北京邮电大学学报 ›› 2018, Vol. 41 ›› Issue (6): 1-6,13.doi: 10.13190/j.jbupt.2018-017
• 论文 • 下一篇
一种基于CFI保护的Android Native代码保护框架
张文1, 刘文灵2, 李晖2, 陈泽2, 牛少彰1
- 1. 北京邮电大学 智能通信软件与多媒体北京市重点实验室, 北京 100876;
2. 北京邮电大学 网络空间安全学院, 北京 100876
-
收稿日期:
2018-01-15出版日期:
2018-12-28发布日期:
2018-12-24 -
作者简介:
张文(1981-),男,博士生,E-mail:roy.zhang@bupt.edu.cn;李晖(1970-),女,副教授. -
基金资助:
国家自然科学基金项目(61628202)
A Protection Framework for Android Native Code Based on CFI
ZHANG Wen1, LIU Wen-ling2, LI Hui2, CHEN Ze2, NIU Shao-zhang1
- 1. Beijing Key Laboratory of Intelligent Telecommunication Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
-
Received:
2018-01-15Online:
2018-12-28Published:
2018-12-24
摘要: 针对Android应用的native代码面对的关键代码提取攻击和恶意代码植入攻击问题,提出了一个基于控制流完整性(CFI)保护的代码保护框架DroidCFI.该框架通过对被保护应用进行静态分析,提取其native代码的控制流特征,向开发者提供可视化策略配置视图设定关键函数,并根据策略配置生成对应的加固代码,与被保护应用的其他部分一起形成目标应用;目标应用在运行时,通过对关键函数进行动态CFI检查判定是否遭遇上述攻击,从而达到保护目的.实验结果表明,DroidCFI能够通过极小的性能开销实现对应用软件native代码的安全性保护.
中图分类号:
引用本文
张文, 刘文灵, 李晖, 陈泽, 牛少彰. 一种基于CFI保护的Android Native代码保护框架[J]. 北京邮电大学学报, 2018, 41(6): 1-6,13.
ZHANG Wen, LIU Wen-ling, LI Hui, CHEN Ze, NIU Shao-zhang. A Protection Framework for Android Native Code Based on CFI[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2018, 41(6): 1-6,13.
[1] Abadi M, Budiu M, Erlingsson U, et al. A theory of secure control flow[C]//International Conference on Formal Engineering Methods and Software Engineering. Berlin:Springer, 2005:111-124. [2] Abadi M, Budiu M, Erlingsson U, et al. Control-flow integrity[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security. New York:ACM, 2005:340-353. [3] Abadi M, Budiu M, Erlingsson U, et al. Control-flow integrity principles, implementations, and applications[J]. ACM Transactions on Information and System Security, 2009, 13(1):4. [4] Zhang Chao, Wei Tao, Chen Zhaofeng, et al. Practical control flow integrity and randomization for binary executables[C]//IEEE Symposium on Security and Privacy (SP). New York:IEEE Press, 2013:559-573. [5] Zhang Mingwei, Sekar R. Control flow integrity for COTS binaries[C]//Proceedings of USENIX Conference on Security. Berkeley:USENIX Association, 2013:337-352. [6] Zhang Mingwei, Sekar R. Control flow and code integrity for COTS binaries:An effective defense against real-world ROP attacks[C]//Proceedings of the 31st Annual Computer Security Applications Conference. New York:ACM, 2015:91-100. [7] Göktas E, Athanasopoulos E, Bos H, et al. Out of control:Overcoming control-flow integrity[C]//IEEE Symposium on Security and Privacy (SP). New York:IEEE Press, 2014:575-589. [8] Mashtizadeh A J, Bittau A, Boneh D, et al. CCFI:cryptographically enforced control flow integrity[C]//22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). New York:ACM, 2015:941-951. [9] Niu Ben, Tan Gang. RockJIT:securing just-in-time compilation using modular control-flow integrity[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2014:1317-1328. [10] Criswell J, Dautenhahn N, Adve V. KCoFI:complete control-flow integrity for commodity operating system kernels[C]//IEEE Symposium on Security and Privacy (SP). New York:IEEE Press, 2014:292-307. [11] van der Veen V, Andriesse D, Gökta?, et al. Practical context-sensitive CFI[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2015:927-940. [12] Mohan V, Larsen P, Brunthaler S, et al. Opaque control-flow integrity[C]//Proc of the 22nd Network and Distributed System Security Symposium. Washington, DC:Internet Society, 2015. [13] Wang Minghua, Yin Heng, Bhaskar A V, et al. Binary code continent:finer-grained control flow integrity for stripped binaries[C]//Proceedings of the 31st Annual Computer Security Applications Conference. New York:ACM, 2015:331-340. [14] Ge Xinyang, Talele N, Payer M, et al. Fine-grained control-flow integrity for kernel software[C]//IEEE European Symposium on Security and Privacy (EuroS&P). New York:IEEE Press, 2016:179-194. [15] Davi L, Dmitrienko A, Egele M, et al. MoCFI:a framework to mitigate control-flow attacks on smartphones[C]//Annual Network and Distributed System Security Symposium, San Diego, February 2012. [16] Pewny J, Holz T. Control-flow restrictor:compiler-based CFI for iOS[C]//Proceedings of the 29th Annual Computer Security Applications Conference. New York:ACM, 2013:309-318. [17] Tice C, Roeder T, Collingbourne P, et al. Enforcing forward-edge control-flow integrity in GCC & LLVM[C]//Proceedings of USENIX Conference on Security. Berkeley:USENIX Association, 2014, 26:27-40. [18] Payer M, Barresi A, Gross T R. Fine-grained control-flow integrity through binary hardening[C]//International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin:Springer, 2015:144-164. |
[1] | 章晨宇 温向明 陈亚文. 蜂窝移动网络低成本高精度授时[J]. 北京邮电大学学报, 2023, 46(1): 103-108. |
[2] | 郭令奇 褚智贤 廖建新 王敬宇 陆璐. 意图驱动的自智网络资源按需服务[J]. 北京邮电大学学报, 2022, 45(6): 85-91. |
[3] | 初星河, 路兆铭, 王鲁晗, 武穆清, 温向明. 多径信号辅助的网联车辆无线协作定位[J]. 北京邮电大学学报, 2021, 44(2): 116-123. |
[4] | 张天魁, 王筱斐, 杨立伟, 杨鼎成. 移动网络SFC部署与计算资源分配联合算法[J]. 北京邮电大学学报, 2021, 44(1): 7-13. |
[5] | 吕廷杰, 宋罗娜, 滕颖蕾, 丰业媛. 面向生态可持续的下一代通信网络架构与评价体系[J]. 北京邮电大学学报, 2020, 43(6): 18-26,35. |
[6] | 何建华, 赵辉, 徐晓斌, 闫蕾, 王尚广. 基于改进双层LT码的天基物联网数据收集方法[J]. 北京邮电大学学报, 2020, 43(6): 118-125. |
[7] | 马璐, 刘铭, 李超, 路兆铭, 马欢. 面向6G边缘网络的云边协同计算任务调度算法[J]. 北京邮电大学学报, 2020, 43(6): 66-73. |
[8] | 管婉青, 张海君, 路兆铭. 基于DRL的6G多租户网络切片智能资源分配算法[J]. 北京邮电大学学报, 2020, 43(6): 132-139. |
[9] | 罗轶, 王雨婷, 施荣华, 严梦纯, 曾豪. 能量采集衬底式认知协作中继网络安全中断概率分析[J]. 北京邮电大学学报, 2020, 43(3): 105-111,124. |
[10] | 李君瑶, 常永宇, 曾天一. 大规模3D MIMO中基于信道相关的LOS/NLOS识别算法[J]. 北京邮电大学学报, 2020, 43(1): 1-7. |
[11] | 蒋芳, 张南飞, 胡艳军, 王翊. 基于BP神经网络的CSI无源目标分类方法[J]. 北京邮电大学学报, 2020, 43(1): 40-45. |
[12] | 任佳智, 田辉, 聂高峰. 基于本地内容流行度预测的主动缓存策略[J]. 北京邮电大学学报, 2020, 43(1): 80-91. |
[13] | 徐九韵, 孙忠顺, 张如如. 基于链路预测的手机节能方法[J]. 北京邮电大学学报, 2020, 43(1): 8-13,27. |
[14] | 李晓辉, 杜洋帆, 石潇竹, 杨胥. 基于信道模糊关联识别的NLOS测距误差补偿算法[J]. 北京邮电大学学报, 2020, 43(1): 21-27. |
[15] | 李鹏, 王德勇, 师文喜, 姜志国. 大数据环境下基于深度学习的行人再识别[J]. 北京邮电大学学报, 2019, 42(6): 29-34. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||