WO2022011818A1 - Kernel sensitive data integrity protection method based on arm pointer authentication - Google Patents

Kernel sensitive data integrity protection method based on arm pointer authentication Download PDF

Info

Publication number
WO2022011818A1
WO2022011818A1 PCT/CN2020/114971 CN2020114971W WO2022011818A1 WO 2022011818 A1 WO2022011818 A1 WO 2022011818A1 CN 2020114971 W CN2020114971 W CN 2020114971W WO 2022011818 A1 WO2022011818 A1 WO 2022011818A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensitive data
sensitive
code
pac
operating system
Prior art date
Application number
PCT/CN2020/114971
Other languages
French (fr)
Chinese (zh)
Inventor
申文博
杨昱天
周亚金
任奎
Original Assignee
浙江大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 浙江大学 filed Critical 浙江大学
Publication of WO2022011818A1 publication Critical patent/WO2022011818A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • the invention relates to the field of computer system security, in particular to a protection method for the integrity of kernel sensitive data based on ARM pointer authentication (Pointer Authentication, PA).
  • ARM pointer authentication Pointer Authentication, PA
  • the operating system is the basis for the operation of the computer system, and any security problems on it will directly endanger the overall security of the system.
  • Attacks targeting operating systems have emerged in recent years, such as Stuxnet in 2010 and the WannaCry worm ransomware from 2017 to 2019.
  • According to the evolution of attack methods attacks on operating systems are mainly divided into three categories: code injection attacks, code reuse attacks, and uncontrolled data attacks.
  • operating system security has been greatly improved in the continuous confrontation between attackers and defenders.
  • mainstream operating systems have implemented hardware-based anti-code injection attack protection. . Due to its ubiquity, code reuse attacks have been widely studied by industry and academia, and some mature protection methods such as Control-Flow Integrity (CFI) have been deployed on practical software. , the effective attack surface of code reuse attacks is shrinking.
  • CFI Control-Flow Integrity
  • non-controlled data attacks can directly tamper with sensitive data in the system and provide attackers with illegal rights; however, the means of tampering with sensitive data are concealed and difficult to detect and monitor, posing a major threat to operating system security. . Due to the lack of dedicated hardware support, the current software-based sensitive data protection introduces excessive performance overhead, hindering its large-scale deployment.
  • the purpose of the embodiments of the present invention is to provide a kernel sensitive data integrity protection method based on ARM pointer verification, so as to solve the problem of excessive performance overhead introduced by software-based sensitive data protection.
  • the embodiment of the present invention provides a kernel sensitive data integrity protection method based on ARM pointer verification, including:
  • the identified sensitive pointers combined with the semantics of the operating system kernel code, identify all operations of reading and writing memory through sensitive pointers, among which the operation of writing memory through sensitive pointers is referred to as sensitive writing, and the operation of reading memory through sensitive pointers is referred to as sensitive reading;
  • the operating system kernel code As follows: insert the sensitive data PAC generation code StoreSign key (sensdata) after the sensitive write code, insert the sensitive data PAC verification code LoadAuth key after the sensitive read code (sensdata), where key represents the 128-bit PA key, and sensdata represents sensitive data.
  • the inserted PAC generation code is dynamically executed to generate the PAC of the sensitive data
  • the inserted PAC verification code is dynamically executed to verify the PAC of the sensitive data. , if the PAC verification is passed, the sensitive data is complete; otherwise, the integrity of the sensitive data is destroyed;
  • the PA key initialization code enables the PA feature of the ARM CPU and initializes the PA key with a random number
  • the sensitive data specified by the user in the operating system kernel code analyze the global variables in the operating system kernel code, and determine all the global variables in the operating system kernel that contain sensitive data;
  • the global sensitive data initialization code calls the StoreSign key (gsensdata) for all global sensitive data variables, where gsensdata represents global sensitive data .
  • receive sensitive data specified by the user in the operating system kernel code including:
  • Receive the attribute declaration __attribute__ provided by the compiler to specify the sensitive data in the operating system kernel, where the sensitive data is a single byte or a data block composed of multiple bytes.
  • point-to-point analysis is performed on user-specified sensitive data, including:
  • the CLA algorithm is used to analyze the sensitive data specified by the user based on the LLVM intermediate representation code of the entire kernel.
  • the steps of inserting the sensitive data PAC generating code StoreSign key (sensdata) after the sensitive writing code includes:
  • (5-4) Take PAC n-1 as the PAC of sensitive data, and store the sensitive data in a position adjacent to the high address of the sensitive data.
  • the step of inserting the PAC verification code LoadAuth key (sensdata) of the sensitive data after the sensitive reading code includes:
  • the operating system kernel can run normally; if the verification fails, the execution of the operating system is stopped, and an alarm is notified of the abnormality of the operating system kernel.
  • the beneficial effect of the present invention is that the present invention uses the pointing analysis technology to identify all sensitive pointers, which saves time and effort compared to manual analysis and can cover all sensitive pointers; Inserting PAC generation and PAC verification codes can protect the integrity of all sensitive data; the invention realizes protection based on the PA hardware characteristics of ARM, and greatly reduces performance overhead compared with software implementation.
  • FIG. 1 is a flowchart of a method for protecting the integrity of kernel sensitive data based on ARM pointer verification provided by an embodiment of the present invention
  • Figure 2 is a block chain pointer verification code generation algorithm for generating pointer verification codes for kernel sensitive data blocks.
  • FIG. 1 is a flowchart of a method for protecting the integrity of kernel sensitive data based on ARM pointer verification provided by an embodiment of the present invention
  • a method for protecting the integrity of kernel sensitive data based on ARM pointer verification provided in this embodiment the present embodiment Taking the protection of sensitive data of the Linux operating system kernel as an example, the method includes the following steps:
  • Step S101 receiving sensitive data specified by the user in the operating system kernel code
  • this embodiment modifies the front end of the LLVM compiler to support the new attribute declaration __attribute__((sensitive)); the user declares sensitive data through the new attribute declaration __attribute__((sensitive)), where the sensitive data is controlled by the kernel
  • the developer specifies that it can be data of any size at any location in memory, either a single byte or a data block composed of multiple bytes.
  • Step S102 point and analyze the sensitive data specified by the user, and identify all sensitive pointers that may point to the sensitive data;
  • this example uses the LTO compilation mode of LLVM to compile the intermediate representation (Intermediate Representation, IR) bytecode of the entire operating system kernel; the CLA algorithm (Heintze, N., & Tardieu, O) is used on the intermediate representation bytecode. .(2001).Ultra-fast aliasing analysis using CLA:A million lines of C code in a second.ACM SIGPLAN Notices, 36(5), 254-263.) Point analysis to the sensitive data declared in step S101, identify to all sensitive pointers that might point to sensitive data.
  • IR Intermediate Representation
  • Step S103 identify all operations of reading and writing memory through the sensitive pointer, wherein the operation of writing memory through the sensitive pointer is referred to as sensitive writing, and the operation of reading memory through the sensitive pointer is referred to as sensitive writing. read; specifically, including the following sub-steps:
  • Step S104 modify the operating system kernel code as follows: insert the PAC generation code StoreSign key (sensdata) of the sensitive data after the sensitive writing code, insert the PAC verification of the sensitive data after the sensitive reading code Code LoadAuth key (sensdata), where key represents a 128-bit PA key, and sensdata represents sensitive data.
  • Figure 2 illustrates the block chain PAC generation algorithm used in StoreSign key (sensdata) and LoadAuth key (sensdata), corresponding to sub-steps (5-1), (5-2), (5-3), (6-1) ), (6-2) and (6-3).
  • the step of generating the code StoreSign key (sensdata) from the PAC of the sensitive data includes the following sub-steps:
  • (5-4) Take PAC n-1 as the PAC of sensitive data, and store the sensitive data in a position adjacent to the high address of the sensitive data.
  • the step of LoadAuth key (sensdata) of the PAC verification code for sensitive data includes the following sub-steps:
  • the operating system kernel can run normally; if the verification fails, the execution of the operating system is stopped, and an alarm is notified of the abnormality of the operating system kernel.
  • Step S105 insert PA key initialization code keyinit() in operating system kernel startup code, this PA key initialization code opens the PA characteristic of ARM CPU and initializes PA key with random number;
  • PA key initialization code keyinit() is inserted after the boot_init_stack_canary() statement in start_kernel().
  • keyinit() should be located after the random number generator initialization function of the Linux operating system, because keyinit() needs to call the random number generator.
  • Step S106 according to the sensitive data specified by the user in the operating system kernel code, analyze the global variables in the operating system kernel code, and determine all the global variables in the operating system kernel that contain sensitive data;
  • the global variables declared in the bytecode are enumerated and the global variables containing sensitive data are recorded.
  • Step S107 insert the global sensitive data initialization code sensvar_init() after keyinit(), the global sensitive data initialization code calls the StoreSign key (gsensdata) on all global sensitive data variables, where gsensdata represents Globally sensitive data.
  • this step initializes the PAC for global sensitive data.
  • the global sensitive data has integrity by default during initialization.
  • the present invention directly generates the PAC corresponding to the global sensitive data when the operating system kernel starts, so that the global sensitive data can pass the LoadAuth key (sensdata) when it is read by the operating system kernel for the first time. Integrity verification.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

