| Many existing programs are developed from unsafe programming languages,such as C or C++,so they are vulnerable to memory-based security attacks.For example,an attacker can exploit a buffer overflow vulnerability to overwrite and tamper with the return address or program branch variable data in memory,thereby changing the execution flow and affecting the running result of the program.In recent years,researchers have proposed a number of protection mechanisms to prevent memory-based safety attacks.By analyzing these mechanisms,it is found that most of the existing protection mechanisms provide protection for program control data,such as return addresses,function pointers,and so on.However,there is not enough effective defense techniques for the protection of program non-control data.It is found that attackers can also exploit attacks by tampering with the non-control data of the program.In addition,the existing program non-control-data protection technology is mostly used for 32-bit applications,and due to the inaccuracy of the pointer analysis,the analysis result may have partial errors,thereby affecting the effect of protection.Therefore,this paper proposes a data writing protection technology that can be laid out on 64-bit applications to provide protection for non-control data in programs.The technology is based on the observation that,regardless of the kind of tamper attack,it must be completed through unsafe data writing operation if it wants to tamper with the data.If all the data writing operations can be protected,it can fundamentally defense attacks against data tampering.This technique protects all global variables in the application against non-control-data attacks on the program.Firstly,a field-sensitive pointer alias analysis technique is designed and implemented in order to improve the accuracy of points-to analysis on the intermediate representation of the program and provide guarantee for subsequent processing.Secondly,in order to protect the data integrity of the global variables of the program,an improved data writing protection technique is proposed in this paper.The core of this technology is to analyze the relationship between write instructions and protected data.First of all,it uses pointer backtracking to analyze each write instructions and get a set of objects that can be written by each instruction.At the same time,combined with the results of pointer alias analysis,we get the set of objects that can be written by each write instruction.Then,it assigns the same identifier to each instruction and the set of objects it can write and performs the conversion of instructions.Finally,every write operation checks whether the write instruction and the identifier of the write object are the same,if the same,it represents the normal data writing operation,otherwise,the exception is triggered and the program ends running.This paper implements the system prototype based on LLVM compiler(version 3.7.0)and provides non-control-data protection for the application.The test results of the system prototype show that the defense mechanism proposed in this paper can effectively protect against the attack of non-control data of the program,and has an acceptable of performance overhead(average below 10%). |
PDF Full Text Request