CN104866767B - A kind of flush bonding module of security mechanism - Google Patents
A kind of flush bonding module of security mechanism Download PDFInfo
- Publication number
- CN104866767B CN104866767B CN201510236130.XA CN201510236130A CN104866767B CN 104866767 B CN104866767 B CN 104866767B CN 201510236130 A CN201510236130 A CN 201510236130A CN 104866767 B CN104866767 B CN 104866767B
- Authority
- CN
- China
- Prior art keywords
- module
- monitoring information
- program
- hardware security
- security sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A kind of flush bonding module of security mechanism, it is made up of monitoring information comparison module, monitoring information memory module and hardware security sub-module, the program counter collected and current instruction value are sent to monitoring information comparison module by embeded processor, and then data are handled by monitoring information memory module and hardware security sub-module;Hardware security sub-module can store in mould from monitoring information and read critical parameter information in program process, and contrasted with the parameter information during program real time execution, once it was found that read-me is attacked if inconsistent, hardware security sub-module will stop the operation of program;The present invention can quickly carry out the search of parameter information, read and compare, and resource consumption is few, safe.
Description
Technical field
The present invention relates to a kind of flush bonding module of security mechanism, and it is a kind of embedded system security mould of hardware auxiliary
Block, it using pure hardware supported method by program perform caused by information analyze what is obtained with beforehand through offline program
Information is compared, and prevents the malicious attack behavior to program code from occurring.Belong to embedded system security technical field.
Background technology
With the development of electronics science and computer technology, increasing embedded device enters the life of people
In, gradually play important system in numerous areas and automatically control and the effect of data storage.Increasing application simultaneously and
More convenient network insertion, embedded platform is set to be faced with increasing security challenge.Embedded system operational capability,
Internal memory, energy etc. have strict resource constraint limitation.Using the virus scan on all-purpose computer and anti-intrusion software
To defend security attack, it will bring the reduction of performance and the increase of power consumption.Therefore, the safety problem of embedded system is than general
The safety problem of system is more challenging.
Security attack is that the normal execution of Rogue program is final purpose to be implanted into malicious data or code.Program code
The process performing of program is determined, the safety to ensureing program, which performs, plays conclusive effect.But protection application program number
According to equally similarly extremely important.Function call and return constitute extremely least a portion of instruction ratio in SPEC test benchmark programs
Example, branch instruction accounts for small part, and load/store (load/store) instructions have exceeded both sum.It is assumed that each
Control instruction all represents the point of attack of a malice control transfer, then loads and stores destruction of the operation to data value, also will
Decisive role is played in normal execution that can be to program.
Integrity detection can ensure information be not subject to during storage and transmission unauthorized ways distort or
Destroy.Effective data and code integrity protection scheme include detection and illegally distort and prevent Replay Attack.Integrality is related to
Two processes, one on sending entity, one on receiving entity.Sending entity gives data cell affix one amount, this
Individual amount is the function of the data, can be the side information as block check code or a cryptographic check value, and
And itself can also be encrypted.Receiving entity produces a corresponding amount, and it compared with that amount received
To determine whether the data are tampered with transfer.
Attack is reacted to hardware layer, is exactly to binary data and the execution mistake of code or destruction, therefore monitoring
The integrality of data and code, it can effectively prevent to data, the implantation of the malice of code and destroy, ensure that the normal of program is held
OK.
And application program is after compiling link, its deposit position and running position will be mapped to that different in internal memory
Section.These sections have respective reading and writing and it is executable to wait attribute, many security attacks be exactly to violate these attributes, as right
Code segment, read-only data section have carried out illegal write operation, and executive buffer overflows the attack journey being implanted in stacked data section
Sequence etc..Therefore, researcher devises security tag technology, and these reading and writing and attribute-executable are encoded into data characteristic,
And performed in the implementation procedure of program as security policy enforcement.
The content of the invention
1st, purpose:It is an object of the invention to provide a kind of flush bonding module of security mechanism, and embeded processor is carried out
Monitoring in real time.It using hardware auxiliary method by program perform caused by information analyzed with beforehand through offline program
To information compared in real time, prevent the malicious attack behavior to program code from occurring.
Technical scheme:
The present invention one application specific hardware modules run parallel with processor of design, to the complete of program service data and code
Whole property is monitored, and safety is performed to strengthen the program of embedded system.Security module inputs program meter from embeded processor
Number device signal and present instruction value signal, it is carried out in fact with reading the information of security module mark in monitoring information memory module
When contrast.When program enters a new basic block, the memory module reading of notice monitoring information accordingly prestores basic
Block monitoring information.When program performs in basic block, present instruction value signal is passed into security module, iterates to calculate Hash
Value.When program exits a basic block, by the cryptographic Hash of the whole basic block iterated to calculate out and basic block monitoring information
Cryptographic Hash contrast, if comparative information is inconsistent, the operation of program can be stopped, or carry out system recovery.
A kind of flush bonding module of security mechanism of the present invention, it is by monitoring information comparison module, monitoring information memory module
Formed with hardware security sub-module.Relation between three is:Embeded processor is by the program counter collected and currently
Command value is sent to monitoring information comparison module, and then data are entered by monitoring information memory module and hardware security sub-module
Row processing.
The monitoring information comparison module is mainly the effect of comparing, and it inputs program counter signal from embeded processor
With present instruction value signal, it is calculated with the information and CRC computing module read in monitoring information memory module
The information gone out is contrasted, to judge the legitimacy of the program of real time execution in embeded processor.
The monitoring information memory module is mainly memory action, and it is stored with the program control flow information extracted in advance,
Using the method for binary search, the information for needing to read can be quickly and efficiently searched.
The hardware security sub-module is verification effect, and it inputs program command signal value, is iterated computing, exports base
The cryptographic Hash of this block.The embedded system security sub-module of whole hardware auxiliary improves the security of program execution.Here
Input data is the instruction segment that a bit wide is 512, and the bit wide exported after being calculated by hardware security sub-module is 80
Check value.Compared with CRC check module, this algorithm security is more preferable, while has taken into account hardware resource cost and storage money again
Source expense.3rd, advantage and effect:The embedded system security module of this hardware auxiliary has following advantage:
(1) the embedded system security Module-embedding formula CPU of hardware of the present invention auxiliary is run parallel, can not be by
Software attacks, self-security aspect are very high.
(2) method that the present invention is aided in using hardware, the security module perform parallel with embeded processor, safe mould
All operations of block can be completed within a clock cycle, improve the operational efficiency of system.
(3) the embedded system security module occupancy resource of hardware auxiliary of the present invention is few, is improving system peace
It is less to the occupancy of system entirety resource while full property.
(4) the embedded system security module of hardware of the present invention auxiliary, is adapted to all kinds of embedded systems, have compared with
Good protection effect.
Brief description of the drawings
Fig. 1 is the security mechanism structural framing of module of the present invention.
Fig. 2 is the structural representation of module of the present invention in embedded systems.
Symbol description is as follows in figure:
In Fig. 2, IF is fetching level:The access of instruction buffer or the caching of data;ID is decoding level:Code instruction is solved, simultaneously
Change register window;EXE is to perform level:Branch redirects, while carries out arithmetic and logical operation;MEM is internal storage access level:Number
According to the access of caching;WB is write back stages:Internal memory write-back.
Embodiment
As shown in Fig. 1, Fig. 2, its embodiment is as follows:
A kind of flush bonding module of security mechanism of the present invention, it is by monitoring information comparison module, monitoring information memory module
Formed with hardware security sub-module.Relation between three is:Embeded processor is by the program counter collected and currently
Command value is sent to monitoring information comparison module, and then data are entered by monitoring information memory module and hardware security sub-module
Row processing.
Fig. 1 describes the overall architecture of safety monitoring mechanism, mainly includes program off-line analysis and program operation is dynamic in real time
State analyzes two parts.Program source code generates executable binary code in the off-line analysis stage after cross compile, carries
The basic block checking information of controlling stream and jump instruction address information required for taking out, these information compare monitoring information is formed
Static monitoring model in module.In the program operation phase, monitoring information comparison module and embeded processor parallel processing, prison
Control information comparison module monitors currently executing instruction state from CPU streamlines, and in key instruction, such as redirects, bifurcation,
Generate the check value of dynamic data.The real-time dynamic check value of basic block calculated by monitoring information comparison module is supervised with static
The check value controlled in model carries out real time contrast, it can be found that whether processor currently executing instruction is legal, once find wrong
By mistake it is determined that controlling stream basic block is hacked, monitoring information comparison module sends error signal to trigger emergency response machine
System.Because the monitoring information comparison module in the design is run with embedded system CPU parallel, except being carried from CPU streamlines
Take without other communication behaviors outside information needed, therefore reduce the possibility of software attacks monitoring information comparison module.In addition, this
Design can't change CPU inner core and instruction set, it is possible to utilize the static prison of existing crossstool generation
Control model.
As shown in Fig. 2 it is exactly the IF stages in CPU, according to program counter Program Counter as a whole
(PC) instruction for being currently needed for processing is read from I-Cache.Signal is redirected according to current PC and basic block, passes through look-up table
Algorithm calculates its corresponding static code integrality monitoring model.In the EXE stages, currently executing instruction register value is deposited
Instruction Register (IR), and calculate the real-time messages summary cryptographic Hash of current basic block.If current basic block
Execution terminates, and the monitoring information comparison module of design completes the real-time comparison to dynamic and static full property value.Once detect
Difference, interrupt signal will be sent and interrupt emergency response to CPU programmable interrupt controllers, triggering CPU.When the computing of monitoring hardware
Velocity lag provides freeze signal and freezes processor pipeline by mask processor clock when CPU.
The input data length of the hardware security sub-module of the design is 512, so calculating controlling stream basic block
Hardware security sub-module, which crosses Cheng Qian, to be needed to pre-process instruction therein so that meets check value module input requirements.IR
It is the instruction that will be performed taken out from the execution phase instruction register of CPU streamlines, when enable signal is high level
The condition that should meet is that the data length in register is just 512, and now this data will be admitted to check value module
Computing is carried out, while control module sends reset signal and proceeds by next round order register to register clearing.Output signal
The signal of preprocessed state is described, this signal will enter into control module, and different pretreatments is carried out according to different states.
The monitoring information comparison module is mainly the effect of comparing, and it inputs program counter signal from embeded processor
With present instruction value signal, it is calculated with the information and CRC computing module read in monitoring information memory module
The information gone out is contrasted, to judge the legitimacy of the program of real time execution in embeded processor.Monitoring information memory module
The program control flow information extracted in advance is stored with, using the method for binary search, can quickly and efficiently search needs to read
The information taken.Hardware security sub-module inputs program command signal value, is iterated computing, exports the cryptographic Hash of basic block.When
During monitoring information comparison module discovery procedure exception, abort signal can be sent to embeded processor.
In actual applications, the embedded system security module of hardware auxiliary is connected with embeded processor, source code
By compiling and linking generation binary file, binary file is analyzed to obtain monitoring model through off-line analysis program.In program
During operation, binary file is loaded into internal memory and is embedded into formula computing device.At the same time, hardware security sub-module reads prison
Control model.Execution information is spread during operation program and passs hardware security sub-module by embeded processor, hardware peace
Full sub-module hardware by it compared with monitoring model, once discovery procedure check errors or controlling stream redirect mistake, hardware
Safe mould piecemeal will send interruption control signal to embeded processor and interrupt its operation.
Claims (1)
- A kind of 1. flush bonding module of security mechanism, it is characterised in that:It stores mould by monitoring information comparison module, monitoring information Block and hardware security sub-module composition, embeded processor pass the program counter signal collected and present instruction value signal Monitoring information comparison module is sent to, then data are handled by monitoring information memory module and hardware security sub-module;The monitoring information comparison module has been the effect of comparing, and it is from embeded processor input program counter signal and currently Instruction value signal, by the program counter signal after processing and present instruction value signal with being read in monitoring information memory module Information and the information that calculates of hardware security sub-module contrasted, to judge the program of real time execution in embeded processor Legitimacy;The monitoring information memory module has been memory action, and it is stored with the program control flow information extracted in advance, using two Divide the method for search, quickly and efficiently search the information for needing to read;The hardware security sub-module is verification effect, and it inputs present instruction value signal, is iterated computing, exports basic block Cryptographic Hash;Whole hardware security sub-module improves the security of program execution, and input data here is that a bit wide is The instruction segment of 512, the bit wide exported after being calculated by hardware security sub-module are the check value of 80.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510236130.XA CN104866767B (en) | 2015-05-11 | 2015-05-11 | A kind of flush bonding module of security mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510236130.XA CN104866767B (en) | 2015-05-11 | 2015-05-11 | A kind of flush bonding module of security mechanism |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104866767A CN104866767A (en) | 2015-08-26 |
