350 rub
Journal Highly available systems №2 for 2011 г.
Article in number:
Diagen. Program execution dynamical control method based on control flow passport
Keywords: control flow program graph program execution control program passport
Authors:
E.V. Mankov, R.I. Kompaniets, V.V. Kovalev
Abstract:
Method allows supervising of program control flow directly during its execution. Supervised program preliminary is being patched by checkpoints in source texts (before compilation) or in executable codes (after compilation). The control is performed by the regular LL(*) grammar based Automaton of Dynamic Control (ADC) or so called «program passport» which is generated for the patched program. ADC is the program being executed in parallel with the controlled program but under its management in its address space and containing only allowed (authorized) control flow restricted by the set of control points. The idea of a method consists in grammar representation entrusted or supervised (depending on the task: safe execution or protection accordingly) sets of control flows by checkpoints, placed on subroutines - control flow graphs, creation of finite state machine (automaton) of dynamic control (ADC) ? «program passports» on the basis of regenerated grammar and, finally, in patching program executables. All set of program execution routes are described in the language which sentences are routes of performance of the program in the terms of checkpoints. In this language the regular grammar of ADC is generated and its subsequent automatic code generation and the assembly are performed. Further the program is being patched in such a way when it «doesn-t know» where it transfers the control in checkpoints and when instead of real transferring of control (before patching) the program is transferring the control to the «program passport» library. The patching consists in changeover of all those transfers of control in executable code, where checkpoints were preliminary placed, on the address of only one (controlling) function of ADC, and also in modification of Import Address Table of the controlling program for placing of the imported function. When ADC executes it makes the decision about allowing or prohibition the current transfer of control in every it-s (ADC) state. ADC works under the patched program control and is being called in every patched point of program
Pages: 78-83
References
  1. Aho, Alfred V., Sethi R., Ullman, Jeffrey D. Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading, 1986.
  2. Кристофидес Н. Теория графов. Алгебраический подход. М.:Мир, 1978. 432 с.
  3. Axel Simon. Splitting the Control Flow with Boolean Flags // Static Analysis: 15th International Symposium, SAS 2008, Proceedings (Lecture Notes in Computer Science), Valencia, Spain, July 16-18 2008.
  4. Инструментальный комплекс для проведения статического и динамического анализа потоков управления в исполняемых кодах программ «IRIDA» // Описание применения. http://dev.gaz-is.ru/files/products/IRIDA/opisanie-primeneniya-irida.pdf
  5. Компаниец Р.И., Ковалев В.В., Маньков Е.В. Экспертиза и защита кода программ на основе автоматов динамического контроля. // Защита информации. Инсайд. 2007. № 3.
  6. Another Tool for Language Recognition - ANTLR ver.3 // http://www.antlr.org.
  7. Гамаюнов Д.Ю. и др. Гранулярный контроль безопасности поведения приложений со стороны ядра Linux // Защита информации. Инсайд. 2010. № 4. С. 54-58.