CN110276198B - Embedded variable granularity control flow verification method and system based on probability prediction - Google Patents

Embedded variable granularity control flow verification method and system based on probability prediction Download PDF

Info

Publication number
CN110276198B
CN110276198B CN201910513155.8A CN201910513155A CN110276198B CN 110276198 B CN110276198 B CN 110276198B CN 201910513155 A CN201910513155 A CN 201910513155A CN 110276198 B CN110276198 B CN 110276198B
Authority
CN
China
Prior art keywords
control flow
hash value
verification
probability
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201910513155.8A
Other languages
Chinese (zh)
Other versions
CN110276198A (en
Inventor
霍冬冬
胡建行
李宇
田琛
王瑜
王雅哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201910513155.8A priority Critical patent/CN110276198B/en
Publication of CN110276198A publication Critical patent/CN110276198A/en
Application granted granted Critical
Publication of CN110276198B publication Critical patent/CN110276198B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Abstract

The invention relates to an embedded variable granularity control flow verification method and system based on probability prediction, which are divided into a verification end and a certification end. Establishing a credible path characteristic set, predicting vulnerability probability of each function in a target source program, then performing coarse-fine granularity pile insertion preprocessing on the function, and then obtaining all possible dynamic control flow graphs of the target program by using different inputs at a verification end, wherein the control flow graphs are replaced by Hash values and stored in a database; collecting dynamic paths, wherein a certification end runs a processed target program after receiving a request sent by a verification end, and calculates and signs a hash value of the control flow graph in a secure world; and (3) verifying the dynamic path, wherein the verifying end sends the signature to the verifying end, the verifying end matches the hash value obtained by decrypting the signature in the database, and if the hash value can be matched, the running control flow is complete, otherwise, the integrity of the control flow is damaged.

Description

Embedded variable granularity control flow verification method and system based on probability prediction
Technical Field
The invention relates to a method, a system and a method for verifying software control flow integrity on an embedded platform, belonging to the field of dynamic measurement of key application of an embedded terminal.
Background
With the rapid development of embedded devices, especially the emergence of the Internet of Things (IoT), the integrity protection of key applications of embedded terminals is increasingly emphasized, and various integrity protection models and implementation methods are proposed accordingly. During the operation of the system and the application, an attacker can attack the system or the application by various means to destroy the integrity of the software. For example, a Control-Flow Attack (Control-Flow Attack) is one of the Attack methods, which is very common and can pose a relatively large threat. A control flow attack affects the run-time behavior of a program in that it hijacks the control flow of the program to an arbitrary address space, thereby destroying the integrity of the program. For embedded devices with limited resources, real-time protection causes excessive overhead, so a remote authentication method is a common method.
Current control flow integrity verification for embedded platforms is either fine grained or coarse grained. The former verification scheme checks all control flow branch instructions in the program, including branch instructions, function call and return events, and this granularity of verification can ensure safety but causes a large overhead. While the latter is less expensive to run, it only checks the call relations between functions (i.e. the call and return events of functions), but it is not secure enough.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the embedded variable granularity control flow verification method and the embedded variable granularity control flow verification system based on probability prediction utilize a machine learning probability model to combine the two verification methods with different granularities, and can achieve relative balance between the performance and the safety guarantee during operation.
The technical solution of the invention is as follows: a method and a system for verifying software integrity by using a remote attestation architecture in an embedded platform utilize TrustZone hardware isolation to perform dynamic integrity measurement on application execution, including coarse-grained function level verification and fine-grained control flow instruction level verification. The invention improves the verification efficiency and simultaneously ensures certain safety.
According to the design scheme provided by the invention, the main purpose of the invention is to effectively combine the verification methods of the two granularities by utilizing a machine learning probability model aiming at the problem that the control flow integrity verification means of the software on the current embedded platform is fine granularity with overlarge expense or coarse granularity with insufficient safety, so that the relative balance between the performance and the safety guarantee during the operation can be achieved when the integrity verification is carried out on the embedded platform. Control-Flow Integrity (CFI) is an effective scheme for protecting or verifying Control-Flow Integrity, and its idea is to limit the target range of running programs by using a Control-Flow Graph (CFG). The scheme provides an embedded variable granularity control flow verification system based on probability prediction, the system utilizes a remote proven framework to verify the control flow integrity of an embedded platform, and the verification requires that the embedded platform is provided with a credible isolation environment, such as TrustZone of ARM, so that credible dynamic integrity measurement can be realized.
The control flow attack is a technology capable of hijacking the original program control flow, and comprises code injection attack, code multiplexing attack and non-control data attack proposed in recent years. The attack methods can change the original control flow, thereby realizing the attack intention of an attacker.
Remote attestation is a system scheme for effectively verifying the integrity of embedded platforms. It comprises two parts: a verification end and a certification end. The verifying peer is usually a resource-rich third-party trusted platform (e.g., PC), which mainly initiates verification to the proving peer and performs validity check on the final verification report. The proving end is a platform with limited resources, and the proving end is an embedded platform in the scheme. They communicate with each other through a certain protocol, thereby achieving the purpose of verifying the integrity of the proving end.
Instrumentation, which is the insertion of probes into a program while maintaining the original logic integrity of the program, is intended to collect information of functions and code segments. The instrumentation technology can be used for recording the execution path of the code when the program runs, so that the execution condition of the code is known.
And the dynamic measurement is to extract the behavior characteristics of the application through a static analysis technology or dynamic execution, then monitor the application behavior in real time in the actual running process of the application and match the behavior characteristics, if the matching is successful, the application is credible, and if the matching is unsuccessful, the application behavior is determined to be untrustworthy.
The ARM TrustZone hardware isolation technology is used for constructing two independent operating environments of a common world and a safe world in an embedded terminal and providing switching and data transmission of the two environments by utilizing a monitoring mode of a processor. The common world and the safety world are mutually isolated, so that the operation safety in the safety world is ensured, and the isolation of the high-sensitivity service of the application system and the common service is effectively realized.