| CN104866767B true CN104866767B (en) | 2018-03-02 |
Family
ID=53912589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510236130.XA Active CN104866767B (en) | 2015-05-11 | 2015-05-11 | A kind of flush bonding module of security mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104866767B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022107A (en) * | 2015-10-30 | 2016-10-12 | 北京中电华大电子设计有限责任公司 | Method and system for protecting program execution integrity |
| CN107045605A (en) * | 2016-02-05 | 2017-08-15 | 中兴通讯股份有限公司 | A kind of real-time metrics method and device |
| CN106295322B (en) * | 2016-07-26 | 2018-12-18 | 北京航空航天大学 | A kind of hardware protection device for buffer overflow attack |
| CN106372505B (en) * | 2016-08-23 | 2018-12-28 | 北京航空航天大学 | A kind of quick recovery method for Embedded System Code attack |
| CN107133515B (en) * | 2017-03-09 | 2019-10-18 | 北京航空航天大学 | A kind of hardware based buffer overflow attack detection method |
| CN109033888A (en) * | 2018-07-27 | 2018-12-18 | 深圳市汇尊区块链技术有限公司 | It is a kind of intelligence contract source code mechanism is disclosed |
| CN112580052B (en) * | 2019-09-30 | 2023-05-30 | 龙芯中科技术股份有限公司 | Computer security protection method, chip, device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477605A (en) * | 2009-01-15 | 2009-07-08 | 北京航空航天大学 | Embedded system program execution safety enhancing module based on hardware |
| CN103080905A (en) * | 2010-06-07 | 2013-05-01 | 杰森·A·苏利万 | Systems and methods for intelligent and flexible management and monitoring of computer systems |
| CN103500125A (en) * | 2013-10-10 | 2014-01-08 | 中国科学院上海技术物理研究所 | Anti-radiation data processing system and method based on FPGA |
| CN103530146A (en) * | 2013-09-16 | 2014-01-22 | 成都交大光芒科技股份有限公司 | Low-power-consumption embedded device remote wireless updating method |
| CN103676722A (en) * | 2012-09-14 | 2014-03-26 | 英飞凌科技股份有限公司 | Safety system challenge-and-response using modified watchdog timer |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014178889A1 (en) * | 2013-04-30 | 2014-11-06 | Bao Liu | Vlsi tamper detection and resistance |
| US9721120B2 (en) * | 2013-05-14 | 2017-08-01 | Apple Inc. | Preventing unauthorized calls to a protected function |
-
2015
- 2015-05-11 CN CN201510236130.XA patent/CN104866767B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477605A (en) * | 2009-01-15 | 2009-07-08 | 北京航空航天大学 | Embedded system program execution safety enhancing module based on hardware |
| CN103080905A (en) * | 2010-06-07 | 2013-05-01 | 杰森·A·苏利万 | Systems and methods for intelligent and flexible management and monitoring of computer systems |
| CN103676722A (en) * | 2012-09-14 | 2014-03-26 | 英飞凌科技股份有限公司 | Safety system challenge-and-response using modified watchdog timer |
| CN103530146A (en) * | 2013-09-16 | 2014-01-22 | 成都交大光芒科技股份有限公司 | Low-power-consumption embedded device remote wireless updating method |
| CN103500125A (en) * | 2013-10-10 | 2014-01-08 | 中国科学院上海技术物理研究所 | Anti-radiation data processing system and method based on FPGA |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104866767A (en) | 2015-08-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104866767B (en) | A kind of flush bonding module of security mechanism | |
| Mao et al. | Hardware support for secure processing in embedded systems | |
| TWI512520B (en) | Systems and methods for detecting attacks against a digital circuit | |
| CN104700026A (en) | Detecting JAVA sandbox escaping attacks based on JAVA bytecode instrumentation and JAVA method hooking | |
| CN117688623A (en) | Trusted computing chip based on blockchain | |
| CN102184360B (en) | Information flow safety monitoring method applied to embedded processor | |
| CN112749389B (en) | Detection method and device for detecting vulnerability of intelligent contract damage sensitive data | |
| Malchow et al. | PLC Guard: A practical defense against attacks on cyber-physical systems | |
| Kulik et al. | A framework for threat-driven cyber security verification of iot systems | |
| Tabrizi et al. | Flexible intrusion detection systems for memory-constrained embedded systems | |
| Moradi et al. | An actor-based approach for security analysis of cyber-physical systems | |
| US11093605B2 (en) | Monitoring real-time processor instruction stream execution | |
| KR20190036422A (en) | System and method for detecting abnormal behavior based on unified model | |
| Sun et al. | IPSpex: Enabling efficient fuzzing via specification extraction on ICS protocol | |
| Nouioua et al. | Predictability in probabilistic discrete event systems | |
| CN212966171U (en) | Credible computing chip based on block chain | |
| Yao et al. | An improved vulnerability detection system of smart contracts based on symbolic execution | |
| JP7008879B2 (en) | Information processing equipment, information processing methods and information processing programs | |
| Bouffard et al. | Evaluation of the ability to transform SIM applications into hostile applications | |
| Zhao et al. | Collaborative reversing of input formats and program data structures for security applications | |
| Koucham et al. | Cross-domain alert correlation methodology for industrial control systems | |
| Wang et al. | DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton | |
| Parhizkari et al. | Timely Identification of Victim Addresses in DeFi Attacks | |
| US20240119161A1 (en) | One or more devices providing improved security for any database including distributed applications and smart contracts | |
| CN107133515A (en) | A kind of hardware based buffer overflow attack detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |