基于封装结构随机化的程序保护方法  被引量：2

作　　者：陈平[1,2] 邢骁[1,2] 辛知[1,2] 王逸[1,2] 茅兵[1,2] 谢立[1,2] 

机构地区：[1]南京大学软件新技术国家重点实验室,南京210093 [2]南京大学计算机科学与技术系,南京210093

出　　处：《计算机研究与发展》2011年第12期2227-2234,共8页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60773171;61073027;90818022;61021062);国家"八六三"高技术研究发展计划基金项目(2007AA01Z448);国家"九七三"重点基础研究发展计划基金项目(2009CB320705)

摘　　要：随机化方法作为保护程序免受攻击的一项技术,已经得到广泛的应用.但现有的随机化方法存在两个问题:其一,粒度较粗,不能阻止发生在函数、结构体、类内部的攻击;其二,绝大多数攻击是通过外部输入篡改关键对象,而现有随机化方法对这种攻击特点关注不够.基于此,一种增强的随机化安全结构被提出:通过对封装结构(函数、结构体以及类)内部的结构重新排列而达到随机化的细粒度;同时,分析抽取出与外部输入相关的数组,并在这些数组之间插入"哨兵",防止其产生溢出.这种随机化方法不仅将随机化技术应用到函数、结构体、类内部,而且抓住了攻击的特点,对关键的与输入相关的数组对象进行保护,使程序免受控制流和非控制流攻击,从而增强了现有的随机化技术.Randomization method is widely applied into practice for protecting the program from attacks. There are two limitations in existing randomization techniques. One is that they are coarse-grained, as such they may fail to defend the attacks caused by maliciously fabricating the inner variable in function/struct/class. Another limitation is that existing randomization techniques ignore the fact that majority of the attacks leverage the input data to fabricate the sensitive data objects. In this paper, a fine-grained randomization method is proposed to protect programs based on an enhanced safety structure. These techniques will reorder the encapsulated structure （function, struct, class） layout. In addition, this method extracts input-related array and separates the array by inserting the guard between them. The randomization approach not only applies the randomization techniques into function/struct/class to foil a number of attacks, but also extracts the input-related array and inserts the guard to prevent them from being maliciously crafted. As an enhancement to existing randomization techniques, this method is able to protect the programs from both control-flow attacks and non-control-flow attacks. This technique has been implemented in the open source compiler GCC, and the experimental results show that the approach can effectively detect the real world attacks and has low performance overhead.

关 键 词：计算机安全 软件安全 软件漏洞 封装数据结构 随机化 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]