引用本文
  • 许奇臻,陈李维,李永悦,崔宁宁,史岗,孟丹.一种混合的返回地址保护机制[J].信息安全学报,已采用    [点击复制]
  • xu qizhen,chen liwei,li yongyue,cui ningning,shi gang,mengdan.A Hybrid Return Address Protection Mechanism[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 243次   下载 0  
一种混合的返回地址保护机制
许奇臻, 陈李维, 李永悦, 崔宁宁, 史岗, 孟丹
0
(中国科学院信息工程研究所)
摘要:
返回导向编程(Return-oriented programming,ROP)是一种常见的控制流劫持技术,对计算机系统安全造成了严重威胁。为了防御这种攻击,研究者们通常部署影子栈或者基于消息认证码(message authentication code,MAC)的防御手段。但是影子栈不仅会带来额外的内存开销,而且容易因为信息泄露而被绕过;基于消息认证码的机制(例如Zipper Stack)则会因为MAC值的计算而带来很高的性能损耗。本文提出了一种混合的返回地址保护机制Twine Stack。Twine Stack利用一个小小的硬件影子栈来实现多链式的Zipper Stack。具体的,这个影子栈的每一项保存每一条链上的返回地址及其MAC值,因而可以只使用一个哈希模块进行排队计算。同时,大部分返回地址还可以通过与硬件影子栈对比进行校验,而不需要重复地计算MAC值。我们在RISC-V架构上实现了Twine Stack,并且在FPGA开发版上评估它的性能损耗。实验表明,Twine Stack减少了95%的返回地址校验,性能损耗仅为1.38%,硬件面积只增加了974个LUT和726个flip flop。结果表明,我们的混合方案能够很好地缓解单一防御手段的不足。
关键词:  代码重用攻击  影子栈  消息认证码
DOI:
投稿时间:2021-10-01修订日期:2022-01-11
基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目)
A Hybrid Return Address Protection Mechanism
xu qizhen, chen liwei, li yongyue, cui ningning, shi gang, mengdan
(Institute of Information Engineering,Chinese Academy of Sciences)
Abstract:
Return-oriented programming(ROP) is a prevalent technique that targets return addresses to hijack control flow. To prevent such attack, researchers mainly focus on either Shadow Stack or MAC-based mechanisms(message code authentication). But Shadow Stack suffers from additional memory overhead and information leakage, while MAC-based mechanisms(e.g. Zipper Stack) impose high runtime overhead for MAC calculations. In this paper, we propose Twine Stack, a hybrid and efficient return address protection mechanism with lightweight hardware extension. It utilizes a tiny hardware shadow stack to realize a new multi-chain Zipper Stack. Specifically, each entry in the shadow stack stores a return address and its MAC in each chain, allowing queueing calculation with just one hash module. At meantime, some return address verifications could be done by comparison with the hardware shadow stack, instead of calculation again. We implemented Twine Stack on RISC-V architecture, and evaluated it on FPGA board. Our experiments show that Twine Stack reduces over 95% hash verifications, and imposes merely 1.38% performance overhead with an area overhead of 974 LUTs and 726 flip flops. The result demonstrates that our hybrid scheme mitigates the drawbacks of each separate scheme.
Key words:  code reuse attack  shadow stack  message authentication code