Research For Improvement Approach Of Context-Sensitive Control-Flow Integrity

The development of code reuse attack technology brings new challenges and threats to process execution safety.CFI(Control Flow Integrity)is an ideal technique to defend against code reuse attacks.Research and implementation of CFI has become a hot research topic.CCFI(Context-Sensitive CFI)is the frontier of this field.For CCFI technology,more verification times and more precise control flow graph are needed.In this paper,the framework of CCFI protection technology is designed,and the optimization technology of the increase of the verification point based on page interrupt and the constrained optimization at indirect call point of function based on the parameter number matching are proposed.The main work of this paper is as follows:1,Design framework based on CCFI.This technology framework realizes the dynamic monitoring of process execution process in the kernel layer by utilizing the characteristics of modern processor hardware.The Hash verification method is used to verify the transfer state of the process control flow rapidly,and the IOCTL interface is used to implement dynamic interaction with the application layer analysis program.2,Aiming at the problem of less verification opportunity in existing CCFI implementation technology,a verification point increase technique based on memory page NX execution protection mechanism and page interrupt processing mechanism is proposed.The technique is implemented in the kernel layer.It can make the process trap into the kernel more by changing the executable attribute of the code page.Also it modified the kernel page error handling process through the hook technology,and inserted more verification points.3,The existing CFI technique uses an approximate control flow graph and does not handle the control flow transfer target of the indirect call point well.Aiming at this problem,this paper proposes a constraint technique for control flow transfer target range of indirect call points.By analyzing the number of parameters prepared by the calling point and the number of parameters used in the objective function,and then analyzing the corresponding relationship between the calling point and the objective function,the technology finally obtained the transfer target range of the indirect calling point.The experimental results show that the technique can get the preparation and usage of the parameter in calling point and objective function well.The call relationship analysis of the direct call point shows that the technology can achieve great matching effect.The analysis of indirect call points shows that the technology can greatly reduce the number of indirect transfer targets and achieve good constraint effect.