Multi-chain hash stack structure and method for detecting tampered function return address

Abstract

The embodiment of the invention provides a multi-chain hash stack structure and a method for detecting tampering of a function return address. Tthe multi-chain hash stack structure comprises N chain structures, each chain structure corresponds to a top register used for storing a hash value, and a return address of a function body corresponding to a current frame and the hash value in the top register corresponding to the chain structure where the current frame is located are stored in any frame of the multi-chain hash stack structure; the chain structure where the current frame is located isdetermined according to the depth of the function body corresponding to the current frame in the multi-chain hash stack structure; the top register corresponding to the chain structure where the current frame is located stores the latest hash value on the chain structure where the current frame is located; wherein N is a natural number greater than 1. According to the embodiment of the invention,pipeline pause caused by conflicts of similar hash operations is effectively relieved, and the performance loss of the chained hash stack is reduced.

Description

technical field [0001] The invention relates to the field of computer technology, and more specifically, to a multi-chain hash stack structure and a method for detecting tampered return addresses of functions. Background technique [0002] The stack overflow vulnerability is an extremely serious system security vulnerability. It destroys the system memory space by writing too long data into a limited memory space, causing the system to run abnormally, crash or restart. Through the stack overflow attack, the address of the attack code is used to overwrite the function pointer, allowing the attacker to obtain part or all of the system control rights, which is a very threatening security risk. [0003] A chained hash stack structure is provided in the prior art, which is a new type of defense means for protecting function return addresses. It adds two registers to the hardware, the top register and the salt register, the top register is used to store the hash value, and the sa...

AI Technical Summary

Problems solved by technology

[0004] The security of the chained hash stack is extremely high, even if the attacker can read and write the memory address space arbitrarily, this defense mechanism cannot be bypassed

However, the chained hash stack in the prior art is a single-chain structure. In a single-chain implementation, the function body with a depth of m stores the m-th return address and the m-1-th hash value, that is, That is, if the operation of the m-1th hash value is not completed, the operation of the m-th hash value must wait. When the operation cycle of the hash function increases, the performance loss of the chained hash stack will be sharply reduced. If it is increased, it will cause the problem of pipeline stagnation

For example, when a hash operation takes 80 clock cycles, its performance loss is about 20%, which greatly limits the practicality of the chained hash stack

Images