###

计算机系统应用英文版:2021,30(11):11-19

←前一篇 | 后一篇→

码上扫一扫！

下载全文

PEC-V: 基于RISC-V协处理器的内存溢出防御机制

(1.中国科学院软件研究所智能软件研究中心, 北京 100190;2.伊利诺伊大学香槟分校 The Grainger College of Engineering, Urbana-Champaign 61820;3.中国科学院软件研究所 PLCT实验室, 北京 100190;4.北京航空航天大学高等理工学院, 北京 100191)

PEC-V: Memory Overflow Defense Mechanism Based on RISC-V Coprocessor

ZHANG Yu-Xin^1,2, RUI Zhi-Qing¹, LI Wei-Wei³, ZHANG Hua^1,4, LUO Tian-Yue¹, WU Jing-Zheng¹

(1.Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;2.The Grainger College of Engineering, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL 61820, USA;3.PLCT Lab, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;4.SHENYUAN Honors College, Beihang University, Beijing 100191, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1135次下载 1854次
Received:April 29, 2021 Revised:May 21, 2021

中文摘要: 内存溢出攻击是计算机系统中历史悠久且依旧广泛存在的攻击手段, 而指针加密技术可以有效阻止此攻击. 通过软件手段实现这一技术的方式将导致程序运行效率的显著降低并且产生额外的内存开销. 所以本文基于RocketChip的RoCC (Rocket Custom Coprocessor)接口实现一个加解密指针的协处理器PEC-V. 其通过RISC-V的自定义指令控制协处理器加解密返回地址和函数指针等值达到阻止溢出攻击的目的. PEC-V主要使用PUF(Physical Unclonable Function)来避免在内存中储存加密指针的键值, 所以此机制在保证了加密键值的随机性的同时也减少了访问内存的次数. 实验结果显示, PEC-V能够有效防御各类缓冲区溢出攻击, 且程序平均运行效率仅下降3%, 相对既往方案显著提高了性能.

中文关键词: 溢出攻击指针加密 RISC-V RocketChip PUF PEC-V

Abstract:In computer systems, the memory overflow attack is a long-existing security problem and is still common nowadays, which can be effectively hindered by pointer encryption. Nevertheless, the implementation of the technique by software significantly lowers the program running efficiency and leads to additional memory overhead. In this study, we develop an encrypted/decrypted pointer coprocessor PEC-V based on the Rocket Custom Coprocessor (RoCC) interface of RocketChip. The overflow attack can be prevented through the control of encryption/decryption of the return address and function pointer by the coprocessor under the user-defined instruction of RISC-V. PEC-V mainly depends on Physical Unclonable Function (PUF) to avoid storing the key value of the encrypted pointer in memory. Thus, this mechanism not only ensures the randomness of the key value, but also reduces the times of accessing memory. The experimental results show that PEC-V is defensive against various buffer overflow attacks while the program running efficiency is only reduced by approximately 3% on average, which is better than previous mechanisms.

keywords: overflow attack pointer encryption RISC-V RocketChip Physical Unclonable Function (PUF) PEC-V

文章编号： 中图分类号： 文献标志码：

基金项目:中国科学院战略性先导科技专项(C类)(XDC05040100); 国家自然科学基金(61772507); 2020年工业互联网创新发展工程(TC200H030)

Author Name	Affiliation	E-mail
ZHANG Yu-Xin	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China The Grainger College of Engineering, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL 61820, USA
RUI Zhi-Qing	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
LI Wei-Wei	PLCT Lab, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
ZHANG Hua	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China SHENYUAN Honors College, Beihang University, Beijing 100191, China
LUO Tian-Yue	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
WU Jing-Zheng	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China	jingzheng08@iscas.ac.cn

Author Name	Affiliation	E-mail
ZHANG Yu-Xin	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China The Grainger College of Engineering, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL 61820, USA
RUI Zhi-Qing	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
LI Wei-Wei	PLCT Lab, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
ZHANG Hua	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China SHENYUAN Honors College, Beihang University, Beijing 100191, China
LUO Tian-Yue	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
WU Jing-Zheng	Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China	jingzheng08@iscas.ac.cn

引用文本：
张雨昕,芮志清,李威威,张画,罗天悦,吴敬征.PEC-V: 基于RISC-V协处理器的内存溢出防御机制.计算机系统应用,2021,30(11):11-19
ZHANG Yu-Xin,RUI Zhi-Qing,LI Wei-Wei,ZHANG Hua,LUO Tian-Yue,WU Jing-Zheng.PEC-V: Memory Overflow Defense Mechanism Based on RISC-V Coprocessor.COMPUTER SYSTEMS APPLICATIONS,2021,30(11):11-19