KR102028704B1 - Method for Protecting Memory Against Code Insertion Attacks in Electronic Device - Google Patents

Method for Protecting Memory Against Code Insertion Attacks in Electronic Device Download PDF

Info

Publication number
KR102028704B1
KR102028704B1 KR1020160032045A KR20160032045A KR102028704B1 KR 102028704 B1 KR102028704 B1 KR 102028704B1 KR 1020160032045 A KR1020160032045 A KR 1020160032045A KR 20160032045 A KR20160032045 A KR 20160032045A KR 102028704 B1 KR102028704 B1 KR 102028704B1
Authority
KR
South Korea
Prior art keywords
task
stack
memory
area
space
Prior art date
Application number
KR1020160032045A
Other languages
Korean (ko)
Other versions
KR20170108332A (en
Inventor
김영호
문용혁
이윤경
정보흥
주홍일
김정녀
전용성
임재덕
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020160032045A priority Critical patent/KR102028704B1/en
Publication of KR20170108332A publication Critical patent/KR20170108332A/en
Application granted granted Critical
Publication of KR102028704B1 publication Critical patent/KR102028704B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3004Arrangements for executing specific machine instructions to perform operations on memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention applies data memory protection techniques to detect and block at the kernel level against illegal code injection attacks in application task internal operations, which are frequently exposed to security vulnerabilities, and correct addresses even when attack codes are inserted into the task stack. The present invention relates to a memory operation method in which a random address space layout technique is applied to prevent information from being predicted.

Description

{Method for Protecting Memory Against Code Insertion Attacks in Electronic Device}

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for operating a memory of an electronic device, and more particularly, to protect a electronic device by preventing a hacker's code insertion attack and execution of a data memory for a multi-task operating system in a lightweight embedded electronic device in an IoT environment. It is about a method.

In general, hacking attacks through the network infiltrate the inside mainly by using software vulnerabilities of target electronic devices or systems. Software vulnerabilities are used by attackers to inject code into electronic devices or system internal memory using attack techniques such as buffer overflows and to bypass execution control. In a lightweight embedded operating system of various electronic devices or systems supporting multiple tasks, the task and the kernel share a memory address space. Therefore, code injection attacks through relatively inadequate tasks can easily take over the entire system.

Against such code insertion attacks, general-purpose systems such as personal computers and servers are applying memory protection techniques at the operating system level to block hacking attacks by code insertion techniques. However, in the case of lightweight embedded devices in the IoT environment, due to the limited hardware resources and simple software operation, there is a lack of techniques for defending against code injection attacks.

Therefore, even when a light weight device having a limited hardware and software environment is exposed to an attack caused by a software vulnerability, a technique corresponding to the hacking attempt by a code inserter of an external attacker is required. In addition, the attack response technique should be applicable regardless of the operating system structure of the target device to be applied and the number of internal support tasks, and a hacking prevention technique with a consistent function should be provided.

Accordingly, the present invention has been made to solve the above-described problem, and an object of the present invention is that the dynamic execution environment of the internal software of the lightweight electronic device is easily exposed to an attack using an internal software vulnerability due to limited hardware resources. The present invention provides a method of operating a memory that protects an electronic device from an outside illegal hacking attack in an internet environment.

To this end, the present invention applies a data memory protection technique to detect and block at the kernel level against illegal code insertion attacks in the application task (execution state) internal operation that is exposed to many security vulnerabilities, the attack code It is to provide a memory operation method that applies a random address space layout technique so that even if is inserted into the task stack, it does not predict the correct address information.

Technical problems of the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the following descriptions.

First, to summarize the features of the present invention, a memory operating method for protecting against code insertion attack in an electronic device according to an aspect of the present invention for achieving the above object, for a predetermined space size of the memory in the control device, Establishing a protected area that is capable of reading and writing but forbidding the execution of the code; And controlling the read or write in the space of the memory corresponding to the protected area by the control device during program execution, even if the attack code is inserted in the space of the memory corresponding to the protected area during the program execution. In accordance with the control of the control device, characterized in that the execution of the attack code is made.