A kernel sensitive data integrity protection method based on ARM pointer authentication, to provide integrity protection for sensitive data specified by a user in an operating system kernel by using a universal pointer authentication code. The method comprises the following steps: (1) positioning all reading and writing for sensitive data in an operating system kernel code by means of a points-to analysis technology; (2) inserting a pointer authentication instruction such that a pointer authentication code is generated and written before writing the sensitive data to a memory, and the pointer authentication code is checked after reading the sensitive data from the memory; and (3) modifying a kernel start code of an operating system, initializing pointer authentication characteristics at the early stage of start, and then initializing the pointer authentication code of global sensitive data. This method efficiently protects the integrity of the sensitive data of the operating system kernel by using a pointer authentication technology.

Description

一种基于ARM指针验证的内核敏感数据完整性保护方法A Kernel Sensitive Data Integrity Protection Method Based on ARM Pointer Verification 技术领域technical field
本发明涉及计算机系统安全领域,尤其涉及一种基于ARM指针验证(Pointer Authentication,PA)的内核敏感数据完整性的保护方法。The invention relates to the field of computer system security, in particular to a protection method for the integrity of kernel sensitive data based on ARM pointer authentication (Pointer Authentication, PA).
背景技术Background technique
操作系统是计算机系统运行的基础,其上任何安全问题会直接危害系统整体安全。近年来,针对操作系统的攻击层出不穷,如2010年的震网病毒和2017到2019年的WannaCry蠕虫式勒索病毒。根据攻击手段的演化,对操作系统的攻击主要分为三类:代码注入攻击、代码重用攻击以及非控制数据攻击。与此同时,操作系统安全在攻击者和防护者的不断对抗中得到很大提升,随着抗代码注入攻击硬件安全特性的大规模部署,主流操作系统均已实现基于硬件的抗代码注入攻击防护。而代码重用攻击由于其普遍性,针对它的系统防护方法一直被工业界和学术界广泛研究,一些成熟的防护方法比如控制流完整性(Control-Flow Integrity,CFI)已经在实用的软件上部署,代码重用攻击的有效攻击面正日益收缩。The operating system is the basis for the operation of the computer system, and any security problems on it will directly endanger the overall security of the system. Attacks targeting operating systems have emerged in recent years, such as Stuxnet in 2010 and the WannaCry worm ransomware from 2017 to 2019. According to the evolution of attack methods, attacks on operating systems are mainly divided into three categories: code injection attacks, code reuse attacks, and uncontrolled data attacks. At the same time, operating system security has been greatly improved in the continuous confrontation between attackers and defenders. With the large-scale deployment of anti-code injection attack hardware security features, mainstream operating systems have implemented hardware-based anti-code injection attack protection. . Due to its ubiquity, code reuse attacks have been widely studied by industry and academia, and some mature protection methods such as Control-Flow Integrity (CFI) have been deployed on practical software. , the effective attack surface of code reuse attacks is shrinking.
与前两类攻击相比,非控制数据攻击可以直接篡改系统中的敏感数据,为攻击者提供非法权限;然而对敏感数据的篡改手段隐蔽,难以被检测、监控,对操作系统安全构成重大威胁。由于缺乏专门硬件支持,目前基于软件实现的敏感数据保护引入性能开销过大,阻碍了其大规模部署。Compared with the first two types of attacks, non-controlled data attacks can directly tamper with sensitive data in the system and provide attackers with illegal rights; however, the means of tampering with sensitive data are concealed and difficult to detect and monitor, posing a major threat to operating system security. . Due to the lack of dedicated hardware support, the current software-based sensitive data protection introduces excessive performance overhead, hindering its large-scale deployment.
发明内容SUMMARY OF THE INVENTION
本发明实施例的目的是提供一种基于ARM指针验证的内核敏感数据完整性保护方法,以解决基于软件实现的敏感数据保护引入的性能开销过大的问题。The purpose of the embodiments of the present invention is to provide a kernel sensitive data integrity protection method based on ARM pointer verification, so as to solve the problem of excessive performance overhead introduced by software-based sensitive data protection.
为了达到上述目的,本发明实施例所采用的技术方案如下:In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present invention are as follows:
本发明实施例提供一种基于ARM指针验证的内核敏感数据完整性保护方法,包括:The embodiment of the present invention provides a kernel sensitive data integrity protection method based on ARM pointer verification, including:
接收用户在操作系统内核代码中指定的敏感数据;Receive sensitive data specified by the user in the operating system kernel code;
对用户指定的敏感数据进行指向分析,识别所有可能指向敏感数据的敏感指针;Perform pointing analysis on user-specified sensitive data to identify all sensitive pointers that may point to sensitive data;
根据识别到的敏感指针,结合操作系统内核代码的语义,识别所有通过敏感指针读写内存的操作,其中通过敏感指针写内存的操作简称敏感写,通过敏感指针读内存的操作简称敏感读;According to the identified sensitive pointers, combined with the semantics of the operating system kernel code, identify all operations of reading and writing memory through sensitive pointers, among which the operation of writing memory through sensitive pointers is referred to as sensitive writing, and the operation of reading memory through sensitive pointers is referred to as sensitive reading;
根据识别出的敏感读写操作,对操作系统内核代码进行如下修改:在敏感写代码后插入敏感数据的PAC生成代码StoreSign key(sensdata),在敏感读代码后插入敏感数据的PAC验证代码LoadAuth key(sensdata),其中key表示128bit的PA密钥,sensdata表示敏感数据,当操作系统内核运行时,动态执行插入的PAC生成代码生成敏感数据的PAC,动态执行插入的PAC验证代码验证敏感数据的PAC,若PAC验证通过,则敏感数据完整,反之,则敏感数据完整性被破坏; According to the identified sensitive read and write operations, modify the operating system kernel code as follows: insert the sensitive data PAC generation code StoreSign key (sensdata) after the sensitive write code, insert the sensitive data PAC verification code LoadAuth key after the sensitive read code (sensdata), where key represents the 128-bit PA key, and sensdata represents sensitive data. When the operating system kernel is running, the inserted PAC generation code is dynamically executed to generate the PAC of the sensitive data, and the inserted PAC verification code is dynamically executed to verify the PAC of the sensitive data. , if the PAC verification is passed, the sensitive data is complete; otherwise, the integrity of the sensitive data is destroyed;
在操作系统内核启动代码中插入PA密钥初始化代码keyinit(),该PA密钥初始化代码开启ARM CPU的PA特性并用随机数初始化PA密钥;Insert the PA key initialization code keyinit() into the operating system kernel startup code, the PA key initialization code enables the PA feature of the ARM CPU and initializes the PA key with a random number;
根据用户在操作系统内核代码中指定的敏感数据,分析操作系统内核代码中的全局变量,确定操作系统内核中所有包含了敏感数据的全局变量;According to the sensitive data specified by the user in the operating system kernel code, analyze the global variables in the operating system kernel code, and determine all the global variables in the operating system kernel that contain sensitive data;
根据确定的包含敏感数据的全局变量,在keyinit()之后插入全局敏感数据初始化代码sensvar_init(),该全局敏感数据初始化代码对所有全局敏感数据变量调用StoreSign key(gsensdata),其中gsensdata表示全局敏感数据。 According to the determined global variables containing sensitive data, insert the global sensitive data initialization code sensvar_init() after keyinit(), the global sensitive data initialization code calls the StoreSign key (gsensdata) for all global sensitive data variables, where gsensdata represents global sensitive data .
进一步地,接收用户在操作系统内核代码中指定的敏感数据,包括:Further, receive sensitive data specified by the user in the operating system kernel code, including:
接收用户通过编译器提供的属性声明__attribute__指定操作系统内核中的敏感数据,其中敏感数据是单个字节,或是多个字节组成的数据块。Receive the attribute declaration __attribute__ provided by the compiler to specify the sensitive data in the operating system kernel, where the sensitive data is a single byte or a data block composed of multiple bytes.
进一步地,对用户指定的敏感数据进行指向分析,包括:Further, point-to-point analysis is performed on user-specified sensitive data, including:
在操作系统内核代码编译的LTO阶段,采用CLA算法基于整个内核的LLVM中间表示码对用户指定的敏感数据进行指向分析。In the LTO stage of the operating system kernel code compilation, the CLA algorithm is used to analyze the sensitive data specified by the user based on the LLVM intermediate representation code of the entire kernel.
进一步地,结合操作系统内核代码的语义,识别所有通过敏感指针读写内存的操作,包括:Further, combined with the semantics of the operating system kernel code, identify all operations that read and write memory through sensitive pointers, including:
(4-1)在操作系统内核代码编译的LTO阶段,逐个扫描整个内核的LLVM中间表示码中的每条指令;(4-1) In the LTO stage of the operating system kernel code compilation, scan each instruction in the LLVM intermediate representation code of the entire kernel one by one;
(4-2)如果当前指令为LOAD指令或是内存块拷贝函数,且其源操作数为敏感指针,则标记当前指令为敏感读指令;(4-2) If the current instruction is a LOAD instruction or a memory block copy function, and its source operand is a sensitive pointer, mark the current instruction as a sensitive read instruction;
(4-3)如果当前指令为STORE指令或是内存块拷贝函数,且其源操作数为敏感指针,则标记当前指令为敏感写指令。(4-3) If the current instruction is a STORE instruction or a memory block copy function, and its source operand is a sensitive pointer, the current instruction is marked as a sensitive write instruction.
进一步地,在敏感写代码后插入敏感数据的PAC生成代码StoreSign key(sensdata)的步骤,包括: Further, the steps of inserting the sensitive data PAC generating code StoreSign key (sensdata) after the sensitive writing code includes:
(5-1)将敏感数据分成以8字节为单位的数据块D 0,D 1,…,D n-1,其中n为数据块的数目; (5-1) Divide sensitive data into data blocks D 0 , D 1 , . . . , D n-1 in units of 8 bytes, where n is the number of data blocks;
(5-2)以第一块数据块D 0作为输入,以D 0所在的内存地址ADDR 0作为修饰符,用PA密 钥key计算得到PAC 0=Sign key(D 0,ADDR 0); (5-2) to a first data block D 0 as an input to the memory address ADDR 0 D 0 where as modifiers, calculated with key KEY PA PAC 0 = Sign key (D 0 , ADDR 0);
(5-3)依次以每块数据块为输入,以上一次迭代结果的PAC作为修饰符,迭代计算PAC i=Sign key(D i,PAC i-1)(0<i<n); (5-3) Take each data block as input in turn, and the PAC of the previous iteration result as a modifier, iteratively calculate PAC i =Sign key (D i , PAC i-1 ) (0<i<n);
(5-4)将PAC n-1作为敏感数据的PAC,存入敏感数据高地址相邻的位置。 (5-4) Take PAC n-1 as the PAC of sensitive data, and store the sensitive data in a position adjacent to the high address of the sensitive data.
进一步地,在敏感读代码后插入敏感数据的PAC验证代码LoadAuth key(sensdata)的步骤,包括: Further, the step of inserting the PAC verification code LoadAuth key (sensdata) of the sensitive data after the sensitive reading code includes:
(6-1)将敏感数据分成以8字节为单位的数据块D 0,D 1,…,D n-1,其中n为数据块的数目; (6-1) Divide sensitive data into data blocks D 0 , D 1 , . . . , D n-1 in units of 8 bytes, where n is the number of data blocks;
(6-2)以第一块数据块D 0作为输入,以D 0所在的内存地址ADDR 0作为修饰符,用PA密钥key计算得到PAC 0=Sign key(D 0,ADDR 0); (6-2) to a first data block D 0 as an input to the memory address ADDR 0 D 0 where as modifiers, calculated with key KEY PA PAC 0 = Sign key (D 0 , ADDR 0);
(6-3)依次以每块数据块为输入,以上一次迭代结果的PAC作为修饰符,迭代计算PAC i=Sign key(D i,PAC i-1)(0<i<n); (6-3) Take each data block as input in turn, and the PAC of the previous iteration result as a modifier, iteratively calculate PAC i =Sign key (D i , PAC i-1 ) (0<i<n);
(6-4)取出敏感数据高地址相邻位置保存的PAC并与PAC n-1进行比较,如果一致,则敏感数据完整,验证通过;如果不一致,则敏感数据完整性被破坏,验证失败; (6-4) Take out the PAC stored in the adjacent position of the high address of the sensitive data and compare it with PAC n-1 . If it is consistent, the sensitive data is complete and the verification is passed; if it is inconsistent, the integrity of the sensitive data is destroyed and the verification fails;
(6-5)如果验证通过,则操作系统内核可以正常运行;如果验证失败,则停止操作系统的执行,并警报通知操作系统内核的异常。(6-5) If the verification is passed, the operating system kernel can run normally; if the verification fails, the execution of the operating system is stopped, and an alarm is notified of the abnormality of the operating system kernel.
根据以上技术方案,本发明的有益效果是,本发明利用指向分析技术识别所有的敏感指针,相比于人工分析省时省力且能覆盖所有的敏感指针;本发明在所有的敏感读写处自动插入PAC生成和PAC验证代码,能保护所有敏感数据的完整性;本发明基于ARM的PA硬件特性实现保护,相比于软件实现性能开销大幅降低。According to the above technical solutions, the beneficial effect of the present invention is that the present invention uses the pointing analysis technology to identify all sensitive pointers, which saves time and effort compared to manual analysis and can cover all sensitive pointers; Inserting PAC generation and PAC verification codes can protect the integrity of all sensitive data; the invention realizes protection based on the PA hardware characteristics of ARM, and greatly reduces performance overhead compared with software implementation.
附图说明Description of drawings
此处所说明的附图用来提供对本发明的进一步理解,构成本发明的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described herein are used to provide a further understanding of the present invention and constitute a part of the present invention. The exemplary embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the attached image:
图1为本发明实施例提供的一种基于ARM指针验证的内核敏感数据完整性保护方法的流程图;1 is a flowchart of a method for protecting the integrity of kernel sensitive data based on ARM pointer verification provided by an embodiment of the present invention;
图2是针对内核敏感数据块生成指针验证码的块链式指针验证码生成算法。Figure 2 is a block chain pointer verification code generation algorithm for generating pointer verification codes for kernel sensitive data blocks.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的 附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely below in conjunction with the specific embodiments of the present application and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
图1为本发明实施例提供的一种基于ARM指针验证的内核敏感数据完整性保护方法的流程图;本实施例提供的一种基于ARM指针验证的内核敏感数据完整性保护方法,本实施例以保护Linux操作系统内核的敏感数据为例来进行说明,该方法包括以下步骤:1 is a flowchart of a method for protecting the integrity of kernel sensitive data based on ARM pointer verification provided by an embodiment of the present invention; a method for protecting the integrity of kernel sensitive data based on ARM pointer verification provided in this embodiment, the present embodiment Taking the protection of sensitive data of the Linux operating system kernel as an example, the method includes the following steps:
步骤S101,接收用户在操作系统内核代码中指定的敏感数据;Step S101, receiving sensitive data specified by the user in the operating system kernel code;
具体地,本实施例修改了LLVM编译器的前端使其支持新的属性声明__attribute__((sensitive));用户通过新的属性声明__attribute__((sensitive))声明敏感数据,其中敏感数据由内核开发者指定,可以是内存中任意位置任意大小的数据,既可以是单个字节,也可以是多个字节组成的数据块。Specifically, this embodiment modifies the front end of the LLVM compiler to support the new attribute declaration __attribute__((sensitive)); the user declares sensitive data through the new attribute declaration __attribute__((sensitive)), where the sensitive data is controlled by the kernel The developer specifies that it can be data of any size at any location in memory, either a single byte or a data block composed of multiple bytes.
步骤S102,对用户指定的敏感数据进行指向分析,识别所有可能指向敏感数据的敏感指针;Step S102, point and analyze the sensitive data specified by the user, and identify all sensitive pointers that may point to the sensitive data;
具体地,本实例使用LLVM的LTO编译模式编译得到整个操作系统内核的中间表示(Intermediate Representation,IR)字节码;在中间表示字节码上采用CLA算法(Heintze,N.,& Tardieu,O.(2001).Ultra-fast aliasing analysis using CLA:A million lines of C code in a second.ACM SIGPLAN Notices,36(5),254-263.)对步骤S101中声明的敏感数据进行指向分析,识别到所有可能指向敏感数据的敏感指针。Specifically, this example uses the LTO compilation mode of LLVM to compile the intermediate representation (Intermediate Representation, IR) bytecode of the entire operating system kernel; the CLA algorithm (Heintze, N., & Tardieu, O) is used on the intermediate representation bytecode. .(2001).Ultra-fast aliasing analysis using CLA:A million lines of C code in a second.ACM SIGPLAN Notices, 36(5), 254-263.) Point analysis to the sensitive data declared in step S101, identify to all sensitive pointers that might point to sensitive data.
步骤S103,根据识别到的敏感指针,结合操作系统内核代码的语义,识别所有通过敏感指针读写内存的操作,其中通过敏感指针写内存的操作简称敏感写,通过敏感指针读内存的操作简称敏感读;具体地,包括以下子步骤:Step S103 , according to the identified sensitive pointer and in combination with the semantics of the operating system kernel code, identify all operations of reading and writing memory through the sensitive pointer, wherein the operation of writing memory through the sensitive pointer is referred to as sensitive writing, and the operation of reading memory through the sensitive pointer is referred to as sensitive writing. read; specifically, including the following sub-steps:
(4-1)根据步骤S102得到的整个操作系统内核的IR字节码,逐个扫描整个内核的LLVM中间表示码中的每条指令;(4-1) according to the IR bytecode of the entire operating system kernel obtained in step S102, scan each instruction in the LLVM intermediate representation code of the entire kernel one by one;
(4-2)如果当前指令为LOAD指令或是内存块拷贝函数,且其源操作数为敏感指针,则标记当前指令为敏感读指令;(4-2) If the current instruction is a LOAD instruction or a memory block copy function, and its source operand is a sensitive pointer, mark the current instruction as a sensitive read instruction;
(4-3)如果当前指令为STORE指令或是内存块拷贝函数,且其源操作数为敏感指针,则标记当前指令为敏感写指令。(4-3) If the current instruction is a STORE instruction or a memory block copy function, and its source operand is a sensitive pointer, the current instruction is marked as a sensitive write instruction.
步骤S104,根据识别出的敏感读写操作,对操作系统内核代码进行如下修改:在敏感写代码后插入敏感数据的PAC生成代码StoreSign key(sensdata),在敏感读代码后插入敏感数据的PAC验证代码LoadAuth key(sensdata),其中key表示128bit的PA密钥,sensdata表示敏感数据。图2说明了StoreSign key(sensdata)和LoadAuth key(sensdata)中使用的块链式PAC生成算法, 对应子步骤(5-1)、(5-2)、(5-3)、(6-1)、(6-2)和(6-3)。 Step S104, according to the identified sensitive read and write operations, modify the operating system kernel code as follows: insert the PAC generation code StoreSign key (sensdata) of the sensitive data after the sensitive writing code, insert the PAC verification of the sensitive data after the sensitive reading code Code LoadAuth key (sensdata), where key represents a 128-bit PA key, and sensdata represents sensitive data. Figure 2 illustrates the block chain PAC generation algorithm used in StoreSign key (sensdata) and LoadAuth key (sensdata), corresponding to sub-steps (5-1), (5-2), (5-3), (6-1) ), (6-2) and (6-3).
其中,敏感数据的PAC生成代码StoreSign key(sensdata)的步骤,包括以下子步骤: Among them, the step of generating the code StoreSign key (sensdata) from the PAC of the sensitive data includes the following sub-steps:
(5-1)将敏感数据分成以8字节为单位的数据块D 0,D 1,…,D n-1,其中n为数据块的数目; (5-1) Divide sensitive data into data blocks D 0 , D 1 , . . . , D n-1 in units of 8 bytes, where n is the number of data blocks;
(5-2)以第一块数据块D 0作为输入,以D 0所在的内存地址ADDR 0作为修饰符,用PA密钥key计算得到PAC 0=Sign key(D 0,ADDR 0); (5-2) to a first data block D 0 as an input to the memory address ADDR 0 D 0 where as modifiers, calculated with key KEY PA PAC 0 = Sign key (D 0 , ADDR 0);
(5-3)依次以每块数据块为输入,以上一次迭代结果的PAC作为修饰符,迭代计算PAC i=Sign key(D i,PAC i-1)(0<i<n); (5-3) Take each data block as input in turn, and the PAC of the previous iteration result as a modifier, iteratively calculate PAC i =Sign key (D i , PAC i-1 ) (0<i<n);
(5-4)将PAC n-1作为敏感数据的PAC,存入敏感数据高地址相邻的位置。 (5-4) Take PAC n-1 as the PAC of sensitive data, and store the sensitive data in a position adjacent to the high address of the sensitive data.
其中,敏感数据的PAC验证代码LoadAuth key(sensdata)的步骤,包括以下子步骤: Among them, the step of LoadAuth key (sensdata) of the PAC verification code for sensitive data includes the following sub-steps:
(6-1)将敏感数据分成以8字节为单位的数据块D 0,D 1,…,D n-1,其中n为数据块的数目; (6-1) Divide sensitive data into data blocks D 0 , D 1 , . . . , D n-1 in units of 8 bytes, where n is the number of data blocks;
(6-2)以第一块数据块D 0作为输入,以D 0所在的内存地址ADDR 0作为修饰符,用PA密钥key计算得到PAC 0=Sign key(D 0,ADDR 0); (6-2) to a first data block D 0 as an input to the memory address ADDR 0 D 0 where as modifiers, calculated with key KEY PA PAC 0 = Sign key (D 0 , ADDR 0);
(6-3)依次以每块数据块为输入,以上一次迭代结果的PAC作为修饰符,迭代计算PAC i=Sign key(D i,PAC i-1)(0<i<n); (6-3) Take each data block as input in turn, and the PAC of the previous iteration result as a modifier, iteratively calculate PAC i =Sign key (D i , PAC i-1 ) (0<i<n);
(6-4)取出敏感数据高地址相邻位置保存的PAC并与PAC n-1进行比较,如果一致,则敏感数据完整,验证通过;如果不一致,则敏感数据完整性被破坏,验证失败; (6-4) Take out the PAC stored in the adjacent position of the high address of the sensitive data and compare it with PAC n-1 . If it is consistent, the sensitive data is complete and the verification is passed; if it is inconsistent, the integrity of the sensitive data is destroyed and the verification fails;
(6-5)如果验证通过,则操作系统内核可以正常运行;如果验证失败,则停止操作系统的执行,并警报通知操作系统内核的异常。(6-5) If the verification is passed, the operating system kernel can run normally; if the verification fails, the execution of the operating system is stopped, and an alarm is notified of the abnormality of the operating system kernel.
步骤S105,在操作系统内核启动代码中插入PA密钥初始化代码keyinit(),该PA密钥初始化代码开启ARM CPU的PA特性并用随机数初始化PA密钥;Step S105, insert PA key initialization code keyinit() in operating system kernel startup code, this PA key initialization code opens the PA characteristic of ARM CPU and initializes PA key with random number;
具体地,PA密钥初始化代码keyinit()被插入到start_kernel()中的boot_init_stack_canary()语句之后。keyinit()应该位于Linux操作系统的随机数生成器初始化函数之后,因为keyinit()需要调用随机数生成器。Specifically, the PA key initialization code keyinit() is inserted after the boot_init_stack_canary() statement in start_kernel(). keyinit() should be located after the random number generator initialization function of the Linux operating system, because keyinit() needs to call the random number generator.
步骤S106,根据用户在操作系统内核代码中指定的敏感数据,分析操作系统内核代码中的全局变量,确定操作系统内核中所有包含了敏感数据的全局变量;Step S106, according to the sensitive data specified by the user in the operating system kernel code, analyze the global variables in the operating system kernel code, and determine all the global variables in the operating system kernel that contain sensitive data;
具体地,根据步骤S102得到的整个Linux操作系统内核的IR字节码,枚举字节码中声明的全局变量并记录其中包含敏感数据的全局变量。Specifically, according to the IR bytecode of the entire Linux operating system kernel obtained in step S102, the global variables declared in the bytecode are enumerated and the global variables containing sensitive data are recorded.
步骤S107,根据确定的包含敏感数据的全局变量,在keyinit()之后插入全局敏感数据初始化代码sensvar_init(),该全局敏感数据初始化代码对所有全局敏感数据变量调用 StoreSign key(gsensdata),其中gsensdata表示全局敏感数据。 Step S107, according to the determined global variable containing sensitive data, insert the global sensitive data initialization code sensvar_init() after keyinit(), the global sensitive data initialization code calls the StoreSign key (gsensdata) on all global sensitive data variables, where gsensdata represents Globally sensitive data.
具体地,本步骤为全局敏感数据初始化PAC。全局敏感数据在初始化时默认具有完整性,本发明在操作系统内核启动时直接生成全局敏感数据对应的PAC,使全局敏感数据在第一次被操作系统内核读取时能够通过LoadAuth key(sensdata)当中的完整性验证。 Specifically, this step initializes the PAC for global sensitive data. The global sensitive data has integrity by default during initialization. The present invention directly generates the PAC corresponding to the global sensitive data when the operating system kernel starts, so that the global sensitive data can pass the LoadAuth key (sensdata) when it is read by the operating system kernel for the first time. Integrity verification.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the scope of the present invention. within the scope of protection.

