Compiler-based Kernel Control Process Fine-grained Protection System

Modern operating systems are faced with the threat of attack, one important way is ROP(Return-Oriented Programming) attacks. By tampering with the operating system kernel in a control data(such as a function pointer or a return address), ROPattacker to normal system execution flow(or control flow) is redirected to fragment its own legal instruction "carefully" selected, through specific connection instructions(such as ret instruction) will concatenate these instructions fragments were performed to achieve the purpose of malicious attacks. If you can provide protection for the operating system kernel control process, preventing the system from the normal flow of execution of malicious changes, you can eliminate(or mitigate) the threat of this kind of attack.Get a complete kernel control flowchart is a prerequisite for the core control flow protection, for which the paper first designed and implemented a compiler intermediate code based granular control flowchart core acquisition method. The method by extending the compiler, the code represents the intermediate stage, adding a specific data structure analysis module, an indirect call for intermediate target instruction to extract for your kernel control flowchart of the critical path. Specifically, the method transfer process function pointer down into save function addresses the process and reading process using the function address; in particular before the function call analysis, static analysis kernel structures, arrays and single function pointers unified indirect call function information stored in the temporary structure based on the type of the design, analysis function pointers after traversing each function of dynamic storage of information. After completing the storage step, the analysis carried out every time when calling a function indirectly, by analyzing the results before reading, access to the specific jump destination. Finally, we based on static analysis combined with disassembled code, extract the kernel fine-grained control flow chart of the entire operating system.After obtaining fine-grained kernel control flow system.The paper achieve the operating system kernel protection control flow through the "control data index" technology. The technique by modifying the compiler, the system kernel control data(including function pointer and the return address) collected centrally stored in a jump table and converted into an index; the kernel after the relevant directive to be replaced, so the compiler to generate a new Kernel support the use of index addressing and take items in the function table and the return address table. It will be the first to get a jump function and returns the index on the destination address, obtain real jump address queries through the index table corresponding to complete a control flow conversion.Paper use GCC / LLVM compiler developed a prototype system, the realization of Linux-3.11.1 kernel granular control flow protection, and a prototype system to attack and performance testing. The test results demonstrate the effectiveness and efficiency of the paper method.