CN111898130A - Fine-grained control flow integrity protection implementation method and system - Google Patents
Fine-grained control flow integrity protection implementation method and system Download PDFInfo
- Publication number
- CN111898130A CN111898130A CN202010600005.3A CN202010600005A CN111898130A CN 111898130 A CN111898130 A CN 111898130A CN 202010600005 A CN202010600005 A CN 202010600005A CN 111898130 A CN111898130 A CN 111898130A
- Authority
- CN
- China
- Prior art keywords
- control flow
- address
- legal
- jump
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 239000012634 fragment Substances 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 8
- 230000003068 static effect Effects 0.000 claims description 5
- 230000009191 jumping Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 8
- 238000013461 design Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 239000003550 marker Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 239000011362 coarse particle Substances 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 239000010419 fine particle Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000000146 jump and return pulse sequence Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a method and a system for realizing fine-grained control flow integrity protection. The method comprises the following steps: obtaining legal indirect control flow of a plurality of code segments in a target program; replacing the jump address corresponding to each code segment with a preset low-order code of a control flow instruction address based on the legal indirect control flow; and adding a preset null instruction as a legal jump destination mark of the indirect control flow for each code segment. According to the embodiment of the invention, the jump address labels among the code segments in the program operation are replaced by the low-order codes of the address of the jump instruction, so that the hardware overhead of the memory operation is greatly reduced, and meanwhile, the safety is improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for realizing fine-grained control flow integrity protection.
Background
In program development, a memory bug usually exists, and the memory bug refers to a problem that a programmer has time or space design errors on the operation of a memory in the process of writing software, so that the program may make behaviors violating the design of the program. The attacker can construct various attacks by using the memory loophole of the program and execute malicious behaviors.
During exploitation of vulnerabilities, it is often necessary to bypass a widely used defense: NX protect, i.e., the writeable data is not executable. This prevents an attacker from directly injecting attack code, but instead needs to organize the code fragments of the attacked program itself to complete the attack. Therefore, such attacks are referred to as code reuse attacks. The key to a code reuse attack is to organize the code fragments according to the design of the attacker. To achieve arbitrary concatenation of code fragments, indirect branch instructions are typically required. Indirect branch instructions refer to a series of branch instructions that use a register or pointer in memory as a target address, rather than a fixed code address in the code. Indirect branch instructions generally include indirect calls, indirect jump and return instructions. For example, an attacker can certainly execute an instruction jmp RAX, which is an indirect jump instruction. If an attacker can control the value of RAX, it is possible to jump to an instruction sequence of arbitrary address. If the next instruction sequence ends with another indirect branch, it can also continue to jump to other arbitrary address sequences in the same way. Each indirect branch may be of a different kind or a single kind: an indirect call (e.g., call RAX) indirect jump (e.g., jMPRAX) returns an instruction (return, pops an address from the stack and jumps).
In order to protect against code-multiplexing attacks, the concept of Control-flow integrity protection (CFI) has been proposed. The control flow integrity protection refers to analyzing a program before the program runs to obtain a legal control flow of the program. The program is run to check whether the control flow conforms to the results of the analysis. CFI can be broadly divided into coarse and fine particle sizes: fine granularity means that the source and destination addresses of each (indirect) control flow are marked with labels, e.g. a to b, c to d, making a fine distinction. While coarse granularity generally refers to marking only one code fragment as a destination address for indirect control flow transfers. If a through b, c through d are legitimate, then b and d will be marked as legitimate destinations. Whereas a to d and c to b are legal in coarse grain CFI as well. It can thus be seen that fine-grained CFIs are safer, while coarse-grained CFIs are simpler to implement.
At present, a CPU only has a coarse-grained hardware design, and a special null instruction is generally introduced to mark a legal destination address. For example, the IBT in the Intel CET has the ENDBRANCH instruction added to it. This instruction is placed at the entry of all legitimate jump targets. When an indirect branch occurs, the CPU checks whether the destination address of the branch is the ENDBRANCH instruction, and if not, the CPU considers that an attack has occurred. The BTI of ARM is also of similar design.
Therefore, it is necessary to provide a method for implementing control flow integrity protection based on fine granularity, which solves the above-mentioned shortcomings.
Disclosure of Invention
Embodiments of the present invention provide a method and a system for implementing fine-grained control flow integrity protection, so as to solve the above problems or at least partially solve the above problems.
In a first aspect, an embodiment of the present invention provides a method for implementing fine-grained control flow integrity protection, including:
obtaining legal indirect control flow of a plurality of code segments in a target program;
replacing a preset low-order address corresponding to the jump address of each code segment with a preset low-order code of a control flow instruction address based on the legal indirect control flow;
and adding a preset null instruction as a legal jump destination mark of the indirect control flow for each code segment.
Further, the obtaining of the legal indirect control flow of the plurality of code segments in the target program specifically includes:
decomposing the target program into a plurality of code segments;
and performing static analysis on the code segments to obtain a path set from each code segment to the next code segment allowing jumping, and taking the path set as the legal indirect control flow.
Further, the replacing, based on the legal indirect control flow, the preset low-order address of the jump address corresponding to each code fragment with the preset low-order code of the control flow instruction address specifically includes:
acquiring a source label and a destination label of each code segment;
and according to the jump sequence of the legal indirect control flow, respectively replacing the preset low-order address of the source jump address corresponding to the source label and the preset low-order address of the target jump address corresponding to the target label with the preset low-order codes.
Further, the replacing, according to the jump sequence of the legal indirect control flow, the preset low-order address of the source jump address corresponding to the source tag and the preset low-order address of the destination jump address corresponding to the destination tag with the preset low-order codes respectively, further includes:
if the source jump address of the current code segment comprises a preset low-order code and the target jump address corresponding to the next code segment has the same preset low-order code as the current code segment, judging that the source jump address of the current code segment is a legal source jump address;
and if the preset low-order coding set of the next code segment contains the source jump address of at least one current code segment, judging that the source jump address of the at least one current code segment is a legal source jump address set.
In a second aspect, an embodiment of the present invention provides a system for implementing fine-grained control flow integrity protection, including:
the acquisition module is used for acquiring legal indirect control flow of a plurality of code segments in the target program;
a replacing module, configured to replace, based on the legal indirect control flow, a preset low-order address of the jump address corresponding to each code fragment with a preset low-order code of a control flow instruction address;
and the marking module is used for adding a preset null instruction for each code segment to serve as a legal jump target mark of the indirect control flow.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
the fine-grained control flow integrity protection implementation method comprises the following steps of a memorizer, a processor and a computer program which is stored on the memorizer and can run on the processor, wherein the processor executes the program to realize the steps of any fine-grained control flow integrity protection implementation method.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of any of the fine-grained control flow integrity protection implementation methods.
According to the fine-grained control flow implementation method and system provided by the embodiment of the invention, the jump address labels among the code segments in the program operation are replaced by the low-order codes of the addresses of the jump instructions, so that the hardware overhead of the memory operation is greatly reduced, and the safety is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a fine-grained control flow integrity protection implementation method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a prior art path result based on static analysis;
FIG. 3 is a diagram illustrating the implementation result of coarse-grained control flow integrity protection in the prior art;
FIG. 4 is a diagram illustrating the implementation result of the integrity protection of a common fine-grained control flow in the prior art;
FIG. 5 is a diagram illustrating the implementation result of the fine-grained control flow integrity protection provided by the embodiment of the present invention;
fig. 6 is a structural diagram of a system for implementing integrity protection of a fine-grained control flow according to an embodiment of the present invention;
fig. 7 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In the prior art, the coarse-grained CFI allows some control flow paths which should not be allowed, so that an attacker has many paths which can be used for constructing an attack; fine-grained CFI design all needs to use a tag register, adds tags to execute at the source and the destination of control flow transfer, and source tag instruction updates the tag register, and destination tag instruction checks whether the current tag register is a legal tag, so there are two problems: firstly, the hardware loss is too large, generally about 2.5%, and is also the most main reason for the informal use in the business industry; the second is that there is no good solution for the case where a single target is marked as multiple tags.
In view of the above problems, the embodiments of the present invention use the low order bits of the address as tags to perform fine-grained CFI check, and modify the instruction logic of indirect branch, so that the hardware loss is almost zero, and provide a very simple solution for the case where a single target is marked as multiple tags.
Fig. 1 is a flowchart of a fine-grained control flow integrity protection implementation method provided in an embodiment of the present invention, and as shown in fig. 1, the method includes:
s1, obtaining legal indirect control flow of a plurality of code segments in the target program;
s2, replacing the preset low-order address of the jump address corresponding to each code segment with the preset low-order code of the control flow instruction address based on the legal indirect control flow;
and S3, adding a preset null instruction as a legal jump destination mark of the indirect control flow for each code segment.
Specifically, a program to be protected is analyzed, the program consists of a plurality of code fragments, a path of legal jump in the code fragments, namely legal indirect control flow, is obtained, jump among the primary code fragments is based on a label address, namely whether the path between a source address and a destination address is a legal path or not is identified, the logic of transfer of the indirect control flow is modified, the low n bits of the destination address of the control flow are changed into the low n bits of the address of the instruction, and the low bits of the address equivalent to the jump are copied by the low bits of the current jump instruction. Similarly, a special mark instruction, namely a preset null instruction is used for completing the check similar to the coarse grain CFI, namely the target mark ENDBR used as a legal jump; here, the compiler is modified to reorder the binary so that all indirect calls are equal to the lower n bits of its legitimate destination address.
According to the embodiment of the invention, the jump address labels among the code segments in the program operation are replaced by the low-order codes of the address of the jump instruction, so that the hardware overhead of the memory operation is greatly reduced, and meanwhile, the safety is improved.
Based on the above embodiment, step S1 in the method specifically includes:
decomposing the target program into a plurality of code segments;
and performing static analysis on the code segments to obtain a path set from each code segment to the next code segment allowing jumping, and taking the path set as the legal indirect control flow.
Specifically, in the embodiment shown in fig. 2, the program is divided into 5 code segments, i.e., code segments A, B, C, D and E, and static analysis is performed on the code segments to obtain the allowed jump paths: A-B, A-C, B-D, C-D and D-E, which are the set of paths as the legal indirect control flow.
In the coarse-grained CFI shown in FIG. 3, endbr is a marker instruction, while B-C and B-E are illegal paths, but since the jump instruction and the marker instruction are the same, the above two illegal attacks cannot be prevented.
In the ordinary fine-grained CFI in the embodiment shown in fig. 4, since it is necessary to set a tag register set and check a tag register check, the source address of the code segment a is set to 5, the destination address and the source address of the code segments B and C are set to 5 and 7, respectively, and the destination addresses of the code segments D and E are set to 7, in the illegal paths B-C and B-E, only B-C can be protected, but B-E cannot be protected. Here, if there is only a single tag per location, the code segment CDE needs to share the tag, and there is an attack that cannot defend against.
It should be noted that, the program may be embodied as any combination of code segments and any legal jump therebetween, and the above-mentioned figures are only one example, and the embodiment of the present invention does not limit this.
Based on any of the above embodiments, step S2 in the method specifically includes:
acquiring a source label and a destination label of each code segment;
and according to the jump sequence of the legal indirect control flow, respectively replacing the preset low-order address of the source jump address corresponding to the source label and the preset low-order address of the target jump address corresponding to the target label with the preset low-order codes.
Wherein, according to the jump sequence of the legal indirect control flow, the preset low-order address of the source jump address corresponding to the source label and the preset low-order address of the target jump address corresponding to the target label are respectively replaced by the preset low-order codes, further comprising:
if the source jump address of the current code segment comprises a preset low-order code and the target jump address corresponding to the next code segment has the same preset low-order code as the current code segment, judging that the source jump address of the current code segment is a legal source jump address;
and if the preset low-order coding set of the next code segment contains the source jump address of at least one current code segment, judging that the source jump address of the at least one current code segment is a legal source jump address set.
