運用記憶體保護機制增進資料監控點檢查之效能

Abstract

利用資料監控點之機制檢查在記憶體上與控制流程相關位置，為保護程式不被攻擊並執行惡意程式碼的方法之一，但是這樣的方法必須常態性的檢查監控點的正確性。傳統的方法必須在程式執行中不斷的去確認監控點是否有被修改，因此當監控點數量增加，即使它們完全未被更動，我們仍要做非常多次的主動檢查，這也是此類方法效能低落的原因。 針對此類問題，我們提出利用現有硬體所提供之記憶體保護機制，來實做非同步式的檢查。也就是只有當該監控點有被實際寫入修改，我們才需要檢查其修改之正確性。這樣可以去除不必要的主動檢查，使效能大幅提升。我們實做的方法稱之為DupWrite，目標是減輕在動態監控機制裡的運算負擔，並且可以有效率的檢查堆積上的記憶體目標。 在結果分析裡面我們用不同的角度，去探討以及證明我們所提出的方法，對於寫入到程式堆疊以外記憶體位置比例較低的程式，有著顯著的效能提升。我們同時提出具體改善方法，可以在未來去除執行一般程式時的效能瓶頸，讓這個方法更為實用化。

Because of the heavy overhead introduced by the massive security related memory watchpoints during program execution, the runtime efficiency is greatly influenced and the deployment of such watchpoints is not applicable for real world applications. Current approaches utilize software solutions to dynamically instrument checking functions to the data watchpoints. We have developed a new method using existing hardware mechanisms such as page protection to achieve asynchronous detection of watchpoint modification and improve the overall performance. Our method is called DupWrite, which focuses on reducing the overhead in instrumentation and checking the targets on heap efficiently. The evaluation section is consist of various kind of analysis and proves that our method does very well when the memory reference percentage to the non-stack region is low, and it can be further improved to speed up the checking in general cases.