作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

ARM 架构中控制流完整性验证技术研究

叶雁秋,王震宇,赵利军   

  1. (解放军信息工程大学,郑州450001)
  • 收稿日期:2014-03-18 出版日期:2015-03-15 发布日期:2015-03-13
  • 作者简介:叶雁秋(1988 - ),男,硕士研究生,主研方向:嵌入式系统,信息安全;王震宇,副教授;赵利军,硕士研究生。

Research on Control Flow Integrity Verification Technology in ARM Architecture

YE Yanqiu,WANG Zhenyu,ZHAO Lijun   

  1. (PLA Information Engineering University,Zhengzhou 450001,China)
  • Received:2014-03-18 Online:2015-03-15 Published:2015-03-13

摘要: 通用平台目标二进制代码运行时控制流的提取主要依赖于处理器硬件特性,或其动态二进制插桩工具,该平台的控制流完整性验证方法无法直接移植到进阶精简指令集机器(ARM)架构中。为此,基于控制流完整性验证技术,设计一种用于ARM 架构,利用缓冲溢出漏洞检测控制流劫持攻击的方法。该方法在程序加载时、执行前动态构建合法跳转地址白名单,在目标二进制代码动态执行过程中完成控制流完整性验证,从而检测非法控制流 转移,并对非法跳转地址进行分析,实现漏洞的检测和诊断。在ARM-Linux 系统的动态二进制分析平台上实施测试,结果表明,该方法能够检测出漏洞,并精确定位攻击矢量。

关键词: 控制流完整性, 进阶精简指令集机器架构, 合法地址白名单, 动态二进制分析, 攻击矢量定位

Abstract: On common platform, the extraction of run-time control-flow to target binary code relies on either processor’s mechanism or Dynamic Binary Instrumentation(DBI) tools. So,the implementation on common platform can not be transplanted to Advanced RISC Machine(ARM) directly. Based on Control Flow Integrity(CFI) enforcement,this paper designs a method to detect and diagnose control flow hijacking which is implemented by exploit a buffer overflow vulnerability on ARM. This method dynamically builds a white-list of legitimate branch target address before the target binary code execute,performs CFI enforcement to detect illegal control-flow transfer at run-time,analyzes the illegal branch target address to achieve exploit diagnosis. It implements the technique on a dynamic binary analysis platform for ARM-Linux systems. Results show that it can effectively detect the exploit and locates the attack vector.

Key words: Control Flow Integrity(CFI), Advanced RISC Machine(ARM) architecture, legitimate address white-list, dynamic binary analysis, attack vector location

中图分类号: