Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A defense method of stack buffer overflow attack based on lbr

A buffer overflow and stack operation technology, applied in the direction of platform integrity maintenance, etc., can solve the problems of destroying the locality principle, reducing the hit rate, and reducing the accuracy of branch prediction.

Active Publication Date: 2021-04-20
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the content to be encrypted is very short (only one address), it still requires the processor to read the key, perform encryption and decryption operations and other operations that consume processor resources
In the process of program execution, the introduction of encryption and decryption operations may also destroy the principle of locality, resulting in a decrease in the hit rate of the TLB (Translation Look aside Buffer; conversion detection buffer) and a decrease in the accuracy of branch prediction, which again affects the overall performance of the system.
[0007] In addition to performance overhead issues, Point Guard still faces key protection issues
The premise of the Point Guard defense method is that the attacker cannot know the key
If the attacker knows the key, he can overwrite the ciphertext of the return address with the ciphertext of the illegal address, and the stack overflow attack is effective

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A defense method of stack buffer overflow attack based on lbr
  • A defense method of stack buffer overflow attack based on lbr
  • A defense method of stack buffer overflow attack based on lbr

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In order to make the purpose, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the present invention Examples, not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0046] LBR: A ​​hardware feature of the Intel processor. Essentially, the processor adds several registers, and each register records a certain control transfer information recently executed by the processor. The processor organizes these registers into a ring-shaped memory pool, and uses the new value to overwrite the old value to cycle through the records. The LBR storage capa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an LBR-based stack buffer overflow attack defense method. By using the set instruction set to replace the original call instruction and ret instruction, the hardware factor is introduced into the protection of the return address in the stack. The "address" stored in the stack is actually the software factor that generates the real return address. Only with processing The real return address can only be obtained after combining the hardware factors provided by the controller LBR, which makes the attacker's method of directly attacking the data in the stack invalid. Since the attacker does not have the ability to directly attack the physical system, the present invention can reasonably assume that the hard factor cannot be tampered with by the attack. Based on the credibility of the hard factor, combined with the anti-replay design of the random factor, the stack data protection scheme proposed by the present invention is effective. Different from the method of shadow stack or encrypted return address, the present invention does not rely on too much computational complexity and redundant space, but only adds several instructions, and the operating efficiency is guaranteed.

Description

technical field [0001] The invention relates to the technical field of computer operating systems, in particular to an LBR-based stack buffer overflow attack defense method. Background technique [0002] The stack buffer overflow vulnerability is a very common security vulnerability in software systems. It achieves the purpose of controlling the software control flow by continuously injecting data into the stack to overwrite the return address of the function. Using stack buffer overflow vulnerabilities, attackers can bypass security measures such as anti-virus, enter the operating system and steal user privacy. [0003] For stack buffer overflow attacks, the most classic defense method is Stack Guard. To put it simply, StackGuard inserts a flag word into the stack as a "sentinel". When an attacker tampers with the return address by continuously injecting illegal addresses, the "sentinel" will be overwritten. In this way, when the program returns from the sub-function, it ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F21/56
Inventor 周洪伟原锦辉朱旭华张玉臣孙怡峰吴彊
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com