引用本文
  • 马博林,张 铮,邵昱文,李秉政,潘传幸,蒋 鹏,邬江兴.KMBox:基于Linux内核改造的进程异构冗余执行系统[J].信息安全学报,已采用    [点击复制]
  • MA Bolin,ZHANG Zheng,SHAO Yuwen,LI Bingzheng,PAN Chuanxing,JIANG Peng,WU Jiangxing.KMBox: Linux Kernel-based Heterogeneous Redundant Execution System Designed for Process[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 403次   下载 0  
KMBox:基于Linux内核改造的进程异构冗余执行系统
马博林1, 张 铮1, 邵昱文1, 李秉政1, 潘传幸1, 蒋 鹏2, 邬江兴1
0
(1.中国人民解放军战略支援部队信息工程大学 郑州 中国;2.网络通信与安全紫金山实验室 南京 中国)
摘要:
随机化技术防御进程控制流劫持攻击,是建立在攻击者无法了解当前内存地址空间布局的基础之上,因此,攻击者利用内存信息泄露绕过随机化防御获得gadget地址,向程序注入由gadget地址构造的payload,实施控制流劫持攻击。为了解决该问题,基于内核空间改造设计出一种进程异构冗余执行系统,冗余的进程独立地采用内存地址空间随机化技术,构建相互异构的内存地址空间布局,在与内存信息泄露相关的系统调用处进行表决,发现泄露信息不一致,阻断进程控制流劫持攻击。即使攻击者跳过内存信息泄露进行漏洞利用,异构内存空间布局也使得注入由gadget地址构造的payload无法同时在冗余的进程中有效,阻断进程控制流劫持攻击。实现了原型系统KMBox,实验证明该系统能够有效抵御进程控制流劫持攻击,性能相较于基于ptrace的进程异构冗余执行系统有所提高。
关键词:  控制流劫持攻击  异构冗余执行系统  随机化
DOI:
投稿时间:2021-10-10修订日期:2021-12-17
基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目),国家重点基础研究发展计划(973计划)
KMBox: Linux Kernel-based Heterogeneous Redundant Execution System Designed for Process
MA Bolin1, ZHANG Zheng1, SHAO Yuwen1, LI Bingzheng1, PAN Chuanxing1, JIANG Peng2, WU Jiangxing1
(1.PLA Information Engineering University;2.Purple Mountain Laboratories)
Abstract:
The randomization technology to defeat process control-flow hijacking attacks is based on the fact that attackers are unable to know about the memory address space layout. However, attackers can still exploit information disclosure to bypass the randomization defense and obtain gadget address. Attackers then inject the payload constructed by the gadgets into program to launch control-flow hijacking attacks. In order to solve this problem, a kernel-based heterogeneous redundant execution system is designed for process, the redundant processes adopt memory address space layout randomization independently, besides, the system calls related information disclosure will be voted to find abnormality and defeat process control-flow hijacking attacks. Even if attackers skip information disclosure to exploit other vulnerabilities, the heterogeneous memory address space layouts prevent the injected payload from being effective in redundant processes at the same time, which can also defeat attacks. The prototype system KMBox is implemented and experiments show that the prototype can effectively defeat process control-flow hijacking attacks. Comparative performance tests show that KMBox is better than the heterogeneous redundant execution system based on ptrace.
Key words:  control-flow hijacking attack  heterogeneous redundant execution system  randomization