电子学报2016,Vol.44Issue(10):2403-2409,7.DOI:10.3969/j.issn.0372-2112.2016.10.018
基于指令校验的软硬件协同代码重用攻击防护方法
An I nstruction Verification Based Hardware/Software Co-design Approach for Mitigating Code-Reuse Attacks
摘要
Abstract
Code-reuse attacks (CRAs)are difficult to detect and defend,especially on widely used x86 processors. One reason is that lots of unintended but legal instructions exist in x86 binary codes.The unintended instructions make the finding of so called gadgets for CRAs is much easier than that of RISC processors.Previous studies rely on software-only means to tackle the unintended instruction problem,which makes their approaches are either very costly or can only be ap-plied under restricted conditions.In this paper,we propose a hardware/software co-design approach to tackle the unintended instruction problem.The proposed mechanism has little performance impact on the examined SPEC CPU 2006 benchmarks. We also propose using hardware control-flow locking as a complementary technique.By using the two techniques together, an attacker will have little chance to carry out CRAs on x86 processors.关键词
代码重用攻击/非预期指令/指令校验Key words
code-reuse attack/unintended instruction/instruction verification分类
信息技术与安全科学引用本文复制引用
吕雅帅..基于指令校验的软硬件协同代码重用攻击防护方法[J].电子学报,2016,44(10):2403-2409,7.基金项目
国家自然科学基金 ()