Specifically, in the embodiment shown in fig. 5, based on a common fine-grained CFI, the instruction compilation is modified, the binary file is rearranged, the lower-order address of the source address of the code segment a and the destination addresses of the code segments B and C are modified into the lower-order address of the control flow control instruction, such as the bit "XX 05" shown in the figure, wherein the lower-order address of the source address of the code segment B is modified into the bit "XX 07", the lower-order address of the source address of the code segment C is modified into the bit "XX 08", the lower-order address of the destination address of the code segment D is modified into the bit "XX 07" and the bit "XX 08", the lower-order address of the destination address of the code segment E is modified into the bit "XX 08", and when the jump address is not the end, an attack is considered to occur, and all illegal path attacks can be defended. Here, the code segment D includes two destination addresses, that is, the problem of single target multiple addresses is solved, although different jump instructions have different instruction address low-order codes, both the code segment B and the code segment C can jump to D and execute the code, and each jump address can have a different source address tag. Because the low order of the address is directly replaced by the low order code of the control instruction, the jump does not always need to start with the jump function, but the jump can be corresponding to a preset null instruction in a range interval, and the scene requirement of the multi-label control flow is met.
Here, a preset null instruction is uniformly added at the destination addresses of the code segments B, C, D and E as a destination tag of a legal jump, a check similar to a coarse grain CFI is completed, if the tag does not exist in the entry, the entry is regarded as an illegal path, and the access is rejected.
Fig. 6 is a structural diagram of a system for implementing integrity protection of a fine-grained control flow according to an embodiment of the present invention, as shown in fig. 6, including: an acquisition module 61, a replacement module 62 and a marking module 63; wherein:
the obtaining module 61 is configured to obtain a legal indirect control flow of a plurality of code segments in the target program; the replacing module 62 is configured to replace a preset low-order address corresponding to the jump address of each code segment with a preset low-order code of the control flow instruction address based on the legal indirect control flow; the marking module 63 is configured to add a preset null instruction to each code segment as a mark of a legal jump destination of the indirect control flow.
The system provided by the embodiment of the present invention is used for executing the corresponding method, the specific implementation manner of the system is consistent with the implementation manner of the method, and the related algorithm flow is the same as the algorithm flow of the corresponding method, which is not described herein again.
According to the embodiment of the invention, the jump address labels among the code segments in the program operation are replaced by the low-order codes of the address of the jump instruction, so that the hardware overhead of the memory operation is greatly reduced, and meanwhile, the safety is improved.
Fig. 7 illustrates a physical structure diagram of an electronic device, and as shown in fig. 7, the electronic device may include: a processor (processor)710, a communication Interface (Communications Interface)720, a memory (memory)730, and a communication bus 740, wherein the processor 710, the communication Interface 720, and the memory 730 communicate with each other via the communication bus 740. Processor 710 may call logic instructions in memory 730 to perform the following method: obtaining legal indirect control flow of a plurality of code segments in a target program; replacing a preset low-order address corresponding to the jump address of each code segment with a preset low-order code of a control flow instruction address based on the legal indirect control flow; and adding a preset null instruction as a legal jump destination mark of the indirect control flow for each code segment.
In addition, the logic instructions in the memory 730 can be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the transmission method provided in the foregoing embodiments when executed by a processor, and for example, the method includes: obtaining legal indirect control flow of a plurality of code segments in a target program; replacing a preset low-order address corresponding to the jump address of each code segment with a preset low-order code of a control flow instruction address based on the legal indirect control flow; and adding a preset null instruction as a legal jump destination mark of the indirect control flow for each code segment.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (7)
1. A method for implementing the integrity protection of a fine-grained control flow is characterized by comprising the following steps:
obtaining legal indirect control flow of a plurality of code segments in a target program;
replacing a preset low-order address corresponding to the jump address of each code segment with a preset low-order code of a control flow instruction address based on the legal indirect control flow;
and adding a preset null instruction as a legal jump destination mark of the indirect control flow for each code segment.
