CN115168911A - Method, apparatus and storage medium for providing security protection for function calls - Google Patents

Method, apparatus and storage medium for providing security protection for function calls Download PDF

Info

Publication number
CN115168911A
CN115168911A CN202210726002.3A CN202210726002A CN115168911A CN 115168911 A CN115168911 A CN 115168911A CN 202210726002 A CN202210726002 A CN 202210726002A CN 115168911 A CN115168911 A CN 115168911A
Authority
CN
China
Prior art keywords
register
value
target function
memory
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210726002.3A
Other languages
Chinese (zh)
Inventor
高斐
杜超
王峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Eswin Computing Technology Co Ltd
Original Assignee
Beijing Eswin Computing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Eswin Computing Technology Co Ltd filed Critical Beijing Eswin Computing Technology Co Ltd
Priority to CN202210726002.3A priority Critical patent/CN115168911A/en
Publication of CN115168911A publication Critical patent/CN115168911A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a method, a device and a storage medium for providing safety protection for function call, and relates to the technical field of computers. The method comprises the following steps: determining whether to perform security protection on the call of the target function; if the safety protection of the calling of the target function is determined, the value of at least one register is stored, and the value of the register is kept unchanged before and after the calling of the target function; and after the calling process of the target function is executed, the saved value of at least one register is obtained to check the corresponding register. According to the scheme of the embodiment of the application, the value of the register is stored before the target function is called, the stored value of the register is acquired after the target function is called, and the corresponding register is verified, and the stored value of the register is kept unchanged before and after the target function is called, so that whether the content of the register is tampered in the function calling process can be determined.

Description

Method, apparatus and storage medium for providing security protection for function calls
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a computer-readable storage medium for providing security protection for a function call.
Background
An Application Binary Interface (ABI) defines the specification of a function call, including defining which registers have values that remain unchanged before and after the function call (i.e., defining registers reserved across function call values). When a hacker attacks, the purpose of obtaining the control right is achieved by directly or indirectly tampering some registers or based on the memory content of some registers.
Therefore, the security problem of the function calling process needs to be solved.
Disclosure of Invention
Embodiments of the present application provide a method, an apparatus, and a computer-readable storage medium for providing security protection for a function call, which are intended to solve at least one technical problem in the prior art.
According to a first aspect of embodiments of the present application, there is provided a method for providing security protection for a function call, the method comprising:
determining whether to perform security protection on the call of the target function;
if the safety protection is determined to be carried out on the calling of the target function, the value of at least one register is stored, and the value of the register is kept unchanged before and after the calling of the target function;
and after the calling process of the target function is executed, the saved value of at least one register is obtained to check the corresponding register.
In one possible implementation manner, a user is provided with a newly added interface of the compiler to specify an objective function to be subjected to security protection, and the newly added interface includes an attribute value setting interface of the objective function or a compiling switch.
In another possible implementation manner, the obtaining of the value of the at least one register to check the corresponding register includes:
acquiring the values of at least one register which are saved one by one as reference values;
comparing the obtained reference value with the value of the corresponding register, and if the obtained reference value is inconsistent with the value of the corresponding register, carrying out early warning or error reporting;
the step of comparing the obtained reference value with the value of the corresponding register is repeatedly executed until all the saved registers are traversed.
In another possible implementation, the saving the value of the at least one register includes:
and storing the value of the at least one register by using a memory space managed by one memory unit in the memory.
In another possible implementation manner, the obtaining the saved values of the at least one register one by one as reference values includes:
acquiring the value of at least one register stored in the memory space managed by the memory unit one by one to a temporary register;
taking the value of the temporary register as the reference value.
In another possible implementation manner, before the value of the at least one register is saved by using a memory space managed by one memory unit in the memory, the method further includes:
and setting the address of the memory unit in the memory through a link script or a newly added interface of a compiler.
In another possible implementation, the saving the value of the at least one register includes:
and storing the value of the at least one register by using a hardware register management memory.
According to a second aspect of embodiments of the present application, there is provided an apparatus for providing security protection for a function call, the apparatus comprising:
the determining module is used for determining whether to carry out safety protection on the calling of the target function;
the storage module is used for storing the value of at least one register if the safety protection is determined to be carried out on the calling of the target function, and the value of the register is kept unchanged before and after the calling of the target function;
and the checking module is used for acquiring the value of the saved at least one register to check the corresponding register after executing the calling process of the target function.
According to a third aspect of embodiments of the present application, there is provided an electronic apparatus, including: comprising a memory, a processor and a computer program stored on the memory, the processor executing the computer program to perform the steps of the method for providing security protection for function calls as set forth in the first aspect above.
According to a fourth aspect of embodiments of the present application, there is provided a computer-readable storage medium, which, when being executed by a processor, implements the steps of the method for providing security protection for a function call as shown in the first aspect described above.
The technical scheme provided by the embodiment of the application has the following beneficial effects:
if the call of the target function is determined to be safely protected, the value of at least one register is saved, the saved value of at least one register is acquired to check the corresponding register after the call process of the target function is executed, and the value of the saved register is kept unchanged before and after the call of the target function, so that the value of the register is saved before the call of the target function, and the saved value of the register is acquired to check the corresponding register after the call of the target function, so that whether the content of the register is tampered in the call process of the function can be determined.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a method for providing security protection for a function call according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for providing security protection for a function call according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an apparatus for providing security protection for a function call according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described below in conjunction with the drawings in the present application. It should be understood that the embodiments set forth below in connection with the drawings are exemplary descriptions for explaining technical solutions of the embodiments of the present application, and do not limit the technical solutions of the embodiments of the present application.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
An Application Binary Interface (ABI) defines the specification of function calls, including: how the parameters of the function are passed and how the return values are accepted, e.g., whether all parameters are passed through a stack (stack) or part of parameters are passed through registers; which register is used for which function parameter; whether the first function parameter passed through the stack is the most advanced (push) stack or the last push; which registers have values that remain unchanged before and after the function call (i.e., registers reserved access calls are defined across function call values).
In some CPU architectures, for example: in the fifth generation RISCV, a Reduced Instruction Set Computer (RISC), a stack pointer register (SP) and a return address Register (RA) determine a return address of a function during a function call. When compiling the function, the compiler generates prologue and epilogue assembly codes before and after the function processing, wherein the prologue codes are responsible for stack reservation and register storage, and the epilogue codes are responsible for register restoration, stack restoration and other operations.
Specifically, in the prologue code of the function foo, the compiler reserves a space in the stack by modifying the SP and stores the RA in the stack, so that the function foo can restore the RA and the SP in the epilogue code of the function foo after a subsequent call to a sub-function, and return to the next instruction calling the function foo according to the restored RA.
Both hacking and software bugs (bugs) can disrupt the above process, for example: the SP is modified before exiting the function to a value other than when the SP entered the function, resulting in the SP pointing to the wrong address, which in turn results in the value of the saved register (e.g., RA) not being recoverable, eventually resulting in the program not returning to the next instruction that called the function foo as expected.
Therefore, there is a certain security problem in the function calling process.
In view of the foregoing technical problems in the prior art, embodiments of the present application provide a method, an apparatus, and a computer-readable storage medium for providing security protection for a function call.
First, a description is given of a related art of the embodiment of the present application.
Stacks, also known as stacks, are a linear table with limited operation. A linear table is defined in which insert and delete operations are performed only at the end of the table. One end is called the top of the stack and the opposite end is called the bottom of the stack. Inserting a new element into a stack, also known as push, push or push, is a push operation in the stack that places the new element on top of the top element, making it the new top element. Deleting an element from a stack, also known as popping or popping, is a pop operation in a stack that deletes the top-of-stack element, making its neighbors the new top-of-stack element.
The function call is realized by a stack frame, which refers to the part of the stack space allocated for a function call separately. When the running program calls another function, a new stack frame is applied, and the stack frame of the original function is saved (at the moment, the function is not executed completely, and only another function is called).
Next, the technical solutions of the embodiments of the present application and the technical effects produced by the technical solutions of the present application will be described below through the description of several exemplary embodiments. It should be noted that the following embodiments may be referred to, referred to or combined with each other, and the description of the same terms, similar features, similar implementation steps and the like in different embodiments is not repeated.
Fig. 1 is a flowchart illustrating a method for providing security protection for a function call according to an embodiment of the present disclosure. The method shown in fig. 1 comprises:
s101, determining whether to perform security protection on the calling of the target function.
S102, if the safety protection of the calling of the target function is determined, the value of at least one register is stored, and the value of the register is kept unchanged before and after the calling of the target function.
S103, after the calling process of the target function is executed, the value of the saved at least one register is obtained, and the corresponding register is checked.
In this embodiment, if it is determined that security protection is performed on the call of the target function, the value of the at least one register is saved, and after the call process of the target function is performed, the saved value of the at least one register is acquired to check the corresponding register.
Note that, in this embodiment, the saved register has a value that remains unchanged before and after the function call, and therefore, is also referred to as a register reserved across the function call value. For example: SP, RA may be included.
It should be understood that in this embodiment, all cross-call reserved registers that are of interest to the user may be saved, or the saved registers may be dynamically adjusted according to the needs of the user.
Therefore, in the embodiment of the present application, the value of the saving register is similar to a pre-stored standard reference, if security protection needs to be performed on the call of a certain function, the value of the saving register is saved before the function call, and after the function call, the value of the saving register can be used for comparison and verification, so as to determine whether the content of the saving register is tampered in the function call process.
It should also be understood that, in this embodiment, if it is determined that the call to the target function is not to be secured based on the instruction input by the user, the call process of the target function is directly executed to restore the value of the register corresponding to the target function.
In some embodiments, the user is provided with a new interface of the compiler for specifying the target function to be subjected to the security protection, and the new interface comprises an attribute value setting interface or a compiling switch of the target function. Specifically, a user can designate whether a certain function needs safety call protection or not through a newly added interface of the compiler, and the compiler determines whether to perform safety protection on the call of the function or not according to user input. The new interface includes an attribute value setting interface or a compiling switch of the target function, for example: an attribute interface or compiler marks compiler flags, an attribute setting with an object function as a fine granularity can be performed by adopting the attribute interface, and most of object functions which need to provide security protection can be determined by adopting a compiling switch with a file as a unit.
A possible implementation manner is provided in the embodiment of the present application, and the process of obtaining the value of the saved at least one register and verifying the corresponding register in S103 may specifically include:
s1031, acquiring the saved values of at least one register one by one to serve as reference values;
s1032, the obtained reference value is compared with the value of the corresponding register, and if the obtained reference value is inconsistent with the value of the corresponding register, early warning or error reporting is carried out.
S1033, repeatedly executing the step of comparing the acquired reference value with the value of the corresponding register until all the saved registers are traversed.
That is, in this embodiment, if it is determined that the call to the target function is to be secured based on an instruction input by a user, the value of at least one register is saved, and after the call process of the target function is performed, the saved values of the registers are acquired one by one as reference values, and then the corresponding registers are checked based on the acquired reference values one by one.
Specifically, in this embodiment, each time a value of a saved register is obtained, the value is used as a reference value to be compared with a value of a corresponding register, if the two values are inconsistent, an early warning or error report is performed, and then a value of a saved register is obtained and used as a reference value to be compared with a value of a corresponding register until all saved registers are traversed, so that it is possible to effectively warn that the content of a register concerned by a user is tampered in a function calling process, and the security of the function calling process can be improved.
For example: the saved values of the registers reserved across function calls include: comparing the values of SP, RA, S0, S1 and S2, which are stored in the obtained memory, as a reference value SP-ref with the value of SP, and if the values of SP and RA are not consistent, performing early warning or error reporting;
comparing the obtained value of RA stored in the memory as a reference value RA-ref with the value of RA, and if the two values are not consistent, performing early warning or error reporting;
comparing the value of S0 stored in the obtained memory as a reference value S0-ref with the value of S0, and if the two values are not consistent, performing early warning or error reporting;
comparing the value of S1 stored in the obtained memory as a reference value S1-ref with the value of S1, and if the two values are not consistent, performing early warning or error reporting;
and comparing the obtained value of S2 stored in the memory as a reference value S2-ref with the value of S2, and if the two values are not consistent, performing early warning or error reporting.
It should be noted that, in the comparison process, if the two are consistent, it indicates that the content of the corresponding register is not damaged or tampered in the function calling process.
Specifically, in the foregoing implementation manner, the process of saving the value of the at least one register in step 102 may specifically include: the value of at least one register is stored using a memory space managed by a memory unit in the memory.
In this embodiment, a memory space managed by a memory unit may be utilized to simulate stack space in an SP. Specifically, a memory location can be designated as a pointer variable in the memory, and the pointer variable is denoted as P, where P points to a specific memory space. The memory space may then resemble a stack, P resembling an SP pointer, with the difference that P is a unit of memory rather than a register, so that temporary registers may be used to hold intermediate results when operations involving loads and stores are involved. The saving of the register is then similar to the push operation in stack.
That is, in this embodiment, the memory space is managed by P, and at least one register is stored in the memory space managed by P.
As an example, the at least one register includes: SP, RA, cross-call reserved registers A, B, the process of saving the value of at least one register is: and sequentially storing the SP value, the RA value, the register A value and the register B value into the specific memory space pointed by the P.
A possible implementation manner is provided in the embodiment of the present application, and S1031 may specifically include:
acquiring the value of at least one register stored in a memory space managed by a memory unit one by one to a temporary register;
the value of the temporary register is taken as a reference value.
In this embodiment, fetching the value of a register from memory is similar to pop operations in stack.
Following the above example, the process of obtaining the values of at least one register one by one is: the method comprises the steps of obtaining the SP value, the RA value, the S0 value, the S1 value and the S2 value which are stored in the memory space pointed by the memory unit P to the temporary register t0 one by one, taking the temporary register t0 as a reference value to be compared and checked with the corresponding register value in the step S1032 until the values of all registers stored in the memory space pointed by the memory unit P are traversed, so that whether the content of the register is tampered in the target function calling process is determined, if a certain reference value is inconsistent with the corresponding register value, early warning or error reporting is carried out, the content of the register concerned by a user can be effectively early warned that the content of the register is tampered in the function calling process, and therefore the safety of the function calling process can be improved.
A possible implementation manner is provided in the embodiment of the present application, before step 102, the method may further include:
and setting the address of the memory unit in the memory through a link script or a newly added interface of a compiler.
In this embodiment, the method for specifying the memory unit P may be to set P to a specific address through a linker script, or may be set through a newly added interface (e.g., compiler flags) of the compiler.
It should be noted that, in the above embodiments, the method for specifying the memory space may be similar to the method for specifying the memory unit P, or the user may set the memory space at the time of initialization of the compiler.
A possible implementation manner is provided in the embodiment of the present application, and the process of saving the value of the at least one register in step 102 may specifically include: the memory managed by a hardware register is used for storing the value of at least one first register.
That is, in this embodiment, in order to improve the efficiency of saving and restoring the values of the registers, a hardware register may be employed, such as: and the sp _ shadow management memory is used for storing the value of at least one register.
Specifically, if it is determined that the call of the target function is to be safely protected based on the instruction input by the user, the value of the at least one register may be saved in the memory managed by one hardware register, and after the call process of the target function is executed, the value of the at least one register is acquired one by one from the memory managed by the hardware register, and the corresponding register is verified based on the value.
Fig. 2 is a flowchart illustrating a method for providing security protection for a function call according to an embodiment of the present disclosure. The method shown in fig. 2 is applied to a compiler, and the method includes:
s201, judging whether security protection is carried out on the calling of the target function. If yes, go to step 202, if no, go to step 203 and end.
In this embodiment, a user may specify whether a target function needs security call protection through an interface (e.g., an attribute interface or compiler flags) added by the compiler, and the compiler determines whether to perform security protection on the call of the target function according to the input of the user.
S202, saving the value of at least one register. This register is a register reserved for cross calls.
In this embodiment, the value of at least one register is saved if the call to the target function is determined to be secured based on the instruction entered by the user. There are various ways to save the value of at least one register, two ways are listed below:
the first mode is as follows: the memory space pointed to by a specified one of the memory locations in memory is used to store the value of at least one of the registers.
The second mode is as follows: a hardware register managed memory is utilized to hold the value of at least one register.
That is, a memory location or a hardware register may be used to emulate an SP. The memory space managed by the memory unit or the hardware register is similar to stack of SP.
And S203, executing a calling process of the target function.
In this embodiment, the calling process of executing the target function includes: in the prologue code of the target function, a compiler reserves a stack space in a stack by modifying SP, saves RA in the stack space, calls the target function and restores the values of RA and SP in the epilogue code of the target function after execution. It should be understood that in this embodiment, the prologue code and epilogue code of the objective function may refer not only to the SP and RA, but also to other registers.
And S204, acquiring the saved values of at least one register one by one as reference values.
In this embodiment, for example: if the values of SP and RA are stored in the first manner, the value of SP stored in the memory space pointed by the memory unit P is obtained to the temporary register t0, and the value SP-ref of the temporary register t0 is used as a reference value.
S205, judging whether the acquired reference value is consistent with the value of the corresponding register. If not, S206 is executed, and if not, S207 is executed.
In this embodiment, it is determined whether the reference value SP-ref coincides with the value of SP.
S206, early warning or error reporting.
In this embodiment, if the reference value SP-ref is consistent with the value of SP, it indicates that the content of SP is not damaged or tampered in the calling process of the target function, and if the reference value SP-ref is not consistent with the value of SP, an early warning or an error report is performed, so that it can be effectively early-warned that the content of the user SP has been tampered in the calling process of the target function.
S207, judging whether all the saved registers are traversed, if so, ending, otherwise, repeating the steps S204-S206 until all the saved registers are traversed.
For example, in the embodiment of the present application, a value of RA stored in a memory space pointed by the memory unit P needs to be acquired to the temporary register t0, and a value RA-ref of the temporary register t0 is used as a reference value to be compared with a value of RA, if the two values are consistent, it is indicated that the content of RA is not damaged or tampered in the target function calling process, and if the two values are inconsistent, an early warning or error reporting is performed, so as to effectively warn that the content of the user RA is tampered in the target function calling process.
To sum up, according to the method for providing security protection for function call provided in the embodiment of the present application, if it is determined that security protection is performed on call of a target function based on an instruction input by a user, a value of at least one register is saved, and after a call process of the target function is executed, the saved value of the at least one register is obtained to check the corresponding register.
In the process of checking the corresponding register based on the obtained saved register value, when a saved register value is obtained, the saved register value is used as a reference value to be compared with the corresponding register value, if the saved register value is not consistent with the corresponding register value, early warning or error reporting is carried out, then a saved register value is obtained, the saved register value is used as a reference value to be compared with the corresponding register value until all saved registers are traversed, the fact that the content of the register concerned by a user is tampered in the function calling process can be effectively warned, and the safety of the function calling process can be improved.
It should be noted that, although the above example is applied in a compiler, according to the working principle of the compiler itself, the binary code of the executable file generated by the compiler also provides security protection for the call of the specified target function when the binary code runs in the processor. In the process of executing the code, it only needs to execute all the steps shown in fig. 2, and unlike the scenario of the compiler, it is not necessary to determine the target function for security protection according to the input of the user, and at this time, it is possible to determine whether the function call is security protected or not when the code is executed.
Fig. 3 provides a function calling apparatus according to an embodiment of the present application. As shown in fig. 3, the apparatus 30 may include: a determination module 301, a saving module 302 and a verification module 303. Wherein,
the determining module 301 is used for determining whether to secure the call of the target function.
The saving module 302 is configured to save a value of at least one register if it is determined that security protection is performed on the call of the target function, where the value of the saved register remains unchanged before and after the call of the target function.
The checking module 303 is configured to, after executing a calling process of the target function, obtain a value of the stored at least one register and check the corresponding register.
Furthermore, a user can specify an objective function to be subjected to safety protection through a newly added interface of the compiler, wherein the newly added interface comprises an attribute value setting interface or a compiling switch of the objective function.
Further, when the checking module 303 obtains the value of the saved at least one register to check the corresponding register, the checking module is specifically configured to: acquiring the values of at least one register which are saved one by one as reference values; comparing the obtained reference value with the value of the corresponding register, and if the obtained reference value is inconsistent with the value of the corresponding register, carrying out early warning or error reporting; the step of comparing the obtained reference value with the value of the corresponding register is repeatedly executed until all the saved registers are traversed.
Further, the saving module 302 is specifically configured to: the value of at least one register is stored using a memory space managed by a memory unit in the memory.
Further, when the checking module 303 acquires the saved values of the at least one register one by one as the reference value, it is specifically configured to: acquiring the value of at least one register stored in a memory space managed by a memory unit one by one to a temporary register; the value of the temporary register is taken as a reference value.
Further, the determining module 301 is further configured to: the address of the memory unit in the memory is set through a link script or a newly added interface of a compiler.
Further, the saving module 302 is specifically configured to: the memory managed by a hardware register is used to store the value of at least one register.
The device 30 according to the embodiment of the present application may execute the method for providing security protection for function call, and the implementation principle and the achievable effect are similar, actions performed by each module in the device according to the embodiments of the present application correspond to steps in the method according to the embodiments of the present application, and for detailed function description of each module in the device, reference may be specifically made to the description in the method for providing security protection for function call in the foregoing, and details are not repeated here.
It should be noted that, in the embodiment of the present application, the division of the unit is schematic, and is only one logic function division, and when the actual implementation is realized, another division manner may be provided. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functioning unit and sold or used as a stand-alone product, may be stored in a processor readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In an embodiment of the present application, an electronic device is provided, which includes a memory, a processor, and a computer program stored in the memory, where the processor executes the computer program to implement the steps of the method for providing security protection for a function call provided in the embodiment of the present application, and compared with the prior art, the method can implement: if the call of the target function is determined to be safely protected based on the instruction input by the user, the value of at least one register is saved, the saved value of at least one register is obtained to check the corresponding register after the call process of the target function is executed, and the saved value of the register is kept unchanged before and after the call of the target function, so that whether the content of the register is tampered in the function call process can be determined by saving the value of the register before the call of the target function and obtaining the saved value of the register to check the corresponding register after the call of the target function.
In an electronic device provided in an embodiment of the present application, as shown in fig. 4, the compiler 400 shown in fig. 4 includes: a processor 401 and a memory 403. Wherein the processor 401 is coupled to the memory 403, such as via a bus 402.
Processor 401 may be a CPU (Central Processing Unit), general purpose Processor, DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit), FPGA (Field Programmable Gate Array), or other Programmable logic device, transistor logic, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 401 may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Bus 402 may include a path that transfers information between the above components. The bus 402 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 402 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
The Memory 403 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact disk Read Only Memory) or other optical disk storage, optical disk storage (including Compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium, other magnetic storage devices, or any other medium that can be used to carry or store a computer program and that can be Read by a computer, without limitation.
The memory 403 is used for storing computer programs for executing the embodiments of the present application, and is controlled by the processor 401 for execution. The processor 401 is adapted to execute a computer program stored in the memory 403 to implement the steps shown in the aforementioned method embodiments.
Embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, and when being executed by a processor, the computer program may implement the steps and corresponding contents of the foregoing method embodiments.
The processor-readable storage medium may be any available medium or data storage device that can be accessed by a processor, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memories (NAND FLASH), solid State Disks (SSDs)), etc.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
It should be understood that, although each operation step is indicated by an arrow in the flowchart of the embodiment of the present application, the implementation order of the steps is not limited to the order indicated by the arrow. In some implementation scenarios of the embodiments of the present application, the implementation steps in the flowcharts may be performed in other sequences as desired, unless explicitly stated otherwise herein. In addition, some or all of the steps in each flowchart may include multiple sub-steps or multiple stages based on an actual implementation scenario. Some or all of these sub-steps or stages may be performed at the same time, or each of these sub-steps or stages may be performed at different times, respectively. Under the scenario that the execution time is different, the execution sequence of the sub-steps or phases may be flexibly configured according to the requirement, which is not limited in the embodiment of the present application.
The foregoing is only an optional implementation manner of a part of implementation scenarios in this application, and it should be noted that, for those skilled in the art, other similar implementation means based on the technical idea of this application are also within the protection scope of the embodiments of this application without departing from the technical idea of this application.

Claims (10)

1. A method for providing security protection for function calls, comprising:
determining whether to perform security protection on the call of the target function;
if the safety protection of the calling of the target function is determined, storing the value of at least one register, wherein the value of the register is kept unchanged before and after the calling of the target function;
and after the calling of the target function is executed, the saved value of at least one register is obtained to check the corresponding register.
2. The method of claim 1, wherein the user is provided with an additional interface of the compiler for specifying the target function to be protected, and the additional interface comprises an attribute value setting interface of the target function or a compiling switch.
3. The method according to claim 1 or 2, wherein the obtaining the saved value of the at least one register to check the corresponding register comprises:
acquiring the values of at least one register which are saved one by one as reference values;
comparing the obtained reference value with the value of the corresponding register, and if the obtained reference value is inconsistent with the value of the corresponding register, carrying out early warning or error reporting;
the step of comparing the obtained reference value with the value of the corresponding register is repeatedly executed until all the saved registers are traversed.
4. The method of claim 3, wherein saving the value of the at least one register comprises:
and storing the value of the at least one register by using a memory space managed by one memory unit in the memory.
5. The method according to claim 4, wherein said obtaining the saved values of at least one register one by one as reference values comprises:
acquiring the value of at least one register stored in the memory space managed by the memory unit one by one to a temporary register;
taking the value of the temporary register as the reference value.
6. The method of claim 4 or 5, wherein before saving the value of the at least one register using memory space managed by a memory unit in memory, the method further comprises:
and setting the address of the memory unit in the memory through a link script or a newly added interface of a compiler.
7. The method of claim 1 or 2, wherein saving the value of the at least one register comprises:
and storing the value of the at least one register by using a hardware register management memory.
8. An apparatus for providing security protection for function calls, comprising:
the determining module is used for determining whether to carry out safety protection on the calling of the target function;
the storage module is used for storing the value of at least one register if the safety protection of the calling of the target function is determined, wherein the value of the register is kept unchanged before and after the calling of the target function;
and the checking module is used for acquiring the value of the saved at least one register and checking the corresponding register after executing the calling process of the target function.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to implement the steps of the method for providing security protection for function calls of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for providing security protection for function calls of any of claims 1 to 7.
CN202210726002.3A 2022-06-23 2022-06-23 Method, apparatus and storage medium for providing security protection for function calls Pending CN115168911A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210726002.3A CN115168911A (en) 2022-06-23 2022-06-23 Method, apparatus and storage medium for providing security protection for function calls

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210726002.3A CN115168911A (en) 2022-06-23 2022-06-23 Method, apparatus and storage medium for providing security protection for function calls

Publications (1)

Publication Number Publication Date
CN115168911A true CN115168911A (en) 2022-10-11

Family

ID=83487773

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210726002.3A Pending CN115168911A (en) 2022-06-23 2022-06-23 Method, apparatus and storage medium for providing security protection for function calls

Country Status (1)

Country Link
CN (1) CN115168911A (en)

Similar Documents

Publication Publication Date Title
CN106560830A (en) Linux embedded system safety protection method and system
CN103778373A (en) Virus detection method and device
CN112541310B (en) Logic comprehensive control method and device
CN110325994B (en) Apparatus and method for enhancing control flow integrity of software applications
CN109271789B (en) Malicious process detection method and device, electronic equipment and storage medium
CN112286828B (en) Testing method and system for intelligent contracts of block chains
JP2019215847A (en) Reducing buffer overflow
CN110414218B (en) Kernel detection method and device, electronic equipment and storage medium
CN115062307A (en) Open POWER-based program integrity verification method, system, terminal and storage medium
CN111897711A (en) Method and device for positioning bug in code, electronic equipment and readable storage medium
CN111797390B (en) Program running method, program running device, electronic equipment and computer readable storage medium
CN110688320B (en) Global variable detection method and device and terminal equipment
CN110765008B (en) Data processing method and device
US11853412B2 (en) Systems and methods for defeating stack-based cyber attacks by randomizing stack frame size
CN110688198B (en) System calling method and device and electronic equipment
CN112631613A (en) Intelligent contract deploying and calling method based on block chain platform and related equipment
CN115168911A (en) Method, apparatus and storage medium for providing security protection for function calls
CN115629795A (en) Configuration method and device of executable file and electronic equipment
CN115033873A (en) Dynamic injection method and device
CN109388948B (en) Virtualization technology-based potential malware analysis method and related device
KR100580071B1 (en) Detcting method for memory error
KR101341328B1 (en) User definition api function creation
CN108875369B (en) Control flow integrity checking method and device and computer storage medium
EP3944103A1 (en) Method for operational check of software program, electronic device and storage medium
CN106897588B (en) Processing method and device of label function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination