A password code-oriented automated program sensitive data protection method
A technology for automated procedures and sensitive data, applied in the field of information security, which can solve the problems of manual implementation prone to omissions, errors, and inability to automatically identify sensitive data.
Active Publication Date: 2022-08-09
SHANGHAI JIAO TONG UNIV
View PDF9 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
For in-process memory isolation, there are already many existing technologies that provide support for the basic primitives of isolation, but the existing technologies cannot automatically identify sensitive data
In fact, developers cannot make good use of memory isolation primitives to isolate sensitive data in programs, such as potentially sensitive data generated in cryptographic program logic, because this is a complex and cumbersome task, and manual implementation will be extremely easy omission or error
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0014] This embodiment is implemented on the LLVM version 7.0 framework and selects Intel MPK as the hardware primitive used. Given a target source code containing cryptographic operations, such as figure 1 As shown, this embodiment relates to a cryptographic code-oriented automated program sensitive data protection method, including: a preprocessing stage, a cryptographic code-oriented static analysis stage, an intermediate language code transformation stage, and a binary program output stage, wherein:
[0015] like figure 2 As shown, the preprocessing stage refers to: correspondingly marking the original key material in the program and the input plaintext / ciphertext on the source code, and then converting the target source code into the LLVM intermediate language code through the LLVM compiler form.
[0016] The markings include: the developer marks the buffer storing the original key material as a key taint in the code through #pragmataintersinktaint, a precompiled instr...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
An automatic program sensitive data protection method oriented to cipher code. The original key material and plaintext ciphertext taint are manually marked on the program source code by marking statements in advance, and the program source code is converted into the LLVM intermediate language through the LLVM compiler. code; perform static sensitive data flow analysis on the cipher code on the LLVM intermediate language code, and obtain the sensitive buffer in the code and the corresponding code for operating the sensitive buffer; determine the to-be-modified according to the output results of the static analysis stage The allocation of buffers and the memory access instructions that need to be executed in a high-privilege state, and isolation operations are performed on this basis, and the intermediate language obtained from the transformation is compiled and linked to the required runtime library, and the final output is compiled to get the final output. Protected binary program. The invention can automatically help to determine the data structures and sensitive data such as derived key material, intermediate buffer and the like that need to be protected.
Description
technical field [0001] The invention relates to a technology in the field of information security, in particular to a password code-oriented automatic program sensitive data protection method. Background technique [0002] It is a very important task to protect sensitive data in a program from being leaked by some malicious attackers through program memory vulnerabilities, especially for some programs that use passwords. Memory corruption vulnerability is a typical type of vulnerability in system software written by C program. Depending on the target of memory corruption, such attacks can be further classified into control-flow-oriented attacks and data-flow-oriented attacks. If the target of the attacker to overwrite is program control flow related data, such as function return address and function pointer, it is called a control flow oriented attack; if the attacker overwrites or reads the program non-control flow related data , such as cryptographic keys or authenticati...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/12G06F21/60G06F21/62
CPCG06F21/125G06F21/602G06F21/6245
Inventor 张媛媛金宣成肖轩淦贾淞淋李卷孺
Owner SHANGHAI JIAO TONG UNIV