CN103995705A

CN103995705A - Operating system address space randomized distribution system and method

Info

Publication number: CN103995705A
Application number: CN201410246004.8A
Authority: CN
Inventors: 游瑞邦; 涂碧波; 孟丹
Original assignee: Institute of Information Engineering of CAS
Current assignee: Institute of Information Engineering of CAS
Priority date: 2014-06-04
Filing date: 2014-06-04
Publication date: 2014-08-20
Anticipated expiration: 2034-06-04
Also published as: CN103995705B

Abstract

The invention discloses an operating system address space randomized distribution system and method, and relates to the field of information safety. The operating system address space randomized distribution system and method expand the address space randomized distribution range and improve the safety of randomization of the operation system accordingly. The operating system address space randomized distribution system comprises a user space layer and a kernel space layer. The user space layer comprises a user space executable program partial randomization management strategy generating/analyzing device, a global randomization management strategy module and a random event collection module. The kernel space layer comprises an executable program loading module, a virtual file system management module, a management strategy analyzing module, a randomization factor generating module and an address space randomized distribution module. The operating system address space randomized distribution method is used for the operating system address space randomized distribution system. The operating system address space randomized distribution system and method are also applied to a current domestic loongson processor platform.

Description

A kind of operating system address space randomization distribution system and method

Technical field

The present invention relates to information security field, particularly a kind of operating system address space randomization distribution system and method.

Background technology

Computing machine is the infrastructure of information Storage and Processing, but considers based on the cost factor of design complexity and realization, for the computing machine of Storage and Processing information dangerous.Cause that the unsafe principal element of computing machine comprises: 1. lack the hardware designing for demand for security specially; 2. operating system is not just considered security mechanism at the beginning of design; 3. the born defect of computerese, the buffer overflow potential safety hazard of being introduced as C language.The existence meeting of these factors brings the security breaches of different levels to computer system, leave opportunity to Malware.As current Malware wildness, network attack is continuous, and the IT infrastructure of Storage and Processing information is subject to virus infections and attack more or less, and the safe operation of computing machine and the data security being stored in wherein must be on the hazard.

The threat of computer security is mainly derived from buffer-overflow vulnerability, and the security of memory management is the core of computer security, and this is because most security breaches are relevant to memory management.As pandemic Denial of Service attack (DoS), sensitive data are stolen, all to lack safe memory management relevant to system with the underlying causes of obtaining the attacks such as superuser right.From CVE2012Linux kernel leak database, 80% leak overflows with stack buffer area, malicious code is carried out, null pointer quotes, internal memory collapse, pointer are relevant with function parameter safety inspection disappearance.Moreover widely used C language is not safe computerese, the length of object is not done safety inspection, and uses in a large number pointer, and the incorrect use meeting of pointer simultaneously brings potential safety hazard to code.The most of code of (SuSE) Linux OS is completed by C language, the same with other application programs, has equally buffer overflow potential safety hazard.Buffer-overflow vulnerability is still to threaten first of computer security to threaten at present.From CVE2012Linux kernel leak database, the leak directly being caused by buffer overflow just accounts for 30%, and other forms of leak major part is also to be caused by buffer overflow.Buffer-overflow vulnerability is attacked the return address that covers stack frame by local variable buffer overflow, distorts stack content frame and implants malicious code (as shell code (shellcode)) and make it operation.Computer security causes extensive attention in recent years, and starting Design and implementation has the hardware and software facility of certain security function.Hardware technology is as the not executable NX of processor support position and corresponding page table management mechanism; Software engineering is taken precautions against the technology such as the stack protection (Stack Guard) of buffer overflow as compiler increases.These two technology can more effectively be taken precautions against and stop and utilized buffer-overflow vulnerability to implant malicious code and make it the attack of carrying out.But safety technique and hacker's leak utilization attack are the processes of mutual game, occur that the mutation of buffer overflow is attacked.Return to built-in function (return-to-libc) and attack the Typical Representative of the mutation attack that is buffer overflow, it need to not implant malicious code and carry out in stack in stack, so the stack resist technology of NX technology and compiler is invalid to it.Program generally all can link C function library, i.e. libc.Return-to-libc buffer overflow attack need to, at function stack district code implant, only not need the content of amendment stack frame return address, makes it point to unsafe system library function.Only need to give its parameter as system in libc (system) function and just can carry out external code, for example "/bin/sh ", assailant utilizes the leak of built-in function to attack.The success ratio of return-to-libc depends on the fixed allocation of system address space, and leak user can guess the built-in function entry address that goal systems with comparalive ease, attacks thereby can effectively implement return-to-libc.If system is abandoned original address space fixed allocation mode, and employing address space randomization allocation strategy, can effectively stop return-to-libc to attack, because having improved assailant, the address space of system Random Maps built-in function surveys the difficulty of the address of built-in function, in 64 systems, almost visit and do not measure, can effectively take precautions against such buffer zone mutation and attack.

At present, the windows of x86 general-purpose platform and (SuSE) Linux OS are also supported address space randomization distribution function.But there is many problems in existing address space randomization allocation scheme, as: 1. current randomization range of distribution is more limited, the random scope of more than 10, assailant adopts violence conjecture way easily to guess the address space distribution situation after randomization distributes.2. random number generation algorithm is only relevant to clock, safe not.The random number generation algorithm that the randomization of system distributes at present depends on the built-in function (random function) of system, and the algorithm of this function is to produce random number according to the clock value of system, just easily guesses the layout after the address space randomization distribution that intended application and implement return-to-libc and attack if assailant obtains the clock value of goal systems.3. underaction, address space randomization distribution function is opened in system or selection, be that all processes of system are all taked randomization allocation scheme, or close this function, user can not independently select opening and closing randomization distribution function according to the demand for security of application; Address space comprises: stack address space, heap address space and memory-mapped (mmap) address space, whether current randomization allocation scheme can not take randomization allocation scheme according to these three address spaces of concrete demand for security separate configurations.4. the (SuSE) Linux OS of current domestic dragon chip processor platform also lacks the support of the address space randomization distribution function of perfect in shape and function.

Summary of the invention

The technical problem to be solved in the present invention is to provide a kind of operating system address space randomization distribution system and method, improves address space randomization range of distribution, thereby improves the randomized security of operating system.

In order to address the above problem, the invention provides a kind of operating system address space randomization distribution system, comprise user's space layer and kernel spacing layer,

Described user's space layer comprises: the local randomization operating strategy of user's space executable program generation/resolver, overall randomization operating strategy module, random occurrence acquisition module;

Described kernel spacing layer comprises: executable program load-on module, Virtual File System administration module, operating strategy parsing module, randomization factor generation module, address space randomization distribution module;

The local randomization operating strategy of described user's space executable program generations/resolver is used for: for executable program or dynamic base generates local randomization operating strategy and by described local randomization operating strategy with executable file form or extremely described executable program load-on module of dynamic library file formal output; And described local randomization operating strategy is resolved with the local randomization operating strategy for described executable program or dynamic base to user report;

Described overall randomization operating strategy module is used for: preserve overall randomization operating strategy, wherein said overall randomization operating strategy comprises: global address space's randomization distributes force policy, global stack's space randomization allocation strategy, overall heap space randomization allocation strategy and global memory's mapping randomization allocation strategy; And therefrom select overall randomization operating strategy to export described Virtual File System administration module to for user under user's configuring condition;

Described random occurrence acquisition module is used for: gather the random occurrence data that comprise following content: keyboard value and mouse value, the current interruption times of described operating system and the current network swap data amount of described operating system of the random input of user; And described random occurrence data are offered to randomization factor generation module;

Described executable program load-on module is used for: to analyzing from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver, and load described executable file or dynamic library file and export described local randomization operating strategy to described operating strategy parsing module;

Described Virtual File System administration module: registration has Virtual File System, wherein said Virtual File System to wait to load the overall randomization operating strategy from overall randomization operating strategy module, and has overall randomization operating strategy default configuration; For Virtual File System is resolved to obtain final overall randomization operating strategy, make to export the overall randomization operating strategy of loading in described Virtual File System to described operating strategy parsing module as described final overall randomization operating strategy in described user configured situation, and in the situation that no user configures, export described operating strategy parsing module using described overall randomization operating strategy default configuration as described final overall randomization operating strategy to;

Described operating strategy parsing module is used for: resolve to generate final randomization operation strategy to the described local randomization operating strategy from described executable program load-on module with from the described final overall randomization operating strategy of described Virtual File System administration module, and export described final randomization operation strategy to described address space randomization distribution module;

Described randomization factor generation module is used for: generate randomization modified value according to the described random occurrence data from described random occurrence acquisition module, generate random number according to the system library function of described randomization modified value and described operating system, and described random number is carried out to 230 modular arithmetics obtain randomization factor, for the fixed allocation address of dividing timing to adjust address space in the space randomization of described address space randomization distribution module executive address, and export described randomization factor to described address space randomization distribution module; And

Described address space randomization distribution module is used for: according to moving strategy from the described final randomization of described operating strategy parsing module and carrying out described address space randomization from the described randomization factor of described randomization factor generation module and distribute, make described address space have randomization address.

Further, in described executable file or dynamic library file, there is the program paragraph header for depositing described local randomization operating strategy.

Further, described executable program load-on module is used for analyzing and comprise from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver:

Described executable program load-on module resolves to extract described local randomization operating strategy to the program paragraph header in described executable file or dynamic library file.

Further, described local randomization operating strategy comprises: local stack space randomization allocation strategy, local heap space randomization allocation strategy and local memory mapping space randomization allocation strategy.

