| PEC-V: 基于RISC-V协处理器的内存溢出防御机制 |
| |
| 引用本文: | 张雨昕,芮志清,李威威,张画,罗天悦,吴敬征.PEC-V: 基于RISC-V协处理器的内存溢出防御机制[J].计算机系统应用,2021,30(11):11-19. |
| |
| 作者姓名: | 张雨昕 芮志清 李威威 张画 罗天悦 吴敬征 |
| |
| 作者单位: | 中国科学院软件研究所智能软件研究中心,北京100190;伊利诺伊大学香槟分校The Grainger College of Engineering,Urbana-Champaign 61820;中国科学院软件研究所智能软件研究中心,北京100190;中国科学院软件研究所PLCT实验室,北京100190;中国科学院软件研究所智能软件研究中心,北京100190;北京航空航天大学高等理工学院,北京100191 |
| |
| 基金项目: | 中国科学院战略性先导科技专项(C类)(XDC05040100); 国家自然科学基金(61772507); 2020年工业互联网创新发展工程(TC200H030) |
| |
| 摘 要: | 内存溢出攻击是计算机系统中历史悠久且依旧广泛存在的攻击手段,而指针加密技术可以有效阻止此攻击.通过软件手段实现这一技术的方式将导致程序运行效率的显著降低并且产生额外的内存开销.所以本文基于RocketChip的RoCC(Rocket Custom Coprocessor)接口实现一个加解密指针的协处理器PEC-V.其通过RISC-V的自定义指令控制协处理器加解密返回地址和函数指针等值达到阻止溢出攻击的目的.PEC-V主要使用PUF(Physical Unclonable Function)来避免在内存中储存加密指针的键值,所以此机制在保证了加密键值的随机性的同时也减少了访问内存的次数.实验结果显示,PEC-V能够有效防御各类缓冲区溢出攻击,且程序平均运行效率仅下降3%,相对既往方案显著提高了性能.
|
| 关 键 词: | 溢出攻击 指针加密 RISC-V RocketChip PUF PEC-V |
| 收稿时间: | 2021/4/29 0:00:00 |
| 修稿时间: | 2021/5/21 0:00:00 |
PEC-V: Memory Overflow Defense Mechanism Based on RISC-V Coprocessor |
| |
| ZHANG Yu-Xin,RUI Zhi-Qing,LI Wei-Wei,ZHANG Hu,LUO Tian-Yue,WU Jing-Zheng.PEC-V: Memory Overflow Defense Mechanism Based on RISC-V Coprocessor[J].Computer Systems& Applications,2021,30(11):11-19. |
| |
| Authors: | ZHANG Yu-Xin RUI Zhi-Qing LI Wei-Wei ZHANG Hu LUO Tian-Yue WU Jing-Zheng |
| |
| Affiliation: | Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;The Grainger College of Engineering, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL 61820, USA;PLCT Lab, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;SHENYUAN Honors College, Beihang University, Beijing 100191, China |
| |
| Abstract: | In computer systems, the memory overflow attack is a long-existing security problem and is still common nowadays, which can be effectively hindered by pointer encryption. Nevertheless, the implementation of the technique by software significantly lowers the program running efficiency and leads to additional memory overhead. In this study, we develop an encrypted/decrypted pointer coprocessor PEC-V based on the Rocket Custom Coprocessor (RoCC) interface of RocketChip. The overflow attack can be prevented through the control of encryption/decryption of the return address and function pointer by the coprocessor under the user-defined instruction of RISC-V. PEC-V mainly depends on Physical Unclonable Function (PUF) to avoid storing the key value of the encrypted pointer in memory. Thus, this mechanism not only ensures the randomness of the key value, but also reduces the times of accessing memory. The experimental results show that PEC-V is defensive against various buffer overflow attacks while the program running efficiency is only reduced by approximately 3% on average, which is better than previous mechanisms. |
| |
| Keywords: | overflow attack pointer encryption RISC-V RocketChip Physical Unclonable Function (PUF) PEC-V |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
