Although numerous defenses against memory vulnerability exploits have been studied so far, highly-compatible, precise, and efficient defense is still an open problem. In fact, existing defense methods have at least one of the following problems: they (1) cannot precisely protect structure fields, (2) incur high protection overheads, and/or (3) cannot maintain compatibility with existing code due to imposing memory layout change on the protected program. In this paper, we propose a novel memory-protection method FIX-Sense that aims to solve all of these problems simultaneously. Our key idea is to perform memory protection based on field-sensitive data-flow integrity. Specifically, our method (1) computes a safe write-read relation for each memory object, at the structure-field granularity, based on field-sensitive value-flow analysis at the compile-time of the protected program. (2) At run-time, lightweight verification is performed to determine whether each memory read executed by the protected program belong to the safe write-read relation calculated for the memory object at compile time. (3) This verification is implemented by lightweight metadata management that tracks memory writes at the structure field granularity without changing the memory layout of the target program (especially the structure field layout).
翻译:尽管迄今为止已经研究过许多防止记忆脆弱性的利用,但高度兼容、精确和高效的防御仍然是一个尚未解决的问题。事实上,现有的防御方法至少有以下一个问题:(1) 无法精确地保护结构字段,(2) 高保护性间接费用,和/或(3) 无法保持与现有代码的兼容性,因为对受保护程序强制改变记忆布局。在本文件中,我们提议一种新的记忆-保护方法FIX-Sense,目的是同时解决所有这些问题。我们的关键想法是根据对外地敏感的数据流完整性来进行记忆保护。具体地说,我们的方法(1) 计算每个记忆对象在结构-外地颗粒度上的安全写读关系,其依据是在受保护程序编译时对外地敏感的价值流分析。 (2) 运行时,进行轻量度核查,以确定受保护程序所读的每部记忆是否属于为汇编时间的记忆对象计算的安全写读取关系。(3) 这一核查由轻量的元数据管理进行,该元数据管理在结构阵列的记忆书写中进行,而不改变目标的记忆布局(特别是实地布局)。