2. The method for implementing fine-grained control flow integrity protection according to claim 1, wherein the obtaining of the legal indirect control flow of a plurality of code segments in the target program specifically includes:
decomposing the target program into a plurality of code segments;
and performing static analysis on the code segments to obtain a path set from each code segment to the next code segment allowing jumping, and taking the path set as the legal indirect control flow.
3. The fine grain control flow integrity protection implementation method of claim 1, wherein the replacing, based on the legal indirect control flow, the preset low-order address of the jump address corresponding to each code fragment with a preset low-order code of a control flow instruction address specifically includes:
acquiring a source label and a destination label of each code segment;
and according to the jump sequence of the legal indirect control flow, respectively replacing the preset low-order address of the source jump address corresponding to the source label and the preset low-order address of the target jump address corresponding to the target label with the preset low-order codes.
4. The fine grain control flow integrity protection implementation method according to claim 3, wherein the replacing, according to the jump sequence of the legal indirect control flow, the preset low-order address of the source jump address corresponding to the source tag and the preset low-order address of the destination jump address corresponding to the destination tag with the preset low-order codes respectively, further includes:
if the source jump address of the current code segment comprises a preset low-order code and the target jump address corresponding to the next code segment has the same preset low-order code as the current code segment, judging that the source jump address of the current code segment is a legal source jump address;
and if the preset low-order coding set of the next code segment contains the source jump address of at least one current code segment, judging that the source jump address of the at least one current code segment is a legal source jump address set.
5. A fine-grained control flow integrity protection implementation system, comprising:
the acquisition module is used for acquiring legal indirect control flow of a plurality of code segments in the target program;
a replacing module, configured to replace, based on the legal indirect control flow, a preset low-order address of the jump address corresponding to each code fragment with a preset low-order code of a control flow instruction address;
and the marking module is used for adding a preset null instruction for each code segment to serve as a legal jump target mark of the indirect control flow.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the fine grain control flow integrity protection implementation method of any one of claims 1 to 4 when executing the program.
7. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the fine grain control flow integrity protection implementation method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010600005.3A CN111898130B (en) | 2020-06-28 | 2020-06-28 | Method and system for realizing integrity protection of fine-grained control flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010600005.3A CN111898130B (en) | 2020-06-28 | 2020-06-28 | Method and system for realizing integrity protection of fine-grained control flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111898130A true CN111898130A (en) | 2020-11-06 |
| CN111898130B CN111898130B (en) | 2024-01-19 |
Family
ID=73207465
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010600005.3A Active CN111898130B (en) | 2020-06-28 | 2020-06-28 | Method and system for realizing integrity protection of fine-grained control flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111898130B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113296833A (en) * | 2021-04-30 | 2021-08-24 | 中国科学院信息工程研究所 | Method and device for identifying legal instruction in binary file |
| CN113312082A (en) * | 2021-04-30 | 2021-08-27 | 中国科学院信息工程研究所 | Method and device for identifying data mixed in instruction in binary file |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150356294A1 (en) * | 2014-06-09 | 2015-12-10 | Lehigh University | Methods for enforcing control flow of a computer program |
| CN105867880A (en) * | 2016-04-01 | 2016-08-17 | 中国科学院计算技术研究所 | Branch target buffer for indirect skip branch prediction and design method |
| US20170213039A1 (en) * | 2016-01-22 | 2017-07-27 | The University Of North Carolina At Chapel Hill | Methods, systems, and computer readable media for preventing code reuse attacks |
| US20180253547A1 (en) * | 2017-03-06 | 2018-09-06 | Intel Corporation | Control flow integrity |
| CN110276198A (en) * | 2019-06-14 | 2019-09-24 | 中国科学院信息工程研究所 | A kind of embedded changeable granularity control flow verification method and system based on probabilistic forecasting |
| US20190384693A1 (en) * | 2017-02-27 | 2019-12-19 | Huawei International Pte. Ltd. | Device and method for reinforcing control flow integrity of software application |
-
2020
- 2020-06-28 CN CN202010600005.3A patent/CN111898130B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150356294A1 (en) * | 2014-06-09 | 2015-12-10 | Lehigh University | Methods for enforcing control flow of a computer program |
| US20170213039A1 (en) * | 2016-01-22 | 2017-07-27 | The University Of North Carolina At Chapel Hill | Methods, systems, and computer readable media for preventing code reuse attacks |
| CN105867880A (en) * | 2016-04-01 | 2016-08-17 | 中国科学院计算技术研究所 | Branch target buffer for indirect skip branch prediction and design method |
| US20190384693A1 (en) * | 2017-02-27 | 2019-12-19 | Huawei International Pte. Ltd. | Device and method for reinforcing control flow integrity of software application |
| US20180253547A1 (en) * | 2017-03-06 | 2018-09-06 | Intel Corporation | Control flow integrity |
| CN110276198A (en) * | 2019-06-14 | 2019-09-24 | 中国科学院信息工程研究所 | A kind of embedded changeable granularity control flow verification method and system based on probabilistic forecasting |
Non-Patent Citations (2)
| Title |
|---|
| J.ZHANG ET AL.: "HCIC:Hardware-assisted control-flow integrity checking", 《IEEE INTERNET THINGS》, vol. 6, no. 1, pages 458 - 471, XP011711660, DOI: 10.1109/JIOT.2018.2866164 * |
| 柳童 等: "代码重用攻击与防御机制综述", 《信息安全学报》, vol. 1, no. 2, pages 13 - 28 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113296833A (en) * | 2021-04-30 | 2021-08-24 | 中国科学院信息工程研究所 | Method and device for identifying legal instruction in binary file |
| CN113312082A (en) * | 2021-04-30 | 2021-08-27 | 中国科学院信息工程研究所 | Method and device for identifying data mixed in instruction in binary file |
| CN113296833B (en) * | 2021-04-30 | 2024-03-05 | 中国科学院信息工程研究所 | Identification method and device for legal instructions in binary file |
| CN113312082B (en) * | 2021-04-30 | 2024-03-08 | 中国科学院信息工程研究所 | Identification method and device for data mixed in instructions in binary file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111898130B (en) | 2024-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8660264B2 (en) | Method and apparatus for minimizing differential power attacks on processors | |
| EP2107489A2 (en) | Obfuscating computer program code | |
| CN102959556B (en) | For guaranteeing the method that the processor of software integrity realizes | |
| JP7154365B2 (en) | Methods for securing software code | |
| US8281290B2 (en) | Software diversity using context-free grammar transformations | |
| CN111898130B (en) | Method and system for realizing integrity protection of fine-grained control flow | |
| CN110868405B (en) | Malicious code detection method and device, computer equipment and storage medium | |
| CN109409086B (en) | Device for detecting falsified return address in stack based on newly added instruction | |
| CA2258338C (en) | Method and apparatus for minimizing differential power attacks on processors | |
| US9405936B2 (en) | Code integrity protection by computing target addresses from checksums | |
| CN109409084B (en) | Chain type data storage structure for detecting falsified return address | |
| EP2937803B1 (en) | Control flow flattening for code obfuscation where the next block calculation needs run-time information | |
| CN102819703B (en) | For protecting the method and apparatus of web page attacks | |
| CN111898120B (en) | Control flow integrity protection method and device | |
| US10579457B1 (en) | Processor for achieving flow integrity and a method of providing notice of a fault in control flow | |
| CN111898119A (en) | Control flow integrity protection method, device, equipment and storage medium | |
| CN107506644B (en) | Security protection method for implicit constant threat in dynamically generated code | |
| US10044752B1 (en) | Null-byte injection detection | |
| CN109409083B (en) | Device for detecting return address tampering in stack | |
| US10776460B2 (en) | Proactive security system based on code polymorphism | |
| CN114637988A (en) | Binary-oriented function level software randomization method | |
| WO2022135686A1 (en) | Method for securing a computing device from memory corruption and computing device | |
| Pal et al. | Memory Corruption-Basic Attacks and Counter Measures | |
| Kim et al. | Fast and space-efficient defense against jump-oriented programming attacks | |
| CN114707143A (en) | Method and device for monitoring damage attack of memory data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |