PEC-V: 基于RISC-V协处理器的内存溢出防御机制
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

中国科学院战略性先导科技专项(C类)(XDC05040100); 国家自然科学基金(61772507); 2020年工业互联网创新发展工程(TC200H030)


PEC-V: Memory Overflow Defense Mechanism Based on RISC-V Coprocessor
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 增强出版
  • |
  • 文章评论
    摘要:

    内存溢出攻击是计算机系统中历史悠久且依旧广泛存在的攻击手段, 而指针加密技术可以有效阻止此攻击. 通过软件手段实现这一技术的方式将导致程序运行效率的显著降低并且产生额外的内存开销. 所以本文基于RocketChip的RoCC (Rocket Custom Coprocessor)接口实现一个加解密指针的协处理器PEC-V. 其通过RISC-V的自定义指令控制协处理器加解密返回地址和函数指针等值达到阻止溢出攻击的目的. PEC-V主要使用PUF(Physical Unclonable Function)来避免在内存中储存加密指针的键值, 所以此机制在保证了加密键值的随机性的同时也减少了访问内存的次数. 实验结果显示, PEC-V能够有效防御各类缓冲区溢出攻击, 且程序平均运行效率仅下降3%, 相对既往方案显著提高了性能.

    Abstract:

    In computer systems, the memory overflow attack is a long-existing security problem and is still common nowadays, which can be effectively hindered by pointer encryption. Nevertheless, the implementation of the technique by software significantly lowers the program running efficiency and leads to additional memory overhead. In this study, we develop an encrypted/decrypted pointer coprocessor PEC-V based on the Rocket Custom Coprocessor (RoCC) interface of RocketChip. The overflow attack can be prevented through the control of encryption/decryption of the return address and function pointer by the coprocessor under the user-defined instruction of RISC-V. PEC-V mainly depends on Physical Unclonable Function (PUF) to avoid storing the key value of the encrypted pointer in memory. Thus, this mechanism not only ensures the randomness of the key value, but also reduces the times of accessing memory. The experimental results show that PEC-V is defensive against various buffer overflow attacks while the program running efficiency is only reduced by approximately 3% on average, which is better than previous mechanisms.

    参考文献
    相似文献
    引证文献
引用本文

张雨昕,芮志清,李威威,张画,罗天悦,吴敬征. PEC-V: 基于RISC-V协处理器的内存溢出防御机制.计算机系统应用,2021,30(11):11-19

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-04-29
  • 最后修改日期:2021-05-21
  • 录用日期:
  • 在线发布日期: 2021-10-22
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京海淀区中关村南四街4号 中科院软件园区 7号楼305房间,邮政编码:100190
电话:010-62661041 传真: Email:csa (a) iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号