CN108491694A - A kind of method of dynamic randomization defence Cache attacks - Google Patents
A kind of method of dynamic randomization defence Cache attacks Download PDFInfo
- Publication number
- CN108491694A CN108491694A CN201810252891.8A CN201810252891A CN108491694A CN 108491694 A CN108491694 A CN 108491694A CN 201810252891 A CN201810252891 A CN 201810252891A CN 108491694 A CN108491694 A CN 108491694A
- Authority
- CN
- China
- Prior art keywords
- randomization
- function
- stack
- heap
- randomized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000006870 function Effects 0.000 claims abstract description 86
- 230000015654 memory Effects 0.000 claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 28
- 238000013508 migration Methods 0.000 claims description 14
- 230000005012 migration Effects 0.000 claims description 13
- 230000003139 buffering effect Effects 0.000 claims description 2
- 230000000694 effects Effects 0.000 description 5
- 230000007547 defect Effects 0.000 description 4
- 238000013507 mapping Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- PWNAWOCHVWERAR-UHFFFAOYSA-N Flumetralin Chemical compound [O-][N+](=O)C=1C=C(C(F)(F)F)C=C([N+]([O-])=O)C=1N(CC)CC1=C(F)C=CC=C1Cl PWNAWOCHVWERAR-UHFFFAOYSA-N 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005670 electromagnetic radiation Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000149 penetrating effect Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
The invention belongs to computer system security fields, and in particular to be directed to Cache attack patterns FLUSH+RELOAD, it is proposed that a kind of defence method of the system level based on dynamic randomization can repeat randomization code, stack, heap.It is based on Sharing Memory Realization that Cache, which attacks FLUSH+RELOAD, and process is as shown in Figure 1.The method of the present invention includes:In terms of code randomization, code, refinement randomization granularity are randomized as unit of function;In terms of stack randomization, by filling the size in space, filling the position in space and being randomized the abundant randomization for being designed to ensure that stack at moment;In terms of heap randomization, the distribution of heap space is no longer regular when a kind of new heap space randomized technique being used to make operation.This method being capable of dynamic randomization defence Cache attacks.
Description
Technical field
The invention belongs to computer system security fields, and in particular to carry out dynamic randomization defence for Cache attacks
Method.
Background technology
With the development of network technology, the safety of computer is increasingly valued by people, as system invasion,
The various security breaches such as information stealth, virus can cause heavy losses to personal and society.In recent years, researcher proposes one
Physical message, such as electromagnetic radiation, power, time that kind is revealed in the process of running using encryption device etc. is as password point
Channel is analysed, and we term it side-channel attacks for this attack method, are also side-channel attack.Cache attacks are a kind of serious prestige
The side-channel attacks for coercing system safety are related to the mainstream computer system of server, desktop and the various fields such as embedded.
Side-channel attacks currently based on Last-level cache (LLC) have the characteristics that high bandwidth, low noise, simultaneously as finally
Level cache has inclusiveness and multinuclear sharing, it is possible to realize in the case where not needing interrupt routine to entire or
Specific Cache rows are attacked.In the present context, Cache attacks are presented attacks used in the trend risen and attacker
Hit technology more " exquisiteness ".As cloud service and the extensive of virtualization are popularized, future, Cache attacks can have more killing
Power.Meanwhile caching attack and gradually penetrating into our daily use, for example expand to the trusted context of smart mobile phone
In, great threat is constituted to the safety of operating system.
The buffer structure of modern CPU is generally divided into three layers, is L1, L2 and L3 caching respectively, and L1cache is that each vouching is only
Occupy, be closest to CPU, its capacity is minimum, fastest, be generally divided into Data Cache (data buffer storage) and
Instruction Cache (instruction buffer).L2cache is some larger, and speed is slow, under normal circumstances on each core
There are one independent L2cache.L3cache is maximum level-one in three-level caching, while being also most slow level-one, generally more
It is that all cores are shared in core CPU.When CPU starts execution task, it goes in L1 to find the data needed for it first,
L2 is removed later, then removes L3.If there is (hit), then the data are directly returned to without memory;If there is no (failure), then
The corresponding data in memory is first loaded into caching, then returns it into processor.
It is below some basic definitions of operating system related content for convenience of attack process is illustrated:
Shared drive:A kind of very effective mode of data is shared and transmitted between the process being currently running for two.
The memory shared between different processes is usually same section of physical memory.Same section of shared drive can be mapped to them by process
In the address space of oneself.There is a kind of internal memory optimization mechanism in an operating system:For shared library, operating system can will store
In the address space that the same section of physical memory mappings in the library are applied to each.
mmaps:For memory mapping function so that realize shared drive by mapping the same ordinary file between process.
So far, mainly have a FLUSH+RELOAD, EVICT+RELOAD, PRIME+PROBE, FLUSH+FLUSH this four
Kind caching attack pattern.Wherein, FLUSH+RELOAD is to be divided into three phases based on Sharing Memory Realization.Process such as Fig. 1,
In the Flush stages, target process and attacker's process carry out the page and share, i.e., attacker lures that memory is mapped letter by target process into
Number mmaps is applied to target executable program, enables it enter the virtual address space of attacker's process, completes mapped file
Memory sharing.Then, some specific Cache row of attacker's process monitoring, and its content is wiped from Cache.In Wait
Stage waits for victim to access shared drive, and later, in the Reload stages, attacker is loaded into specific shared drive block again.
If in the Wait stages, target process has accessed specified memory block, then this memory headroom will have note in Cache
Record quickly, only requires a very short time because accessing data in Cache in the process of loading again in Reload stages.It is no
Then, if target process just needs to obtain data from main memory without accessing specified memory headroom, attacker, because
It is very slow to access data in main memory, so must be taken more time in the Reload stages.Therefore, attacker can be according to secondary
The length of access time determines whether victim has accessed specific memory block during observation.This method makes attacker determine
Target program has used which data which specifically instructs and have accessed.
The defensive measure proposed at present for caching attack FLUSH+RELOAD, such as delete clflush instructions, disabling altogether
It is all not fully up to expectations using modes such as complete association address of cache to enjoy memory, Cache and main memory.Therefore, the present invention proposes that one is moved
State randomization system is fully randomized code, stack, heap, the information failure for as much as possible being obtained attacker.
Invention content
The present invention is directed to Cache attack patterns FLUSH+RELOAD, it is proposed that a kind of based on the system-level of dynamic randomization
Other defence method, being capable of dynamic randomization procedure function, stack frame and heap.
The address space of one process forms:The Executable File and Shared Object File lifes of ELF
At object:Code segment, static segment of data, dynamic shared library etc. and dynamic object:The time of running generate and variation heap and
Stack.The object bigger to address space carries out whole randomization and is referred to as plot randomization, and compares the address of finer grain
Spatial object is randomized, such as single function, stack frame etc. in code segment, and randomization effect is stronger.
Current address space randomized technique (address space randomization) is exactly so that process virtual
The layout in space is located at random position, and the possibility attacked is reduced with this, this scheme exist randomization granularity it is too big,
Randomness is not high, can only be randomized the defects of virtual address.It is randomized granularity by refinement, the randomization moment is postponed till into operation
When, randomization physical address these methods, eliminate the defect of existing randoming scheme.
This method enhances defence capability in terms of three:First, for randomization coarse size the problem of, generation of the invention
Code randomization by function is granularity, stack space randomization is carried out as unit of function stack frame.Second, it is contemplated that the randomization moment asks
Topic, a feature of current randomization mechanism are:Upon power-up of the system, randomization can come into force, and we will be randomized the moment
When postponing till each function operation.The opportunity of randomization, closer to the time of running, it is better to can be obtained random effect.But
It to be randomized an address space object at run time, first has to analyze the feelings that this object is cited in address space
Condition.For the address space object heap and stack just established at run time, it is therein reference be all by absolute address into
Capable.If moving the position of these objects at run time, it is necessary to change these references, in the implementation, system use is moved
Shifting table goes to record these information so that this randomization has feasibility.Third reduces attack by being randomized physical address
Person successfully guesses the possibility of spatial position.
It is some basic definitions of the randomization system below:
Symbol table:In compiler, there is close attribute of identifiers letter in program language for storing for symbol table
Breath.
Constructed fuction:It is a kind of method, is mainly used for initializing object when creating object, as object member variable is assigned
Value.Compiler can generally provide the constructed fuction of an acquiescence, but this default constructor is without parameter.
libc:It is the function library of the ANSI C under Linux, ANSI C are basic C language function libraries, contain C language
Most basic library function.
Constructor:For executing initialization when creating object, when creating an object, system can be this object
The initialization that example is given tacit consent to, if it is desired to changing the initialization of this acquiescence, so that it may to be realized by self-defined constructor.
Stack frame:For CPU using function as unit dynamic assigning memory, the calling of each subfunction can all distribute certain sky in stack
Between to store its operation information, this section of space is known as the stack frame of the function.The stack frame of one function generally comprises:Function parameter,
Return address, the base register (previous frame pointer) of previous function, local variable etc..
Bitmap:It is the simple vector of a list Bit, every Bit corresponds to a word or a specific size for memory.
Dynamic randomization system can operate in x86, and on x86_64 and PowerPC frameworks, most realization details is all
It is identical.The system can efficiently repeat randomization code, stack, heap so that attacker reloads altogether in the Reload stages
When enjoying the data of memory, the spatial position of the data has occurred and that variation, and the effect finally reached is as shown in Fig. 2, the tool designed
Body details includes the following contents:
1. code is randomized
This method is randomized code by granularity of function, in terms of being embodied in following four:First, function using malloc,
The function of this storage allocation of calloc, realloc is randomly assigned address space on heap.Second, each transfer function has
One migration table, the inside are placed some migration informations, are followed by function code.Meanwhile migration table is not with System build
Existing for binary form afterwards, but create at runtime.Therefore, attacker wants, using migration table as blow-up point, to obtain
Obtain this method failure of functional dependence address information.Third, because of the size of function no correlation in the symbol table of program
Illustrate, so system is gone to determine the end point of current function with the address of next function.4th, function is by using relatively partially
In-migration quotes adjacent offset table.This means that two copies randomly placed of same functions will not share the same migration
Table.Above 4 points make in program operation process, and function address becomes to guess.The randomisation process such as Fig. 3, including:
(1) initial phase.In compiling, dynamic randomization system replaces operating system mould with the constructed fuction of oneself
The libc constructed fuctions of block.When starting, the function and constructed fuction of constructor registration module from original program, it
Afterwards, the constructed fuction for executing program re-writing is initialized.Main functions when being defined on system operation are rewritten with a breakpoint
Each beginning for resetting bit function, i.e., placed a trap instruction, for triggering migration table work in the beginning of each function
Make, when trap function is called, it is migrated on demand, in Fig. 3 shown in (a).
(2) function migration phase.For each randomized function there are one the migration table closed on, content is pointer, is directed toward all
Global variable and function are quoted, in Fig. 3 shown in (b).When trap function executes, dynamic randomization system is at runtime
It receives a SIGTRAP signal and migrates function.This process is divided into following three phases:
1) system applies for a sufficiently large memory block from code heap, and the main part of function is copied over.
2) correspondingly, the migration table of function also to be moved to new position.System is redirected by replacing with trap instruction
Instruction, moves to new position by function, is equivalent to has rewritten the original base address of function in this way.
3) function of new position is added in the function set enlivened by system, the function failure of old position.
(3) the randomization progress stage is repeated.In Fig. 3 shown in (c).System is randomized again every a fixed time period
Function, acquiescence are 500ms.When this time ends, system places a trap in the beginning of each function enlivened
Instruction, and restart randomisation process when next trap instruction executes.
(4) the randomization completion stage is repeated.When trap function executes, system returns memory used in function living
It ties into a set, then traverses stack, in function set living, if some object of the inside is by return address institute on stack
It is directed toward, then the object that the object will be labeled, and be not labeled in the set can be then released in heap, such as Fig. 3
In ex3 ' function memories shown in (d) be released, once remaining function such as ex1 ' not on stack, will be in future it is a certain
It is released after secondary randomisation process.And the new position of migration function ex1 " can be all directed toward for any calling of function ex1 later
It sets.
2. stack is randomized
Traditional stack sequentially generates adjacent stack frame with the calling of function, and the position of wherein return address is invariable, because
This, program still has similitude in a long time, this just has the risk being broken, in Fig. 4 shown in (a).For this
Defect, this system enabled when function is called stack frame layout randomized strategy, frame initial phase be added into stack with
The filling space of machine size allows the position of each return address to have randomness and uncertainty, so that program can obtain
Obtain the randomness between function cycle.Filling the size in space, the position for filling space and randomization moment, these have all ensured that stack
Abundant randomization.
(1) stack fills the size in space at random.Because it is 32 alignment that linux system, which is required of stack pointer SP, therefore
The size in random space cannot have any restrictions, it should for 4 integral multiple, value range can be 4,8 ..., 4i ...,
N }, the upper limit is N=4096 bytes, while should also be in conjunction with the stack space size for the thread being arranged in linux system, in range
Carry out random value.
(2) stack fills the position in space at random.During operation, system uses random bytes during being randomized again every time
Size, periodically filling safe buffering region, filling region are located in front of function parameter.In the randomization of operation stack space
When, in the case that stack buffer index is overflowed, first caching index position can be rolled back to, this results in repeating the randomization phase
Between, function may repeatedly reuse a random stack safety buffer zone, this brings not really the positioning of stack frame attacker
It is qualitative.
(3) it is randomized the moment.This time point is more proximate to the time of running, and system more can obtain preferable randomization effect.
Or existing defence policies are before program operation or are to implement randomization layout, the two side at the process initiation moment
All there is certain defect in formula.When dynamic randomization system will postpone till each function operation at the randomization moment, function each in this way
Stack frame layout when each run is different from, and attacker is difficult therefrom to obtain stack frame layout information.
(4) stack fills steric course at random.The system at run time, when each function call, dynamic randomization system
Random size space is filled between two stack frames, plays the role of a similar safety buffer zone.In Fig. 4 shown in (b).It should
Process is as follows:
1) system mobile stack before each function call, size are that the index byte of function load is multiplied by x86_64 framves
The stack alignment standard 16 required on structure.
2) positional parameter pop down instructs.
3) region to be filled is added a code to.
4) last function parameter pop down.
This method does not have any influence for the access mode of function parameter and local variable.Because if filling region
It is placed between frame point and local variable, then before accessing local variable, needs frame point plus the big of filling region
It is small to be used as offset.
3. heap is randomized
The distribution of heap space is no longer regular when the present invention uses a kind of new heap space randomized technique to make operation.It is dynamic
State randomization system uses the distributor of two sizes isolation.System is realized with DieHard distributors, the distribution
Device is the randomization distributor based on bitmap.
(1) it is different from traditional distributor, DieHard distributors do not use the memory discharged recently as subsequent distribution
Resource.When program is attempted to access the memory being previously released, it may appear that famous Use-After-Free security breaches.
Although the basic distributor ratio DieHard distributors of system are more efficient, the former is less than the latter by degree of randomization.Therefore, it selects
It is just more reasonable to select DieHard distributors.
(2) heap randomization operation principle is as shown in figure 5, dynamic randomization system passes through in layer package underlying distributor of shuffling
It is randomized heap, and layer of shuffling is made of the array pointer that size is N, element comes from the object of basic heap.In order to realize
The size N of adequately randomization, layer of shuffling must be sufficiently large, but N is excessive also to will increase expense.Therefore, we finally choose N
The considerations of=256 one compromise of conduct.Malloc functions are responsible for generating a random index, remove the corresponding index of layer of shuffling
Object is used in combination the object of a basic heap to substitute.Equally, free functions generate a random index and by corresponding index objects
It is discharged into basic heap.In heap space, in by underlying distributor the calling of malloc complete to shuffle array in layer just
After beginningization, array to array using shuffling algorithm with regard to carrying out randomization:Malloc functions in layer of shuffling are called first, then
Malloc functions are used in underlying distributor, and then obtain an a new object p and random index i, wherein i ∈ [0,
N], it is used in combination the corresponding array element of the index and p to exchange, returns to the pointer object after exchanging.The similarly original of shuffling of free functions
Reason is also such.
Description of the drawings
Fig. 1:Flush+Reload Attack Theory figures
Fig. 2:Defend Flush+Reload attack effect figures
Fig. 3:Code randomization figure
Fig. 4:Stack randomization figure
Fig. 5:Heap randomization figure
Specific implementation mode
The hardware environment of the present invention is mainly a PC host.Wherein, the CPU of PC hosts is Intel (R) Core (TM)
I5-4590,3.30GHz inside save as 8GB RAM, 64 bit manipulation systems.
The software realization of the present invention is developed using Ubuntu14.04 as platform using C Plus Plus.GCC versions are 4.6,
Llvm, Clang version are that 3.1, Dragonegg plug-in versions are 3.1.
Operation is broadly divided into two parts, and first part is to initiate Cache attacks to concrete application, and second part is to build one
A dynamic randomization system is on the defensive to it.
1.Cache is attacked
(1)Flush:Attacker expels a shared Cache row from Cache.
(2)Wait:Regulation goal process accesses shared drive, updates Cache.
(3)Reload:Attacker reloads the memory block expelled in the Flush stages, measures and records specific Cache rows
Load time.Speculate the Cache rows that concrete application is accessed by cache hit and the temporal information difference of cache invalidation.
In caching attack process, by taking Flush+Reload is attacked as an example.Its crucial pseudocode is as follows:
System thresholds are the periodicities measured according to the standardization that carries out in advance in above-mentioned pseudocode, are needed according to being
The evaluation result of system is configured, and threshold value is more relatively low, and the false positive of last statistical data is lower.After repeatedly measuring,
The periodicity obtained under this experimental situation is 125 or so.Meanwhile in order to ensure result is more accurate, encryption number should also close
Reason setting is set to 10000 and is just enough to show the time difference opposite sex of cache invalidation and cache hit in an experiment.
2. defending Cache attacks
(1) it is below the pseudocode for defending Cache to attack key component:
(2) code randomization is mainly reflected in that the continuous migration of function position, pseudocode are as follows:
(3) stack is randomized pseudocode:
(4) heap is randomized pseudocode:
Claims (5)
1. dynamic randomization defends the implementation method of Cache attacks, it is characterised in that implementation steps are:
(1) it is randomized code by granularity of function, in function constantly migrates and repeat randomisation process so that function address becomes
Obtaining can not guess;
(2) stack frame is enabled when function is called and be laid out randomized strategy, be added into stack in frame initial phase random big
Small filling space;
(3) in terms of heap randomization, by shuffle layer wrap up underlying distributor so that when operation the distribution of heap space there is no
Rule.
2. the implementation method of dynamic randomization defence Cache attacks according to claim 1, it is characterised in that this method energy
It is enough to be randomized code by granularity of function:
(1) in initial phase, a trap instruction is placed in the beginning of each function, for triggering migration table work;
(2) in function migration phase, when trap function executes, dynamic randomization system receives one at runtime
SIGTRAP signals simultaneously migrate function;
(3) system repeats randomized function every a fixed time period;
(4) after repeating randomization and completing, releasing memory.
3. the implementation method of dynamic randomization defence Cache attacks according to claim 1, it is characterised in that this method energy
The size in enough control stack fillings space, the position for filling space and randomization moment:
(1) the stack space size for the thread being arranged in stack pointer alignment standard and linux system is required of according to linux system
The random value in range;
(2) during operation, system every time again be randomized during with random bytes size, periodically fill safe buffering
Region, filling region are located in front of function parameter;
(3) when the randomization moment being postponed till each function operation so that stack frame layout when each function each run is not
It is identical.
4. the implementation method of dynamic randomization defence Cache attacks according to claim 1, it is characterised in that this method is transported
With a kind of new heap space address distribution:
(1) memory allocation function in basic heap is called to initialize layer of shuffling;
(2) memory allocation function is used in underlying distributor, generates a random index i;
(3) object p is exchanged in array element and basic heap in the layer of shuffling corresponding to above-mentioned index, is returned to the finger after exchanging and is directed to
As;
(4) memory release function is responsible for generating a random index and corresponding index object is discharged into basic heap.
5. the implementation method of dynamic randomization defence Cache attacks according to claim 1, it is characterised in that this method energy
Control variate method is enough used, randomization code, stack, heap are individually repeated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810252891.8A CN108491694A (en) | 2018-03-26 | 2018-03-26 | A kind of method of dynamic randomization defence Cache attacks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810252891.8A CN108491694A (en) | 2018-03-26 | 2018-03-26 | A kind of method of dynamic randomization defence Cache attacks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108491694A true CN108491694A (en) | 2018-09-04 |
Family
ID=63337847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810252891.8A Pending CN108491694A (en) | 2018-03-26 | 2018-03-26 | A kind of method of dynamic randomization defence Cache attacks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108491694A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109858239A (en) * | 2019-01-16 | 2019-06-07 | 四川大学 | CPU loophole attacker detection method in the container that a kind of sound state combines |
| CN110309652A (en) * | 2019-06-28 | 2019-10-08 | 兆讯恒达微电子技术(北京)有限公司 | A kind of method of configuration management Initiative Defense |
| CN110442469A (en) * | 2019-07-23 | 2019-11-12 | 浙江大学 | A kind of caching side-channel attack defence method based on local Random Maps |
| CN110782934A (en) * | 2019-09-27 | 2020-02-11 | 东南大学 | Cache line mapping and replacing method adopting time sequence speculative SRAM array |
| CN111797388A (en) * | 2020-06-12 | 2020-10-20 | 武汉大学 | JavaScript engine memory information leakage defense method and system based on runtime randomization |
| CN113051563A (en) * | 2021-02-25 | 2021-06-29 | 中国科学院信息工程研究所 | Cross-container software operation detection method and system |
| CN113573308A (en) * | 2021-09-22 | 2021-10-29 | 四川创智联恒科技有限公司 | Method and module for improving air interface security |
| CN114254400A (en) * | 2021-12-27 | 2022-03-29 | 中国人民解放军战略支援部队信息工程大学 | Stack buffer overflow attack defense method and system based on dynamic shadow stack |
| EP3891635A4 (en) * | 2018-12-05 | 2022-09-14 | Micron Technology, Inc. | Protection against timing-based security attacks on re-order buffers |
| WO2023178857A1 (en) * | 2022-03-23 | 2023-09-28 | 东南大学 | Function address space layout randomization method for deep embedded system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105022956A (en) * | 2015-08-14 | 2015-11-04 | 中国科学院计算技术研究所 | Method for protecting against code reuse attack |
| US20170213039A1 (en) * | 2016-01-22 | 2017-07-27 | The University Of North Carolina At Chapel Hill | Methods, systems, and computer readable media for preventing code reuse attacks |
-
2018
- 2018-03-26 CN CN201810252891.8A patent/CN108491694A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105022956A (en) * | 2015-08-14 | 2015-11-04 | 中国科学院计算技术研究所 | Method for protecting against code reuse attack |
| US20170213039A1 (en) * | 2016-01-22 | 2017-07-27 | The University Of North Carolina At Chapel Hill | Methods, systems, and computer readable media for preventing code reuse attacks |
Non-Patent Citations (1)
| Title |
|---|
| 王烨 等: "基于代码防泄漏的代码复用攻击防御技术", 《计算机研究与发展》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3891635A4 (en) * | 2018-12-05 | 2022-09-14 | Micron Technology, Inc. | Protection against timing-based security attacks on re-order buffers |
| CN109858239A (en) * | 2019-01-16 | 2019-06-07 | 四川大学 | CPU loophole attacker detection method in the container that a kind of sound state combines |
| CN110309652A (en) * | 2019-06-28 | 2019-10-08 | 兆讯恒达微电子技术(北京)有限公司 | A kind of method of configuration management Initiative Defense |
| CN110442469A (en) * | 2019-07-23 | 2019-11-12 | 浙江大学 | A kind of caching side-channel attack defence method based on local Random Maps |
| CN110442469B (en) * | 2019-07-23 | 2020-06-30 | 浙江大学 | Cache side channel attack defense method based on local random mapping |
| CN110782934A (en) * | 2019-09-27 | 2020-02-11 | 东南大学 | Cache line mapping and replacing method adopting time sequence speculative SRAM array |
| CN111797388A (en) * | 2020-06-12 | 2020-10-20 | 武汉大学 | JavaScript engine memory information leakage defense method and system based on runtime randomization |
| CN113051563A (en) * | 2021-02-25 | 2021-06-29 | 中国科学院信息工程研究所 | Cross-container software operation detection method and system |
| CN113573308A (en) * | 2021-09-22 | 2021-10-29 | 四川创智联恒科技有限公司 | Method and module for improving air interface security |
| CN114254400A (en) * | 2021-12-27 | 2022-03-29 | 中国人民解放军战略支援部队信息工程大学 | Stack buffer overflow attack defense method and system based on dynamic shadow stack |
| CN114254400B (en) * | 2021-12-27 | 2024-05-03 | 中国人民解放军战略支援部队信息工程大学 | Method and system for defending overflow attack of stack buffer based on dynamic shadow stack |
| WO2023178857A1 (en) * | 2022-03-23 | 2023-09-28 | 东南大学 | Function address space layout randomization method for deep embedded system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108491694A (en) | A kind of method of dynamic randomization defence Cache attacks | |
| TWI798370B (en) | Non-transitory computer-readable storage medium and system and method for accessing data in device | |
| Vila et al. | Theory and practice of finding eviction sets | |
| Ren et al. | Design space exploration and optimization of path oblivious ram in secure processors | |
| CN101490654B (en) | Avoiding cache line sharing in virtual machines | |
| US11777705B2 (en) | Techniques for preventing memory timing attacks | |
| Ren et al. | Constants count: Practical improvements to oblivious {RAM} | |
| Godfrey et al. | Preventing cache-based side-channel attacks in a cloud environment | |
| CN111373370A (en) | Encoding of inputs to memory circuits | |
| Yan et al. | Secdir: a secure directory to defeat directory side-channel attacks | |
| CN109947666B (en) | Trusted execution environment cache isolation method and device, electronic equipment and storage medium | |
| US11061829B2 (en) | Prefetch support with address space randomization | |
| Kim et al. | Analysis of smartphone I/O characteristics—Toward efficient swap in a smartphone | |
| Thoma et al. | {ClepsydraCache}--Preventing Cache Attacks with {Time-Based} Evictions | |
| Tatar et al. | {TLB; DR}: Enhancing {TLB-based} Attacks with {TLB} Desynchronized Reverse Engineering | |
| Saileshwar et al. | Bespoke cache enclaves: Fine-grained and scalable isolation from cache side-channels via flexible set-partitioning | |
| Ramkrishnan et al. | First time miss: Low overhead mitigation for shared memory cache side channels | |
| Stolz et al. | Risky translations: Securing tlbs against timing side channels | |
| Beard | The sparse data reduction engine: chopping sparse data one byte at a time | |
| CN104461928B (en) | Divide the method and device of cache | |
| US11886332B2 (en) | Dynamic memory allocation methods and systems | |
| Jakobsson | Secure remote attestation | |
| Lipp | Cache attacks on arm | |
| Mukhtar et al. | IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction | |
| CN110210232B (en) | Data storage method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180904 |
|
| WD01 | Invention patent application deemed withdrawn after publication |