As more and more memory-disclosure bugs been discovered , it'' s important to protect memory safety .Nowadays main-stream of this field prefers enforcing memory isolation to protect memory safety .However, none of them can achieve a fine-grained protection while easy-to-deploy solution since most solutions requires manually modification to source code , or they enforce memo-ry isolation in a coarse-grained way .We present a novel method , which can traces and collects all possible operations that access the sensitive data in runtime , and can perform automatically code transformation during compilation .Our solution do not require manually modification , and evaluation shows that we can efficiently eliminate memory disclosure attacks , such as Heartbleed , found in OpenSSL .Meanwhile , the overhead of compilation and memory cost are lower than 1%.%随着人们发现越来越多的内存信息泄露漏洞,内存关键数据的安全变得越来越重要. 当前业界对于保护内存关键数据安全的主流方案是进行内存隔离. 然而,现有的方案缺乏对关键数据的细粒度保护,同时大部分方案需要手动修改代码. 本文提出一种方案,该方案能够完整地跟踪程序中的所有涉及关键数据的操作,并在编译器自动进行代码转换,不需要手动更改代码. 测试结果表明,该方案能够防止大型程序中的内存泄露攻击,例如OpenSSL中的Heartbleed,同时编译期开销低于1%,运行时开销与同类型系统持平.
展开▼