The control flow graph represents the execution precedence relationship and the control flow relationship among the basic blocks in the function, each function has one control flow graph, and the control flow graph is composed of code basic blocks.
The invention relates to an embedded variable granularity control flow verification system based on probability prediction, which comprises the following steps:
step 1, establishing a credible path characteristic set, carrying out probability prediction on each function in a target source program, then carrying out coarse-fine granularity pile insertion preprocessing on functions with different probabilities, and then utilizing different input I at a verification endpAll possible dynamic control flow graphs of the target program are obtained, and the obtaining of the dynamic control flow graphs is feasible in an embedded mode, because most embedded software is special in characteristic and simple. The invention uses the hash value calculated by the BLAKE2 algorithm to replace a certain dynamic control flow graph, different control flow graphs correspond to different hash values, and the hash values hsIs stored in a database. This step is performed at the verification end of the remote attestation.
Step 2, collecting dynamic paths, the verifying end sends a request c to the proving end, and the proving end receives a specific input I in the normal world after receiving the requestsAnd (3) running the processed target program, collecting corresponding control flow transfer instructions in the program running process in the secure world, calculating the hash value h of the control flow graph at the time by using the information of the instructions, wherein the calculation process is the same as the hash value calculation in the step 1, and finally encrypting the hash value by using a key k by using the proving terminal to obtain a signature r and sending the signature r to the verifying terminal.
Step 3, checking the dynamic path, wherein the certification end sends the signature to the verification end through a certain protocol, the verification end decrypts the obtained signature r by using a secret key k to obtain a hash value h, and the hash value h is corresponding to the hash value h stored in the database in the step 1sAnd matching, wherein if the matching can be carried out, the operation is normal, otherwise, the operation control flow is attacked, and the integrity is damaged.
The safe world in the steps is guaranteed by the TrustZone hardware isolation environment, the BLAKE2 algorithm is an efficient and safe hash value algorithm, and no method for cracking the hash value algorithm is provided so far. The inside of BLAKE2 is based on ChaCha, which is highly trusted and is unlikely to be cracked. (Note: Chacha is a stream cipher designed by Daniel J.Bernstein, which is one of the three major ciphers used by TLS1.3 and conforms to the new TLS standard.)
The construction of the trusted path feature set in the step 1 specifically comprises the following steps:
step 1.1, probability prediction, wherein a function with a leak and a normal function are used as data, and function characteristics are used as characteristics to train to obtain a machine learning model, and the model can perform probability prediction of the leak on all functions in a target program. Of course, the training process in this step does not need to be repeated, and only the probability prediction of the function in the target program is needed in ordinary use.
And 1.2, inserting piles with coarse and fine granularity, and obtaining the probability of all functions in the target program in the step 1.1. Then, the verifying end is required to specify a probability threshold p, and the specification of the probability threshold can be adjusted according to the actual situation. The function is classified by this threshold p, if for a function it gets the vulnerability probability p in step 1.1fAnd p, the function is considered to be leaky, and the function in the category is subjected to fine-grained instrumentation so as to better ensure that the integrity of the function is not damaged. And if the vulnerability probability p of the functionf<p, it is considered a normal function and is coarse-grained instrumented, at the expense of a certain securityAnd the integrity is used for ensuring the performance of the operation. The thickness and the fineness are well combined through a probability prediction model.
Step 1.3, the credible path characteristic set is safely stored, and the processed target program is input into all possible input IpRunning down, calculating the hash value h of the legal control flow graphsAnd storing the hash values in a database to construct a set of trusted path features.
The dynamic path acquisition of step 2 specifically comprises the following steps:
step 2.1, dynamic path collection, after the embedded platform receives a request c sent by the verification end (the request c contains an identifier of a target program and a random token, and the function of the random token is to prevent replay attack), the embedded platform can specifically input I in the normal worldsRunning down instrumented object Ap. In the operation process, the control flow instructions instrumented or rewritten in step 1.2 are redirected to a designated space for hash value calculation, and a secure world is required for isolation in the calculation process, for example, TrustZone in ARM. The compute end control flow will return to the source program. And when the program runs, the proving end calculates to obtain a control flow graph hash value h.
And 2.2, carrying out hash signature, wherein in order to prevent the hash value from being damaged or tampered, the certification end encrypts the hash value h by using a key k stored in the security domain in the step, other parameters also comprise a request c, a signature value r is obtained through calculation, and the signature value r is sent to the verification end for verification.
The step 3 of checking the dynamic path specifically comprises the following steps:
step 3.1, signature decryption, wherein the verification end receives the signature r from the certification end, decrypts the signature r by using a known secret key k, and decomposes a hash value h and a request c;
and 3.2, comparing the hash value h with the credible path feature set obtained in the step 1.3, if the hash value h can be matched with the credible path feature set, indicating that the operation is normal, otherwise, the operation may be attacked by control flow, and the integrity is damaged.
The embedded variable granularity control flow verification system based on probability prediction has the following advantages:
(1) the invention provides an embedded variable granularity control flow verification scheme based on probability prediction, which uses a dynamically generated control flow graph to verify the integrity of a control flow, and the verification can detect control flow attacks.
(2) The embedded variable granularity control flow verification scheme based on probability prediction provides a solution for balancing the relation between the efficiency and the safety guarantee during operation when the software integrity verification is implemented on an embedded platform.
(3) The invention designs a probability model of machine learning to predict the probability of vulnerability of all functions in a program, and the prediction of the probability can combine the control flow verification scheme of the thickness granularity to be applied to an embedded platform.
Drawings
FIG. 1 is an overall framework flow diagram of the present invention;
FIG. 2 is a schematic diagram illustrating the generation of hash values for a probabilistic prediction and control flow graph in accordance with the present invention;
FIG. 3 is an architecture diagram of a certifying end collecting trusted paths in accordance with the present invention;
FIG. 4 is a schematic view of an inline hook employed in the present invention.
Detailed Description
The invention relates to an embedded variable granularity control flow verification scheme based on probability prediction, which verifies the software integrity on an embedded platform by combining two verification schemes of coarse granularity and fine granularity and can achieve a relative balance between the performance and the safety guarantee during operation. The invention effectively proves the integrity of the embedded equipment by utilizing a remote proving framework, and calculates the Hash value of the control flow graph based on trustZone hardware isolation technology. The invention has the characteristics of high safety, low operation overhead, variable control flow granularity and the like.
In order to make the objects, advantages and technical solutions of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings.
Fig. 1 generally depicts the overall architecture of the implementation of the embodiment, and mainly includes the following four parts:
firstly, establishing a credible path characteristic set
Before integrity verification is performed on embedded software, a target program needs to be preprocessed, the preprocessing process mainly includes probability prediction of functions in the program and construction of a credible path feature set, and the preprocessing process is work performed by a verification end and specifically includes the work performed by the verification end shown in fig. 1
Figure BDA0002094142820000051
These several steps. How the set of trusted path features is constructed is specifically analyzed below in conjunction with fig. 2:
(1) and (4) probability prediction. In fig. 2, the target program is a simple program, the source code of which is shown in the middle part of fig. 2, and which has three functions: main, func1 and func 2. And predicting the target program by using the probability prediction model and the probability threshold value p. The results of the probability predictions of the three functions of main, func1 and func2 are assumed to be p respectively1,p2,p3And these three probabilities satisfy p1≥p,p2,p3<p is the same as the formula (I). According to the scheme, the main function is predicted to be leaky and is fine-grained instrumented. While the functions func1 and func2 are normal, they will be coarse grain checked. The formulation of p is also a problem worth discussing, and for the application which pays more attention to safety, the threshold value can be set to be as low as possible, so that the more functions which can be analyzed by fine granularity, the more safety the whole application is; for more performance-conscious applications, the threshold should be as high as possible. For applications that require a balance between the two, the following algorithm can be used to solve the threshold. Firstly, the verification end gives a maximum upper limit t of the running time, and sets 0.5 as a default threshold, and when the obtained running time is greater than the upper limit t of the time, the threshold is in the range of (0.5, 1)]A binary search is performed to increase the threshold and thereby reduce overhead. Similarly, if the runtime is less than t, then it may be halved within the threshold range [0,0.5) intervalWhile lowering the threshold improves safety. The algorithm does not stop until the threshold range is sufficiently small. This results in a minimum probability threshold, so that the run time is satisfactory (run time is less than or equal to t) and the security is good enough. As for the safety degree that can be achieved, when the probability model predicts the vulnerability probability of the function more accurately, the safety degree is higher. This means that functions with holes have higher prediction probability, and the safety problem is only relevant to the performance of the probability model.
(2) And (5) inserting piles in coarse and fine granularity. After the function vulnerability probability is predicted in the first step, the function main requiring fine grain analysis and the functions func1 and func2 requiring coarse grain analysis are obtained. Whether the functions are analyzed in a coarse granularity mode or a fine granularity mode, the functions need to carry out event detection of function calling and returning, the detection is realized by compiling a source program by using a gcc plus-defining-functions parameter, hook instructions are arranged at the head and the tail of each function in the program obtained under the compiling parameter to call two specific functions, and only the logic of the two functions needs to be realized. In the fine-grained analysis, other control flow instructions inside the function need to be checked, and the invention uses a Capsule tone tool and a python interface thereof to rewrite the instructions so as to hijack the control flow of the instructions. This instrumentation method is also called inline hook and its schematic diagram is shown in fig. 4, i.e. inserting agents in the control flow transfer, collecting control flow information during the run, and then restoring the control flow.
(3) And controlling dynamic hash calculation of the flow graph. The main function marks the points to be checked, for example, the point (r) represents the call instruction of the function, the branch instructions are (r) and (c), and (r) is the return instruction of the function, which is a fine-grained verification scheme. And the check points of the inlet and the outlet of the function func1 are shown, and the check points of the inlet and the outlet of the function func2 are shown, which is a coarse-grained verification scheme. On the right in FIG. 2 is the control flow graph for the object program, which has two possible control flow graphs, n ≧ 0 and n, respectively<0 is generated. The hash value of the control flow graph is calculated using the BLAKE2 algorithm, which is an algorithm that uses the hash value of the control flow graph to determine the hash valueTwo parameters are received, a hash value of the last control flow path and an identifier of the point. For the first control flow path (which has no previous path), the first parameter is 0. The identifiers of the points are not unique, as long as the identifiers of the different points are guaranteed to be inconsistent. In an embedded type, the memory address occupied by the program running code is not changed under most conditions, so that the method that the memory address corresponds to a certain point is adopted to represent the point in a certain control flow graph. This step requires a different input I to the target programpTo obtain all possible control flow graph hash values hsAnd the hash values h are comparedsAnd storing the path feature set in a database as a credible path feature set for matching of a verification end.
Dynamic path collection
The collection process of the dynamic path occurs at the proving end. In the second in FIG. 1
Figure BDA0002094142820000061
In step (c), the verifying end sends a request (c) to the proving end, wherein the request (c) comprises an identifier of the target program and a random number (the real-time property of the report is ensured). In the second part of FIG. 1
Figure BDA0002094142820000062
In step (c), the certifying end receives the request c and then IsAnd operating the target program. Fig. 3 shows the architecture of the certifying end. The embedded platform of the ARM is provided with TrustZone extension, so that the whole framework is divided into a normal world and a safe world. There is an interceptor in the normal world and a hash manager and a response generator in the secure world.
When the program starts to run, the rewritten instruction control stream is hijacked to the interceptor. In the normal world of fig. 3 there are six numbered arrows, of which 1inThe arrows capture control flow events when coarse grain analysis function a is called from instruction blA, which is hijacked to the interceptor, which maintains this control flow and passes the required information to the hash manager in the secure world (control flow transfer). The hash manager receives the message from the Normal worldCalculating the hash value of the control flow event according to the hash method shown in fig. 2, recovering the control flow after the calculation is finished, and finally recovering the control flow from the interceptor to the source program, 1outThis event is captured. The principle of this process is also called inline hook, and the schematic diagram is shown in fig. 4, that is, the original jump instruction is hijacked, and the jump instruction is returned after being verified. For the same reason, 2in,2out,3in,3outCaptured are the entry and return events for function a.
When the program run is finished, in the second step of FIG. 1
Figure BDA0002094142820000071
The step-time hash manager sends the calculated hash value h of the control flow graph to a response generator, the response generator receives the request c as a parameter, and the step one in fig. 1
Figure BDA0002094142820000075
In the two steps, the key k stored in TrustZone is used to calculate the final verification report r, and the final verification report r is sent to the verification end for verification.
Three, dynamic path inspection
When the certification side sends the verification report r to the verification side, the verification side firstly decrypts the r by using the key k to decompose the request c and the hash value h.
The last step is the one in FIG. 1
Figure BDA0002094142820000074
And step (5), the step checks the decrypted hash value h. Trusted set of path features h stored in a databasesWhen hash value h exists in h, corresponding hash value under corresponding input is searchedsAnd when the target program runs, the target program is not attacked by the control flow, namely the target platform is still in a trusted state. Otherwise, the result of the operation is not trusted, and the integrity of the platform is destroyed.
Therefore, the dynamic integrity measurement in the invention can collect credible path information under the support of the TrustZone secure world, and check the hash value of the generated control flow graph.
In summary, the present invention is an embedded variable granularity control flow method and system based on probabilistic prediction that can verify the integrity of software on an embedded platform, which is advantageous over previous control flow verification schemes in that it balances the relationship between runtime performance and security.
The above examples are provided only for the purpose of describing the present invention, and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalent substitutions and modifications can be made without departing from the spirit and principles of the invention, and are intended to be within the scope of the invention.

Claims (2)

1. An embedded variable granularity control flow verification method based on probability prediction is characterized by comprising the following steps:
step 1, establishing a credible path characteristic set, carrying out probability prediction on functions in a target source program, then carrying out coarse and fine granularity pile insertion preprocessing on the functions with different probabilities, and then utilizing different inputs in a verification endI p Obtaining all possible credible dynamic control flow graphs of the target program, and using the dynamic control flow graphsBLAKE2Calculating by a Hash algorithm, wherein different control flow graphs correspond to different Hash values, and the Hash values of the credible control flow graphsh s The path feature set is stored in a database and forms a credible path feature set;
step 2, dynamic path collection, wherein the verifying end sends an instruction request to the proving end, and the proving end receives the requestcCertain inputs later in the normal worldI s Running the processed target program, collecting corresponding control flow transfer instructions in the program running process in the secure world, and calculating the hash value of the control flow graph by using the information of the control flow transfer instructionsh,Finally, the hash value is addedhUsing secret keyskThe signature is sent to a verification end for verification;
step 3, dynamic path inspection and certificationThe terminal sends the signature obtained in the step 2 to a verification terminal, and the verification terminal utilizes a known secret key after receiving the signaturekDecrypting the signature to obtain a hash valuehThe hash valuehAnd the hash value stored in the database in the step 1h s Matching, if the matching is available, the operation is normal, otherwise, the integrity of the control flow of the operation is damaged;
in the step 1, performing probability prediction on each function in the target source program, and then performing thick-and-thin-granularity pile insertion preprocessing on functions with different probabilities specifically includes the following steps:
step 1.1, probability prediction, namely, using a function with holes and a normal function as data, and using function characteristics as characteristics to train to obtain a machine learning model, wherein the machine learning model can predict the probability of holes of all functions in a target program to obtain the hole probability of all functions in the target program;
step 1.2, inserting piles in coarse and fine granularity, and assigning a probability threshold value at a verification end based on the vulnerability probabilities of all functions in the target program obtained in the step 1.1pUsing this probability thresholdpClassifying the functions, for one function, if the vulnerability probability obtained in step 1.1p f ≥ pThen the function is considered to be leaky, and functions of this type are fine-grained instrumented to better ensure that its integrity is not compromised if the function has a probability of being leakyp f < pIt is considered to be a normal function and is coarse-grained instrumented;
step 1.3, the credible path characteristic set is stored safely, and the processed target program is input possiblyI p The method comprises the following steps of running, calculating hash values of a legal control flow graph, and storing the hash values in a database to construct a credible path feature set;
in step 2, the dynamic path collection specifically includes the following steps:
step 2.1, when the dynamic path is collected, the embedded platform receives the request sent by the verification endcThen, pleaseTo findcThe embedded platform comprises an identifier of a target program and a random token, wherein the random token is used for preventing replay attack, and the embedded platform receives specific input in the normal world after receiving a requestI s Running a specified target program, in the running process, redirecting the control flow instructions which are inserted or rewritten to a specified space to calculate the hash value, returning the control flow to the source program after the calculation is finished, and obtaining the hash value of a control flow graph by the certification end after the source program is runh
Step 2.2, signing the hash value, wherein in order to prevent the hash value from being damaged or tampered, the proving end utilizes the secret key stored in the security domainkFor hash valuehPerform encryption, together with the requestcCalculating to obtain a signature valuerAnd sending the data to a verification end for verification;
in step 3, the dynamic path check specifically includes the following steps:
step 3.1, signature decryption, and receiving the signature from the certification end by the verification endrIt uses a known keykDecrypt it to resolve hash valuehAnd requestc
Step 3.2, the hash value obtained in the step 3.1 is usedhAnd comparing the path characteristic set with a credible path characteristic set stored in a database, if the path characteristic set can be matched with the credible path characteristic set, the operation is normal, otherwise, the operation may be attacked by control flow, and the integrity is damaged.
2. A system for implementing the embedded variable granularity control flow verification method based on probability prediction of claim 1, comprising: the system comprises a trusted path feature set construction module, a dynamic path collection module and a dynamic path inspection module, wherein:
a credible path characteristic set construction module which predicts the probability of each function in the target source program, performs thick and thin granularity pile insertion pretreatment on the functions with different probabilities, and acquires all possible dynamic control flow graphs of the target program by using different inputs at a verification end, wherein the control flow graphs are usedBLAKE2The hash value calculated by the algorithm is replaced, and different control flow diagrams correspond to different hash valuesThe hash valuesh s Will be stored in a database to build a set of trusted path features;
dynamic path collection module, verifying end sending requestcRequesting to a certification end, running the processed target program in the normal world after receiving the request, collecting corresponding control flow transfer instructions in the program running process in the secure world, calculating the hash value of the control flow graph by using the information of the control flow transfer instructions, and finally, sending the hash valuehUsing secret keyskThe signature is sent to a verification end for verification;
a dynamic path checking module, wherein the certification end sends the obtained signature to the verification end through a certain protocol, and the verification end uses the secret key after receiving the signaturekDecrypting, namely obtaining the hash value after decryptionhWith corresponding hash values stored in a databaseh s Matching, if the matching indicates that the operation is normal, otherwise, the operation is attacked by the control flow, and the integrity of the control flow is damaged;
the probability prediction of each function in the target source program and the thick-and-thin granularity pile insertion preprocessing of the functions with different probabilities specifically comprise the following steps:
step 1.1, probability prediction, namely, using a function with holes and a normal function as data, and using function characteristics as characteristics to train to obtain a machine learning model, wherein the machine learning model can predict the probability of holes of all functions in a target program to obtain the hole probability of all functions in the target program;
step 1.2, inserting piles in coarse and fine granularity, and assigning a probability threshold value at a verification end based on the vulnerability probabilities of all functions in the target program obtained in the step 1.1pUsing this probability thresholdpClassifying the functions, for one function, if the vulnerability probability obtained in step 1.1p f ≥ pThen the function is considered to be leaky, and functions of this type are fine-grained instrumented to better ensure that its integrity is not compromised if the function has a probability of being leakyp f < pThen, thenIt is considered a normal function but is coarse-grained instrumented;
step 1.3, the credible path characteristic set is stored safely, and the processed target program is input possiblyI p The method comprises the following steps of running, calculating hash values of a legal control flow graph, and storing the hash values in a database to construct a credible path feature set;
the dynamic path collection specifically comprises the following steps:
step 1.4, when the dynamic path is collected, the embedded platform receives the request sent by the verification endcThen, the requestcThe embedded platform comprises an identifier of a target program and a random token, wherein the random token is used for preventing replay attack, and the embedded platform receives specific input in the normal world after receiving a requestI s Running a specified target program, in the running process, redirecting the control flow instructions which are inserted or rewritten to a specified space to calculate the hash value, returning the control flow to the source program after the calculation is finished, and obtaining the hash value of a control flow graph by the certification end after the source program is runh
Step 1.5, signing the hash value, wherein in order to prevent the hash value from being damaged or tampered, the certification end utilizes the secret key stored in the security domainkFor hash valuehPerform encryption, together with the requestcCalculating to obtain a signature valuerAnd sending the data to a verification end for verification;
the dynamic path check specifically comprises the following steps:
step 1.6, signature decryption, and receiving the signature from the certification end by the verification endrIt uses a known keykDecrypt it to resolve hash valuehAnd requestc
Step 1.7, the hash value obtained in the step 1.6 is usedhAnd comparing the path characteristic set with a credible path characteristic set stored in a database, if the path characteristic set can be matched with the credible path characteristic set, the operation is normal, otherwise, the operation may be attacked by control flow, and the integrity is damaged.
CN201910513155.8A 2019-06-14 2019-06-14 Embedded variable granularity control flow verification method and system based on probability prediction Expired - Fee Related CN110276198B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910513155.8A CN110276198B (en) 2019-06-14 2019-06-14 Embedded variable granularity control flow verification method and system based on probability prediction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910513155.8A CN110276198B (en) 2019-06-14 2019-06-14 Embedded variable granularity control flow verification method and system based on probability prediction

Publications (2)

Publication Number Publication Date
CN110276198A CN110276198A (en) 2019-09-24
CN110276198B true CN110276198B (en) 2021-04-20

Family

ID=67962148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910513155.8A Expired - Fee Related CN110276198B (en) 2019-06-14 2019-06-14 Embedded variable granularity control flow verification method and system based on probability prediction

Country Status (1)

Country Link
CN (1) CN110276198B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274580A (en) * 2020-01-19 2020-06-12 湖南第一师范学院 Control flow integrity detection method based on deep learning
CN111310162B (en) * 2020-01-20 2023-12-26 深圳力维智联技术有限公司 Trusted computing-based equipment access control method, device, product and medium
CN111865570B (en) * 2020-05-25 2022-06-24 南京理工大学 Automatic remote certification method adaptive to heterogeneous equipment group in Internet of things
CN111898130B (en) * 2020-06-28 2024-01-19 中国科学院信息工程研究所 Method and system for realizing integrity protection of fine-grained control flow
CN112287357B (en) * 2020-11-11 2022-08-12 中国科学院信息工程研究所 Control flow verification method and system for embedded bare computer system
CN113553056A (en) * 2021-07-21 2021-10-26 浙江大学 LLVM intermediate language difference analysis method and system based on graph matching
CN114611106B (en) * 2022-03-10 2024-04-09 昆明理工大学 Program control flow proving method based on multi-target particle swarm algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477602A (en) * 2009-02-10 2009-07-08 浪潮电子信息产业股份有限公司 Remote proving method in trusted computation environment
CN108345786A (en) * 2018-01-17 2018-07-31 中国人民解放军战略支援部队信息工程大学 The software control stream integrality remote certification method of hardware assist
CN108647520A (en) * 2018-05-15 2018-10-12 浙江大学 A kind of intelligent fuzzy test method and system based on fragile inquiry learning

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10079684B2 (en) * 2015-10-09 2018-09-18 Intel Corporation Technologies for end-to-end biometric-based authentication and platform locality assertion
CN106548073B (en) * 2016-11-01 2020-01-03 北京大学 Malicious APK screening method based on convolutional neural network
CN107886000B (en) * 2017-11-13 2019-11-22 华中科技大学 A kind of software vulnerability detection method, response at different level method and software bug detection system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477602A (en) * 2009-02-10 2009-07-08 浪潮电子信息产业股份有限公司 Remote proving method in trusted computation environment
CN108345786A (en) * 2018-01-17 2018-07-31 中国人民解放军战略支援部队信息工程大学 The software control stream integrality remote certification method of hardware assist
CN108647520A (en) * 2018-05-15 2018-10-12 浙江大学 A kind of intelligent fuzzy test method and system based on fragile inquiry learning

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
C-FLAT:Control-Flow Attestation for Embedded Systems Software;Tigist Abera 等;《2016 ACM SIGSAC Conference on Computer and Communications security》;20160817;第1-13页 *
基于实体行为的动态远程证明方案;杨玉丽 等;《运城学院学报》;20130628;第31卷(第2期);第74-78页 *

Also Published As

Publication number Publication date
CN110276198A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
CN110276198B (en) Embedded variable granularity control flow verification method and system based on probability prediction
Xiao et al. Stacco: Differentially analyzing side-channel traces for detecting SSL/TLS vulnerabilities in secure enclaves
US9497210B2 (en) Stateless attestation system
US7526654B2 (en) Method and system for detecting a secure state of a computer system
Mudgerikar et al. E-spion: A system-level intrusion detection system for iot devices
CN110770729B (en) Method and apparatus for proving integrity of virtual machine
CN111756702B (en) Data security protection method, device, equipment and storage medium
US10073980B1 (en) System for assuring security of sensitive data on a host
CN113282946B (en) Information security method and system based on data access process in high-reliability environment
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
US11550965B2 (en) Analytics processing circuitry for mitigating attacks against computing systems
CN114528602B (en) Security chip operation method and device based on attack detection behavior
CN109960940B (en) Log-based embedded device control flow certification method and system
CN112287357B (en) Control flow verification method and system for embedded bare computer system
CN110673526A (en) Internet of things network security device, system and control method
Schmidbauer et al. Hunting shadows: Towards packet runtime-based detection of computational intensive reversible covert channels
EP4139819A1 (en) Moderator system for a security analytics framework
Li et al. Remote audit scheme of embedded device software based on TPM
CN112597449B (en) Software encryption method, device, equipment and storage medium
CN114257404B (en) Abnormal external connection statistical alarm method, device, computer equipment and storage medium
CN113014375B (en) Cross-organization processing method, related device and medium for network threat information
CN113824693B (en) Multimedia data sharing method, device and system, electronic equipment and storage medium
US10574653B1 (en) Secure posture assessment
Ji et al. The First Step Towards Modeling Unbreakable Malware
Almousa Securing SCADA Systems from False Data Injection Attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210420

CF01 Termination of patent right due to non-payment of annual fee