The space of the memory in which the protection zone is set may include a heap area or a global data area of a shared global memory space.

The space of the memory in which the protection zone is set may include a task stack area of a local memory space. Here, the task stack area may be a range of a task stack currently being executed.

The memory operating method may further include setting an area for a stack firewall which is prohibited from writing in the controller, wherein the area for the stack firewall has an address higher than an upper limit address of the currently running task stack. Set in local memory space.

The memory operating method may be configured to change the setting of the protection zone by moving to a range of a newly executed task stack under the control of the controller when the context of the currently executing task is changed, and setting the protection zone. Moving to said local memory space having a higher address of a task stack and setting up to set a zone for said stack firewall.

In addition, according to another aspect of the present invention, a method for operating a memory for protecting a code insertion attack from an electronic device may include generating a task control block for the new task in a local memory space of a memory when the controller generates a new task. Doing; And allocating a task stack for the new task to the local memory space in the controller, wherein in the allocating of the task stack, the task stack using random number processing so as not to be allocated to a predetermined position. It is characterized in that it is assigned to a random position.

In addition, an electronic device according to another aspect of the present invention includes a memory; And a control unit for performing a control for protection from a code insertion attack, wherein the control unit is configured to set a protection area that can read and write, but prohibit execution of code, to a predetermined amount of space of the memory; While the program is executed, the read or write is controlled in the space of the memory corresponding to the protected area, even if the attack code is inserted into the space of the memory corresponding to the protected area during the program execution, the prohibition of execution of the attack code is prevented. Can be controlled.

The space of the memory in which the protection zone is set may include a heap area or a global data area of a shared global memory space.

The space of the memory in which the protection zone is set may include a task stack area of a local memory space. The task stack area may be a range of a task stack currently being executed.

In the local memory space having an address higher than an upper limit address of the currently running task stack, the controller may set an area for a stack firewall for which writing is prohibited.

Upon switching the context of the currently running task, the control device moves to a range of a newly executed task stack and changes the setting to set the protection zone, and wherein the controller has a higher address of the newly executed task stack. The configuration change can be controlled to move to a local memory space and set up an area for the stack firewall.

When generating a new task, the controller generates a task control block for the new task in a local memory space of the memory, and allocates a task stack for the new task to the local memory space, wherein the new task Random task processing may be used to assign the task stack to any random location so that the task stack for is not assigned to a predetermined location.

According to the memory operating method of the electronic device according to the present invention, even if the kernel and the general tasks share the address space of the memory, it is possible to detect and block at the kernel level against illegal code insertion attacks in the internal operation of the application task (program execution state). Therefore, the present invention can be applied to lightweight electronic devices and the like in an IoT environment having limited hardware resources to effectively protect electronic devices from hacking attacks in a dynamic execution environment of internal software.

Further, according to the memory operating method of the electronic device according to the present invention, since the memory protection area can be easily implemented through the memory protection unit (MPU) by applying the data memory protection technique, the execution right and the write right for the data memory are prohibited. Minimize the cost of operation. In addition, only a limited number of memory protection units (MPUs) can effectively block code insertion attacks on data regions.

In addition, according to the memory operating method of the electronic device according to the present invention, stack allocation by a random function during task creation may make it difficult to predict the address of code illegally inserted into the stack by arranging the stack address space flexibly. In addition, it prevents the spread of malware by preventing the same attack code from being easily applied to other devices.

In addition, according to the memory operating method of the electronic device according to the present invention, since the operating system specificity is minimized, it can be applied to the operating system of a lightweight embedded device or any other various kinds of electronic devices.

1 is a view for explaining the structure of a multi-task support operating system memory according to an embodiment of the present invention.
2 is a diagram illustrating examples of a code insertion attack scenario according to an embodiment of the present invention.
3 is a view for explaining a memory operating method of an electronic device according to an embodiment of the present invention.
4A and 4B are diagrams for describing a memory operating method of an electronic device according to another embodiment of the present invention.
5 is a view for explaining a memory operating method of an electronic device according to another embodiment of the present invention.
FIG. 6 is a diagram illustrating a task generation method applying the task stack address space random allocation scheme of FIG. 5.
7 is a view for explaining an example of a method of implementing an electronic device having a memory according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail through exemplary drawings. In adding reference numerals to the components of each drawing, it should be noted that the same reference numerals are assigned to the same components as much as possible even though they are shown in different drawings. In addition, in describing the embodiments of the present invention, if it is determined that the detailed description of the related well-known configuration or function interferes with the understanding of the embodiments of the present invention, the detailed description thereof will be omitted.

In describing the components of the embodiments of the present invention, terms such as first, second, A, B, (a), and (b) may be used. These terms are only for distinguishing the components from other components, and the nature, order or order of the components are not limited by the terms. In addition, unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art, and shall not be construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

1 is a view for explaining the structure of a multi-task support operating system memory according to an embodiment of the present invention. In the present invention, for controlling and operating an operating system memory for a multi-task support lightweight embedded device using a single address space, which is applied to a lightweight electronic device in an IoT environment. A memory operating method will be described, but is not limited thereto. The memory operating method of the present invention may be applied to an operating system memory of all other various kinds of electronic devices.

Referring to FIG. 1, a multitasking supporting operating system memory according to an embodiment of the present invention may include a system shared global memory space S1 including a code region, a global data region, a heap region, and one. The task-specific local memory space S2 including the above task stack area (eg, 1 to n and n are natural numbers) is included. Such regions can be distributed and distributed in multiple stores, and can be treated and managed as a single store according to a single address space system.

The actual deployment may vary slightly between operating systems, but the existence and purpose of each of these areas apply equally. Since all tasks during kernel and program execution within a single address space can conceptually access the entire memory, the code area, global data area, and heap area (dynamic memory allocation space) are shared. Is done. On the other hand, in order to realize multiple task execution structures within a single address space, each task has a separate task stack area separate from the kernel stack.

In the present invention, the memory arrangement is largely divided into two types, a global memory space S1 shared by the entire system and a local memory space S2 for individual tasks. According to this division, as described below (see FIG. 5), the task stack region of the local memory space S2 of the present invention includes a task stack Z as a data region, and a task for task context switching. It includes a task control block (T). In contrast, the global memory space S1 includes a code region, a set of executable instructions, a heap, and a global data region at the same time. In a real lightweight embedded device, the code area is located inside a nonvolatile flash memory device, and the remaining area is located inside volatile memory such as static random access memory (SRAM) or dynamic random access memory (DRAM). .

2 is a diagram illustrating examples of a code insertion attack scenario according to an embodiment of the present invention. Figure 2 illustrates three code injection attack scenarios that are a security threat model to be detected and prevented in the present invention.

When the control device (e.g., MCU) executes a predetermined program in an electronic device having a predetermined operating system in a memory, in FIG. 2, first, scenario I is the most typical attack pattern, which is the task stack area Z4 currently being executed. Inserts the attack code (V1) into the function, and changes the function return address (V2) stored in the current task stack area (Z4) to overwrite, thereby changing the function return address (V2) changed when the function returns. In this case, the attack code V1 is executed immediately. As such a method for transferring execution control right to the attack code V1, various other methods for executing the attack code V1 may be used in addition to overwriting the stack internal function return address V2.

Scenario II is similar to scenario I, in which the attack code V1 is inserted into another stack area outside the stack area Z4 of the currently executing task, and the execution control is transferred to the attack code V1 when the function returns. .

Finally, scenario III inserts the attack code (V1) into the task stack area, that is, the heap area or global data area rather than the local memory space (S2), and transfers execution control to the attack code (V1) when the function returns. to be.

In the present invention, three techniques are used to cope with the attack of various scenarios as shown in FIG. The first is the global data protection scheme based on memory protection zone, the second is the local data protection scheme based on task stack firewall and memory protection zone, and the third is the task stack address randomization scheme based on task control block. to be. Such a technique may be applied in combination of two or more.

3 is a view for explaining a memory operating method of an electronic device according to an embodiment of the present invention. 3 illustrates a case in which global memory execution authority is prohibited by a memory protection zone based global data protection scheme in response to an attack code.

When a control device (eg, MCU) executes a predetermined program in an electronic device, a code insertion attack has two steps of inserting an attack code into a memory first and converting execution control right to the attack code as shown in FIG. 2. In order to prevent a code insertion attack, the memory protection area based global data protection scheme of the present invention is a method of preventing the address of the inserted attack code from being loaded into a program counter (PC).

The heap area Z3 and global data area Z2 of the system shared global memory space S1 identified above are used as data areas for dynamic data allocation and global variables at fixed locations for the entire life cycle of the system. Therefore, since the existence of executable code in this space (Z2, Z3) is illegal and can be regarded as an attack situation, the space (Z2, Z3) is defined as one memory protection zone (P0) and within the zone. You need a setting to prohibit code execution. In other words, the attack code may be inserted (write) into the spaces Z2 and Z3, but an exception may be generated at the moment of attempting to execute the attack code.

The memory protection area P0 may be implemented through a controller, for example, a memory protection unit (MPU) provided in hardware in a general embedded microcontroller unit (MCU). For example, when the size of the spaces Z2 and Z3 is within the 16 KB range, if a predetermined region of the memory protection unit (MPU) is set as an attribute of the memory protection area 0 (P0) of FIG. Code execution inside (Z2, Z3) becomes impossible, and illegal attempts by external attackers can be handled as exceptions. That is, when predetermined settings (read / write enabled, prohibit execution) of the memory protection area 0 (P0) are made in the memory protection unit (MPU) under the control of the control unit (MCU), the control unit (MCU) stores the memory. The control of the space size (for example, 16 KB) of the protection area 0 (P0) is controlled to be possible to read or write, but the code of the memory protection area 0 (P0) can be controlled to prevent execution. That is, the control unit MCU may control the address of the attack code not to be loaded into the program counter PC according to the setting of the memory protection zone 0 (P0). As a result, even if the kernel and general tasks share the address space (Z2, Z3) of memory, it can detect and block at the kernel level against illegal code insertion attacks in the internal operation of the task during program execution.

4A and 4B are diagrams for describing a memory operating method of an electronic device according to another embodiment of the present invention. 4A and 4B illustrate examples in which execution of an attack code is prohibited using a task stack firewall and a memory protection zone based local data protection technique.

Unlike the global data area Z2 and the heap area Z3 of the global memory space S1, the local memory space S2 having a stack area for each task has a different structure for each operating system. In particular, the stacks of executed tasks may not be placed at contiguous memory addresses, or in extreme cases there may be regions of completely different uses, such as code regions, between boundaries with other task stacks. Thus, it is difficult to protect the entire task stack with one memory protection zone configuration, such as global memory spaces Z2 and Z3. In addition, since setting as one memory protection zone per individual task stack requires as many memory protection zones as the number of tasks, implementation may be difficult or impossible in reality. Accordingly, the present invention proposes a task stack memory protection scheme and a task stack firewall as a method corresponding to scenario I and scenario II, which are attacks using the task stack, from among the attack scenarios of FIG. 2.

First, referring to FIG. 4A, the task stack memory protection scheme sets a memory protection zone 1 (P1) in the task stack region similarly to the global memory execution permission prohibition scheme (see FIG. 3), which is currently being executed. The memory protection area P1 is set only in the range of the stack Z4 of the task. Therefore, at the moment when the attack code is inserted in the stack Z4 of the currently executing task and the execution control is about to be transferred, an exception occurs according to the control of the control unit MCU (see FIG. 3). Correspondence is possible. On the other hand, in scenario II, since the attack code is inserted into a task stack other than the currently executing task stack (Z4) and execution control is transferred to the attack code, the attack code is not included in the previously set memory protection area (P1). Code execution can be enabled. Therefore, the operation of inserting the attack code into the other stack based on the currently executed task stack Z4 should be blocked, so that it can cope with the attack scenario II.

In the present invention, a technique called 'stack firewall (F)' is controlled to prevent writing to another stack (local memory space) beyond the stack Z4 area of the currently executing task. In general, the attack code insertion due to the overwrite attack on the stack is performed in the memory area having an address higher than the upper limit address (top) of the currently executing stack Z4 since the attack code insertion proceeds in the memory address ascending order. Therefore, the stack firewall F set in this area prevents attack code insertion from occurring outside the running task stack Z4 area even if the attack code is inserted by the overwrite attack of the currently executing task stack Z4. Technique. This stack firewall application example is a stack firewall (F) in which write permission of a separate memory protection zone (P2) setting is restricted to a predetermined size (for example, size 64KB) in the upper region of the task stack Z4 currently running as shown in FIG. 4A. By setting the memory protection zone 2 (P2) to the memory protection unit (MPU), it is possible to respond to the attack scenario II according to the corresponding setting of the memory protection unit (MPU) and the control of the control unit (MCU).

Attack scenarios II and III are cases where attack code is inserted into another memory region beyond the stack of the currently running task. Scenario III is a case where the attack code is inserted into the heap area, and it is blocked by the global memory execution permission prohibition, which is the first technique of the present invention (see FIG. 3), and thus can be blocked when execution control is moved to the inserted attack code. have. On the other hand, scenario II blocks the attack code insertion step by setting a predetermined size of storage space above the currently running task stack Z4 area as a stack firewall.

Since the memory protection zone based task stack protection and stack firewall technique described in FIG. 4A are set around the currently running task, the protection zone setting is based on the newly executed task at the time of context switching of the task. Should be changed. That is, when the task context is changed, the memory protection zone 1 (P1) for protecting the task stack is set by moving to the corresponding range centering on the newly executed task Z5 as shown in FIG. The change is made so that the memory protection zone 2 (P2) (e.g., 64KB in size) for the stack firewall F is moved and set. At this time, the memory protection zones P1 and P2 for the new task Z5 may be set in the memory protection unit MCU under the control of the control unit MCU through the task control block (TCB) information. Can be. Thus, the two memory protection zones P1 and P2 allow the protection zone and the stack firewall to be set on the stack of all tasks.

In this way, the attack code can be inserted into the current task stack or another task stack in memory, or detected and blocked at the kernel level against attack code when the task context is switched.

5 is a view for explaining a memory operating method of an electronic device according to another embodiment of the present invention. FIG. 5 illustrates a case in which execution of an attack code is prohibited by using a task control block based task stack address randomization technique in response to the attack code.

As described above, code injection attacks use software vulnerabilities to inject code into the stack or heap area first and then transfer execution control to the code. At this time, in order to move the execution control right to the inserted code, information on the position (memory address) of the inserted code is required. In general, in an embedded system (device), since the software structure is simple and fixed, if one device is hacked and the software structure and binary information are exposed, the information is very likely to be applied to other devices using the same operating system. Therefore, the same attack code can be applied to various devices equipped with the same operating system as it is, thus easily implementing the attack code to be inserted.

In the present invention, even when the attack code is inserted into the internal memory of the device through the task stack address space random allocation scheme, the success rate of executing the code is reduced, and the attacker cannot reuse the same attack code. If the attacker knows the position of the code to be inserted in advance, it is very easy to move the control right to the position after the attack code is inserted. Therefore, the task stack address space random allocation scheme is a method of randomly arranging some memory address spaces so that even if the attack code is inserted, it is difficult for the attacker to predict the insertion position of the attack code in advance.

In particular, as shown in Figure 5, the stack (Z) of the task mainly inserted into the attack code is assigned a position (memory address) is determined at the time of task control block allocation (R) when the task is generated, the random number in this step in the present invention The location determined by the process, i.e. the allocation to an arbitrary random position (F), makes it difficult to predict the location of the task stack. That is, if a random nature of the position of the task stack Z is provided regardless of the task creation order, the attacker may lower the success rate of executing the attack code inserted into the task stack Z.

A procedure for such a task stack address space random allocation scheme will be described in detail with reference to the flowchart of FIG. 6.

FIG. 6 is a diagram illustrating a task generation method applying the task stack address space random allocation scheme of FIG. 5.

Referring to FIG. 6, randomization of a task stack address space is performed when a task is generated. First, when a new task is generated during program execution under control of a control unit (MCU) during system initialization or operation. In operation 601, the control unit MCU first generates a task control block T in a memory (602). The control unit (MCU), like the task control block (T) of FIG. 5, has various elements necessary for task operation, that is, stack start address, stack size, current stack pointer, waiting work queue, sleep waiting time, priority, Can be managed by the memory protection unit (MPU). At this time, when generating a task control block, a task stack allocation request 603 is essentially made, and the control unit MCU allocates a task stack space Z to the corresponding task and manages the task stack space Z in the memory protection unit. Manage the current stack pointer location.

However, in the present invention, in the case of assigning (or setting) the task stack Z, when the random allocation function 604 proposed in the present invention is set, the control unit MCU uses the random allocation function 605 to perform the task. The task stack allocation 606 may be performed by determining the stack Z position as any unpredictable random position (address). In this case, the random allocation function 605 randomly allocates the address of a new task stack based on a random number generation function within the entire memory address space S2 provided for task stack allocation. May include any implementation method using hardware or software.

Alternatively, if the stack random allocation function setting 604 is turned off, the task stack is always allocated 606 in a fixed order. Thereafter, the control unit MCU proceeds with the initialization 607 of the task control block T and completes the task generation (608).

Until now, the scope of the stack in which the code insertion attack can occur has been described based on the task stack. This is because the kernel code is more verified than the general task code, so the security vulnerability is relatively low. Therefore, the code insertion attack through the general task is more frequent than the attack through the kernel vulnerability. However, the techniques of the present invention can be easily extended to protect the kernel stack and are not limited only to the general task stack protection.

7 is a view for explaining an example of a method of implementing an electronic device having a memory according to an embodiment of the present invention. Electronic devices according to an embodiment of the present invention may be made of hardware, software, or a combination thereof. For example, an electronic device according to an embodiment of the present invention may be implemented with the computing system 1000 as shown in FIG. 7.

The computing system 1000 may include at least one processor 1100 (or controller), a memory 1300, a user interface input device 1400, a user interface output device 1500, or a storage device connected through a bus 1200. 1600, and network interface 1700. The processor 1100 may be a central processing unit (CPU) or a semiconductor device that executes processing for instructions stored in the memory 1300 and / or the storage 1600. The memory 1300 and the storage 1600 may include various types of volatile or nonvolatile storage media. For example, the memory 1300 may include a read only memory (ROM) 1310 and a random access memory (RAM) 1320. In addition, the memory 1300 may include a nonvolatile flash memory. An electronic device according to an embodiment of the present invention may be operated by storing an operating system for preventing a code insertion attack as described above in the memory 1300, for example, a light-weight embedded device or any other various kinds of electronic devices. It may be a device.

Thus, the steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, software module, or a combination of the two executed by the processor 1100. The software module resides in a storage medium (ie, memory 1300 and / or storage 1600), such as RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disks, removable disks, CD-ROMs. You may. An exemplary storage medium is coupled to the processor 1100, which can read information from and write information to the storage medium. In the alternative, the storage medium may be integral to the processor 1100. The processor and the storage medium may reside in an application specific integrated circuit (ASIC). The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.

As described above, according to the memory operating method of the electronic device according to the present invention, even if the kernel and the general tasks share the address space of the memory, the kernel against illegal code insertion attack in the application task (execution state) internal operation Since it can be detected and blocked at the level, it can be applied to lightweight electronic devices in the IoT environment with limited hardware resources, and can effectively protect the electronic devices from hacking attacks in the dynamic execution environment of internal software. In addition, the memory protection area can be easily implemented through the memory protection unit (MPU) by applying the data memory protection technique, thereby minimizing the operation cost for the execution permission and the write permission prohibition on the data memory. In addition, only a limited number of memory protection units (MPUs) can effectively block code insertion attacks on data regions.

In addition, stack allocation by random functions during task creation may make it difficult to predict the address of illegally inserted code by arranging the stack address space flexibly. In addition, it prevents the spread of malware by preventing the same attack code from being easily applied to other devices. In addition, since the operating system specificity is minimized, it can be applied to an operating system of a light weight embedded device or any other various kinds of electronic devices.

The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and changes without departing from the essential characteristics of the present invention.

Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

Claims (14)

In the memory operating method for protection from code insertion attack in electronic devices,
Setting, by the controller, a protected area for reading and writing to a predetermined amount of space in the memory, but forbidding the execution of the code;
Setting an area for a stack firewall in which the control device is prohibited from writing; And
Controlling read or write in the space of the memory corresponding to the protected area and the area for the stack firewall at the control device during program execution;
Even if the attack code is inserted into the space of the memory corresponding to the protected area during the program execution, the execution of the attack code is prohibited under the control of the controller,
The zone for the stack firewall is set in a local memory space with an address higher than the upper limit address of the currently running task stack,
The space of the memory in which the protection area is set includes a task stack area of a local memory space,
The task stack area is created by stack allocation by a random function upon task creation,
And the control device sets the protection zone for a new task to a memory protection unit via task control block information. The method of claim 1,
The space of the memory in which the protected area is set includes a heap area or a global data area of a shared global memory space. delete The method of claim 1,
And the task stack region is a range of a task stack currently being executed. delete The method of claim 1,
Upon changing the context of the currently running task, change the setting to move to a range of a newly executed task stack under the control of the controller and set the protection zone, and then change a higher address of the newly executed task stack. Moving to said local memory space with a setting to set a zone for said stack firewall
Memory operating method comprising a further. In the memory operating method for protection from code insertion attack in electronic devices,
When creating a new task at a controller, generating a task control block for the new task in a local memory space of a memory; And
Allocating a task stack for the new task in the local memory space at the controller; And
Setting an area for the stack firewall to which writing is prohibited in the control device;
In the step of allocating the task stack, allocating the task stack to a task stack area such that the task stack is not allocated to a predetermined position;
The zone for the stack firewall is set in a local memory space with an address higher than the upper limit address of the task stack for the new task,
The task stack area is created by stack allocation by a random function upon task creation,
And the control device sets a protection zone for a new task to the memory protection unit through task control block information. Memory; And
A control device that performs control for protection from a code insertion attack,
The control device, for a predetermined amount of space in the memory, sets a protected area that is capable of reading and writing but the execution of code is prohibited, and sets an area for a stack firewall where writing is prohibited, and during the program execution. Even if an attack code is inserted into a space of the memory corresponding to the protected area during execution of the program, even if an attack code is inserted into the space of the memory corresponding to the protected area and the area for the stack firewall, execution of the attack code Control the ban,
The zone for the stack firewall is set in a local memory space with an address higher than the upper limit address of the currently running task stack,
The space of the memory in which the protection area is set includes a task stack area of a local memory space,
The task stack area is created by stack allocation by a random function upon task creation,
And the control device sets the protection zone for a new task to a memory protection unit via task control block information. delete delete delete delete delete delete
KR1020160032045A 2016-03-17 2016-03-17 Method for Protecting Memory Against Code Insertion Attacks in Electronic Device KR102028704B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160032045A KR102028704B1 (en) 2016-03-17 2016-03-17 Method for Protecting Memory Against Code Insertion Attacks in Electronic Device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160032045A KR102028704B1 (en) 2016-03-17 2016-03-17 Method for Protecting Memory Against Code Insertion Attacks in Electronic Device

Publications (2)

Publication Number Publication Date
KR20170108332A KR20170108332A (en) 2017-09-27
KR102028704B1 true KR102028704B1 (en) 2019-10-07

Family

ID=60036144

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160032045A KR102028704B1 (en) 2016-03-17 2016-03-17 Method for Protecting Memory Against Code Insertion Attacks in Electronic Device

Country Status (1)

Country Link
KR (1) KR102028704B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102510451B1 (en) 2018-05-09 2023-03-16 삼성전자주식회사 Integrated circuit device and operating method of integrated circuit device
KR102186221B1 (en) * 2018-11-29 2020-12-03 한국전자통신연구원 Method for randomzing address space layout of embedded system based on hardware and apparatus using the same
CN116795494B (en) * 2023-08-23 2024-01-02 北京紫光芯能科技有限公司 Memory protection unit information processing method, system and readable medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007304954A (en) * 2006-05-12 2007-11-22 Sharp Corp Computer system having memory protecting function

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080263256A1 (en) * 2007-04-20 2008-10-23 Motorola, Inc. Logic Device with Write Protected Memory Management Unit Registers

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007304954A (en) * 2006-05-12 2007-11-22 Sharp Corp Computer system having memory protecting function

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Mark McLoughlin, "Stack Guard Page"(2012.01.)*
김경수, "리눅스 시스템 해킹방어 메카니즘 및 해킹환경 구축하기"(2015.04.)*

Also Published As

Publication number Publication date
KR20170108332A (en) 2017-09-27

Similar Documents

Publication Publication Date Title
US11188638B2 (en) Fine-grained memory address space layout randomization
CN111651778B (en) Physical memory isolation method based on RISC-V instruction architecture
US10311227B2 (en) Obfuscation of an address space layout randomization mapping in a data processing system
US10528729B2 (en) Methods and systems for defending against cyber-attacks
CN110325994B (en) Apparatus and method for enhancing control flow integrity of software applications
KR102028704B1 (en) Method for Protecting Memory Against Code Insertion Attacks in Electronic Device
US10303885B2 (en) Methods and systems for securely executing untrusted software
US20160062655A1 (en) System and Method for Improved Memory Allocation in a Computer System
CN112256396B (en) Memory management method and system, security processing device and data processing device
US20190370439A1 (en) Secure system on chip for protecting software program from tampering, rehosting and piracy and method for operating the same
CN101309149B (en) Address processing method and apparatus
CN107851032B (en) Computing device, system and method for executing services in containers
CN112534416A (en) Apparatus and method for providing one-time programmable memory components in a virtual machine monitor of a computing device
CN111373405B (en) Computer-implemented method for preventing bit flipping attacks in computing devices
US10152331B2 (en) Method and system for enforcing kernel mode access protection
CN110929304A (en) RISC-V based memory protection method
Barbar et al. Live path control flow integrity
US20160313938A1 (en) Fine grained memory protection to thwart memory overrun attacks
US11340915B2 (en) Encaching and sharing transformed libraries
JP4953385B2 (en) Device for preventing leakage of application execution files and configuration files
EP3507736A1 (en) Method for avoiding a return oriented programming attempt on a computer and respective devices
JP2005209178A (en) Memory protection unit, memory protection method, and memory protection program
WO2022128142A1 (en) Apparatus and method for managing access to data memory by executable codes based on execution context
CN110569205A (en) Security system single chip and method of operation thereof
KR20240128620A (en) Information leak defense method using double stack isolation technology

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)