控制你的控制流图

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2016-05-03 DOI:10.1109/HST.2016.7495554

A. Kanuparthi, Jeyavijayan Rajendran, R. Karri

{"title":"控制你的控制流图","authors":"A. Kanuparthi, Jeyavijayan Rajendran, R. Karri","doi":"10.1109/HST.2016.7495554","DOIUrl":null,"url":null,"abstract":"Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Controlling your control flow graph\",\"authors\":\"A. Kanuparthi, Jeyavijayan Rajendran, R. Karri\",\"doi\":\"10.1109/HST.2016.7495554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.\",\"PeriodicalId\":194799,\"journal\":{\"name\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"70 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2016.7495554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

代码重用攻击(CRAs)是一种软件攻击，攻击者在不注入恶意代码的情况下通过现有代码引导程序控制流来实现其目标。本文提出了动态序列检查器(DSC)，这是一个验证程序中基本块之间控制流有效性的框架。在编译时，将唯一代码分配给程序中的每个基本块，使两个合法连接的基本块之间的汉明距离为已知常数。在运行时，计算分配给源和目标基本块的代码之间的汉明距离，并与已知常数进行比较，以验证控制流。如果汉明距离比较不匹配，则中止执行。我们在一个周期精确的x86模拟器上实现了DSC。DSC已经能够检测到所有由ROPGadget工具报告的CRA小工具。与基准处理器相比，平均性能开销为4.7%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Controlling your control flow graph

Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量