Further, described operating strategy parsing module resolves to generate final randomization operation strategy to described local randomization operating strategy and described final overall randomization operating strategy as follows:

The overall situation is forced determining step: judge that the randomization of described global address space distributes force policy whether to open, if, make all processes of described operating system all implement stack space randomization distribution, heap space randomization distribution and memory-mapped space randomization distribution, otherwise enter global stack's determining step, overall situation heap determining step and global memory's mapping determining step;

Global stack's determining step: judge that whether described global stack space randomization allocation strategy is opened, and if so, enters local stack determining step, otherwise makes stack space normal allocation;

Local stack determining step: judge whether described local stack space randomization allocation strategy is opened, if so, make the stack space corresponding with described executable file or dynamic library file implement randomization and distribute, otherwise make stack space normal allocation;

Overall situation heap determining step: judge whether described overall heap space randomization allocation strategy is opened, if so, enter local heap determining step, otherwise make heap space normal allocation;

Local heap determining step: judge whether described local heap space randomization allocation strategy is opened, if so, make the heap space corresponding with described executable file or dynamic library file implement randomization and distribute, otherwise make heap space normal allocation;

Global memory's mapping determining step: judge whether described global memory mapping space randomization allocation strategy is opened, if so, enter local memory mapping determining step, otherwise make memory-mapped space normal allocation; And

Local memory mapping determining step: judge whether described local memory mapping space randomization allocation strategy is opened, if, make the memory-mapped space corresponding with described executable file or dynamic library file implement randomization and distribute, otherwise make memory-mapped space normal allocation.

Further, described overall randomization operating strategy default configuration is: open or close described global stack space randomization allocation strategy, open or close described overall heap space randomization allocation strategy and unlatching or close described global memory mapping space randomization allocation strategy.

Further, described overall randomization operating strategy default configuration is: open described global stack space randomization allocation strategy, open described overall heap space randomization allocation strategy and open described global memory mapping space randomization allocation strategy.

Further, described stack space randomization address=fixed allocation address-randomization factor; And

Described heap space randomization address and randomization address, described memory-mapped space difference=fixed allocation address+randomization factor.

Further, described operating system is (SuSE) Linux OS.

Further, described executable program adopts elf form.

Further, described Virtual File System adopts proc form.

In order to address the above problem, improve a kind of operating system address space randomization distribution method, for aforesaid operations system address space randomization distribution system, wherein said distribution system comprises user's space layer and kernel spacing layer,

Described user's space layer comprises: the local randomization operating strategy of user's space executable program generation/resolver, overall randomization operating strategy module, random occurrence acquisition module; And

Described distribution method comprises:

The local randomization operating strategy of described user's space executable program generation/resolver: for executable program or dynamic base generate local randomization operating strategy and by described local randomization operating strategy with executable file form or dynamic library file formal output to described executable program load-on module; And described local randomization operating strategy is resolved with the local randomization operating strategy for described executable program or dynamic base to user report;

Described overall randomization operating strategy module: preserve overall randomization operating strategy, wherein said overall randomization operating strategy comprises: global address space's randomization distributes force policy, global stack's space randomization allocation strategy, overall heap space randomization allocation strategy and global memory's mapping randomization allocation strategy; And therefrom select overall randomization operating strategy to export described Virtual File System administration module to for user under user's configuring condition;

Described random occurrence acquisition module: gather the random occurrence data that comprise following content: keyboard value and mouse value, the current interruption times of described operating system and the current network swap data amount of described operating system of the random input of user; And described random occurrence data are offered to randomization factor generation module; Described executable program load-on module: to analyzing from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver, and load described executable file or dynamic library file and export described local randomization operating strategy to described operating strategy parsing module;

Described Virtual File System administration module: the Virtual File System being registered in is wherein resolved to obtain final overall randomization operating strategy, make to export the overall randomization operating strategy of loading in described Virtual File System to described operating strategy parsing module as described final overall randomization operating strategy in described user configured situation, and in the situation that configuring, no user exports described operating strategy parsing module to using described overall randomization operating strategy default configuration as described final overall randomization operating strategy, wherein said Virtual File System waits to load the overall randomization operating strategy from overall randomization operating strategy module, and there is overall randomization operating strategy default configuration,

Described operating strategy parsing module: resolve to generate final randomization operation strategy to the described local randomization operating strategy from described executable program load-on module with from the described final overall randomization operating strategy of described Virtual File System administration module, and export described final randomization operation strategy to described address space randomization distribution module;

Described randomization factor generation module: generate randomization modified value according to the described random occurrence data from described random occurrence acquisition module, generate random number according to the system library function of described randomization modified value and described operating system, for the fixed allocation address of dividing timing to adjust address space in the space randomization of described address space randomization distribution module executive address, and export described randomization factor to described address space randomization distribution module; And

Described address space randomization distribution module: according to moving strategy from the described final randomization of described operating strategy parsing module and carrying out described address space randomization from the described randomization factor of described randomization factor generation module and distribute, make described address space there is randomization address.

Operating system address space randomization distribution system of the present invention and method provide the address space randomization of 30 scopes to distribute, taked the safer random number producing method of randomization better effects if, provide simultaneously can flexible configuration randomization allocation strategy.Because realizing method and the framework of employing are irrelevant, the present invention both can be for the general Linux platform of x86, also can be for the (SuSE) Linux OS of domestic dragon chip processor platform, thus the address space randomization distribution function of perfect in shape and function provided for the (SuSE) Linux OS of domestic dragon chip processor platform.Can effectively take precautions against the buffer overflow mutation of return-to-libc by the present invention and attack, improve the safety of general (SuSE) Linux OS.

Brief description of the drawings

Fig. 1 is the structural representation of the operating system address space randomization distribution system of the embodiment of the present invention;

Fig. 2 is the operating system address space randomization distribution method process flow diagram of the embodiment of the present invention;

Fig. 3 is the Analytic principle figure of the operating strategy parsing module of the embodiment of the present invention;

Fig. 4 is the schematic diagram of the randomization factor generation module of the embodiment of the present invention;

Fig. 5 is the implementation procedure process flow diagram of the local randomization operating strategy of the user's space executable program generation/resolver of the embodiment of the present invention;

Fig. 6 is the implementation procedure process flow diagram of the executable program load-on module of the embodiment of the present invention;

Fig. 7 is the implementation procedure process flow diagram of the Virtual File System administration module of the embodiment of the present invention;

Fig. 8 is the implementation procedure process flow diagram of the operating strategy parsing module of the embodiment of the present invention;

The address space randomization distribution module that Fig. 9 shows the embodiment of the present invention realizes stack, heap and memory-mapped space randomization distribution control stream;

The final stack space randomization that Figure 10 shows the embodiment of the present invention distributes control stream;

Heap space, bss space and the randomization of memory-mapped space that Figure 11 shows the embodiment of the present invention distribute control stream;

Total internal memory mapping address space randomization that Figure 12 shows the embodiment of the present invention distributes control stream;

The randomization that Figure 13 shows internal memory mapping address space shows that distribution, anonymous distribution and heap distribute control stream;

The distribution system configuration that Figure 14 shows the embodiment of the present invention becomes the operational effect figure of total system randomization allocation strategy at domestic dragon chip processor platform; And

The distribution system configuration that Figure 15 shows the embodiment of the present invention becomes only to implement the operational effect figure of randomization allocation strategy in stack address space at domestic dragon chip processor platform.

Embodiment

For making the object, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing, embodiments of the invention are elaborated.It should be noted that, in the situation that not conflicting, the combination in any mutually of the feature in embodiment and embodiment in the application.

As shown in Figure 1, the embodiment of the present invention provides a kind of operating system address space randomization distribution system, comprises user's space layer and kernel spacing layer,

Described user's space layer comprises: the local randomization operating strategy of user's space executable program generation/resolver 1, overall randomization operating strategy module 2, random occurrence acquisition module 3;

Described kernel spacing layer comprises: executable program load-on module 4, Virtual File System administration module 5, operating strategy parsing module 6, randomization factor generation module 7, address space randomization distribution module 8;

The local randomization operating strategy of described user's space executable program generations/resolver 1 for: for executable program or dynamic base generates local randomization operating strategy and by described local randomization operating strategy with executable file form or extremely described executable program load-on module 4 of dynamic library file formal output; And described local randomization operating strategy is resolved with the local randomization operating strategy for described executable program or dynamic base to user report;

Described overall randomization operating strategy module 2 for: preserve overall randomization operating strategy, wherein said overall randomization operating strategy comprises: global address space randomization distributes force policy, global stack's space randomization allocation strategy, overall heap space randomization allocation strategy and global memory's mapping randomization allocation strategy; And therefrom select overall randomization operating strategy to export described Virtual File System administration module 5 to for user under user's configuring condition;

Described random occurrence acquisition module 3 for: gather and comprise the random occurrence data of following content: keyboard value and mouse value, the current interruption times of described operating system and the current network swap data amount of described operating system of the random input of user; And described random occurrence data are offered to randomization factor generation module 7;

Described executable program load-on module 4 for: to analyzing from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver, and load described executable file or dynamic library file and export described local randomization operating strategy to described operating strategy parsing module 6;

Described Virtual File System administration module 5: registration has Virtual File System, wherein said Virtual File System to wait to load the overall randomization operating strategy from overall randomization operating strategy module, and has overall randomization operating strategy default configuration; For Virtual File System is resolved to obtain final overall randomization operating strategy, make to export the overall randomization operating strategy of loading in described Virtual File System to described operating strategy parsing module 6 as described final overall randomization operating strategy in described user configured situation, and in the situation that no user configures, export described operating strategy parsing module 6 using described overall randomization operating strategy default configuration as described final overall randomization operating strategy to;

Described operating strategy parsing module 6 for: resolve to generate final randomization operation strategy to the described local randomization operating strategy from described executable program load-on module 4 with from the described final overall randomization operating strategy of described Virtual File System administration module 5, and will described final randomization move strategy and export described address space randomization distribution module 8 to;

Described randomization factor generation module 7 for: generate randomization modified value according to the system library function of described operating system with from the described random occurrence data of described random occurrence acquisition module 3, generate random number according to the system library function of described randomization modified value and described operating system, and described random number is carried out to 2 ³⁰modular arithmetic obtains randomization factor, for the fixed allocation address of dividing timing to adjust address space in described address space randomization distribution module 8 executive address space randomizations, and export described randomization factor to described address space randomization distribution module 8; And

Described address space randomization distribution module 8 for: according to the described final randomization operation strategy from described operating strategy parsing module 6 with carry out described address space randomization from the described randomization factor of described randomization factor generation module 7 and distribute, make described address space there is randomization address.

Further, described executable program load-on module 4 is for to analyzing and comprise from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver 1:

Described executable program load-on module 4 resolves to extract described local randomization operating strategy to the program paragraph header in described executable file or dynamic library file.

Further, described operating strategy parsing module 6 resolves to generate final randomization operation strategy to described local randomization operating strategy and described final overall randomization operating strategy as follows:

Further, described stack space randomization address=fixed allocation address-randomization factor; And described heap space randomization address and randomization address, described memory-mapped space difference=fixed allocation address+randomization factor.

Further, described operating system is (SuSE) Linux OS.

Further, described executable program adopts elf form.

Further, described Virtual File System adopts proc form.

As shown in Figure 2, the embodiment of the present invention provides a kind of operating system address space randomization distribution method, and for aforesaid operations system address space randomization distribution system, wherein said distribution system comprises user's space layer and kernel spacing layer,

Described user's space layer comprises: the local randomization operating strategy of user's space executable program generation/resolver 1, overall randomization operating strategy module 2, random occurrence acquisition module 3; And

Described distribution method comprises:

S1: the local randomization operating strategy of described user's space executable program generations/resolver 1: for executable program or dynamic base generates local randomization operating strategy and by described local randomization operating strategy with executable file form or extremely described executable program load-on module 4 of dynamic library file formal output; And described local randomization operating strategy is resolved with the local randomization operating strategy for described executable program or dynamic base to user report;

S2: described overall randomization operating strategy module 2: preserve overall randomization operating strategy, wherein said overall randomization operating strategy comprises: global address space's randomization distributes force policy, global stack's space randomization allocation strategy, overall heap space randomization allocation strategy and global memory's mapping randomization allocation strategy; And therefrom select overall randomization operating strategy to export described Virtual File System administration module 5 to for user under user's configuring condition;

S3: described random occurrence acquisition module 3: gather the random occurrence data that comprise following content: keyboard value and mouse value, the current interruption times of described operating system and the current network swap data amount of described operating system of the random input of user; And described random occurrence data are offered to randomization factor generation module 7;

S4: described executable program load-on module 4: to analyzing from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver 1, and load described executable file or dynamic library file and export described local randomization operating strategy to described operating strategy parsing module 6;

S5: described Virtual File System administration module 5: the Virtual File System being registered in is wherein resolved to obtain final overall randomization operating strategy, make to export the overall randomization operating strategy of loading in described Virtual File System to described operating strategy parsing module as described final overall randomization operating strategy in described user configured situation, and in the situation that configuring, no user exports described operating strategy parsing module 6 to using described overall randomization operating strategy default configuration as described final overall randomization operating strategy, wherein said Virtual File System waits to load the overall randomization operating strategy from overall randomization operating strategy module 2, and there is overall randomization operating strategy default configuration,

S6: described operating strategy parsing module 6: resolve to generate final randomization operation strategy to the described local randomization operating strategy from described executable program load-on module 4 with from the described final overall randomization operating strategy of described Virtual File System administration module 5, and export described final randomization operation strategy to described address space randomization distribution module 8;

S7: described randomization factor generation module 7: generate randomization modified value according to the described random occurrence data from described random occurrence acquisition module 3, generate random number according to the system library function of described randomization modified value and described operating system, and described random number is carried out to 230 modular arithmetics obtain randomization factor, for the fixed allocation address of dividing timing to adjust address space in described address space randomization distribution module 8 executive address space randomizations, and export described randomization factor to described address space randomization distribution module 8; And

S8: described address space randomization distribution module: according to moving strategy from the described final randomization of described operating strategy parsing module 6 and carrying out described address space randomization from the described randomization factor of described randomization factor generation module 7 and distribute, make described address space there is randomization address.

In embodiments of the present invention, by the operating system address space randomization distribution system of the embodiment of the present invention referred to as Sec-Memory system, this Sec-Memory system comprises up to the address space randomization distribution function of 30 scopes and management and configures randomized strategy function, make to adopt the operating system of Sec-Memory can realize system-wide randomization operation, whole user address spaces of all processes of operating system all distribute operation in randomization; Also can specify any one or more program randomization operations by Sec-Memory management system Configuration.The randomization administration configuration of this system can be sub-divided into the separate configurations of stack address space, heap address space and memory-mapped (mmap) address space randomization operation.Therefore can configure different randomization allocation strategies according to different concrete Secure Application occasions, adapt to different Secure Application demands.On the other hand, the random number of Sec-Memory system produces algorithm and not only depends on the system library function that depends on system clock value (random function) that system provides, also consider that mouse, keyboard, interruption and the network condition etc. of current operation system are because usually revising random value, improve the random quality of random number, for the system that adopts Sec-Memory randomization to distribute provides safer random address allocation of space.

