively solve the false positive problem in the MVX framework and improve the usability of the MVX framework. The security experiments based on real CVE vulnerabilities show that I-MVX improves the compatibility of multi-variant execution on the basis of ensuring the effectiveness of multi-variant execution security defense.
Key words:  multi-variant execution  compiler pragma  cyberspace security