| 引用本文: |
-
熊忠升,白云开,李沛南,孟丹,侯锐.基于四阶段分析的控制流认证研究综述[J].信息安全学报,已采用 [点击复制]
- xiongzhongsheng,baiyunkai,lipeinan,mengdan,hourui.A Survey of Control-Flow Attestation Based on a Four-Stage Analysis[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着互联网、云计算、大数据等技术的迅猛发展,全球信息处理需求呈现爆炸式增长,也使得信息安全问题成为学术界和工业界的核心关注点。特别是在远程设备中,如何有效保护敏感数据并确保代码的安全执行,已经成为信息安全领域亟待解决的关键问题。在此背景下,远程认证作为确保程序完整性的一种技术手段,被广泛应用于保证软件在执行时的安全性。然而,随着控制流劫持攻击手段的不断演化,远程认证技术面临着新的挑战。其在应对控制流劫持攻击等复杂的攻击手段时表现出了明显的脆弱性,难以有效抵御日益多样化和精巧的攻击方式。因此,控制流认证技术的研究变得尤为重要,学术界也越来越关注这一领域的进展。随着越来越多的学者投入到这一领域,控制流认证技术在安全性、可用性、系统性能等方面取得了显著进展。基于当前的研究现状,本文将对控制流认证技术进行全面调研和总结。具体而言,本文提出了一种四阶段分析方法,对控制流认证进行深入解读。我们将其分解为控制流安全约束定义阶段、动态控制流信息采集阶段、动态控制流信息安全存储阶段和动态控制流信息验证阶段,并对这四个阶段所采用的技术进行分类,评估其优缺点。此外,结合可信执行环境技术,本文还将探讨在这一环境下进行控制流认证的技术难点、现有方案的解决思路以及仍然存在的问题。最后,本文将在对当前研究成果进行总结的基础上,对控制流认证技术的未来发展方向进行展望与深入讨论。 |
| 关键词: 控制流劫持攻击 远程认证 控制流认证 可信执行环境 |
| DOI: |
| 投稿时间:2024-11-16修订日期:2025-02-25 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| A Survey of Control-Flow Attestation Based on a Four-Stage Analysis |
|
xiongzhongsheng1,2, baiyunkai1,2, lipeinan1, mengdan1, hourui1
|
| (1.Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences;2.School of Cyber Security, University of Chinese Academy of Sciences) |
| Abstract: |
| With the rapid development of technologies such as the internet, cloud computing, and big data, the global demand for information processing has experienced explosive growth, making information security a central concern for both academia and industry. In particular, the effective protection of sensitive data and the assurance of secure code execution in remote devices have become critical issues in the field of information security that require urgent resolution. In this context, remote attestation, as a technique to ensure program integrity, has been widely used to guarantee the security of software during execution. However, with the continuous evolution of control flow hijacking attacks, remote attestation technologies face new challenges. These methods have shown significant vulnerabilities when confronted with complex attack techniques such as control flow hijacking, making them increasingly ineffective against the growing variety and sophistication of attack strategies. As a result, research on control flow attestation has become particularly important, and academic interest in this field has been steadily increasing. With more scholars engaging in this area of study, significant progress has been made in enhancing the security, usability, and system performance of control flow attestation techniques. Based on the current state of research, this paper presents a comprehensive survey and summary of control flow attestation technologies. Specifically, we propose a four-stage analytical framework to provide an in-depth interpretation of control flow attestation. We break it down into the following stages: definition of control flow security constraints, dynamic control flow information collection, dynamic control flow information secure storage, and dynamic control flow information verification. We classify the technologies used in these stages and evaluate their strengths and weaknesses. Furthermore, in conjunction with Trusted Execution Environment (TEE) technology, we explore the technical challenges of conducting control flow attestation within this environment, existing solutions, and ongoing issues. Finally, based on a summary of current research, we provide an outlook and in-depth discussion on the future development directions of control flow attestation technologies. |
| Key words: control-flow hijack attacks, remote attestation, control-flow attestation, trusted execution environment |
