Design, Realization, and Evaluation of FastDIM to Prevent Memory Corruption Attacks

IF 3 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

Chinese Journal of Electronics Pub Date : 2025-07-01 DOI:10.23919/cje.2024.00.218

Jian Huang;Yanbo Li;Hao Han

{"title":"Design, Realization, and Evaluation of FastDIM to Prevent Memory Corruption Attacks","authors":"Jian Huang;Yanbo Li;Hao Han","doi":"10.23919/cje.2024.00.218","DOIUrl":null,"url":null,"abstract":"Software vulnerabilities, particularly memory corruption, are significant sources of security breaches. Traditional security measures like data-execution prevention, address space layout randomization, control-flow integrity, code-pointer integrity/separation, and data-flow integrity provide insufficient protection or lead to considerable performance degradation. This research introduces, develops, and scrutinizes FastDIM, a novel approach designed to safeguarding user applications from memory corruption threats. FastDIM encompasses an low-level virtual machine (LLVM) instrumentation mechanism and a distinct memory monitoring module. This system modifies applications in user space into a more secure variant, proactively reporting vital memory operations to a memory monitoring component within the kernel to ensure data integrity. Distinctive features of FastDIM compared to prior methodologies are twofold: FastDIM's integrated out-of-band monitoring system that secures both control-flow and non-control data within program memory, and the creation of a dedicated shared memory space to enhance monitoring efficiency. Testing a prototype of FastDIM with a broad spectrum of real-life applications and standard benchmarks indicates that FastDIM's runtime overhead is acceptable, at 4.4% for the SPEC CPU 2017 benchmarks, while providing the defense against memory corruption attacks.","PeriodicalId":50701,"journal":{"name":"Chinese Journal of Electronics","volume":"34 4","pages":"1233-1246"},"PeriodicalIF":3.0000,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11151235","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Chinese Journal of Electronics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11151235/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Software vulnerabilities, particularly memory corruption, are significant sources of security breaches. Traditional security measures like data-execution prevention, address space layout randomization, control-flow integrity, code-pointer integrity/separation, and data-flow integrity provide insufficient protection or lead to considerable performance degradation. This research introduces, develops, and scrutinizes FastDIM, a novel approach designed to safeguarding user applications from memory corruption threats. FastDIM encompasses an low-level virtual machine (LLVM) instrumentation mechanism and a distinct memory monitoring module. This system modifies applications in user space into a more secure variant, proactively reporting vital memory operations to a memory monitoring component within the kernel to ensure data integrity. Distinctive features of FastDIM compared to prior methodologies are twofold: FastDIM's integrated out-of-band monitoring system that secures both control-flow and non-control data within program memory, and the creation of a dedicated shared memory space to enhance monitoring efficiency. Testing a prototype of FastDIM with a broad spectrum of real-life applications and standard benchmarks indicates that FastDIM's runtime overhead is acceptable, at 4.4% for the SPEC CPU 2017 benchmarks, while providing the defense against memory corruption attacks.

查看原文本刊更多论文

FastDIM防止内存损坏攻击的设计、实现和评估

软件漏洞，特别是内存损坏，是安全漏洞的重要来源。传统的安全措施，如数据执行预防、地址空间布局随机化、控制流完整性、代码指针完整性/分离和数据流完整性，不能提供足够的保护或导致相当大的性能下降。本研究介绍、开发并详细分析了FastDIM，这是一种旨在保护用户应用程序免受内存损坏威胁的新方法。FastDIM包含一个低级虚拟机（LLVM）检测机制和一个独特的内存监视模块。该系统将用户空间中的应用程序修改为更安全的变体，主动向内核中的内存监视组件报告重要的内存操作，以确保数据完整性。与之前的方法相比，FastDIM的独特之处在于两个方面：FastDIM的集成带外监控系统，可以在程序内存中保护控制流和非控制数据，并创建专用共享内存空间，以提高监控效率。在广泛的实际应用程序和标准基准测试中测试FastDIM的原型表明，FastDIM的运行时开销是可以接受的，在SPEC CPU 2017基准测试中为4.4%，同时提供对内存损坏攻击的防御。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Chinese Journal of Electronics 工程技术-工程：电子与电气

CiteScore

3.70

自引率

16.70%

发文量

342

审稿时长

12.0 months

期刊介绍： CJE focuses on the emerging fields of electronics, publishing innovative and transformative research papers. Most of the papers published in CJE are from universities and research institutes, presenting their innovative research results. Both theoretical and practical contributions are encouraged, and original research papers reporting novel solutions to the hot topics in electronics are strongly recommended.