阅读说明：本技术 基于risc-v与地址空间布局随机化的内存地址检测攻击防御方法及装置 (Memory address detection attack defense method and device based on RISC-V and address space layout randomization ) 是由 刘畅 赵琛 武延军 芮志清 吴敬征 武斌 于 2021-08-17 设计创作，主要内容包括：本发明公开了一种基于RISC-V与地址空间布局随机化的内存地址检测攻击防御方法及装置,包括：构造程序内存地址空间描述表；插入用于生成和设置地址随机偏移量的RISC-V扩展指令；执行代码,在生成地址随机偏移量后,更新程序内存地址空间描述表；实现内存地址空间布局随机化。本发明可以在不改变程序控制流的情况下,将地址布局随机化机制应用于系统之中,有效遏制内存地址检测攻击,进而提高系统对相关后续攻击(DOP、ROP、缓冲区溢出攻击、代码重用攻击等)的防御能力,增强RISC-V系统的安全性,解决了地址空间布局随机化在多种应用环境中的适用性问题。(The invention discloses a memory address detection attack defense method and a device based on RISC-V and address space layout randomization, which comprises the following steps: constructing a program memory address space description table; inserting a RISC-V extended instruction for generating and setting an address random offset; executing codes, and updating a program memory address space description table after generating random address offset; the randomization of the layout of the memory address space is realized. The invention can apply the address layout randomization mechanism to the system under the condition of not changing the program control flow, effectively restrains the memory address detection attack, further improves the defense capability of the system to the relevant subsequent attacks (DOP, ROP, buffer overflow attack, code reuse attack and the like), enhances the safety of the RISC-V system, and solves the applicability problem of the address space layout randomization in various application environments.)

1. A memory address detection attack defense method based on RISC-V and address space layout randomization comprises the following steps:

1) according to the address segment type S involved in program execution and the memory address range corresponding to each address segment type SEnclose R_SConstructing a program memory address space description table T, wherein the program memory address space description table T comprises a plurality of elements T_S＝(S,R_S,D_S) Offset of memory starting address D_S＝0；

2) RISC-V expansion instructions for generating and setting random address offset are respectively inserted into the program starting positions;

3) during program execution, a memory start address offset D 'is generated based on RISC-V extended instructions for generating and setting random offsets of addresses'_SUpdating a program memory address space description table;

4) and according to the updated program memory address space description table, realizing memory address space layout randomization.

2. The method of claim 1, wherein the address segment types comprise: code segment, data segment, heap space, stack space, or BSS segment.

3. The method of claim 1, wherein the instruction format of the RISC-V extended instruction for generating the address random offset comprises:

1) an Opcode field to represent an instruction Opcode encoding in the custom encoding space;

2) a RangeMax field which represents the maximum value range of the random offset of the address;

3) a Func field indicating a specific offset form of the offset amount;

4) the Res field indicates a register for storing the execution result of the instruction.

4. The method of claim 1, wherein the instruction format of the RISC-V extended instruction for setting the random offset of the address comprises:

1) an Opcode field to represent an instruction Opcode encoding in the custom encoding space;

2) an Addr field indicating a start address of the currently protected address segment;

3) an AddrType field indicating the type of the currently protected address field;

4) a RandVal field for indicating the random offset of the address, namely the distance of the offset of the initial address of the currently protected address field;

5) the Res field indicates a register for storing the execution result of the instruction.

5. The method of claim 1, wherein RISC-V extended instructions for generating and setting random offsets to addresses are inserted by:

1) fetching an element T which is not fetched yet in the program memory address space description table T_S；

2) Inserting a corresponding RISC-V expansion instruction for generating the random offset of the address and a corresponding RISC-V expansion instruction for setting the random offset of the address into the initial position of the program;

3) repeating the steps 1) -2) until all elements T in the program memory address space description table T_SIs taken out.

6. The method of claim 1, wherein a memory start address offset D 'is generated'_SThe method comprises the following steps: based on a true random number generator.

7. The method of claim 1, wherein the updated program memory address space description table is obtained by:

1) fetching an element T in program memory address space description table T_S＝(S,R_S,D_S)；

2) Utilizing memory start address offset D'_SOffset of memory start address D_SModifying;

3) and obtaining the updated program memory address space description table until all elements T in the program memory address space description table T are updated.

8. The method of claim 1, wherein implementing memory address space layout randomization comprises: a hardware microarchitecture is utilized.

9. A storage medium having a computer program stored thereon, wherein the computer program is arranged to, when run, perform the method of any of claims 1-8.

10. An electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the method according to any of claims 1-8.

Technical Field

The invention belongs to the technical field of computers, and relates to a memory address detection attack defense method and device based on RISC-V and address space layout randomization.

Background

The memory is one of the key components in a computer system, and is used for storing various data and codes required by a computer processor during operation, and providing a main place for program operation and data operation. The security of the memory has become an important link of the computer system security, how to protect the memory from being damaged and interfered by malicious attacks, and ensure the integrity of the functions and the credibility of the contents of the memory is a main system security problem which needs to be faced by the academic and industrial circles. There are many different implementation means and expressions for memory attacks, such as DOP (Data-Oriented Programming), ROP (Return-Oriented Programming), buffer overflow attacks, code reuse attacks, and so on. Before an attacker launches a memory attack, the memory address is usually required to be detected to determine the specific position of an attacked target, so that the accuracy and success rate of the attack are improved, and the stability and accuracy of a system and a program are damaged to the maximum extent.

In order to effectively suppress the memory address detection attack, some corresponding defense methods have been proposed in academia. For example, the PaX project group has designed a random memory Space Layout (ASLR) mechanism for Linux operating system kernel, and introduces randomness into the memory Address Space used by different tasks to irregularly change the starting positions of different Address segments, thereby increasing the probability that an attacker guesses a task-related specific Address (such as a stack pointer, an Address of a specific library). On the basis, Kangjie Lu et al propose an enhanced mechanism ASLR-Guard for a code reuse attack scene in 2015, and further prevent the possibility of the code pointer being leaked by methods of separating code and data, performing secure storage for the code pointer and the like. However, these existing defense methods lack general applicability, such as ASLR-Guard that requires 64-bit virtual address space to obtain sufficient entropy to meet the operational requirements, which limits the application of the method in embedded, etc. resource-constrained environments.

The invention provides an implementation scheme based on RISC-V extended instruction set in order to solve the problem of applicability of address space layout randomization in various application environments. The invention can apply the address layout randomization mechanism to the system under the condition of not changing the program control flow, effectively inhibit the memory address detection attack, further improve the defense capability of the system to the relevant subsequent attacks (DOP, ROP, buffer overflow attack, code reuse attack and the like), and enhance the safety of the RISC-V system.

Disclosure of Invention

The invention aims to provide a memory address detection attack defense method and device based on RISC-V and address space layout randomization. The method generates and provides parameters such as random offset required by the randomization of the address space layout in a hardware mode through a RISC-V instruction set, and reduces the direct dependence of the randomization process of the address space layout on system resources; the difficulty of attackers obtaining the specific position of the attacked target is increased by the random offset of the relevant memory address space. The method can effectively improve the defense capability of the system to the memory address detection attack and improve the safety of the RISC-V system.

In order to achieve the purpose, the invention adopts the following technical scheme:

a memory address detection attack defense method based on RISC-V and address space layout randomization comprises the following steps:

1) according to the address segment type S related to program execution and the memory address range R corresponding to each address segment type S_SConstructing a program memory address space description table T, wherein the program memory address space description table T comprises a plurality of elements T_S＝(S,R_S,D_S) Offset of memory starting address D_S＝0；

2) RISC-V expansion instructions for generating and setting random address offset are respectively inserted into the program starting positions;

3) when the program is executed, the internal register is generated based on the RISC-V extended instruction for generating and setting random address offsetMemory start address offset D'_SUpdating a program memory address space description table;

4) and according to the updated program memory address space description table, realizing memory address space layout randomization.

Further, the address segment types include: code segment, data segment, heap space, stack space, or BSS segment.

Further, the instruction format of the RISC-V extended instruction for generating the address random offset includes:

1) an Opcode field to represent an instruction Opcode encoding in the custom encoding space;

2) a RangeMax field which represents the maximum value range of the random offset of the address;

3) a Func field indicating a specific offset form of the offset amount;

4) the Res field indicates a register for storing the execution result of the instruction.

Further, the instruction format of the RISC-V extended instruction for setting the random offset of the address includes:

1) an Opcode field to represent an instruction Opcode encoding in the custom encoding space;

2) an Addr field indicating a start address of the currently protected address segment;

3) an AddrType field indicating the type of the currently protected address field;

4) a RandVal field for indicating the random offset of the address, namely the distance of the offset of the initial address of the currently protected address field;

5) the Res field indicates a register for storing the execution result of the instruction.

Further, a RISC-V expand instruction for generating a random offset from a set address is inserted by:

1) fetching an element T which is not fetched yet in the program memory address space description table T_S；

2) Inserting a corresponding RISC-V expansion instruction for generating the random offset of the address and a corresponding RISC-V expansion instruction for setting the random offset of the address into the initial position of the program;

3) repeating the steps 1) -2) until all elements T in the program memory address space description table T_SIs taken out.

Further, generating memory start address offset D'_SThe method comprises the following steps: based on a true random number generator.

Further, the updated program memory address space description table is obtained through the following steps:

1) fetching an element T in program memory address space description table T_S＝(S,R_S,D_S)；

2) Utilizing memory start address offset D'_SOffset of memory start address D_SModifying;

3) and obtaining the updated program memory address space description table until all elements T in the program memory address space description table T are updated.

Further, the method for implementing the memory address space layout randomization includes: a hardware microarchitecture is utilized.

A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when executed.

An electronic device comprising a memory and a processor, wherein the memory stores a program that performs the above described method.

The invention has the technical effects that:

1. based on the address space layout randomization technology, the difficulty degree of an attacker in detecting the memory address and acquiring the specific position of the attacked target is increased, and the safety of the RISC-V system is effectively improved.

2. The method has the advantages that parameters such as random offset and the like are generated and provided in a hardware mode, direct dependence of an address space layout randomization process on system resources is reduced, and the application range of the technology is expanded.

3. The software and hardware cooperation implementation scheme taking the RISC-V extended instruction set as the leading one is helpful to play the role of hardware in system security defense, so that the security hardware designed based on RISC-V can provide a better defense effect.

Drawings

FIG. 1 is a flow chart of a memory address detection attack defense method based on address space layout randomization in a RISC-V system.

FIG. 2 is a flow chart for constructing a program memory address space description table.

FIG. 3 is a flow diagram of inserting a relevant RISC-V extended instruction into program code.

FIG. 4 is a schematic diagram of the instruction format design of a RISC-V extended instruction for generating address random offsets.

FIG. 5 is a schematic diagram of the instruction format design of a RISC-V extended instruction for setting the random offset of the address.

FIG. 6 is a flow chart of updating a program memory address space description table.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.

In this embodiment, the memory address detection attack defense method based on RISC-V and memory address space layout randomization is shown in fig. 1, and mainly includes the following steps:

1) and constructing a program memory address space description table. The flow is shown in fig. 2, and is specifically described as follows:

1a) according to the specific implementation environment, the types of all address fields involved in program execution are determined, and an address field type set is formed and is marked as { S }. Where the element S represents a specific address field type. Typically, these types will include code segments, data segments, heap space, stack space, BSS segments, and the like. Go to 1 b).

1b) Determining the memory address range corresponding to each address segment, and recording the memory address range corresponding to the address segment type S as R_SGo to 1 c).

1c) For the address field type set { S }, the offset of the memory starting address corresponding to the address field type S is recorded as D_SLet D_S0. Go to 1 d).

1d) For address fieldThe type set { S }, the memory address space corresponding to the address field type S is described as T_SStructure T of_S＝(S,R_S,D_S) Go to 1 e).

1e) Organizing all memory address space descriptions into a program memory address space description table T, i.e. T ═ T_S}。

2) Inserting a RISC-V extended instruction for generating and setting an address random offset, the flow of which is shown in FIG. 3; the instruction format of the RISC-V extended instruction for generating the address random offset is shown in FIG. 4; the instruction format of the RISC-V extended instruction for setting the random offset of the address is shown in fig. 5. The concrete description is as follows:

2a) fetching an element T in the program memory address space description table T which has not been fetched_S＝(S,R_S,D_S) Go to 2 b).

2b) At the program start position, a RISC-V extended instruction for generating an address random offset is inserted. Go to 2 c).

2c) A RISC-V extended instruction for setting the random offset of the address continues to be inserted so as to correspond to the address field type S. Go to 2 d).

2d) If the element which is not taken yet exists in the T, turning to 2a), and continuing to process the subsequent elements.

Wherein, the RISC-V extended instruction used for generating the random offset of the address, the customized instruction format includes:

1) an Opcode field to represent an instruction Opcode encoding in the custom encoding space;

2) a RangeMax field which represents the maximum value range of the random offset of the address;

3) a Func field indicating a specific offset form of the offset amount;

4) the Res field indicates a register for storing the execution result of the instruction.

A RISC-V extended instruction for setting an address random offset, the customized instruction format comprising:

1) an Opcode field to represent an instruction Opcode encoding in the custom encoding space;

2) an Addr field indicating a start address of the currently protected address segment;

3) an AddrType field indicating the type of the currently protected address field;

4) a RandVal field for indicating the random offset of the address, namely the distance of the offset of the initial address of the currently protected address field;

5) the Res field indicates a register for storing the execution result of the instruction.

3) And executing codes, and updating the program memory address space description table after generating the random address offset. The flow is shown in fig. 6, and is specifically described as follows:

3a) and executing a RISC-V expansion instruction for generating the address random offset, and generating an unsigned random number which is marked as RM and is used as the address random offset by a specific hardware mode (such as a true random number generator). Go to 3 b).

3b) A RISC-V extended instruction is executed that sets the random offset of the address, which corresponds to the address field type S. Fetching element T in program memory address space description table T_S＝(S,R_S,D_S) D is_SIs modified to RM, T is updated_S. Turning to 3c)

3c) The above steps are repeated until all elements in T are updated.

4) The hardware micro-architecture realizes the randomization of the memory address space layout, and can be realized by customizing the safe RISC-V hardware equipment according to the specific implementation environment characteristics and the safety requirements.

The above embodiments are only intended to illustrate the technical solution of the present invention and not to limit the same, and a person skilled in the art can modify the technical solution of the present invention or substitute the same without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.