The embodiment of the present invention mainly comprises four aspects: (1) realizes randomization scope up to 30 (2 ³⁰the address space range of=1Gbytes) randomization distribute.(2) provide more complicated, safer Generating Random Number.(3) realize for stack address space, heap address space and internal memory mapping address space independent randomization and distributing.(4) provide two kinds of address space randomization allocation manager strategies: overall randomization operating strategy and local randomization operating strategy.

Particularly, in embodiments of the present invention:

1), on general (SuSE) Linux OS, realize the randomization function of 30 bit address space scopes (1Gbytes).This randomization function comprises: the randomization distribution of stack address space, the randomization distribution of heap address space and the randomization of internal memory mapping address space distribute.Because the hardware platform of adopted implementation method and bottom is irrelevant, the method is equally applicable to the (SuSE) Linux OS of domestic dragon chip processor platform.

2), realize a randomization factor generating algorithm of introducing the factors such as keyboard, mouse, interruption and network and generate randomization factor, this algorithm is realized by randomization factor generation module, realizes schematic diagram as shown in Figure 1.The object that randomization factor generating algorithm is introduced keyboard and the random input value of mouse and the statistical number of the current interruption times of operating system and network exchange data is the quality generating in order to improve randomization factor, the generation of avoiding the randomization factor that existing randomization distributes is only single depends on the random function that system provides, easily victim is guessed, thereby improves the randomized security of operating system.

3), realize the local randomization operating strategy of user's space executable program generation/resolver, in embodiments of the present invention, also be referred to as user's space elf form (carrying out chained file form) executable program interpreter, this interpreter is for generating and resolve the randomization operating strategy of elf form executable program.

4), in Virtual File System administration module, realize for management system overall situation randomization operating strategy and the mutual Virtual File System of kernel, this Virtual File System carry is under/proc/security file system.

5), in operating strategy parsing module, realize the randomization administration configuration that can flexible configuration be applicable to multiple demand for security, as shown in Figure 3.

Sec-Memory general function framework as shown in Figure 1.Sec-Memory system is realized and being formed by user's space layer and kernel spacing layer two parts.In user's space layer, what the local randomization operating strategy of user's space executable program generation/resolver generated and processed is local randomization operating strategy, this generation/resolver is mainly to configure corresponding randomization operation strategy and tactful parsing for user is provided as selected executable program, wherein this executable program can be the executable program of elf form, and strategy comprises whether this elf executable program is opened the randomization of stack address space and distributed, whether open the randomization distribution of heap address space and whether open the randomization of internal memory mapping address space and distribute; 2. random occurrence acquisition module is as offering the administration interface of the random input keyboard value of user and mouse value and the gatherer of read operation system break number of times and network exchange data volume, and the data that gather the most at last send the randomization factor generation module in kernel spacing layer to.In kernel spacing layer, comprise 5 nucleus modules: 1. executable program load-on module, major function is to analyze the randomization operation strategy that the executable file that loads or dynamic library file will implement and complete executable file or dynamic library file loads, and this strategy is by the generation of the local randomization operating strategy of user's space executable program generation/resolver; 2. as the proc file system management module of Virtual File System administration module, this module realizes registering of Virtual File System and provides the configuration entrance of overall randomization operating strategy as user's space layer; 3. operating strategy parsing module, this parsing module generates final randomization operation strategy according to local and overall collocation strategy, and policy resolution principle is as shown in the flow process of Fig. 3; 4. randomization factor generation module, produces final random number by the random function of system and the randomization modified value that generates based on random occurrence data, and utilizes modulo operation finally to generate randomization factor, and principle as shown in Figure 4; 5. address space randomization distribution module, it is to realize the nucleus module that address space randomization distributes, realize stack address space, heap address space and the randomization of internal memory mapping address space and distribute, and implement needed randomization function according to final randomized strategy.

The Sec-Memory system constructing of the embodiment of the present invention comprises following five part/steps:

(1) realize the local randomization operating strategy of user's space executable program generation/resolver, in embodiments of the present invention also referred to as user's space elf executable program randomized strategy generation/resolver, this instrument configures entrance and local policy resolution for user provides local randomized strategy, in other words, it is mainly to provide policy lookup function for user, just know by this tool user the randomization allocation strategy that this executable program is taked, as needs amendment strategy, the strategy of configuration before can first inquiring about, then amendment.Implementation procedure as shown in Figure 5.The core of this realization is in elf file, to increase a program header (program header), is used for describing the internal memory safety control strategy information of this executable program, the randomized strategy taked.Local randomization control parameter declaration is as following table:

Table 1: local randomized strategy option and parameter declaration

Wherein, the program header type increasing: PT_RAND, mark place value (flags) is as following table:

(2) realize the executable program load-on module of kernel spacing layer, this module major function is analyze the local randomization operation strategy that the executable file that loads or dynamic library file will implement and complete executable file or dynamic library file loading.The randomized strategy of this part analysis is the Partial controll strategy being generated by the tool user space elf executable program randomized strategy generation/resolver of part ().As shown in Figure 6, wherein term exec refers to calling of (SuSE) Linux OS to the implementation procedure of executable program load-on module.

(3) realize the Virtual File System administration module for configuring and resolve overall randomization operating strategy, be proc file system management module in embodiments of the present invention, this module realizes registering of Virtual File System and as user's space layer provides the configuration entrance of overall randomization operating strategy, the realization flow of this module as shown in Figure 7.The contents value of the corresponding strategy file node of the each overall randomized strategy of Virtual File System is greater than zero, represents to open corresponding overall randomization function, otherwise closes, as shown in the table:

(4) realize operating strategy parsing module, this module generates final randomization operation strategy according to local and overall collocation strategy, and policy resolution principle as shown in Figure 3.The implementation procedure of this operating strategy parsing module as shown in Figure 8.

(5) realize address space randomization distribution module, this module realizes stack address space, heap address space and the randomization of internal memory mapping address space distributes, and implements needed randomization function according to final randomized strategy.Address space randomization distribution module is the most crucial part of internal memory safety management, interts in the management of stack space distribution, heap space distribution and memory-mapped allocation of space distributes.The address space menagement of process is described by mm_struct data structure, wherein has four important territory: start_stack, start_brk, brk and mmap_base, their branch's recording stack top start address, heap start address, current heap address and memory-mapped management location, space base.The core concept that address space randomization realizes: in the time distributing stack, heap and memory-mapped space, change start_stack on appropriate opportunity, start_brk, brk and mmap_base fixed allocation value, change Random assignment into.But Random assignment is not arbitrarily, should meet framework specification (stack, code segment, the restriction of memory-mapped position), also to follow stack, the heap corresponding property of distribution (stack, at high address space place, piles up low address space place).Because the address space of process is dynamic change, when operation, produce, and coordinate generation with system loads storehouse (ld.so.*), address space randomization distribution module realizes stack, heap and the randomization of internal memory mapping address space and distributes control stream, as shown in Figure 9, wherein term mm_struct refers to the data structure of linux kernel itself.Stack randomization distributes and is made up of two parts: 1. interim stack space distributes, and this part realizes and realizing in executable program module, and implementation procedure as shown in Figure 6; 2. final stack address space distributes, and implementation procedure as shown in figure 10.Heap space, bss space and the randomization of memory-mapped space distribute controls stream as shown in figure 11, and wherein term elf_brk, elf_bss, bss, load_bias, mm_struct, brk, star_brk, do_mmap refer to the data structure of linux kernel.The randomization of the total internal memory mapping address Spatial infrastructure of system distributes controls stream as shown in figure 12, and wherein term arch_pick_mmap_layout, TASK_UNMAPPED_BASE, mm_struct, mm_base, get_ummapped_areaumap_area refer to the data structure of linux kernel self.Internal memory mapping address allocation of space comprises and shows that distribution, anonymous distribution and heap distribute, the randomization of this three part is distributed and controls stream as shown in figure 13, and wherein term arch_get_unmapped_area, mm_struct, mm_base, cached_hold_size, arch_get_unmapped_area_topdown, free_area_cache refer to the data structure of linux kernel self.

By realize Sec-Memory system on the (SuSE) Linux OS of domestic dragon chip processor platform, make domestic dragon chip processor platform realize address space randomization distribution function, and the randomization that reaches the highest 30 (1Gbytes) address space range distribute.And by realizing different randomization distribution functions to the different randomization allocation strategy of Sec-Memory System Implementation, to make domestic dragon chip processor platform be applicable to the application scenario of different demands for security.Figure 14 is that Sec-Memory system configuration becomes the operational effect figure of total system randomization allocation strategy at domestic dragon chip processor platform, as can be seen from the figure the stack address space of application program " cat ", heap address space and mmap address space are all realized randomization distribution, and Random assignment scope reaches the scope (only have the address of the 30th and the 31st constant, other address bit is all to change) of 30; Figure 15 is that Sec-Memory system configuration becomes only to implement the operational effect figure of randomization allocation strategy in stack address space at domestic dragon chip processor platform.As can be seen from the figure, now only having stack address space is that randomization distributes, and other address space is constant.Because realizing method and framework are irrelevant, consistent in the general Linux platform of x86 effect.

Although the disclosed embodiment of the present invention as above, the embodiment that described content just adopts for the ease of understanding the present invention, not in order to limit the present invention.Technician in any the technical field of the invention; do not departing under the prerequisite of the disclosed spirit and scope of the present invention; can do any amendment and variation what implement in form and in details; but scope of patent protection of the present invention, still must be as the criterion with the scope that appending claims was defined.

Claims

1. an operating system address space randomization distribution system, is characterized in that, comprises user's space layer and kernel spacing layer,

Described randomization factor generation module is used for: generate randomization modified value according to the described random occurrence data from described random occurrence acquisition module, generate random number according to the system library function of described randomization modified value and described operating system, and described random number is carried out to 2 ³⁰modular arithmetic obtains randomization factor, for the fixed allocation address of dividing timing to adjust address space in the space randomization of described address space randomization distribution module executive address, and export described randomization factor to described address space randomization distribution module; And

2. distribution system as claimed in claim 1, is characterized in that, has the program paragraph header for depositing described local randomization operating strategy in described executable file or dynamic library file.

3. distribution system as claimed in claim 2, it is characterized in that, described executable program load-on module is used for analyzing and comprise from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver:

4. the distribution system as described in claim 1,2 or 3, is characterized in that, described local randomization operating strategy comprises: local stack space randomization allocation strategy, local heap space randomization allocation strategy and local memory mapping space randomization allocation strategy.

5. distribution system as claimed in claim 4, is characterized in that, described operating strategy parsing module resolves to generate final randomization operation strategy to described local randomization operating strategy and described final overall randomization operating strategy as follows:

6. the distribution system as described in claim 1,2,3 or 5, it is characterized in that, described overall randomization operating strategy default configuration is: open or close described global stack space randomization allocation strategy, open or close described overall heap space randomization allocation strategy and unlatching or close described global memory mapping space randomization allocation strategy.

7. distribution system as claimed in claim 6, it is characterized in that, described overall randomization operating strategy default configuration is: open described global stack space randomization allocation strategy, open described overall heap space randomization allocation strategy and open described global memory mapping space randomization allocation strategy.

8. the distribution system as described in claim 1,2,3,5 or 7, is characterized in that, described stack space randomization address=fixed allocation address-randomization factor; And described heap space randomization address and randomization address, described memory-mapped space difference=fixed allocation address+randomization factor.

9. distribution system as claimed in claim 8, is characterized in that, described operating system is (SuSE) Linux OS.

10. distribution system as claimed in claim 9, is characterized in that, described executable program adopts elf form.

11. distribution systems as described in claim 9 or 10, is characterized in that, described Virtual File System adopts proc form.

12. 1 kinds of operating system address space randomization distribution methods, is characterized in that, for operating system address space randomization distribution system claimed in claim 1, wherein said distribution system comprises user's space layer and kernel spacing layer,

Described distribution method comprises:

Described random occurrence acquisition module: gather the random occurrence data that comprise following content: keyboard value and mouse value, the current interruption times of described operating system and the current network swap data amount of described operating system of the random input of user; And described random occurrence data are offered to randomization factor generation module;

Described executable program load-on module: to analyzing from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver, and load described executable file or dynamic library file and export described local randomization operating strategy to described operating strategy parsing module;

13. distribution methods as claimed in claim 12, is characterized in that, have the program paragraph header for depositing described local randomization operating strategy in described executable file or dynamic library file.

14. distribution methods as claimed in claim 13, it is characterized in that, described executable program load-on module is used for analyzing and comprise from the described local randomization operating strategy with described executable file or dynamic library file form of the local randomization operating strategy of described user's space executable program generation/resolver:

15. distribution methods as described in claim 13 or 14, is characterized in that, described local randomization operating strategy comprises: local stack space randomization allocation strategy, local heap space randomization allocation strategy and local memory mapping space randomization allocation strategy.

16. distribution methods as claimed in claim 15, is characterized in that, described operating strategy parsing module resolves to generate final randomization operation strategy to described local randomization operating strategy and described final overall randomization operating strategy as follows:

17. distribution methods as described in claim 12,13,14 or 16, it is characterized in that, described overall randomization operating strategy default configuration is: open or close described global stack space randomization allocation strategy, open or close described overall heap space randomization allocation strategy and unlatching or close described global memory mapping space randomization allocation strategy.

18. distribution methods as claimed in claim 17, it is characterized in that, described overall randomization operating strategy default configuration is: open described global stack space randomization allocation strategy, open described overall heap space randomization allocation strategy and open described global memory mapping space randomization allocation strategy.

19. distribution methods as described in claim 12,13,14,16 or 18, is characterized in that described stack space randomization address=fixed allocation address-randomization factor; And described heap space randomization address and randomization address, described memory-mapped space difference=fixed allocation address+randomization factor.

20. distribution methods as claimed in claim 19, is characterized in that, described operating system is (SuSE) Linux OS.

21. distribution methods as claimed in claim 20, is characterized in that, described executable program adopts elf form.

22. distribution methods as described in claim 20 or 21, is characterized in that, described Virtual File System adopts proc form.