| 李润宽* ** ***,胡斌* ** ***,赵晓芳* *** ****,史骁* ***** ******,蒋德钧* ** ***.基于编译的Linux内核地址空间布局控制方法[J].高技术通讯(中文),2026,36(1):1~14 |
| 基于编译的Linux内核地址空间布局控制方法 |
| A compilation-based method for controlling the address space layout of the Linux kernel |
| |
| DOI:10. 3772 / j. issn. 1002 - 0470. 2026. 01. 001 |
| 中文关键词: 操作系统内核; 控制流劫持; 内核地址空间布局随机化; 编译器插件 |
| 英文关键词: operating system kernel, control flow hijacking, kernel address space layout randomization, compile plugin |
| 基金项目: |
| 作者 | 单位 | | 李润宽* ** *** | (*中国科学院计算技术研究所北京 100190)
(**中国科学院大学北京100049)
(***北京中关村实验室北京 100194)
(****中科苏州智能计算技术研究院苏州 215028)
(*****中科南京信息高铁研究院南京 211135)
(******中国科学院大学南京学院南京 211135) | | 胡斌* ** *** | | | 赵晓芳* *** **** | | | 史骁* ***** ****** | | | 蒋德钧* ** *** | |
|
| 摘要点击次数: 30 |
| 全文下载次数: 20 |
| 中文摘要: |
| 随着即时返回导向编程攻击(just-in-time return-oriented programming,JIT-ROP)等控制流劫持攻击技术的出现,内核地址空间布局随机化(kernel address space layout randomization,KASLR)面临严峻挑战,正朝着细粒度和持续化的方向发展。现有方法普遍基于源码修改或二进制重写,效率低且不够灵活。为了解决这一问题,本文设计了一种基于编译的地址空间布局控制方法(compile-based address space layout control,CAC)。CAC为目标文件的函数引入固定入口,通过编译生成能够支撑函数粒度持续随机化的目标文件,具备自动化和灵活控制的特征。实验结果表明,CAC可以正常编译和装载1700余个内核模块;与现有方法相比,不仅单个模块的目标文件生成效率更高,而且CAC所生成的目标文件在运行时的随机化开销降低了至少15.0%。 |
| 英文摘要: |
| With the emergence of control-flow hijacking techniques such as just-in-time return-oriented programming (JIT-ROP), kernel address space layout randomization(KASLR)faces severe challenges and is evolving towards finer granularity and continuous randomization. Existing methods are generally based on source code modifications or binary rewriting, which is inefficient and lacks flexibility. To address this issue, this paper designs a compilation-based address space layout control method (CAC). CAC introduces fixed entry points for functions in object files, and through compilation, generates object files that support function-level continuous randomization, featuring automation and flexible control. Experimental results show that CAC successfully compiles and loads over 1700 kernel modules. Compared with existing methods, the object file generation for individual modules is more efficient, and the runtime randomization overhead of CAC-generated object files is reduced by at least 15.0%. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |
