摘要
内存安全性是一项非常重要的性质,但它很容易被攻击者利用.过去针对内存安全问题提出的许多防御方案,由于性能代价高昂,很少能够部署在生产环境中.最近,随着RISC-V等开源处理器架构的兴起,安全领域迎来了设计新的处理器硬件安全拓展的热潮,硬件辅助防御方案的性能代价降低,变得可以接受.为了更好地支持内存安全处理器拓展的设计,以及更好地评估处理器内存安全性能,我们设计了一款兼具综合性、可移植性内存安全测试框架,并开源了一个160测例大小的初始版本测试集,覆盖了内存时空安全性、访问控制、指针和控制流完整性等方面,并在x86-64和RISC-V64两种指令集架构的平台上进行了测试.
Memory safety is critical but vulnerable. In view of this, numerous defense countermeasures have been proposed, but few of them could be applied in a production-ready environment due to unbearable performance overhead.Recently, as open-sourced architectures like RISC-V emerge, the extension design of enhancing hardware memory safety has revived. The performance overhead of hardware-enhanced defense techniques becomes affordable. To support the extension design of enhancing memory safety systematically, this study proposes a comprehensive and portable test framework for measuring the memory safety of a processor. In addition, the study achieves an open-sourced initial test suite with 160 test cases covering spatial and temporal safety of the memory, access control, pointer and control flow integrity. Furthermore, the test suite has been applied in several platforms with x86-64 or RISC-V64 architecture processors.
作者
沈思豪
解达
宋威
SHEN Si-Hao;XIE Da;SONG Wei(State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 101408,China)
出处
《计算机系统应用》
2022年第9期39-49,共11页
Computer Systems & Applications
基金
国家自然科学基金(61802402,62172406)
中国科学院率先行动“百人计划”青年俊才(C类)。
