CN1447244A - Method designed in CPU for detecting buffer area overflow - Google Patents
Method designed in CPU for detecting buffer area overflow Download PDFInfo
- Publication number
- CN1447244A CN1447244A CN 03116217 CN03116217A CN1447244A CN 1447244 A CN1447244 A CN 1447244A CN 03116217 CN03116217 CN 03116217 CN 03116217 A CN03116217 A CN 03116217A CN 1447244 A CN1447244 A CN 1447244A
- Authority
- CN
- China
- Prior art keywords
- cpu
- return address
- buffer zone
- secret key
- overflow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Executing Machine-Instructions (AREA)
Abstract
This invention discloses a designing method for detecting overbrim in buffer zone of CPU for suppressing more and more evil attacks happened in internet making use of buffer overbrim characterizing in inserting ciphered return address as safety backup between stack frame to compare the ciphered return address and cleartext return address to detect the covery on the ratun address by the attacker, at the same time, different methods are put forward to optimize instructions and executing units with the advantages of not changing decoder and chain, not influence the executive efficiency of codes and allowing designers to select between saving memory and increasing safety without changing program.
Description
Technical field
The present invention relates to the method that the detecting buffer zone of a kind of design in CPU overflows.
Background technology
It is one of the most frequently used hacking technique that buffer zone overflows (claiming storehouse to overflow again) attack.It is that some programming languages itself determine that buffer zone overflows, as the C language.The border of buffer zone do not checked in the C language.In some cases,, will cover other data fields, cause " buffer zone overflows " if the data length of user's input surpasses the given buffer zone of application program.
Generally speaking, the data that cover other data fields are nonsensical, cause application error at most, but, if the data of input are well-designed through " hacker ", the data of covering buffer zone are hacker's invasion program code exactly, and the hacker has just obtained the control of program.In order to realize that buffer zone overflows, must satisfy two conditions: 1 input attack code; 2 force processor to carry out attack code.Utilize storehouse to destroy and attack and can satisfy this two conditions with comparalive ease, this also is that storehouse destroys the reason of attacking the main mode that becomes buffer overflow attack.
The principle that storehouse destroys attack is as follows, is the structure of program stack shown in Fig. 1 a, is that storehouse destroys the synoptic diagram of attacking shown in Fig. 1 b:
1. the hacker finds out the buffer zone that a storehouse that can overflow distributes.
2. the hacker puts into internal memory with attack code, can skip to this attack code when returning with convenient function.
3. the hacker covers the return address on the storehouse, and control is transferred to attack code, and program is carried out attack code and obtained superuser right or carry out other malicious operation.
Owing to carry out the consideration of efficient aspect from code, operating system itself with and on many application programs all be usefulness C language compilation, this has greatly influenced the security of computing machine.Along with popularizing of internet, utilize buffer zone to overflow the attack that (claiming worm again) carry out and accounted for about half of network attack.So being badly in need of a kind of method detects buffer overflow attack and makes a response.
Existingly tackle the method that buffer zone overflows and mostly realize with software.The shortcoming that realizes with software approach will rewrite code or recompility, and inevitably code is carried out the bigger influence of efficient generation.Some hardware approachs are also arranged, but still there is leak or too complicated and be difficult to realize in these methods.
Summary of the invention
The purpose of this invention is to provide the method that the detecting buffer zone of a kind of design in CPU overflows.
Its step is as follows
1) secret key register of definition in CPU;
2) between the stack frame, insert the return address of encrypting as carrying out safety backup with secret key register;
3) return address of relatively encrypting and return address are expressly detected buffer zone and are overflowed;
4), just trigger the buffer zone overflow exception and handle if find buffer overflow attack;
5) under the situation that program is not done to change, support enabling or forbidding of buffer zone defencive function.
Advantage of the present invention is that method is simple and reliable; Hardware costs is little; Make full use of the concurrency of performance element, influenced the execution efficient of code hardly; Solve by hardware fully, do not need to revise software, and the change of this part hardware configuration is fully transparent to the software engineer.
Description of drawings
Fig. 1 a is stack architecture figure;
Fig. 1 b is that stack buffer area overflows synoptic diagram;
Fig. 2 is the inner structure block diagram that has shown the CPU of a simplification;
Fig. 3 a is the streamline synoptic diagram of the CPU of a simplification;
Fig. 3 b is the synoptic diagram of the streamline vacancy of jump instruction generation;
Fig. 4 is that the detecting buffer zone overflows the internal memory synoptic diagram;
Fig. 5 is the process flow diagram after RISC CPU enters subroutine.
Embodiment
For the present invention being done better explanation, this instructions will be done a brief introduction to structure and the streamline of CPU, and with it as parsing of the present invention.But the present invention has versatility to various CPU.Fig. 2 has shown the inner structure block diagram of the CPU of a simplification.A CPU roughly writes back unit 6 by CPU control register group unit 2, instruction fetch unit 3, instruction decoding and transmitting instructions unit 4, functional module group 5 and data and forms.Unit 2 is mainly used in the operation of having controlled CPU.Below a brief introduction is done in the operation of an instruction in the CPU.Its step can roughly be divided into:
1) unit 3 extracts instruction from internal memory (or on the sheet cache memory section), gives unit 4.
2) unit 4 decides the functional module that will go of instruction by decoding, does not exist can accept new instruction with the dependence of instructing previously and functional module the time when instructing, and a certain module in the unit 5 is given with instruction in unit 4.
3) unit 5 execution commands, also different according to the difference of CPU to the division of instruction execution unit, generally speaking comprise ALU, memory storage unit, multiplier-divider and Float Point Unit etc.After functional module executed instruction, execution result can be given unit 6.
4) unit 6 writes back to data result in the general purpose register set of CPU, changes the state of CPU, thereby has finished the operation of an instruction.
In order to improve the efficient of CPU executive routine, CPU takes the executive mode of pipeline organization usually.Fig. 2 a has shown the instruction pipelining operation of the CPU of Fig. 1, wherein, and IF: instruction fetch; DE: instruction decoding and emission; EX: ordering calculation; WB: the result writes back.Can have 4 instructions to carry out simultaneously as can be seen in some clock period by Fig. 3 a, they are distributed in the different unit.Therefore in fact CPU can finish an instruction in a clock period.But when CPU has transfer-control instruction, generally need could obtain jump target addresses after decoding, at this moment the streamline of CPU has a vacancy, shown in Fig. 3 b.
Basic characteristics of the present invention are to insert the return addresses of encryption as carrying out safety backup between stack frame and stack frame more.Covered encryption address or address expressly if the hacker utilizes buffer zone to overflow, even two addresses are capped simultaneously, the result after this carrying out safety backup deciphering has only the minimum probability can be identical with the plaintext return address, and for 32 bit CPUs, this probability is 1/2
32This has guaranteed substantially that buffer zone overflows and can have been detected reliably.
The present invention is by increase ciphering unit and stack management logic in CPU, thereby a kind of hardware implementation method is provided; Increase the quantity of information that instruction comprises simultaneously, the concurrency that makes full use of instruction execution unit guarantees executing efficiency.
In order to find that buffer zone overflows, as shown in Figure 4, insert the return address of encrypting in stack interframe.A secret key register at first is set in CPU, and the value of this register can directly load a random number by code and go into CPU; Also can oneself produce by CPU is inner.This value is uncertain between different CPU, also is inconsistent between the distinct program storehouse of same CPU, but should remain unchanged in same program stack.
Add a new control domain in the control register group, the sign buffer zone overflows and enables.Overflow when enabling at buffer zone, just can carry out following operations.
Because CISC is different with risc instruction set, below will be divided into two parts implementation is stated.
In RISC CPU, its step is as follows:
1) in CPU, preserves one and encrypt secret key register.
2) when subroutine is jumped in control (as the jsri instruction of MCORE) will be pressed into storehouse top (as be r0+1 in MCORE) with the return address that secret key is encrypted.But do not change stack pointer (as the r0 in MCORE).Place a register among the CPU and write down this special state.Because shifting control is to be finished by different execution modules with stored memory, so this operation can not influence the execution efficient of instruction.
3) if subroutine does not have self stack frame, stack pointer remains unchanged so.If subroutine has the stack frame of self, compiler can guarantee if storehouse is operated, should first mobile stack pointer.Based on this hypothesis, in subroutine, when running into the instruction that changes stack pointer, if register M is at special state, then stack pointer is moved storage spaces more, with guarantee to be pressed in the step 2 storehouse the encryption return address do not covered by the stack frame of subroutine.These operations are transparent to compiler, and hardware has guaranteed the correctness of operation.
4) in subroutine, placed the stack space of return address originally and still put into expressly function return address.Before subroutine is returned, still the inner general-purpose register of CPU is fetched in the plaintext return address.That is to say the assembly code that does not need to change subroutine fully.
5) when subroutine is returned (as the jmp r15 in MCORE) fetches (storage unit that is current stack pointer place) to the return address of encrypting, and stack pointer deducted a storage unit.To make comparisons with return address expressly after the return address deciphering of encryption,, represent that then buffer zone has taken place to be overflowed if inconsistent.Because shifting control is to be finished by different execution modules with reading internal memory, this step can not influence execution efficient yet.
6) when subroutine is returned, will make comparisons with return address expressly after the return address deciphering of encryption, if inconsistent, represent that then buffer zone has taken place to be overflowed.
7) when overflowing, triggers buffer zone the buffer zone abnormality processing.When stack buffer area overflows generation, it is inconsistent with the plaintext return address promptly to encrypt the return address, just preserve current PC, while hardware trigger buffer zone overflow exception, in exception vector table, add the buffer zone overflow exception, can be in exception handler by the countermeasure of programmer's decision at buffer overflow attack.
In CISC CPU, its step is as follows:
1) in CPU, preserves one and encrypt secret key register.
2) jump into subroutine simultaneously when control, will be pressed into the storehouse top continuously with return address and the plaintext address that secret key is encrypted.Stack pointer moves a storage unit more.So the vacancy of streamline when utilize shifting is should operation little to the influence of the execution efficient of instruction.
3) when subroutine is returned, order is fetched the return address of expressly return address and encryption, and stack pointer is deducted a storage unit more.To make comparisons with return address expressly after the return address deciphering of encryption,, represent that then buffer zone has taken place to be overflowed if inconsistent.Utilize the streamline vacancy equally, this step also not conference influence is carried out efficient.
4) when overflowing, triggers buffer zone the buffer zone abnormality processing.When stack buffer area overflows generation, it is inconsistent with the plaintext return address promptly to encrypt the return address, just preserve current PC, while hardware trigger buffer zone overflow exception, in exception vector table, add the buffer zone overflow exception, can be in exception handler by the countermeasure of programmer's decision at buffer overflow attack.
In sum, adopting method for designing of the present invention, is to sacrifice internal memory to exchange security for.But the return address of function has only accounted for a very little part in storehouse, and in the modern system design, it is inappreciable moving this part shared internal memory of this cover mechanism.And security more and more becomes the emphasis of design.In addition, the present invention can open or close buffer zone as required and overflows detecting function and select to improve security or save internal memory.
Claims (9)
1. the detecting buffer zone of a design in the CPU method of overflowing, it is characterized in that: its step is as follows
1) secret key register of definition in CPU;
2) between the stack frame, insert the return address of encrypting as carrying out safety backup with secret key register;
3) return address of relatively encrypting and return address are expressly detected buffer zone and are overflowed;
4), just trigger the buffer zone overflow exception and handle if find buffer overflow attack;
5) under the situation that program is not done to change, support enabling or forbidding of buffer zone defencive function.
2. a kind of design according to claim 1 method that the detecting buffer zone overflows in CPU, it is characterized in that: said in CPU the definition a secret key register, utilize secret key register to come the secret key of storage encryption, in the multi-threaded system of a plurality of program stacks was arranged, the content of secret key register changed with the switching of program stack.
3. the method that the detecting buffer zone of a kind of design according to claim 1 in CPU overflows, it is characterized in that: the said return address of encrypting with secret key register of inserting between the stack frame is as carrying out safety backup, utilize secret key to encrypt the return address, and the return address and the return address expressly of encrypting existed in the storehouse simultaneously.
4. the method that the detecting buffer zone of a kind of design according to claim 1 in CPU overflows, it is characterized in that: said return address of relatively encrypting and return address are expressly detected buffer zone and are overflowed, when subroutine was returned, verification was encrypted and return address expressly judges that whether buffer zone takes place overflows.
5. the method that the detecting buffer zone of a kind of design according to claim 1 in CPU overflows, it is characterized in that: if said discovery buffer overflow attack, just triggering the buffer zone overflow exception handles, detecting buffer zone when overflowing, automatically transfer control to exception handler, avoided program jump in hacker's malicious code.
6. the method that the detecting buffer zones in CPU overflow according to claim 1 or 3 described a kind of designs, it is characterized in that: said return address and return address expressly with encryption exists in the storehouse simultaneously, in RISC CPU, the internal memory operation that utilizes the concurrency of CPU built-in command performance element to eliminate to be increased is to Effect on Performance, when execution is jumped into subroutine instruction and is returned father's programmed instruction, shift performance element and memory access unit firing order to control simultaneously, the return address is encrypted in operation when control is shifted.
7. the method that the detecting buffer zones in CPU overflow according to claim 1 or 3 described a kind of designs; it is characterized in that: said return address and return address expressly with encryption exists in the storehouse simultaneously; need in RISC CPU, add the stack pointer management logic with the proper operation of protection storehouse; add a register and write down whether to have and encrypt the return address and be stored on the stack top, wait on the stack pointer and moving.
8. the method that the detecting buffer zones in CPU overflow according to claim 1 or 3 described a kind of designs, it is characterized in that: said return address and return address expressly with encryption exists in the storehouse simultaneously, in CISC CPU, streamline vacancy when utilize shifting reduces internal memory operation to Effect on Performance, jumps into subroutine instruction and returns father's programmed instruction and preserve or read two addresses (encryption address and plaintext address) continuously.
9. the method that the detecting buffer zone of a kind of design according to claim 5 in CPU overflows; it is characterized in that: under the said situation of not doing to change in program; support enabling or forbidding of buffer zone defencive function; between saving internal memory and raising security, to make one's options; whether adding enables steering logic, control above-mentioned hardware cell and work.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03116217 CN1447244A (en) | 2003-04-03 | 2003-04-03 | Method designed in CPU for detecting buffer area overflow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03116217 CN1447244A (en) | 2003-04-03 | 2003-04-03 | Method designed in CPU for detecting buffer area overflow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1447244A true CN1447244A (en) | 2003-10-08 |
Family
ID=28050517
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03116217 Pending CN1447244A (en) | 2003-04-03 | 2003-04-03 | Method designed in CPU for detecting buffer area overflow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1447244A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101211388B (en) * | 2006-12-27 | 2010-05-19 | 财团法人资讯工业策进会 | Device and method for producing and using characteristic code for monitoring program |
| CN101158891B (en) * | 2007-11-19 | 2010-07-21 | 中国科学院计算技术研究所 | Apparatus and method for checking floating point stack overflow on non-CISC processor |
| CN101241464B (en) * | 2007-02-05 | 2010-08-18 | 中兴通讯股份有限公司 | Method for checking stack frame destruction |
| CN101866406A (en) * | 2010-06-18 | 2010-10-20 | 中国科学院软件研究所 | Stack overflow attack defense method |
| CN1877547B (en) * | 2005-03-31 | 2011-05-11 | 英特尔公司 | Providing extended memory protection |
| US8127276B2 (en) | 2006-12-13 | 2012-02-28 | Institute For Information Industry | Apparatus, method, and computer readable medium thereof for generating and utilizing a feature code to monitor a program |
| CN102707933A (en) * | 2005-02-18 | 2012-10-03 | 高通股份有限公司 | Method and apparatus for managing a return stack |
| CN103150521A (en) * | 2013-03-07 | 2013-06-12 | 周海林 | High-performance microprocessor register and elastic memory address protective method thereof |
| CN104520868A (en) * | 2012-08-06 | 2015-04-15 | 英赛瑟库尔公司 | System for detecting a modification of a subprogram call stack |
| CN111030991A (en) * | 2019-11-06 | 2020-04-17 | 温州大学 | Method for defending control flow attack for data processor |
| CN111868722A (en) * | 2018-03-16 | 2020-10-30 | 德克萨斯仪器股份有限公司 | Processor with hardware supported memory buffer overflow detection |
| CN112784261A (en) * | 2021-01-04 | 2021-05-11 | 北京蓝军网安科技发展有限责任公司 | Method for program execution and corresponding system, computer device and medium |
| US11120130B2 (en) * | 2015-11-12 | 2021-09-14 | Samsung Electronics Co., Ltd. | Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation |
-
2003
- 2003-04-03 CN CN 03116217 patent/CN1447244A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102707933A (en) * | 2005-02-18 | 2012-10-03 | 高通股份有限公司 | Method and apparatus for managing a return stack |
| CN102707933B (en) * | 2005-02-18 | 2017-03-01 | 高通股份有限公司 | Method and apparatus for managing return stack |
| CN1877547B (en) * | 2005-03-31 | 2011-05-11 | 英特尔公司 | Providing extended memory protection |
| US8127276B2 (en) | 2006-12-13 | 2012-02-28 | Institute For Information Industry | Apparatus, method, and computer readable medium thereof for generating and utilizing a feature code to monitor a program |
| CN101211388B (en) * | 2006-12-27 | 2010-05-19 | 财团法人资讯工业策进会 | Device and method for producing and using characteristic code for monitoring program |
| CN101241464B (en) * | 2007-02-05 | 2010-08-18 | 中兴通讯股份有限公司 | Method for checking stack frame destruction |
| CN101158891B (en) * | 2007-11-19 | 2010-07-21 | 中国科学院计算技术研究所 | Apparatus and method for checking floating point stack overflow on non-CISC processor |
| CN101866406A (en) * | 2010-06-18 | 2010-10-20 | 中国科学院软件研究所 | Stack overflow attack defense method |
| CN104520868A (en) * | 2012-08-06 | 2015-04-15 | 英赛瑟库尔公司 | System for detecting a modification of a subprogram call stack |
| CN104520868B (en) * | 2012-08-06 | 2017-08-08 | 英赛瑟库尔公司 | For detecting the system that allocating stack is distorted |
| CN103150521B (en) * | 2013-03-07 | 2015-05-13 | 周海林 | High-performance microprocessor register and elastic memory address protective method thereof |
| CN103150521A (en) * | 2013-03-07 | 2013-06-12 | 周海林 | High-performance microprocessor register and elastic memory address protective method thereof |
| US11120130B2 (en) * | 2015-11-12 | 2021-09-14 | Samsung Electronics Co., Ltd. | Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation |
| CN111868722A (en) * | 2018-03-16 | 2020-10-30 | 德克萨斯仪器股份有限公司 | Processor with hardware supported memory buffer overflow detection |
| CN111030991A (en) * | 2019-11-06 | 2020-04-17 | 温州大学 | Method for defending control flow attack for data processor |
| CN111030991B (en) * | 2019-11-06 | 2022-02-11 | 温州大学 | Method for defending control flow attack for data processor |
| CN112784261A (en) * | 2021-01-04 | 2021-05-11 | 北京蓝军网安科技发展有限责任公司 | Method for program execution and corresponding system, computer device and medium |
| CN112784261B (en) * | 2021-01-04 | 2023-10-27 | 北京蓝军网安科技发展有限责任公司 | Method for program operation and corresponding system, computer device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI769595B (en) | Processors, methods, systems, and instructions to protect shadow stacks | |
| KR101706496B1 (en) | Systems and methods for preventing unauthorized stack pivoting | |
| CN111124498A (en) | Apparatus and method for speculative execution side channel mitigation | |
| US5721927A (en) | Method for verifying contiquity of a binary translated block of instructions by attaching a compare and/or branch instruction to predecessor block of instructions | |
| US9336125B2 (en) | Systems and methods for hardware-assisted type checking | |
| CN1447244A (en) | Method designed in CPU for detecting buffer area overflow | |
| US20220156082A1 (en) | Spectre fixes with indirect valid table | |
| US9996356B2 (en) | Method and apparatus for recovering from bad store-to-load forwarding in an out-of-order processor | |
| EP4020280A1 (en) | Dynamic detection of speculation vulnerabilities | |
| CN116893894A (en) | Synchronous micro-threading | |
| TWI807371B (en) | Spectre repair method using predictor mode tags and microprocessor | |
| Chappell et al. | Microarchitectural support for precomputation microthreads | |
| EP4020188A1 (en) | Hardening load hardware against speculation vulnerabilities | |
| EP4020192A1 (en) | Hardening branch hardware against speculation vulnerabilities | |
| US20220207154A1 (en) | Dynamic mitigation of speculation vulnerabilities | |
| CN114647596A (en) | Context-based loop branch prediction | |
| US20230418934A1 (en) | Control flow integrity to prevent potential leakage of sensitive data to adversaries | |
| US11308214B2 (en) | Binary translation for hardened software security | |
| EP4020278A1 (en) | Hardening execution hardware against speculation vulnerabilities | |
| EP4020277A1 (en) | Data tainting to mitigate speculation vulnerabilities | |
| EP4020281A1 (en) | Hardening registers against speculation vulnerabilities | |
| US20220091851A1 (en) | System, Apparatus And Methods For Register Hardening Via A Micro-Operation | |
| WO2017119981A1 (en) | An area/energy complex regular expression pattern matching hardware filter based on truncated deterministic finite automata (dfa) | |
| TWI852619B (en) | Processors to protect shadow stacks | |
| CN114692140A (en) | Hardening storage hardware for speculative vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |