CN110363006A - The method that multichain Hash stack architecture and detection function return address are tampered - Google Patents
The method that multichain Hash stack architecture and detection function return address are tampered Download PDFInfo
- Publication number
- CN110363006A CN110363006A CN201910559217.9A CN201910559217A CN110363006A CN 110363006 A CN110363006 A CN 110363006A CN 201910559217 A CN201910559217 A CN 201910559217A CN 110363006 A CN110363006 A CN 110363006A
- Authority
- CN
- China
- Prior art keywords
- hash
- cryptographic hash
- present frame
- return address
- multichain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/52—Program synchronisation; Mutual exclusion, e.g. by means of semaphores
- G06F9/524—Deadlock detection or avoidance
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
A kind of method that the embodiment of the present invention provides multichain Hash stack architecture and detection function return address is tampered, the multichain Hash stack architecture includes: N chain structure, corresponding one of every chain structure for storing the top register of cryptographic Hash, stored in any frame of multichain Hash stack architecture function body corresponding to present frame return address and present frame where cryptographic Hash in top register corresponding to chain structure;Wherein, the chain structure where present frame is the depth according to function body corresponding to present frame in multichain Hash stack architecture to determine;What top register corresponding to chain structure where present frame stored is the newest cryptographic Hash where the present frame in chain structure;N is the natural number greater than 1.The embodiment of the present invention effectively alleviates the pipeline stall as caused by the conflict of similar Hash operation, reduces the performance loss of chain type Hash stack.
Description
Technical field
The present invention relates to field of computer technology, return more particularly, to a kind of multichain Hash stack architecture and detection function
Return the method that address is tampered.
Background technique
Stack overflow loophole is an extremely serious System Security Vulnerability, it is by a limited memory headroom
Too long data are written, destroy the memory headroom of system, system is caused to be operating abnormally, crash or restart.It is attacked by stack overflow
It hits, using the address coverage function pointer of attack code, the system control of attacker's fetching portion or whole can be allowed, this is
A kind of security risk of great threat.
A kind of chain type Hash stack architecture is provided in the prior art, is a kind of defence of novel protection Function return addresses
Means.It is added to two registers, top register and salt register on hardware, and top register is used to save Hash
Value, salt register are used to save the key of hash function.When calling subfunction, cryptographic Hash and return address are successively pressed into
In stack.Then Hash operation is done in key, cryptographic Hash and return address together, operation result is used to update the value of top register.
When function returns, cryptographic Hash and return address are popped up stack together, and do Hash operation.In operation result and top register
Value compare.If it is different, then exception of dishing out;If identical, top register is updated with the cryptographic Hash in stack, is returned
It returns in father's function.
The safety of chain type Hash stack is high, though attacker can any read/write memory address space, can not also bypass this
Kind defense mechanism.However, chain type Hash stack in the prior art is a single-stranded structure, in single-stranded realization, depth is the letter of m
What number body saved is m-th of return address and the m-1 cryptographic Hash, that is to say, that if the operation of the m-1 cryptographic Hash is not complete
At, the operation of m-th of cryptographic Hash must be waited, when the execution cycle of hash function increases, the performance of chain type Hash stack
Loss can be increased sharp, can cause pipeline stall problem.For example, when a Hash operation needs 80 clock cycle,
Its performance loss is about 20%, significantly limits the practicability of chain type Hash stack.
Summary of the invention
The embodiment of the present invention provides a kind of multichain Hash for overcoming the above problem or at least being partially solved the above problem
The method that stack architecture and detection function return address are tampered.
In a first aspect, the embodiment of the present invention provides a kind of multichain Hash stack architecture, the multichain Hash stack architecture includes N item
Chain structure, every chain structure corresponding one for storing the top register of cryptographic Hash, times of the multichain Hash stack architecture
Stored in one frame function body corresponding to present frame return address and present frame where the deposit of top corresponding to chain structure
Cryptographic Hash in device;
Wherein, the chain structure where the present frame is the function body according to corresponding to present frame in the multichain Hash
Depth in stack architecture determines;
Wherein, the chain where being the present frame of top register storage corresponding to chain structure where the present frame
Newest cryptographic Hash in formula structure;
Wherein, N is the natural number greater than 1.