Claims (6)

  1. 一种基于ARM指针验证的内核敏感数据完整性保护方法,其特征在于,包括:A kind of kernel sensitive data integrity protection method based on ARM pointer verification, is characterized in that, comprises:
    接收用户在操作系统内核代码中指定的敏感数据;Receive sensitive data specified by the user in the operating system kernel code;
    对用户指定的敏感数据进行指向分析,识别所有可能指向敏感数据的敏感指针;Perform pointing analysis on user-specified sensitive data to identify all sensitive pointers that may point to sensitive data;
    根据识别到的敏感指针,结合操作系统内核代码的语义,识别所有通过敏感指针读写内存的操作,其中通过敏感指针写内存的操作简称敏感写,通过敏感指针读内存的操作简称敏感读;According to the identified sensitive pointers, combined with the semantics of the operating system kernel code, identify all operations of reading and writing memory through sensitive pointers, among which the operation of writing memory through sensitive pointers is referred to as sensitive writing, and the operation of reading memory through sensitive pointers is referred to as sensitive reading;
    根据识别出的敏感读写操作,对操作系统内核代码进行如下修改:在敏感写代码后插入敏感数据的PAC生成代码StoreSign key(sensdata),在敏感读代码后插入敏感数据的PAC验证代码LoadAuth key(sensdata),其中key表示128bit的PA密钥,sensdata表示敏感数据,当操作系统内核运行时,动态执行插入的PAC生成代码生成敏感数据的PAC,动态执行插入的PAC验证代码验证敏感数据的PAC,若PAC验证通过,则敏感数据完整,反之,则敏感数据完整性被破坏; According to the identified sensitive read and write operations, modify the operating system kernel code as follows: insert the sensitive data PAC generation code StoreSign key (sensdata) after the sensitive write code, insert the sensitive data PAC verification code LoadAuth key after the sensitive read code (sensdata), where key represents the 128-bit PA key, and sensdata represents sensitive data. When the operating system kernel is running, the inserted PAC generation code is dynamically executed to generate the PAC of the sensitive data, and the inserted PAC verification code is dynamically executed to verify the PAC of the sensitive data. , if the PAC verification is passed, the sensitive data is complete; otherwise, the integrity of the sensitive data is destroyed;
    在操作系统内核启动代码中插入PA密钥初始化代码keyinit(),该PA密钥初始化代码开启ARM CPU的PA特性并用随机数初始化PA密钥;Insert the PA key initialization code keyinit() into the operating system kernel startup code, the PA key initialization code enables the PA feature of the ARM CPU and initializes the PA key with a random number;
    根据用户在操作系统内核代码中指定的敏感数据,分析操作系统内核代码中的全局变量,确定操作系统内核中所有包含了敏感数据的全局变量;According to the sensitive data specified by the user in the operating system kernel code, analyze the global variables in the operating system kernel code, and determine all the global variables in the operating system kernel that contain sensitive data;
    根据确定的包含敏感数据的全局变量,在keyinit()之后插入全局敏感数据初始化代码sensvar_init(),该全局敏感数据初始化代码对所有全局敏感数据变量调用StoreSign key(gsensdata),其中gsensdata表示全局敏感数据。 According to the determined global variables containing sensitive data, insert the global sensitive data initialization code sensvar_init() after keyinit(), the global sensitive data initialization code calls the StoreSign key (gsensdata) for all global sensitive data variables, where gsensdata represents global sensitive data .
  2. 根据权利要求1所述一种基于ARM指针验证的内核敏感数据完整性保护方法,其特征在于,接收用户在操作系统内核代码中指定的敏感数据,包括:A kind of kernel sensitive data integrity protection method based on ARM pointer verification according to claim 1, is characterized in that, receiving the sensitive data specified by the user in the operating system kernel code, comprising:
    接收用户通过编译器提供的属性声明__attribute__指定操作系统内核中的敏感数据,其中敏感数据是单个字节,或是多个字节组成的数据块。Receive the attribute declaration __attribute__ provided by the compiler to specify the sensitive data in the operating system kernel, where the sensitive data is a single byte or a data block composed of multiple bytes.
  3. 根据权利要求1所述一种基于ARM指针验证的内核敏感数据完整性保护方法,其特征在于,对用户指定的敏感数据进行指向分析,包括:A kind of kernel sensitive data integrity protection method based on ARM pointer verification according to claim 1, is characterized in that, the sensitive data specified by the user is pointed to and analyzed, comprising:
    在操作系统内核代码编译的LTO阶段,采用CLA算法基于整个内核的LLVM中间表示码对用户指定的敏感数据进行指向分析。In the LTO stage of the operating system kernel code compilation, the CLA algorithm is used to analyze the sensitive data specified by the user based on the LLVM intermediate representation code of the entire kernel.
  4. 根据权利要求1所述一种基于ARM指针验证的内核敏感数据完整性保护方法,其特征在于,结合操作系统内核代码的语义,识别所有通过敏感指针读写内存的操作,包括:A kind of kernel sensitive data integrity protection method based on ARM pointer verification according to claim 1, it is characterized in that, combined with the semantics of operating system kernel code, identify all operations of reading and writing memory by sensitive pointer, including:
    (4-1)在操作系统内核代码编译的LTO阶段,逐个扫描整个内核的LLVM中间表示码中的每条指令;(4-1) In the LTO stage of the operating system kernel code compilation, scan each instruction in the LLVM intermediate representation code of the entire kernel one by one;
    (4-2)如果当前指令为LOAD指令或是内存块拷贝函数,且其源操作数为敏感指针,则标记当前指令为敏感读指令;(4-2) If the current instruction is a LOAD instruction or a memory block copy function, and its source operand is a sensitive pointer, mark the current instruction as a sensitive read instruction;
    (4-3)如果当前指令为STORE指令或是内存块拷贝函数,且其源操作数为敏感指针,则标记当前指令为敏感写指令。(4-3) If the current instruction is a STORE instruction or a memory block copy function, and its source operand is a sensitive pointer, the current instruction is marked as a sensitive write instruction.
  5. 根据权利要求1所述一种基于ARM指针验证的内核敏感数据完整性保护方法,其特征在于,在敏感写代码后插入敏感数据的PAC生成代码StoreSign key(sensdata)的步骤,包括: A kind of kernel sensitive data integrity protection method based on ARM pointer verification according to claim 1, is characterized in that, the step of inserting the PAC generation code StoreSign key (sensdata) of sensitive data after the sensitive writing code, comprising:
    (5-1)将敏感数据分成以8字节为单位的数据块D 0,D 1,...,D n-1,其中n为数据块的数目; (5-1) Divide sensitive data into data blocks D 0 , D 1 , . . . , D n-1 in units of 8 bytes, where n is the number of data blocks;
    (5-2)以第一块数据块D 0作为输入,以D 0所在的内存地址ADDR 0作为修饰符,用PA密钥key计算得到PAC 0=Sign key(D 0,ADDR 0); (5-2) to a first data block D 0 as an input to the memory address ADDR 0 D 0 where as modifiers, calculated with key KEY PA PAC 0 = Sign key (D 0 , ADDR 0);
    (5-3)依次以每块数据块为输入,以上一次迭代结果的PAC作为修饰符,迭代计算PAC i=Sign key(D i,PAC i-1)(0<i<n); (5-3) Take each data block as input in turn, and the PAC of the previous iteration result as a modifier, iteratively calculate PAC i =Sign key (D i , PAC i-1 ) (0<i<n);
    (5-4)将PAC n-1作为敏感数据的PAC,存入敏感数据高地址相邻的位置。 (5-4) Take PAC n-1 as the PAC of sensitive data, and store the sensitive data in a position adjacent to the high address of the sensitive data.
  6. 根据权利要求1所述一种基于ARM指针验证的内核敏感数据完整性保护方法,其特征在于,在敏感读代码后插入敏感数据的PAC验证代码LoadAuth key(sensdata)的步骤,包括: A kind of kernel sensitive data integrity protection method based on ARM pointer verification according to claim 1, is characterized in that, the step of inserting the PAC verification code LoadAuth key (sensdata) of sensitive data after the sensitive reading code, comprising:
    (6-1)将敏感数据分成以8字节为单位的数据块D 0,D 1,...,D n-1,其中n为数据块的数目; (6-1) Divide sensitive data into data blocks D 0 , D 1 , . . . , D n-1 in units of 8 bytes, where n is the number of data blocks;
    (6-2)以第一块数据块D 0作为输入,以D 0所在的内存地址ADDR 0作为修饰符,用PA密钥key计算得到PAC 0=Sign key(D 0,ADDR 0); (6-2) to a first data block D 0 as an input to the memory address ADDR 0 D 0 where as modifiers, calculated with key KEY PA PAC 0 = Sign key (D 0 , ADDR 0);
    (6-3)依次以每块数据块为输入,以上一次迭代结果的PAC作为修饰符,迭代计算PAC i=Sign key(D i,PAC i-1)(0<i<n); (6-3) Take each data block as input in turn, and the PAC of the previous iteration result as a modifier, iteratively calculate PAC i =Sign key (D i , PAC i-1 ) (0<i<n);
    (6-4)取出敏感数据高地址相邻位置保存的PAC并与PAC n-1进行比较,如果一致,则敏感数据完整,验证通过;如果不一致,则敏感数据完整性被破坏,验证失败; (6-4) Take out the PAC stored in the adjacent position of the high address of the sensitive data and compare it with PAC n-1 . If it is consistent, the sensitive data is complete and the verification is passed; if it is inconsistent, the integrity of the sensitive data is destroyed and the verification fails;
    (6-5)如果验证通过,则操作系统内核可以正常运行;如果验证失败,则停止操作系统的执行,并警报通知操作系统内核的异常。(6-5) If the verification is passed, the operating system kernel can run normally; if the verification fails, the execution of the operating system is stopped, and an alarm is notified of the abnormality of the operating system kernel.
PCT/CN2020/114971 2020-07-14 2020-09-14 Kernel sensitive data integrity protection method based on arm pointer authentication WO2022011818A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010674762.5 2020-07-14
CN202010674762.5A CN111881485B (en) 2020-07-14 2020-07-14 Core sensitive data integrity protection method based on ARM pointer verification

Publications (1)

Publication Number Publication Date
WO2022011818A1 true WO2022011818A1 (en) 2022-01-20

Family

ID=73150796

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/114971 WO2022011818A1 (en) 2020-07-14 2020-09-14 Kernel sensitive data integrity protection method based on arm pointer authentication

Country Status (2)

Country Link
CN (1) CN111881485B (en)
WO (1) WO2022011818A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032737B (en) * 2021-03-15 2021-11-30 清华大学 Software protection method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090249289A1 (en) * 2008-03-28 2009-10-01 Microsoft Corporation Detecting memory errors using write integrity testing
CN108573143A (en) * 2017-03-10 2018-09-25 南京大学 The stack guard method verified based on program pitching pile and multidate information
CN109918903A (en) * 2019-03-06 2019-06-21 西安电子科技大学 A kind of program non-control attack guarding method based on LLVM compiler
CN110717181A (en) * 2019-09-09 2020-01-21 中国人民解放军战略支援部队信息工程大学 Non-control data attack detection method and device based on novel program dependency graph

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9021605B2 (en) * 2007-01-03 2015-04-28 International Business Machines Corporation Method and system for protecting sensitive data in a program
CN104809401B (en) * 2015-05-08 2017-12-19 南京大学 A kind of operating system nucleus completeness protection method
CN107194252B (en) * 2017-05-09 2019-11-22 华中科技大学 A kind of the program control flow completeness protection method and system of complete context-sensitive
US10528740B2 (en) * 2017-06-15 2020-01-07 International Business Machines Corporation Securely booting a service processor and monitoring service processor integrity
CN110069935B (en) * 2019-03-20 2020-12-01 上海交通大学 Internal sensitive data protection method and system based on tagged memory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090249289A1 (en) * 2008-03-28 2009-10-01 Microsoft Corporation Detecting memory errors using write integrity testing
CN108573143A (en) * 2017-03-10 2018-09-25 南京大学 The stack guard method verified based on program pitching pile and multidate information
CN109918903A (en) * 2019-03-06 2019-06-21 西安电子科技大学 A kind of program non-control attack guarding method based on LLVM compiler
CN110717181A (en) * 2019-09-09 2020-01-21 中国人民解放军战略支援部队信息工程大学 Non-control data attack detection method and device based on novel program dependency graph

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YUTIAN YANG; SONGBO ZHU; WENBO SHEN; YAJIN ZHOU; JIADONG SUN; KUI REN: "ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 23 December 2019 (2019-12-23), 201 Olin Library Cornell University Ithaca, NY 14853 , XP081565329 *
ZHANG XIAOZAN: "Non-control-data Protection in Programs", CHINESE DOCTORAL DISSERTATIONS FULL-TEXT DATABASE (ELECTRONIC JOURNAL), no. 2, 29 February 2020 (2020-02-29), XP055887107, DOI: 10.27389/d.cnki.gxadu.2019.001613 *

Also Published As

Publication number Publication date
CN111881485B (en) 2022-04-05
CN111881485A (en) 2020-11-03

Similar Documents

Publication Publication Date Title
Cadar et al. Data randomization
US20210240638A1 (en) Mitigating security vulnerabilities with memory allocation markers in cryptographic computing systems
Bigelow et al. Timely rerandomization for mitigating memory disclosures
US7254586B2 (en) Secure and opaque type library providing secure data protection of variables
Volckaert et al. Cloning your gadgets: Complete ROP attack immunity with multi-variant execution
Akritidis et al. Preventing memory error exploits with WIT
US6185686B1 (en) Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information
US20030126453A1 (en) Processor supporting execution of an authenticated code instruction
Burow et al. Cup: Comprehensive user-space protection for c/c++
Davidson et al. ILR: Where'd My Gadgets Go?
US20030126454A1 (en) Authenticated code method and apparatus
EP1870829A1 (en) Securing software by enforcing data flow integrity
WO1998011690A9 (en) Self-decrypting digital information system and method
JP5467271B2 (en) Information processing apparatus and program, information processing method, and recording medium
Denis-Courmont et al. Camouflage: Hardware-assisted cfi for the arm linux kernel
Iyer et al. Preventing overflow attacks by memory randomization
WO2022011818A1 (en) Kernel sensitive data integrity protection method based on arm pointer authentication
Ismail et al. Tightly Seal Your Sensitive Pointers with {PACTight}
Younan et al. A methodology for designing countermeasures against current and future code injection attacks
Duan et al. Refactoring the FreeBSD kernel with Checked C
Yang et al. Arm pointer authentication based forward-edge and backward-edge control flow integrity for kernels
Jurczyk Detecting kernel memory disclosure with x86 emulation and taint tracking
JP2009199529A (en) Information equipment, program and method for preventing execution of unauthorized program code
Lehniger et al. Combination of ROP Defense Mechanisms for Better Safety and Security in Embedded Systems
Song Computer Security Optional Notes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20945542

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20945542

Country of ref document: EP

Kind code of ref document: A1