基于XOR门加密的抗控制流攻击方法  

作　　者：余云飞 张跃军[1,3] 汪鹏君 李刚 YU Yun-Fei;ZHANG Yue-Jun;WANG Peng-Jun;LI Gang(Faculty of Electrical Engineering and Computer Science,Ningbo University,Ningbo 315211,China;College of Electrical and Electronic Engineering,Wenzhou University,Wenzhou 325035,China;State Key Laboratory of Cryptology,P.O.Box 5159,Beijing 100878,China)

机构地区：[1]宁波大学信息科学与工程学院,宁波315211 [2]温州大学电气与电子工程学院,温州325035 [3]密码科学技术国家重点实验室,北京100878

出　　处：《密码学报》2020年第4期430-438,共9页Journal of Cryptologic Research

基　　金：浙江省自然科学基金(LY18F040002);国家自然科学基金(61871244,61874078);密码科学技术国家重点实验室开放课题(MMKFKT20187)。

摘　　要：控制流攻击是利用软件漏洞去劫持程序的执行流向,并将其导向预定的恶意代码或可以组成恶意代码的指令片段的一种恶性攻击方式.本文通过对控制流攻击原理的研究,提出一种基于XOR门加密抗控制流攻击方法.该方法首先在执行程序调用指令call时,利用XOR加密电路对返回地址进行加密.其次将加密后的返回地址压入堆栈和内置安全寄存器组,然后当执行程序返回指令ret时,堆栈和内置安全寄存器组中的加密返回地址经过XOR解密电路后送入地址比较器,通过返回地址比较结果检测系统是否受到控制流攻击.最后,利用TSMC 65 nm CMOS工艺,设计基于XOR门加密的抗控制流攻击处理器并验证.实验结果表明配件gadget平均消除率高达99.52%,电路面积和功耗最大开销仅分别增加5.25%和6.3%,可有效达到抗控制流攻击的目的.The control flow attacks use software vulnerabilities to hijack the control flow of a program and redirect it to predetermined malicious code or instruction fragments that can form malicious code.Based on the research of control flow attack,this paper proposes a hardware-assisted method for defending control flow attack,and the proposed method is based on XOR-gate encryption.When the“call”instruction is executed,the scheme first uses the XOR encryption circuit to encrypt the return address;then pushes the encrypted return address onto the stack and the built-in security register bank.When the“ret”instruction is executed,the return address in the stack and BSRB will be decrypted by the XOR-gate decryption circuit,and then the decrypted return address is sent to comparator.The comparison result determines whether the system is under attack.Finally,the processor that defend control flow attack based on XOR-gate encryption is designed in the TSMC 65 nm CMOS process.The experimental results show that the circuit area and power consumption of the defending control flow attack processor based on XOR-gate encryption increased by 5.25%and 6.3%respectively,and the average elimination rate of the gadget is 99.52%,which can effectively prevent control flow attacks.

关 键 词：控制流攻击 XOR门加密 安全寄存器组 信息安全 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]