Second aspect, the embodiment of the present invention provide a kind of method that detection function return address is tampered, based on such as first
Multichain Hash stack architecture described in aspect, comprising:
Using any frame in the multichain Hash stack architecture as present frame, the function body tune corresponding to the present frame
When with subfunction, the chain structure where the present frame is determined, obtain corresponding to the chain structure where the present frame
Cryptographic Hash in top register;
By the chain structure where the return address to be verified of function body corresponding to the present frame and the present frame
Cryptographic Hash in corresponding top register is pressed into stack, and the return address of stacking and cryptographic Hash are input to a Hash fortune
It calculates and carries out Hash calculation in module, obtain a new cryptographic Hash, the new cryptographic Hash is stored to the top register
In;
When the function body corresponding to the present frame returns, by the return address stored in the present frame and cryptographic Hash
Stack is popped up, and the return address popped and cryptographic Hash are input in another Hash operation module and carry out Hash calculation, is obtained
One cryptographic Hash to be verified;
If the new cryptographic Hash stored in the cryptographic Hash to be verified and the top register is equal, know
The return address to be verified is not tampered with, and updates the top register using the cryptographic Hash popped;Alternatively, if it is described to
The new cryptographic Hash stored in the cryptographic Hash of verifying and the top register is unequal, then knows the return to be verified
Address is tampered.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, is realized when the processor executes described program as second aspect provides
Detection function return address be tampered method the step of.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating
Machine program realizes that the detection function return address as provided by second aspect is tampered when the computer program is executed by processor
Method the step of.
The method that multichain Hash stack architecture provided in an embodiment of the present invention and detection function return address are tampered, existing
On the basis of chain type Hash stack, by the way that chain type Hash stack is cut into a plurality of chain structure, the corresponding top of every chain structure
Register, when function body continuously call or it is continuous return when, compared to single-stranded, there are the every of dependence at it for multichained construction
" interval " on chain between adjacent Hash operation twice is bigger, it is possible to reduce the dead time of assembly line, or even do not stop,
The pipeline stall as caused by the conflict of similar Hash operation is effectively alleviated, the performance damage of chain type Hash stack is reduced
Consumption.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 provides a kind of schematic diagram of multichain Hash stack architecture for the embodiment of the present invention;
Fig. 2 is a kind of flow diagram for the method that detection function return address is tampered provided in an embodiment of the present invention;
Fig. 3 is the entity structure schematic diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Basic conception involved in the present invention and relational language are explained first:
Stack (stack): also known as storehouse, it is a kind of linear list that operation is limited.Its limitation is the one end for being only allowed in table
It is inserted into and is deleted operation.The lower one end in address is referred to as stack top, relatively, the other end is called stack bottom.To a stack
Insertion new element also referred to as pushes on, stacking or pop down, it is that new element is put into the upper surface of stack top element, makes new stack
Push up element;Also referred to as pop or pop off from stack deletion element, it is that stack top element is deleted, the element for keeping its adjacent at
For new stack top element.Stack is used to Transfer Parameters, storage return information, save register and is locally stored etc..
Stack frame: when some function operation, machine needs to distribute certain memory and goes to carry out the various operations in function, this
The part stack distributed during a is known as stack frame.Stack frame is one section of limitary memory section, by two pointers of top
It defines, register %ebp is frame point, and register %esp is stack pointer, and register %ebp saves institute's storage allocation most
High address, register %esp save the lowest address of institute's storage allocation, and when program executes, stack pointer (stack top) can be moved
It is dynamic.
Function call: when computer compiling or operation, related command is completed using some function.When a function call
When subfunction, a new frame can be opened up for this subfunction in stack.
Return address: a mostly important data are exactly Function return addresses in the data stored in stack.When calling one
When a function, Function return addresses can be pressed into stack by call instruction (such as Call instruction).When function returns, return instruction
(such as Return instruction) can read the return address saved in stack, jump to the original position for calling function according to return address
It sets, continuation executes next instruction down.It carries out attacking most common method being exactly to utilize stack overflow using stack overflow loophole, cover
Return address is changed to the address of attacker setting by lid return address.When function returns, attacker will be jumped to and set
The position set executes attacker and wishes the code executed.
As shown in Figure 1, providing a kind of schematic diagram of multichain Hash stack architecture, the multichain Hash stack for the embodiment of the present invention
Structure includes N chain structure, and every chain structure corresponding one for storing the top register of cryptographic Hash, the multichain Kazakhstan
Return address and the present frame place chain structure institute of function body corresponding to present frame are stored in any frame of uncommon stack architecture
Cryptographic Hash in corresponding top register.
Specifically, the embodiment of the present invention provides a kind of for protecting the multichain Hash stack architecture of Function return addresses.
The multichain Hash stack architecture includes N chain structure, and N is the natural number greater than 1.Every chain structure corresponding one
A top register for being used to store cryptographic Hash.It is needed on the server of the multichain Hash stack architecture it is understood that running
Dispose N number of top register.
The return address of function body corresponding to present frame is stored in any frame of the multichain Hash stack architecture and is worked as
Cryptographic Hash in top register corresponding to chain structure where previous frame.It is understood that each frame on same chain makes
It is the same top register.
Wherein, the chain structure where the present frame is the function body according to corresponding to present frame in the multichain Hash
Depth in stack architecture determines.
Specifically, it if the depth of some function is m, refers to counting in stack from high address (stack bottom) toward low address (stack top)
M-th of stack frame.
If depth of the function body corresponding to present frame in the multichain Hash stack architecture is m, then where present frame
Chain structure is m%N (modular arithmetic) article chain structure;Wherein, m is the natural number more than or equal to zero.
As an example it is assumed that the depth of current function body is m, it uses pth chain (using p-th of top register),
When it calls a subfunction, subfunction uses+1 chain of pth;When it oneself function body tail portion return when, use
Pth chain;And back to after its father's function, father's function uses -1 chain of pth, i.e., the function body that depth is m uses the
Cryptographic Hash in top register corresponding to m%N chain structure.
Wherein, the chain where being the present frame of top register storage corresponding to chain structure where the present frame
Newest cryptographic Hash in formula structure.It is illustrated with above-mentioned example, depth is that the function body of m uses the m%N articles chain type
Cryptographic Hash in top register corresponding to structure, and the Hash in top register corresponding to chain structure where present frame
Whether value, complete Hash operation dependent on function body corresponding to the former frame in same chain structure, i.e., dependent on m-N
Function body.
It is understood that stack has logically been cut into a plurality of chain structure by multichain Hash stack architecture.Existing chain
Formula Hash stack is single-stranded structure, and in the realization of chain type Hash stack, what the function body that depth is m saved is m-th of return address
With the m-1 cryptographic Hash, Hash operation whether is completed dependent on the m-1 function body (stack frame), when the Hash of the m-1 stack frame
When operation is also not finished, the Hash operation of m-th of stack frame can only pause waiting on assembly line.And it is provided in an embodiment of the present invention
Multichain Hash stack architecture, depth be m function body save be m-th of function body return address and the m-N cryptographic Hash, according to
Rely in whether m-N function body completes Hash operation, compared to single-stranded, multichained construction is on its every chain there are dependence
It is adjacent bigger using " interval " between Hash operation twice, it is possible to reduce the dead time of assembly line, or even do not stop, have
The pipeline stall as caused by the conflict of similar Hash operation is alleviated to effect, reduces the performance damage of chain type Hash stack
Consumption.
Content based on the above embodiment, top register storage corresponding to chain structure where the present frame are
Newest cryptographic Hash where the present frame in chain structure, specifically:
It, will when the function body corresponding to the former frame being in same chain structure with the present frame calls subfunction
The return address of function body corresponding to the former frame and cryptographic Hash are pressed into stack, and the return address of stacking and cryptographic Hash is defeated
Enter into a Hash operation module and carry out Hash calculation, obtain a new cryptographic Hash, by the new cryptographic Hash store to
In the top register;
When the function body corresponding to the former frame returns, by the return address stored in the former frame and cryptographic Hash
Stack is popped up, and the return address popped and cryptographic Hash are input in another Hash operation module and carry out Hash calculation, is obtained
One cryptographic Hash to be verified;
If the cryptographic Hash to be verified is equal with the cryptographic Hash in the top register, the former frame institute is known
The return address of corresponding function body is not tampered with, and updates the top register using the cryptographic Hash popped.
Specifically, the embodiment of the present invention mainly protects return address using Hash operation.Selection Hash operation be because
It is difficult also to be difficult to export what a hope obtained by control input by the anti-input for pushing away hash of output of hash, attacker
Output valve.
In function call, the storage of top register corresponding to chain structure where present frame is the present frame institute
Newest cryptographic Hash in chain structure refers to the new cryptographic Hash being calculated according to the return address and cryptographic Hash of stacking.
When function returns, the storage of top register is the present frame institute corresponding to chain structure where present frame
Newest cryptographic Hash in chain structure is to be in the former frame in same chain structure by detection with the present frame
Whether the return address stored is tampered to determine.
The implementation procedure of call instruction (call instruction) is as follows in the embodiment of the present invention: 1) depositing return address and top
Hash (hash) value in device is pressed into stack together;2) by the data of stacking (i.e. return address in previous step and cryptographic Hash) and
The random number stored in salt register, which is input in Hash operation module, carries out Hash calculation, and a new Hash is calculated
It is worth (correct cryptographic Hash), it will be in new cryptographic Hash deposit top register;3) destination address of call instruction is jumped to.
The implementation procedure of return instruction (return instruction) is as follows in the embodiment of the present invention: 1) by return address to be verified and
Hash value in stack top frame is popped, and the data popped (return address to be verified and hash value i.e. in previous step) are input to separately
Hash operation is carried out in an outer Hash operation module, obtains hash value to be verified;2) by hash value to be verified and top register
The hash value (correct hash value) of middle preservation is compared, if the two is unequal, illustrates return value to be verified and/or pops
Hash value be tampered, there is exception, it should alarm and interrupt routine operation;If the two is equal, illustrate to be verified return
The hash value going back to address and popping is not tampered with;3) top register is updated using the hash value popped.
It is worth noting that in order to realize above-described embodiment, in actual development, in the server for executing the embodiment of the present invention
Middle needs guarantee that at least there are two top register and a salt registers.Wherein, top register is newest for saving
Hash value, the challenging value stored in salt register are another inputs of hash function, a generally random value, can also
To be other kinds of value, further increases hash function and be hypothesized the difficulty cracked.
Content based on the above embodiment, after one cryptographic Hash to be verified of the acquisition, further includes:
If the cryptographic Hash to be verified and the cryptographic Hash in the top register are unequal, the former frame is known
The return address of corresponding function body is tampered, exception of dishing out.
Specifically, if the cryptographic Hash to be verified and the cryptographic Hash in the top register are unequal, illustrate described in
The return address of function body corresponding to former frame and/or the cryptographic Hash popped are tampered, exception of dishing out.
Another embodiment of the present invention when carrying out Hash calculation, uses the 1st on the basis of the various embodiments described above by turns,
2 ..., M Hash operation modules, wherein M is the natural number more than or equal to N.
Specifically, if current Hash operation uses p-th of hash module ,+1 hash module of pth is used next time, is protected
The balanced of hash module is demonstrate,proved to use.In order to meet the Hash operation on same chain, the quantity of Hash operation module is more than or equal to
The quantity of chain structure.
The hash algorithm that the embodiment of the present invention does not use Hash operation module is restricted.
In the realization of multichain, other than hash module increases the implementation method of multiple same as top register, may be used also
To realize multichain by the handling capacity for increasing hash module.For example, if hash module is made of M matrixing, it can
The distributor in this hash module is increased to M times, when carrying out Hash calculation, by utilizing the 1st, 2 by turns ...,
M distributor is multiplexed the existing matrixer of Hash operation module, reaches multiple hash modules while counting
The effect of calculation.
The advantages of this scheme is the multiple for only increasing distributor, and hardware spending is relatively small.The disadvantage is that compared to
For the multichain that hash module doubles, part pipeline stall will increase;And handling capacity is limited to hash module single-wheel fortune
The periodicity of calculation.
Another embodiment of the present invention, on the basis of the various embodiments described above, every chain structure also corresponds to a tmp
Register, the tmp register are used to store the last cryptographic Hash taken out from the stack of this chain structure.
Specifically, when function body is called repeatedly, returned on certain chain, for example, call-return-call, the function
Body uses the same top register and different hash modules.Different hash modules ensure that these Hash operations can
To execute parallel, however, it is noted that instructed if being carried out call at the end of the Hash operation of return there is not also, due to
The value of top register does not return back to last value also, then the value that call instruction is saved in stack may malfunction.For this
Situation can be solved by adding a tmp register again to every chain structure.That is when return, using popping
Cryptographic Hash while verified, also the cryptographic Hash popped is saved in corresponding tmp register, so, even if
The Hash operation of return does not terminate also, can still save corresponding cryptographic Hash when call next time, starts cryptographic Hash more
New operation;If the cryptographic Hash that return is read out is tampered with, assembly line can still report an error, and only delay.
As shown in Fig. 2, being a kind of process for the method that detection function return address is tampered provided in an embodiment of the present invention
Schematic diagram, based on multichain Hash stack architecture described in the various embodiments described above, comprising:
Step 100, using any frame in the multichain Hash stack architecture as present frame, corresponding to the present frame
When function body calls subfunction, determines the chain structure where the present frame, obtain the chain structure where the present frame
Cryptographic Hash in corresponding top register;
Specifically, if depth of the function body corresponding to present frame in the multichain Hash stack architecture is m, then present frame
The chain structure at place is m%N (modular arithmetic) article chain structure.
Step 200, by the chain type knot where the return address of function body corresponding to the present frame and the present frame
Cryptographic Hash in top register corresponding to structure is pressed into stack, and the return address of stacking and cryptographic Hash are input to a Hash
Hash calculation is carried out in computing module, obtains a new cryptographic Hash, the new cryptographic Hash is stored to the top register
In;
Specifically, by the chain structure where the return address of function body corresponding to the present frame and the present frame
Cryptographic Hash in corresponding top register is pressed into stack, and will be in the return address of stacking and cryptographic Hash and salt register
Random number be input in a Hash operation module and carry out Hash calculation, obtain a new cryptographic Hash, and will be described new
Cryptographic Hash is stored into the top register.
When step 300, the function body corresponding to the present frame return, the return address that will be stored in the present frame
Stack is popped up with cryptographic Hash, and the return address popped and cryptographic Hash are input to progress Hash meter in another Hash operation module
It calculates, obtains a cryptographic Hash to be verified;
Specifically, verify whether the return address that stores in present frame is tampered, the function corresponding to the present frame
When body returns, the return address stored in the present frame and cryptographic Hash are popped up into stack, and by the return address popped and Hash
Random number in value and salt register, which is input in another Hash operation module, carries out Hash calculation, and acquisition one is to be tested
The cryptographic Hash of card.
It can be avoided Hash operation using different Hash operation modules when progress Hash operation every time and need to wait and also locate
In calculate state Hash operation module the problem of.
If the new cryptographic Hash phase stored in step 400, the cryptographic Hash to be verified and the top register
Deng then knowing that the return address to be verified is not tampered with, and update the top register using the cryptographic Hash popped;Alternatively,
If the new cryptographic Hash stored in the cryptographic Hash to be verified and the top register is unequal, know it is described to
Verifying return address is tampered.
It is worth noting that in actual development, being mentioned executing the embodiment of the present invention to realize above-mentioned each specific embodiment
It needs to guarantee there is at least two top registers and one in a kind of processor of the method that detection function return address is tampered supplied
A salt register.Wherein, for saving newest hash value, the challenging value stored in salt register is top register
Another input of hash function, generally a random value are also possible to other kinds of value, further increase hash function
It is hypothesized the difficulty cracked.
The method that detection function return address provided in an embodiment of the present invention is tampered, can strict guarantee return address not
It can be maliciously tampered, while reduce the performance loss of chain type Hash stack.
Based on the content of above-mentioned implementation, method that the detection function return address is tampered further include:
If not calculating cryptographic Hash to be verified also, and function body corresponding to present frame has invoked a subfunction, then
Cryptographic Hash in tmp register corresponding to chain structure where present frame is pressed into stack, and the return with the present frame
Address is input in a Hash operation module and carries out Hash calculation, obtains another new cryptographic Hash, another is new by described in
Cryptographic Hash store into the top register.
And cryptographic Hash one to be verified calculates, whether the cryptographic Hash also just demonstrated in tmp register is correct.
Fig. 3 is the entity structure schematic diagram of electronic equipment provided in an embodiment of the present invention, as shown in figure 3, the electronic equipment
It may include: processor (processor) 310,320, memory communication interface (Communications Interface)
(memory) 630 and communication bus 340, wherein processor 310, communication interface 320, memory 330 pass through communication bus 340
Complete mutual communication.Processor 310 can call the meter that is stored on memory 330 and can run on processor 310
Calculation machine program, to execute the method that detection function return address provided by above-mentioned each method embodiment is tampered, for example,
Using any frame in the multichain Hash stack architecture as present frame, the function body corresponding to the present frame calls subfunction
When, it determines the chain structure where the present frame, obtains top register corresponding to the chain structure where the present frame
In cryptographic Hash;By the chain type knot where the return address to be verified of function body corresponding to the present frame and the present frame
Cryptographic Hash in top register corresponding to structure is pressed into stack, and the return address of stacking and cryptographic Hash are input to a Hash
Hash calculation is carried out in computing module, obtains a new cryptographic Hash, the new cryptographic Hash is stored to the top register
In;When the function body corresponding to the present frame returns, the return address stored in the present frame and cryptographic Hash are popped up
Stack, and the return address popped and cryptographic Hash are input in another Hash operation module and carry out Hash calculation, obtain one
Cryptographic Hash to be verified;If the new cryptographic Hash stored in the cryptographic Hash to be verified and the top register is equal,
Then know that the return address to be verified is not tampered with, and updates the top register using the cryptographic Hash popped;Alternatively, if
The new cryptographic Hash stored in the cryptographic Hash to be verified and the top register is unequal, then knows described to be tested
Card return address is tampered.
In addition, the logical order in above-mentioned memory 330 can be realized by way of SFU software functional unit and conduct
Independent product when selling or using, can store in a computer readable storage medium.Based on this understanding, originally
The technical solution of the inventive embodiments substantially part of the part that contributes to existing technology or the technical solution in other words
It can be expressed in the form of software products, which is stored in a storage medium, including some instructions
With so that computer equipment (can be personal computer, server or the network equipment an etc.) execution present invention is each
The all or part of the steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory
(ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk
Etc. the various media that can store program code.
The embodiment of the present invention also provides a kind of non-transient computer readable storage medium, is stored thereon with computer program,
The computer program realizes what the detection function return address that above-mentioned each method embodiment provides was tampered when being executed by processor
Method, for example, using any frame in the multichain Hash stack architecture as present frame, the letter corresponding to the present frame
When number body calls subfunction, determines the chain structure where the present frame, obtain the chain structure institute where the present frame
Cryptographic Hash in corresponding top register;By the return address to be verified of function body corresponding to the present frame and described work as
Cryptographic Hash in top register corresponding to chain structure where previous frame is pressed into stack, and by the return address of stacking and Hash
Value, which is input in a Hash operation module, carries out Hash calculation, obtains a new cryptographic Hash, the new cryptographic Hash is deposited
Storage is into the top register;When the function body corresponding to the present frame returns, the return that will be stored in the present frame
Address and cryptographic Hash pop up stack, and the return address popped and cryptographic Hash are input in another Hash operation module and breathed out
It is uncommon to calculate, obtain a cryptographic Hash to be verified;If being stored in the cryptographic Hash to be verified and the top register described
New cryptographic Hash is equal, then knows that the return address to be verified is not tampered with, and updates the top using the cryptographic Hash popped
Register;Alternatively, if the new cryptographic Hash stored in the cryptographic Hash to be verified and the top register is unequal,
Then know that the return address to be verified is tampered.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of multichain Hash stack architecture, which is characterized in that the multichain Hash stack architecture includes N chain structure, every chain
Corresponding one, formula structure, for storing the top register of cryptographic Hash, stores in any frame of the multichain Hash stack architecture and works as
Cryptographic Hash in top register corresponding to chain structure where the return address of function body corresponding to previous frame and present frame;
Wherein, the chain structure where the present frame is the function body according to corresponding to present frame in the multichain Hash stack knot
Depth in structure determines;
Wherein, the chain type knot where being the present frame of top register storage corresponding to chain structure where the present frame
Newest cryptographic Hash on structure;
Wherein, N is the natural number greater than 1.
2. multichain Hash stack architecture according to claim 1, which is characterized in that the chain structure where the present frame is
It is determined according to depth of the function body corresponding to present frame in the multichain Hash stack architecture, specifically:
If depth of the function body corresponding to present frame in the multichain Hash stack architecture is m, then the chain type where present frame
Structure is the m%N articles chain structure;Wherein, m is the natural number more than or equal to zero.
3. multichain Hash stack architecture according to claim 2, which is characterized in that chain structure institute is right where the present frame
What the top register answered stored is the newest cryptographic Hash where the present frame in chain structure, specifically:
It, will be described when the function body corresponding to the former frame being in same chain structure with the present frame calls subfunction
The return address of function body corresponding to former frame and cryptographic Hash are pressed into stack, and the return address of stacking and cryptographic Hash are input to
Hash calculation is carried out in one Hash operation module, obtains a new cryptographic Hash, the new cryptographic Hash is stored to described
In top register;
When the function body corresponding to the former frame returns, the return address stored in the former frame and cryptographic Hash are popped up
Stack, and the return address popped and cryptographic Hash are input in another Hash operation module and carry out Hash calculation, obtain one
Cryptographic Hash to be verified;
If the cryptographic Hash to be verified is equal with the cryptographic Hash in the top register, know corresponding to the former frame
Function body return address and cryptographic Hash be not tampered with, utilize the cryptographic Hash popped to update the top register.
4. multichain Hash stack architecture according to claim 3, which is characterized in that one cryptographic Hash to be verified of the acquisition
Later, further includes:
If the cryptographic Hash to be verified and the cryptographic Hash in the top register are unequal, know that the former frame institute is right
The return address for the function body answered is tampered, exception of dishing out.
5. multichain Hash stack architecture according to claim 3, which is characterized in that when carrying out Hash calculation, use the by turns
1,2 ..., M Hash operation modules, wherein M is the natural number more than or equal to N.
6. multichain Hash stack architecture according to claim 3, which is characterized in that if Hash operation module is become by M matrix
Composition is changed, then adds M-1 distributor;When carrying out Hash calculation, by utilizing the 1st, 2 by turns ..., M intermediate deposit
Device is multiplexed the existing matrixer of Hash operation module, achievees the effect that multiple hash modules while calculating,
In, M is the natural number more than or equal to N.
7. multichain Hash stack architecture according to claim 3, which is characterized in that every chain structure is also one corresponding
Tmp register, the tmp register are used to store the last cryptographic Hash taken out from the stack of this chain structure.
8. a kind of method that detection function return address is tampered is based on multichain Hash as described in any one of claim 1 to 7
Stack architecture characterized by comprising
Using any frame in the multichain Hash stack architecture as present frame, the function body corresponding to the present frame calls son
When function, the chain structure where the present frame is determined, obtain top corresponding to the chain structure where the present frame and post
Cryptographic Hash in storage;
Chain structure institute where the return address to be verified of function body corresponding to the present frame and the present frame is right
Cryptographic Hash in the top register answered is pressed into stack, and the return address of stacking and cryptographic Hash are input to a Hash operation mould
Hash calculation is carried out in block, obtains a new cryptographic Hash, the new cryptographic Hash is stored into the top register;
When the function body corresponding to the present frame returns, the return address stored in the present frame and cryptographic Hash are popped up
Stack, and the return address popped and cryptographic Hash are input in another Hash operation module and carry out Hash calculation, obtain one
Cryptographic Hash to be verified;
If the new cryptographic Hash stored in the cryptographic Hash to be verified and the top register is equal, know described
Return address to be verified is not tampered with, and updates the top register using the cryptographic Hash popped;Alternatively, if described to be verified
Cryptographic Hash and the top register in the new cryptographic Hash that stores it is unequal, then know the return address to be verified
It is tampered.
9. the method that detection function return address according to claim 8 is tampered, which is characterized in that further include:
If not calculating cryptographic Hash to be verified also, and function body corresponding to present frame has invoked a subfunction, then will work as
Cryptographic Hash in tmp register corresponding to chain structure where previous frame is pressed into stack, and the return address with the present frame
It is input in a Hash operation module and carries out Hash calculation, obtain another new cryptographic Hash, by another described new Kazakhstan
Uncommon value is stored into the top register.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
The step of method that the detection function return address as described in claim 8 or 9 is tampered is realized when program is executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910559217.9A CN110363006B (en) | 2019-06-26 | 2019-06-26 | Multi-chain Hash stack structure and method for detecting function return address being tampered |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910559217.9A CN110363006B (en) | 2019-06-26 | 2019-06-26 | Multi-chain Hash stack structure and method for detecting function return address being tampered |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110363006A true CN110363006A (en) | 2019-10-22 |
| CN110363006B CN110363006B (en) | 2020-12-18 |
Family
ID=68217031
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910559217.9A Active CN110363006B (en) | 2019-06-26 | 2019-06-26 | Multi-chain Hash stack structure and method for detecting function return address being tampered |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110363006B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259718A (en) * | 2021-04-27 | 2021-08-13 | 深圳市锐明技术股份有限公司 | Video stream encryption method and device, communication equipment and storage medium |
| CN114153391A (en) * | 2021-11-26 | 2022-03-08 | 山东云海国创云计算装备产业创新中心有限公司 | Data storage method, device and equipment based on register and storage medium |
| CN114339765A (en) * | 2021-11-25 | 2022-04-12 | 国网河南省电力公司电力科学研究院 | Differential protection data interactive chain type verification method and system based on 5G communication |
| CN116701069A (en) * | 2022-02-25 | 2023-09-05 | 腾讯科技(深圳)有限公司 | Data path testing method, device, apparatus, storage medium and program product |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020144141A1 (en) * | 2001-03-31 | 2002-10-03 | Edwards James W. | Countering buffer overrun security vulnerabilities in a CPU |
| US20040083460A1 (en) * | 2002-10-23 | 2004-04-29 | Microsoft Corporation | Forward walking through binary code to determine offsets for stack walking |
| CN105074717A (en) * | 2013-01-16 | 2015-11-18 | 迈克菲公司 | Detection of malicious scripting language code in a network environment |
| CN109377244A (en) * | 2018-10-24 | 2019-02-22 | 武汉珞樱联创信息科技有限公司 | A kind of quick traceability system of food and method based on multichain interconnection block chain network |
| CN109409084A (en) * | 2018-09-21 | 2019-03-01 | 中国科学院信息工程研究所 | A kind of chained record storage organization that detection return address is tampered |
| CN109446797A (en) * | 2018-09-21 | 2019-03-08 | 中国科学院信息工程研究所 | The device that return address is tampered in detection storehouse |
| CN109508538A (en) * | 2018-09-21 | 2019-03-22 | 中国科学院信息工程研究所 | The stack architecture that return address is tampered in a kind of detection storehouse |
-
2019
- 2019-06-26 CN CN201910559217.9A patent/CN110363006B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020144141A1 (en) * | 2001-03-31 | 2002-10-03 | Edwards James W. | Countering buffer overrun security vulnerabilities in a CPU |
| US20040083460A1 (en) * | 2002-10-23 | 2004-04-29 | Microsoft Corporation | Forward walking through binary code to determine offsets for stack walking |
| CN105074717A (en) * | 2013-01-16 | 2015-11-18 | 迈克菲公司 | Detection of malicious scripting language code in a network environment |
| CN109409084A (en) * | 2018-09-21 | 2019-03-01 | 中国科学院信息工程研究所 | A kind of chained record storage organization that detection return address is tampered |
| CN109446797A (en) * | 2018-09-21 | 2019-03-08 | 中国科学院信息工程研究所 | The device that return address is tampered in detection storehouse |
| CN109508538A (en) * | 2018-09-21 | 2019-03-22 | 中国科学院信息工程研究所 | The stack architecture that return address is tampered in a kind of detection storehouse |
| CN109377244A (en) * | 2018-10-24 | 2019-02-22 | 武汉珞樱联创信息科技有限公司 | A kind of quick traceability system of food and method based on multichain interconnection block chain network |
Non-Patent Citations (4)
| Title |
|---|
| FANGXIAO NING 等: "Efficient tamper-evident logging of distributed systems via concurrent authenticated tree", 《2017 IEEE 36TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC)》 * |
| ROSSI,A 等: "Secure Route Optimization for MIPv6 Using Enhanced CGA and DNSSEC", 《IEEE SYSTEMS JOURNAL》 * |
| 刘猛 等: "防止堆栈溢出返回地址攻击的两种方法", 《计算机应用》 * |
| 谢汶兵 等: "基于Libsafe库的缓冲区溢出检测算法改进", 《计算机科学》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259718A (en) * | 2021-04-27 | 2021-08-13 | 深圳市锐明技术股份有限公司 | Video stream encryption method and device, communication equipment and storage medium |
| CN114339765A (en) * | 2021-11-25 | 2022-04-12 | 国网河南省电力公司电力科学研究院 | Differential protection data interactive chain type verification method and system based on 5G communication |
| CN114339765B (en) * | 2021-11-25 | 2024-01-19 | 国网河南省电力公司电力科学研究院 | Differential protection data interactive chain type verification method and system based on 5G communication |
| CN114153391A (en) * | 2021-11-26 | 2022-03-08 | 山东云海国创云计算装备产业创新中心有限公司 | Data storage method, device and equipment based on register and storage medium |
| CN114153391B (en) * | 2021-11-26 | 2024-02-27 | 山东云海国创云计算装备产业创新中心有限公司 | Data storage method, device, equipment and storage medium based on register |
| CN116701069A (en) * | 2022-02-25 | 2023-09-05 | 腾讯科技(深圳)有限公司 | Data path testing method, device, apparatus, storage medium and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110363006B (en) | 2020-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110363006A (en) | The method that multichain Hash stack architecture and detection function return address are tampered | |
| EP2812836B1 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| US9202071B2 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| CN108446176A (en) | A kind of method for allocating tasks, computer readable storage medium and terminal device | |
| EP2842041B1 (en) | Data processing system and method for operating a data processing system | |
| US10628155B2 (en) | Complex multiply instruction | |
| US11210196B1 (en) | Systems and methods for locally streaming applications in a computing system | |
| CN1773449A (en) | Method, apparatus, and computer program product for implementing enhanced circular queue using loop counts | |
| CN109101276A (en) | The method executed instruction in CPU | |
| CN111160558B (en) | Quantum chip controller, quantum computing processing system and electronic device | |
| CN100470571C (en) | Micro-processor kernel used for cryptography arithmetic | |
| CN109409082A (en) | The method and device that return address is tampered in detection storehouse | |
| CN109409084A (en) | A kind of chained record storage organization that detection return address is tampered | |
| CN112181748A (en) | Concurrent test method, device, equipment and storage medium based on ring queue | |
| CN107526622A (en) | Rapid exception handling method and device for Linux | |
| CN107958414B (en) | Method and system for eliminating long transactions of CICS (common integrated circuit chip) system | |
| CN111680289B (en) | Chained hash stack operation method and device | |
| CN200941211Y (en) | Microprocessor kernal for cryptography calculation | |
| CN109446797A (en) | The device that return address is tampered in detection storehouse | |
| Furfaro et al. | Adaptive ladder queue: Achieving O (1) amortized access time in practice | |
| CN110378109A (en) | Reduce the method and system of chain type Hash stack performance loss | |
| CN110362502A (en) | The shadow cache optimization method and device of chain type Hash stack | |
| CN109508538A (en) | The stack architecture that return address is tampered in a kind of detection storehouse | |
| CN110348250A (en) | The hardware spending optimization method and system of multichain formula Hash stack | |
| CN109446798A (en) | Return address is tampered the device of history in detection storehouse |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |