Control-flow integrity (CFI) is a general term for computer security techniques which prevent a wide variety of malware attacks from redirecting the flow of execution of a program. Associated techniques include Code-Pointer Separation (CPS), Code-Pointer Integrity (CPI), stack canaries, shadow stacks, and vtable pointer verification
10. م.احمدیان مهدی|کنترل جریان صحت|سیستم امنیتافزاری نرم های|Ahmadian.blog.ir|www.mmAhmadian.ir39/
کنترل جریان صحتبررسی مورد منابع
• [1] J. Criswell, et al. ,“KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels,” in Proceedings of
the 35th IEEE Symposium on Security and Privacy (SP'14), May 2014.
• [2] E. Goktas , et al. “Out Of Control: Overcoming Control-Flow Integrity,” in Proceedings of the 35th IEEE Symposium on
Security and Privacy (SP'14), May 2014.
• [3] S. Vogl, , et al. “Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data” in Proceedings of the 23rd
USENIX Security Symposium, Aug 2014.
• [4] C. Tice, , et al. “Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM,” in Proceedings of the 23rd USENIX
Security Symposium, Aug 2014.
• [5] L. Davi, , et al. “Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection,” in
Proceedings of the 23rd USENIX Security Symposium, Aug 2014.
• [6] C. Zhang, , et al. Practical Control Flow Integrity & Randomization for Binary Executables,” in Proceedings of the 34th
IEEE Symposium on Security and Privacy (SP'13), May 2013.
• [8] M. Abadi, , et al. “Control-Flow Integrity: Principles, Implementations, and Applications,” ACM Transactions on
Information and System Security, vol. 13, no. 1, pp. 4:1-4:40, Oct 2009
• [7] Berdajs, J., and Z. Bosnić. "Extending applications using an advanced approach to dll injection and api hooking."
Software: Practice and Experience 40.7 (2010): 567-584.
10
11. م.احمدیان مهدی|کنترل جریان صحت|سیستم امنیتافزاری نرم های|Ahmadian.blog.ir|www.mmAhmadian.ir39/
کنترل جریان صحتاصلی منابع
• [9] M. Abadi, et al. “Control Flow Integrity: Principles, Implementations, and Applications,” in proceedings of
the 12th ACM conference on Computer and Communications Security (CCS'05), pp. 340-353, Nov 2005.
• [10] M. Abadi, et al. “A Theory of Secure Control Flow,” In Formal
Methods and Software Engineering, Springer Berlin Heidelberg, pp.
111- 124, 2005.
• [8] M. Abadi, et al. “Control-Flow Integrity: Principles,
Implementations, and Applications,” ACM Transactions on
Information and System Security, vol. 13, no. 1, pp. 4:1-4:40, Oct
2009
Dr. Martin Abadi
Professor of Computer
Science,
University of California,
Santa Cruz
, Microsoft Research
And Google.
• [3] S. Vogl, , et al. “Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data” in Proceedings of
the 23rd USENIX Security Symposium, Aug 2014.
• [7] Berdajs, J., and Z. Bosnić. "Extending applications using an advanced approach to dll injection and api
hooking." Software: Practice and Experience 40.7 (2010): 567-584.
11
30. م.احمدیان مهدی|کنترل جریان صحت|سیستم امنیتافزاری نرم های|Ahmadian.blog.ir|www.mmAhmadian.ir39/
Abadi’s CFIصوری مدل
•حالت یک ،ماشین مدل این دراجرا1شام:
1. execution state
Mc:کد حافظه
Md:داده حافظه
R:هاثبات مقادیر
pc:برنامه شمارنده
•،مدل همین مبنای برعملیاتی معنای9دستورالعمماشینتوصیفگرددمی.
• If Mc(pc) contains the encoding of add rd,rs,rt , and the current state has code memory Mc,
data memory Md, program counter value pc, and register values R, and if pc + 1 is within
the domain of Mc, then in the next state the code memory and data memory are still Mc and
Md, respectively, pc is incremented, and R is updated so that it maps rd to R(rs) + R(rt)
•مثال:دستورالعم عملیاتی معنایadd rd,rs,rt
•توضیح ایندرصورت بدین ماشین حالت انتقال قالباست:
30
34. م.احمدیان مهدی|کنترل جریان صحت|سیستم امنیتافزاری نرم های|Ahmadian.blog.ir|www.mmAhmadian.ir39/
ضعفدیگر کارهای معرفی و ها
•CFIحفاظت عدمکامحافظه تخریب حمالت برابر در(تنهاربایشکنترل جریان)
راهکار:Software Fault Isolation(SFI)
نرم مکانیزمافزاریتضمین کهمیکندکلیهدسترسینرم هایهاافزاربهسیستم منابع(ج ازحافظوه مله)،
آن به متعلق محدوده دروننرمباشد افزار.
• [20] R. Wahbe, S. Lucco, T.E. Anderson, S.L. Graham, “Efficient Software-Based Fault Isolation,” ACM SIGOPS Operating
Systems Review, vol. 27, no. 5, pp. 203-216, ACM, 1993.
• [21] S. McCamant, G. Morrisett, “Evaluating SFI for a CISC Architecture,” in Proceedings of the 15th USENIX Security
Symposium, pp. 209-224, Aug 2006
• [22] M. Castro, M. Costa, J.P. Martin, M. Peinado, P. Akritidis, A. Donnelly, P. Barham, R. Black, “Fast Byte-Granularity
Software Fault Isolation,” in Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'09), pp. 115-
128, Oct 2009.
• [23] Y. Mao, H. Chen, D. Zhou, X. Wang, N. Zeldovich, M.F. Kaashoek, “Software Fault Isolation with API Integrity and Multi-
principal Modules,” in Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), pp. 115-128, Oct
2011
34
41. م.احمدیان مهدی|کنترل جریان صحت|سیستم امنیتافزاری نرم های|Ahmadian.blog.ir|www.mmAhmadian.ir39/
منابع
1. J. Criswell, et al. ,“KCoFI: Complete Control-Flow Integrityfor CommodityOperating SystemKernels,” in Proceedings of the 35th IEEE Symposiumon
Security and Privacy (SP'14), May 2014.
2. E. Goktas , et al. “Out Of Control: OvercomingControl-Flow Integrity,”in Proceedings of the 35th IEEE Symposiumon Security and Privacy (SP'14),
May 2014.
3. S. Vogl, , et al. “Dynamic Hooks: Hiding Control Flow Changes within Non-ControlData” in Proceedings of the 23rd USENIX Security Symposium,Aug
2014.
4. C. Tice, , et al. “Enforcing Forward-Edge Control-Flow Integrityin GCC & LLVM,” in Proceedings of the 23rd USENIX Security Symposium,Aug 2014.
5. L. Davi, , et al. “Stitching the Gadgets: On the Ineffectivenessof Coarse-Grained Control-Flow IntegrityProtection,” in Proceedings of the 23rd
USENIX Security Symposium,Aug 2014.
6. C. Zhang, , et al. Practical Control Flow Integrity& Randomization for Binary Executables,”in Proceedings of the 34th IEEE Symposium on Security
and Privacy (SP'13), May 2013.
7. Berdajs,J., and Z. Bosnić. "Extending applications using an advanced approach to dll injection and api hooking." Software: Practice and Experience
40.7 (2010): 567-584.
8. M. Abadi, , et al. “Control-Flow Integrity: Principles, Implementations,and Applications,” ACM Transactions on Information and SystemSecurity, vol.
13, no. 1, pp. 4:1-4:40, Oct 2009
9. M. Abadi, et al. “Control Flow Integrity: Principles, Implementations,and Applications,” in proceedings of the 12th ACM conference on Computer
and Communications Security(CCS'05), pp. 340-353, Nov 2005.
10. M. Abadi, et al. “A Theory of Secure Control Flow,” In Formal Methods and Software Engineering, Springer Berlin Heidelberg,pp. 111- 124, 2005.
11. Shostack,Adam. Threat modeling: Designing for security. John Wiley & Sons, 2014.
12. w.fu,j.rang,r.zhao,y.zhang,and y.guo, “static detectionof API-Calling Behavior from malicious binary Executable ,”in computerand electrical
Engineering , ICCEE 2008 .Internationalconference on ,pp.388-392, 2008.
13. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig -2012
*صحتتهران،پای امیرکبیر صنعتی امن،دانشگاه سیستمهای تحلی و طراحی غفاریان،آزمایشگاه محمد سید ، افزار نرم خرابی انزوای و کنترل جریانیز1393
42. م.احمدیان مهدی|کنترل جریان صحت|سیستم امنیتافزاری نرم های|Ahmadian.blog.ir|www.mmAhmadian.ir39/
منابع
.کاظم 41،زادهمیثم؛سیدمجتبیحسینی؛حسینشیرازیومحمدابراهیم،زارعتشخیصهوشمندرفتارهایمخرببدافزارهامبتنیبررفتارپویای،آنهاششمینکنفرانسملی
انجمنعلمیفرماندهیوکنترل،ایران،تهرانانجمنعلمیفرماندهیوکنترل،ایراندانشکدهبرقوکامپیوتردانشگاهشهید،بهشتی1391
15. Wagner, M.E.: Behavior oriented detection of malicious code at run-time. Master’s thesis, Florida Institute of Technology,2004.
16. Willems, Carsten, Thorsten Holz, and Felix Freiling. "Toward automated dynamic malware analysis using cwsandbox." IEEE Security and
Privacy 5.2 (2007): 32-39.
17. Edwards, Andrew, Hoi Vo, and Amitabh Srivastava.“Vulcan: Binary Transformation in a Distributed Environment,” Technical Report, MSR-
TR-2001-50, Microsoft Research, Apr. 20, 2001
18. Nethercote, N., 2004. Dynamic binary analysis and instrumentation (No. UCAM-CL-TR-606). University of Cambridge, Computer
Laboratory.
19. Microsoft Corporation, (2005). Software memory access control. US 7337291 B2
20. R. Wahbe, S. Lucco, T.E. Anderson, S.L. Graham, “Efficient Software-Based Fault Isolation,” ACM SIGOPS Operating Systems Review, vol.
27, no. 5, pp. 203-216, ACM, 1993.
21. S. McCamant, G. Morrisett, “Evaluating SFI for a CISC Architecture,” in Proceedings of the 15th USENIX Security Symposium, pp. 209-224,
Aug 2006
22. M. Castro, M. Costa, J.P. Martin, M. Peinado, P. Akritidis, A. Donnelly, P. Barham, R. Black, “Fast Byte-Granularity Software Fault
Isolation,” in Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'09), pp. 115-128, Oct 2009.
23. Y. Mao, H. Chen, D. Zhou, X. Wang, N. Zeldovich, M.F. Kaashoek, “Software Fault Isolation with API Integrity and Multi-principal
Modules,” in Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11), pp. 115-128, Oct 2011
43. The only truly secure system is one that is powered off, cast in a block of concrete
and sealed in a lead-lined room with armed guards.
Gene Spafford
مهدی محمداحمدیان
www.mmAhmadian.ir باتشکرازحسنتوجهشما...