面向代码重用攻击检测的安全调试架构研究与设计
|
摘要
为了在不修改处理器结构的基础上检测代码重用攻击,提出面向代码重用攻击检测的安全调试架构。针对通用基础调试结构可利用的调试信号,设计总线跟踪模块,为执行内存访问控制提供接口。研究基于性能计数器的函数级代码重用攻击检测方法,增加跟踪检测微控制单元,使安全调试架构与性能计数器配合工作,在不插桩的前提下完成检测。实验结果表明,安全调试架构传输延时小,资源消耗少,能够有效检测代码重用攻击。
In order to detect code reuse attacks without modifying the structure of the processor, we proposed the secure debug architecture for detecting code reuse attacks. For the debugging signals available in the general basic debugging structure, a bus trace module was designed to provide an interface for executing memory access control. We studied the function-level code reuse attack detection method based on performance counter. We added a trace detecting micro controller unit to make the security debugging architecture work with performance counter and to complete the detection without source code instrumentation. The experimental results show that the security debugging architecture can detect code reuse attacks effectively with less transmission delay and less resource consumption.
In order to detect code reuse attacks without modifying the structure of the processor, we proposed the secure debug architecture for detecting code reuse attacks. For the debugging signals available in the general basic debugging structure, a bus trace module was designed to provide an interface for executing memory access control. We studied the function-level code reuse attack detection method based on performance counter. We added a trace detecting micro controller unit to make the security debugging architecture work with performance counter and to complete the detection without source code instrumentation. The experimental results show that the security debugging architecture can detect code reuse attacks effectively with less transmission delay and less resource consumption.
引文
[1] 柳童,史岗,孟丹.代码重用攻击与防御机制综述[J].信息安全学报,2016,1(2):15-27.
[2] Zhang J,Qi B,Qu G.HCIC:Hardware-assisted Control-flow Integrity Checking[J].IEEE Internet of Things Journal,2019,6(1):458-471.
[3] Clercq R D,Verbauwhede I.A survey of Hardware-based Control Flow Integrity (CFI)[EB].arXiv:1706.07257,2017.
[4] Clercq R D,Keulenaer R D,Coppens B,et al.SOFIA:Software and Control Flow Integrity Architecture[C]//Proceedings of the 2016 Design,Automation & Test in Europe Conference & Exhibition (DATE).EDA Consortium,2016.
[5] Arora D,Ravi S,Raghunathan A,et al.Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring[C]//Proceedings of the conference on Design,Automation and Test in Europe.IEEE,2005:178-183.
[6] Song C,Moon H,Alam M,et al.HDFI:Hardware-Assisted Data-Flow Isolation[C]//2016 IEEE Symposium on Security and Privacy (SP).IEEE,2016.
[7] Qiu P,Lyu Y,Zhang J,et al.Control Flow Integrity Based on Lightweight Encryption Architecture[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2018,37(7):1358-1369.
[8] Davi L,Hanreich M,Paul D,et al.HAFIX:Hardware-Assisted Flow Integrity eXtension[C]//2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).IEEE,2015.
[9] Werner M,Unterluggauer T,Schaffenrath D,et al.Sponge-Based Control-Flow Protection for IoT Devices[C]//2018 IEEE European Symposium on Security and Privacy(EuroS&P).IEEE,2018.
[10] Malone C,Zahran M,Karri R.Are hardware performance counters a cost effective way for integrity checking of programs[C]//Proceedings of the sixth ACM workshop on Scalable trusted computing.New York:ACM,2011:71-76.
[11] Wang X,Konstantinou C,Maniatakos M,et al.Malicious Firmware Detection with Hardware Performance Counters[J].IEEE Transactions on Multi-Scale Computing Systems,2017,2(3):160-173.
[12] Lee Y,Heo I,Hwang D,et al.Towards a practical solution to detect code reuse attacks on ARM mobile devices[C]//Workshop on Hardware & Architectural Support for Security & Privacy.ACM,2015.
[13] Lee J,Heo I,Lee Y,et al.Efficient Security Monitoring with the Core Debug Interface in an Embedded Processor[J].ACM Transactions on Design Automation of Electronic Systems,2016,22(1):1-29.
[14] Guo Z,Bhakta R,Harris I G.Control-flow checking for intrusion detection via a real-time debug interface[C]//2014 International Conference on Smart Computing Workshops.IEEE,2014.
[15] 孙晨,雷英杰,路艳丽.最新Linux内核NX实现技术分析[J].现代电子技术,2006,29(4):30-32.
[16] 徐小玲,赵振熹.代码注入攻击及防御技术研究[J].浙江外国语学院学报,2009(4):102-106.
[17] Lan B,Li Y,Sun H,et al.Loop-Oriented Programming:A New Code Reuse Attack to Bypass Modern Defenses[C]//Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA.IEEE,2015:190-197.
[18] Checkoway S,Davi L,Dmitrienko A,et al.Return-oriented programming without returns[C]//ACM Conference on Computer and Communications Security,CCS 2010,Chicago,Illinois,Usa,October.DBLP,2010:559-572.
[19] 邢骁.自动化构造Jump-Oriented Programming攻击[D].南京:南京大学,2012.
[20] ARM.CoreSight Components-Technical Reference Manual[EB/OL].2009.http://www.arm.com.
[21] IEEE-Industry Standards and Technology Organization(IEEE-ISTO).The Nexus 5001 Forum Standard for a Global Embedded Processor Debug Interface[S].2003.
[22] OpenSoCDebug.Open SoC Debug Documentation Library[EB].2018.
[23] ETH Zurich.Pulpino source repository[OL].2017.https://github.com/pulp-platform/ pulpino.
[24] http://ctuning.org/.
[2] Zhang J,Qi B,Qu G.HCIC:Hardware-assisted Control-flow Integrity Checking[J].IEEE Internet of Things Journal,2019,6(1):458-471.
[3] Clercq R D,Verbauwhede I.A survey of Hardware-based Control Flow Integrity (CFI)[EB].arXiv:1706.07257,2017.
[4] Clercq R D,Keulenaer R D,Coppens B,et al.SOFIA:Software and Control Flow Integrity Architecture[C]//Proceedings of the 2016 Design,Automation & Test in Europe Conference & Exhibition (DATE).EDA Consortium,2016.
[5] Arora D,Ravi S,Raghunathan A,et al.Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring[C]//Proceedings of the conference on Design,Automation and Test in Europe.IEEE,2005:178-183.
[6] Song C,Moon H,Alam M,et al.HDFI:Hardware-Assisted Data-Flow Isolation[C]//2016 IEEE Symposium on Security and Privacy (SP).IEEE,2016.
[7] Qiu P,Lyu Y,Zhang J,et al.Control Flow Integrity Based on Lightweight Encryption Architecture[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2018,37(7):1358-1369.
[8] Davi L,Hanreich M,Paul D,et al.HAFIX:Hardware-Assisted Flow Integrity eXtension[C]//2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).IEEE,2015.
[9] Werner M,Unterluggauer T,Schaffenrath D,et al.Sponge-Based Control-Flow Protection for IoT Devices[C]//2018 IEEE European Symposium on Security and Privacy(EuroS&P).IEEE,2018.
[10] Malone C,Zahran M,Karri R.Are hardware performance counters a cost effective way for integrity checking of programs[C]//Proceedings of the sixth ACM workshop on Scalable trusted computing.New York:ACM,2011:71-76.
[11] Wang X,Konstantinou C,Maniatakos M,et al.Malicious Firmware Detection with Hardware Performance Counters[J].IEEE Transactions on Multi-Scale Computing Systems,2017,2(3):160-173.
[12] Lee Y,Heo I,Hwang D,et al.Towards a practical solution to detect code reuse attacks on ARM mobile devices[C]//Workshop on Hardware & Architectural Support for Security & Privacy.ACM,2015.
[13] Lee J,Heo I,Lee Y,et al.Efficient Security Monitoring with the Core Debug Interface in an Embedded Processor[J].ACM Transactions on Design Automation of Electronic Systems,2016,22(1):1-29.
[14] Guo Z,Bhakta R,Harris I G.Control-flow checking for intrusion detection via a real-time debug interface[C]//2014 International Conference on Smart Computing Workshops.IEEE,2014.
[15] 孙晨,雷英杰,路艳丽.最新Linux内核NX实现技术分析[J].现代电子技术,2006,29(4):30-32.
[16] 徐小玲,赵振熹.代码注入攻击及防御技术研究[J].浙江外国语学院学报,2009(4):102-106.
[17] Lan B,Li Y,Sun H,et al.Loop-Oriented Programming:A New Code Reuse Attack to Bypass Modern Defenses[C]//Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA.IEEE,2015:190-197.
[18] Checkoway S,Davi L,Dmitrienko A,et al.Return-oriented programming without returns[C]//ACM Conference on Computer and Communications Security,CCS 2010,Chicago,Illinois,Usa,October.DBLP,2010:559-572.
[19] 邢骁.自动化构造Jump-Oriented Programming攻击[D].南京:南京大学,2012.
[20] ARM.CoreSight Components-Technical Reference Manual[EB/OL].2009.http://www.arm.com.
[21] IEEE-Industry Standards and Technology Organization(IEEE-ISTO).The Nexus 5001 Forum Standard for a Global Embedded Processor Debug Interface[S].2003.
[22] OpenSoCDebug.Open SoC Debug Documentation Library[EB].2018.
[23] ETH Zurich.Pulpino source repository[OL].2017.https://github.com/pulp-platform/ pulpino.
[24] http://ctuning.org/.