Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Buffer overflow attack defense method and device based on risc-v and canary mechanism

A RISC-V, buffer overflow technology, applied in the computer field, can solve problems such as limited scope of application, difficulty in landing, lack of protection, etc., and achieve the effect of small system performance and good defense effect

Active Publication Date: 2022-07-22
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method is only applicable to stack overflow scenarios caused by the lack of necessary boundary checks in string processing, for other buffer overflow forms such as heap overflow, BSS (Block Started by Symbol, blocks starting with symbols) overflow, and other reasons overflow scenarios caused by the lack of equally effective protection
At the same time, this method requires an additional calculation process to construct the Canary word, which will also have a certain impact on the operating efficiency of the system.
[0005] In order to solve the problem that the buffer overflow attack defense method based on the Canary mechanism is limited in scope and difficult to implement, the present invention proposes an implementation scheme based on the RISC-V extended instruction set

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Buffer overflow attack defense method and device based on risc-v and canary mechanism
  • Buffer overflow attack defense method and device based on risc-v and canary mechanism
  • Buffer overflow attack defense method and device based on risc-v and canary mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] The present invention will be further described below with reference to the accompanying drawings.

[0065] The buffer attack defense method based on the Canary mechanism in this embodiment, wherein the overall process is as follows figure 1 It mainly includes the following steps:

[0066] 1) Analyze the program source code, generate a node call relationship diagram, and determine the specific instruction positions of each function call and return, where the function call will be recognized as a call instruction, and the function return will be recognized as a ret instruction. The node call relationship graph is a joint data structure that integrates a variety of node sets and node relationship sets. Its structure G=(V C , V R , R, nentry), where V C is the set of function call nodes, V R is the set of function return nodes, R is the set of correspondences between function calls and return nodes, and nentry is the entry node of the program. Its process is as figu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a buffer overflow attack defense method and device based on RISC-V and Canary mechanism, comprising: after assigning content attribute to an abstract syntax tree of program source code, generating a node calling relationship graph G; generating special data Canary; Before the code statement corresponding to the content attribute of each call node and before the code statement corresponding to the content attribute of each return node, insert the RISC-V extension instruction for setting the special data Canary and the RISC-V extension instruction for checking the special data Canary; Execute the program source code, set the RISC‑V extension instruction of the special data Canary, write the special data Canary into the current stack frame, and check the RISC‑V extension instruction of the special data Canary to obtain the special data from the current stack frame through the value p of the special data Canary The comparison result of the value p' of the data Canary for defense. The invention comprehensively covers heap overflow, stack overflow, BSS overflow and other buffer overflow forms, can realize the soft and hard coordination of security defense, has less impact on system performance, and obtains better defense effect.

Description

technical field [0001] The invention belongs to the field of computer technology, and relates to a buffer overflow attack defense method and device based on RISC-V and Canary mechanism. Background technique [0002] With the development of the computer industry, computer software has become an indispensable part of production and life. Computer systems are widely used in all walks of life, including medical care, education, military, politics, and new retail. With the rapid development and popularization of computer systems, how to ensure the credibility of their behavior and protect them from malicious attacks has become an important issue of common concern in academia and industry. Buffer overflow attack is a common malicious attack method. It uses the lack of boundary checking and other mechanisms in source programs written in memory-unsafe languages ​​to break through the buffer capacity limit and overwrite data content in other areas, thereby destroying the correctness ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/54G06F21/73G06F8/75
CPCG06F21/54G06F21/73G06F8/75
Inventor 刘畅赵琛武延军芮志清吴敬征
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com