| 基于IPT硬件的内核模块ROP透明保护机制 |
| |
| 引用本文: | 王心然,刘宇涛,陈海波.基于IPT硬件的内核模块ROP透明保护机制[J].软件学报,2018,29(5):1333-1347. |
| |
| 作者姓名: | 王心然 刘宇涛 陈海波 |
| |
| 作者单位: | 上海交通大学 并行与分布式系统研究所, 上海 200240,上海交通大学 并行与分布式系统研究所, 上海 200240,上海交通大学 并行与分布式系统研究所, 上海 200240 |
| |
| 基金项目: | 国家重点研发计划(2016YFB1000104) |
| |
| 摘 要: | Return-Oriented Programming(ROP)是一种流行的利用缓冲区溢出漏洞进行软件攻击的方法,它通过覆写程序栈上的返回地址,使程序在之后执行返回指令时,跳转到攻击者指定位置的代码,因而违反了程序原本期望的控制流.控制流完整性(Control-flow Integrity,简称CFI)检查是目前最流行的ROP防御机制,它将每条控制流跳转指令的合法目标限制在一个合法目标地址集合内,从而阻止攻击者恶意改变程序的控制流.现有的CFI机制大多用于保护用户态程序,然而当前已经有诸多针对内核态的攻击被曝出,其中Return-oriented rootkits1] (ROR)就是在有漏洞的内核模块中进行ROP攻击,达到执行内核任意代码的目的.相较于传统的基于用户空间的ROP攻击,ROR攻击更加危险.根据Linux CVE的数据统计,在2014-2016年中,操作系统内核内部的漏洞有76%出现在内核模块中,其中基本上所有被公布出来的攻击都发生在内核模块.由此可见,内核模块作为针对内核攻击的高发区,非常危险.另一方面,当前鲜有针对操作系统内核的CFI保护方案,而已有的相关系统都依赖于对内核的重新编译,这在很大程度上影响了它们的应用场景.针对这些问题,本文首次提出利用Intel Processor Trace (IPT)硬件机制,并结合虚拟化技术,对内核模块进行透明且有效的保护,从而防御针对其的ROP攻击.实验表明该系统具有极强的保护精确性、兼容性和高效性.
|
| 关 键 词: | ROP|CFI|内核模块|IPT|虚拟化|KVM |
| 收稿时间: | 2017/6/30 0:00:00 |
| 修稿时间: | 2017/8/29 0:00:00 |
Transparent Protection of Kernel Module Against ROP with Intel Processor Trace |
| |
| WANG Xin-Ran,LIU Yu-Tao and CHEN Hai-Bo.Transparent Protection of Kernel Module Against ROP with Intel Processor Trace[J].Journal of Software,2018,29(5):1333-1347. |
| |
| Authors: | WANG Xin-Ran LIU Yu-Tao and CHEN Hai-Bo |
| |
| Affiliation: | Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China,Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China and Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China |
| |
| Abstract: | Return-oriented programming (ROP), in which attackers corrupt program stack in order to hijack the control flow of the program, is a popular way to attack memory corruption bugs. Control flow integrity (CFI) is a popular approach which thwarts attackers tampering with execution flow, in a way that enforces the legal targets of each indirect branches. While published CFI approaches mainly focus on protecting user programs, the OS kernel is still vulnerable to various attacks. E.g, return-oriented rootkits(ROR), which can launch ROP attacks in vulnerable kernel modules, is able to execute arbitrary code in kernel. Compared with traditional user-level ROP, ROR is more dangerous because it happens in kernel space. According to Linux CVE from 2014 to 2016, 76% of kernel bugs appear in kernel module and almost all of the published attacks happen in kernel modules, which infers that kernel modules happen to be the most dangerous area in the kernel space. However currently there are still very few number of kernel-level CFI protection mechanisms, and all of the existing ones require source-code level modification and kernel recompilation, which restricts the usage scenarios of the commodity systems. Facing of these problems, we propose to leverage Intel Processor Trace(IPT), and present the first system which can prevent against ROP attacks in kernel modules base on virtualization without relying on the source code of kernel and kernel modules. The evaluation proves the precision, transparency and efficiency of our system. |
| |
| Keywords: | ROP|CFI|kernel module|IPT|virtualization|KVM |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
