CN110750301B - Method, device, system and storage medium for detecting safety of processor - Google Patents
Method, device, system and storage medium for detecting safety of processor Download PDFInfo
- Publication number
- CN110750301B CN110750301B CN201811001532.1A CN201811001532A CN110750301B CN 110750301 B CN110750301 B CN 110750301B CN 201811001532 A CN201811001532 A CN 201811001532A CN 110750301 B CN110750301 B CN 110750301B
- Authority
- CN
- China
- Prior art keywords
- instruction
- processor
- access
- read
- reading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000001514 detection method Methods 0.000 claims description 63
- 238000012360 testing method Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 14
- 238000004590 computer program Methods 0.000 description 11
- 230000007246 mechanism Effects 0.000 description 8
- 230000002093 peripheral effect Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 239000004065 semiconductor Substances 0.000 description 2
- PWNAWOCHVWERAR-UHFFFAOYSA-N Flumetralin Chemical compound [O-][N+](=O)C=1C=C(C(F)(F)F)C=C([N+]([O-])=O)C=1N(CC)CC1=C(F)C=CC=C1Cl PWNAWOCHVWERAR-UHFFFAOYSA-N 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3867—Concurrent instruction execution, e.g. pipeline or look ahead using instruction pipelines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
- G06F9/3001—Arithmetic instructions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/3004—Arrangements for executing specific machine instructions to perform operations on memory
- G06F9/30047—Prefetch instructions; cache control instructions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3802—Instruction prefetching
- G06F9/3804—Instruction prefetching for branches, e.g. hedging, branch folding
- G06F9/3806—Instruction prefetching for branches, e.g. hedging, branch folding using address prediction, e.g. return stack, branch history buffer
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, a device, a system and a storage medium for detecting the safety of a processor. The method comprises the following steps: when a first reading time counter instruction to the processor is analyzed, judging whether an instruction combination with a specific pattern exists in an instruction stream of the analyzed processor; when the analyzed instruction stream of the processor has an instruction combination with a specific style, judging whether a memory access reading instruction generates cache hit and whether a memory address corresponding to the memory access reading instruction is read by an instruction positioned before the memory access reading instruction in the analyzed instruction stream of the processor so as to generate a first judgment result; and determining the safety of the processor according to the first judgment result. According to the technical scheme of the embodiment of the invention, the hardware safety of the processor can be improved.
Description
Technical Field
The present invention relates to the field of computers, and more particularly, to a method, an apparatus, a system, and a storage medium for detecting processor security.
Background
In order to make the pipeline mechanism more efficient, the modern processor introduces a branch prediction mechanism and an out-of-order execution mechanism, so as to operate more efficiently. The branch prediction mechanism is mainly used for improving the execution efficiency by predicting codes of an execution target address before a jump branch is completely determined. If the prediction fails, the pipeline may abandon the mispredicted code and roll back the state of the processor. The out-of-order execution mechanism improves the parallel execution capability by out-of-order the execution order of the code. These processor optimization techniques are of great help to the performance of modern processors. Recently security researchers have discovered that these functions of modern processor architectures pose security risks that may be exploited by attackers to attack under certain circumstances. Therefore, it is desirable to design a processor security detection scheme to improve the hardware security of the processor.
Disclosure of Invention
In order to solve the above problems in the prior art, embodiments of the present invention provide a method, an apparatus, a system, and a storage medium for detecting processor security, which perform detection and analysis on an instruction stream executed by a processor, and can timely discover a side channel attack suffered by the processor, so that a user can timely take security measures and block further leakage of confidential data.
One aspect of the invention provides a method of detecting processor security.
The method comprises the following steps: when a first reading time counter instruction to the processor is analyzed, judging whether an analyzed instruction stream of the processor has a specific pattern of instruction combination, wherein the specific pattern of instruction combination comprises the first reading time counter instruction and a second reading time counter instruction, the second reading time counter instruction is positioned before the first reading time counter instruction, and a memory reading instruction is arranged between the first reading time counter instruction and the second reading time counter instruction; when the analyzed instruction stream of the processor has an instruction combination with a specific pattern, judging whether the access reading instruction is cache hit or not, and whether a memory address corresponding to the access reading instruction is read by an instruction positioned before the access reading instruction in the analyzed instruction stream of the processor or not so as to generate a first judgment result; and determining the safety of the processor according to the first judgment result.
Another aspect of the invention provides an apparatus for detecting processor security.
The device includes: the first detection analysis unit is used for judging whether a first read time counter instruction of the processor is analyzed, and whether the analyzed instruction stream of the processor has a specific pattern of instruction combination or not, wherein the specific pattern of instruction combination comprises the first read time counter instruction and a second read time counter instruction, the second read time counter instruction is positioned before the first read time counter instruction, and an access read instruction is arranged between the first read time counter instruction and the second read time counter instruction; the second detection and analysis unit is used for judging whether the access and memory reading instruction is subjected to cache hit or not and whether a memory address corresponding to the access and memory reading instruction is read by an instruction which is positioned in front of the access and memory reading instruction in the analyzed instruction stream of the processor or not when the analyzed instruction stream of the processor has an instruction combination with a specific pattern so as to generate a first judgment result; and the safety determination unit is used for determining the safety of the processor according to the first judgment result.
Another aspect of the invention provides a system for detecting processor security for detecting a processor under test. The system comprises: one or more detection processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more detection processors, cause the one or more detection processors to perform the above-described method.
Another aspect of the present invention provides a computer readable storage medium having stored thereon instructions that can perform the above-described method.
Drawings
For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
FIG. 1 schematically illustrates an exemplary system architecture 100 of a method, apparatus, and system for detecting processor security, in accordance with embodiments of the present invention;
FIG. 2 schematically shows a flow diagram of a method of detecting a processor according to an embodiment of the invention;
FIG. 3 schematically illustrates a flow diagram of a method of detecting processor security in accordance with another embodiment of the invention;
FIG. 4 is a diagram illustrating prediction of a branch for execution, according to an embodiment of the present invention;
FIG. 5 schematically shows a block diagram of an apparatus for detecting processor security according to an embodiment of the invention;
FIG. 6 schematically shows a block diagram of a system 600 for detecting processor security, in accordance with an embodiment of the present invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It is to be understood that such description is merely illustrative and not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention. In addition, the embodiments of the present invention provided below and technical features in the embodiments may be combined with each other in any manner.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Furthermore, the terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components. All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Thus, the techniques of the present invention may be implemented in hardware and/or in software (including firmware, microcode, etc.). Furthermore, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of the present invention, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The above-described methods, apparatuses, units and/or modules according to embodiments of the present invention may be implemented by an electronic device having computer capabilities executing software containing computer instructions. The system may include a storage device to implement the various storage described above. The computing-capable electronic device may include, but is not limited to, a general-purpose processor, a digital signal processor, a special-purpose processor, a reconfigurable processor, and the like, capable of executing computer instructions. Execution of such instructions causes the electronic device to be configured to perform the operations described above in accordance with the present invention. The above devices and/or modules may be implemented in one electronic device, or may be implemented in different electronic devices. Such software may be stored in a computer readable storage medium. The computer readable storage medium stores one or more programs (software modules) comprising instructions which, when executed by one or more processors in an electronic device, cause the electronic device to perform the methods of the invention.
According to the newly disclosed side channel attack method, an attacker can steal key data information in a processor (CPU) by using a cache mechanism of the CPU. The side channel attack process is described as a specific example below: the attacker repeatedly uses the CPU instruction to FLUSH an address of the memory out of the CPU cache (this FLUSH process is called FLUSH). After a period of time, the memory data for that address is read and the read time is measured (read and measure is called RELOAD). Thus, by means of the 'FLUSH + RELOAD', an attacker can clearly know whether the address is read by the target program in the period of time, and further reversely deduce some sensitive information. This is because once the target program reads the address, the corresponding memory will enter the CPU cache, so that the access latency of the attacker to the address is significantly reduced. Under the branch prediction mechanism and the out-of-order execution mechanism, the attack mode can steal the confidential information in the processor, and great security threat is caused to the processor.
In view of the foregoing security problem, embodiments of the present invention provide a method, an apparatus, a system, and a storage medium for detecting processor security.
The method for detecting the safety of the processor comprises the following steps: when a first reading time counter instruction of a processor is analyzed, judging whether an analyzed instruction stream of the processor has an instruction combination with a specific pattern, wherein the instruction combination with the specific pattern comprises a first reading time counter instruction and a second reading time counter instruction, the second reading time counter instruction is positioned in front of the first reading time counter instruction, and a memory reading instruction is arranged between the first reading time counter instruction and the second reading time counter instruction; when the analyzed instruction stream of the processor has an instruction combination with a specific style, judging whether a memory access reading instruction generates cache hit and whether a memory address corresponding to the memory access reading instruction is read by an instruction positioned before the memory access reading instruction in the analyzed instruction stream of the processor so as to generate a first judgment result; and determining the safety of the processor according to the first judgment result.
If the processor is detected to be attacked by the side channel, the security warning information can be sent to the user, so that the user can take corresponding control measures (such as cutting off data transmission or shutting down the processor) according to the needs of the user, thereby preventing potential security risks from being maliciously utilized and blocking further leakage of confidential data. In summary, the technical solution of the embodiment of the present invention can greatly improve the hardware security of the processor on the premise of not significantly affecting the efficient operation performance of the processor.
It should be understood that the embodiments of the present invention are not limited to the application scenario of the attack manner of "FLUSH + RELOAD" described above. The attack method described in detail above is only an example for facilitating the understanding of the embodiments of the present invention, and the protection scope of the embodiments of the present invention should be subject to the technical features defined in the claims.
FIG. 1 schematically illustrates an exemplary system architecture 100 of a method, apparatus, and system for detecting processor security, in accordance with embodiments of the present invention.
As shown in FIG. 1, the exemplary system architecture 100 includes a processor 101, a memory 102, a peripheral device 103, an input output recorder 104, and a detection processor 105. During targeted operation of the processor 101, it interacts with the memory 102 and/or peripherals 103. The input/output recorder 104 is disposed between the processor and the memory 102 and/or the peripheral device 103, and can record interaction information between the processor 101 and the memory 102 and/or the peripheral device 103 during operation. During the target operation, all memory access operations of the processor 101 pass through the input/output recorder 104 and are recorded by the input/output recorder 104. The input/output recorder 104 records the access operation of the processor 101 in sequence according to the sequence of the operation, and forms an access sequence ordered by time.
The target operation process may be a stage in the whole operation process of the processor 101 from power on to power off, for example, the whole operation process of the processor 101 may be divided into a plurality of target operation processes corresponding to a plurality of operation intervals, or the whole operation process of the processor 101 may be regarded as one target operation interval.
The memory access sequence may include: read and write operations by the processor 101 to the memory 102, read and write operations by the processor 101 to the peripheral device 103, and/or read and write operations initiated by the peripheral device 103. The embodiment of the present invention may implement security detection on the processor 101 based on the system architecture 100.
In the processor security detection process based on replay execution, the detection processor 105 takes input information of the processor 101 in a target running process as input information, sets an initial running state of the detection processor 105 according to initial running state information of the processor 101 in the target running process, executes tasks of the target running process in a manner of conforming to predefined behaviors, and further analyzes an instruction stream executed by the processor 101 to judge the security of the processor 101. Wherein the predefined behavior is a hardware behavior criterion of the processor.
It should be understood that the system architecture 100 is only one example of an application scenario for embodiments of the present invention, and embodiments of the present invention are not limited thereto. For example, the embodiment of the present invention may be implemented by software or a combination of software and hardware, instead of using the hardware device i/o recorder 104 to record the accesses to the memory by the processor 101 during the operation. As another example, the present invention may use other ways of analyzing the processor instruction stream to detect the security of processor 101, rather than the replay-based execution security detection of system architecture 100.
It should also be understood that the detection processor 105 and the processor 101 are merely logically divided and are not meant to be physically implemented as two separate processors.
The method for detecting the safety of the processor according to the embodiment of the invention is described in detail below with reference to fig. 2. FIG. 2 schematically shows a flow diagram of a method of detecting a processor according to an embodiment of the invention. The method may be performed by the detection processor 105 or may be performed by other software, hardware, and combinations thereof that are capable of performing the detection purpose. As shown in fig. 2, the method includes operations S201, S202, and S203.
In operation S201, when a first read time counter instruction to a processor is analyzed, it is determined whether an instruction combination of a specific pattern is present in an instruction stream of the analyzed processor. The instruction combination of the specific type comprises a first reading time counter instruction and a second reading time counter instruction, wherein the second reading time counter instruction is positioned in front of the first reading time counter instruction, and a memory reading instruction is arranged between the first reading time counter instruction and the second reading time counter instruction. The first read time counter instruction and the second read time counter instruction may be a high precision counter instruction RDTSC in the processor.
In operation S202, when the analyzed instruction stream of the processor has an instruction combination with a specific pattern, it is determined whether a cache hit occurs in the access read instruction, and whether a memory address corresponding to the access read instruction is read by an instruction located before the access read instruction in the analyzed instruction stream of the processor, so as to generate a first determination result.
In operation S203, the security of the processor is determined according to the first determination result.
It should be understood that the second read time counter instruction precedes the first read time counter instruction means that the second read time counter instruction precedes the first read time counter instruction in time order. That is, the second read time counter instruction is earlier than the first read time counter instruction in the execution order of the processor 101; the second read time counter instruction is earlier than the first read time counter instruction in the analysis order of the detection processor 105.
It should also be understood that, in addition to one access read instruction, another instruction other than the access read instruction may also be provided between the first read time counter instruction and the second read time counter instruction, which is not limited in this embodiment of the present invention.
It should also be appreciated that when detecting processor security according to the above-described method, it is common to have one target run as one unit of detection. Therefore, the above determinations in operation S201 and operation S202 are also made in units of the detected target running course. That is, when determining whether the instruction stream of the analyzed processor has the instruction combination of the specific pattern, it is determined whether the instruction stream of the target operation process has the instruction combination of the specific pattern. And judging whether the memory address corresponding to the access reading instruction is read by an instruction positioned before the access reading instruction in the analyzed instruction stream of the processor or not, namely whether the memory address is read by a previous instruction in the target running process or not.
According to the technical scheme of the embodiment of the invention, when the processor is detected to be attacked by the side channel, the safety warning information can be sent to the user, so that the user can adopt corresponding control measures (such as cutting off data transmission or closing the processor) according to the own needs, and further potential safety hazards are prevented from being maliciously utilized and further leakage of confidential data is prevented. In summary, the technical solution of the embodiment of the present invention can greatly improve the hardware security of the processor on the premise of not significantly affecting the efficient operation performance of the processor.
Optionally, in an embodiment, before determining whether the memory address corresponding to the access read instruction is read by an instruction located before the access read instruction in the analyzed instruction stream of the processor, a read record table is maintained in the process of analyzing the instruction stream of the processor. For example, the record table is used to store the address list read by the access read operation instruction in the analyzed instruction stream. Therefore, when judging whether the memory address corresponding to the access reading instruction is read by the instruction positioned before the access reading instruction in the analyzed instruction stream of the processor, the method can be realized by inquiring the record table.
In another embodiment, a cache (cache) emulator may be maintained, which should be able to accurately emulate the cache working state in the processor 101, and its specification is consistent with the real cache, and its replacement algorithm is also consistent with the real replacement algorithm, but it is not necessary to record the cached data content. Thus, when judging whether the memory address corresponding to the access reading instruction is read by the instruction positioned before the access reading instruction in the analyzed instruction stream of the processor, the logic address of the access reading instruction can be input into the cache simulator, and if the logic address is hit, the 1 is output (the memory address is read by the previous instruction); if not, 0 is output (indicating that the memory address has not been read by the previous instruction), and at this time, the memory address corresponding to the access and read instruction needs to be updated to the cache simulator. It should be understood that at the beginning of the detected target run, the cache emulator needs to be emptied.
Optionally, in a further embodiment, when determining whether the access read instruction has a cache hit, a first cache hit counter value at the first read time counter instruction and a second cache hit counter value at the second read time counter instruction of the processor may be obtained first. And judging whether the access reading instruction has cache hit or not according to the first cache hit counter value and the second cache hit counter value.
In one embodiment, the first cache hit counter value and the second cache hit counter value may be expressed using a counter data _ load _ reiterated in the processor. For example, when the processor 101 executes an RDTSC instruction in implementing an embodiment of the present invention using virtualization technology, the detection processor 105 may trigger it to Exit the virtual machine VM Exit, and read the data _ load _ reiterated value at this time as the first cache hit counter value or the second cache hit counter value.
When the difference between the first cache hit frequency counter value and the second cache hit frequency counter value is 1, determining that the access read instruction has cache hit. And when the difference between the counter value of the first cache hit times and the counter value of the second cache hit times is 0, determining that the cache hit of the access read instruction does not occur.
Optionally, in another embodiment, when determining the security of the processor according to the first determination result, if the first determination result is that the access read instruction has a cache hit and a memory address corresponding to the access read instruction is not read by an instruction located before the access read instruction in an instruction stream of the analyzed processor, it is determined that the processor is under a first-class side channel attack. For example, the side channel attack mode herein may be referred to as "FLUSH + RELOAD". At this time, safety warning information can be sent to the user, and the user takes safety measures; the processor may be directly suspended or a confidential data reading path in the processor may be cut off.
Optionally, in another embodiment, when determining the security of the processor according to the first determination result, if the first determination result is that the access and read instruction does not have a cache hit and the memory address corresponding to the access and read instruction is read by an instruction located before the access and read instruction in the analyzed instruction stream of the processor, it is determined that the processor is subjected to a second-type side channel attack. For example, the side channel attack mode herein may be referred to as "PRIME + PROBE". Similarly, safety warning information can be sent to the user at the moment, and the user takes safety measures; the processor may be directly suspended or a confidential data reading path in the processor may be cut off.
FIG. 3 schematically illustrates a flow diagram of a method of detecting processor security in accordance with another embodiment of the invention. As shown in fig. 3, the method includes operation S201, operation S202, operation S301, operation S302, and operation S303. For avoiding redundancy, the operations S201 and S202 are not described herein.
In operation S301, a predicted execution instruction set is generated according to an instruction stream, and a suspected address list is generated according to the access and read addresses in the predicted execution instruction set. For example, all of the access read addresses in the set of predicted execution instructions are fetched to generate a list of suspect addresses.
In operation S302, it is determined whether a memory address corresponding to the access/read instruction is in the suspected address list, so as to generate a second determination result.
In implementing the method shown in fig. 3, operation S203 is specifically implemented as operation S303, and the security of the processor is determined according to the first determination result and the second determination result.
According to the embodiment of the invention, the access and read instructions are further screened by using the operation S301 and the operation S302, so that the accuracy of security detection can be effectively improved.
Optionally, in generating the above predicted execution instruction set, a first level prediction with a run depth of 3 is executed in analyzing branch instructions into the instruction stream to obtain instructions in the first level prediction as elements of the predicted execution instruction set.
FIG. 4 is a diagram illustrating a predicted execution branch according to an embodiment of the present invention, where the branch indicated by line ① is a branch actually executed by the processor 101, the branch indicated by line ② is a branch predicted to be executed when the detection processor 105 detects that the analysis process is to obtain a predicted execution instruction set, and the branch indicated by line ③ is a branch that the processor 101 does not execute and the detection processor 105 does not predict execution.
Optionally, in another embodiment, when determining the security of the processor according to the first determination result and the second determination result, if the first determination result is that the access read instruction has a cache hit and the memory address corresponding to the access read instruction is not read by an instruction located before the access read instruction in the analyzed instruction stream of the processor, and the second determination result is that the memory address corresponding to the access read instruction is in the suspected address list, it may be determined that the processor has suffered the first-class side channel attack. For example, the side channel attack mode herein may be referred to as "FLUSH + RELOAD". The method of detecting the first side channel attack has higher accuracy than the above embodiments.
Fig. 5 schematically shows a block diagram of an apparatus for detecting processor security according to an embodiment of the invention. As shown in fig. 5, the apparatus 500 includes a first detection analysis unit 510, a second detection analysis unit 520, and a security determination unit 530. The apparatus 500 is used for executing the methods shown in fig. 2 to 4, and the same technical description is omitted to avoid redundancy.
The first detection analysis unit 510, when analyzing a first read time counter instruction to a processor, is configured to determine whether an instruction combination of a specific pattern is included in an instruction stream of the analyzed processor, where the instruction combination of the specific pattern includes the first read time counter instruction and a second read time counter instruction, the second read time counter instruction is located before the first read time counter instruction, and a memory read instruction is located between the first read time counter instruction and the second read time counter instruction.
The second detection and analysis unit 520, when the analyzed instruction stream of the processor has an instruction combination with a specific pattern, is configured to determine whether the access read instruction has a cache hit, and whether a memory address corresponding to the access read instruction is read by an instruction located before the access read instruction in the analyzed instruction stream of the processor, so as to generate a first determination result.
A security determining unit 530, configured to determine the security of the processor according to the first determination result.
According to the technical scheme of the embodiment of the invention, when the processor is detected to be attacked by the side channel, the safety warning information can be sent to the user, so that the user can adopt corresponding control measures (such as cutting off data transmission or closing the processor) according to the own needs, and further potential safety hazards are prevented from being maliciously utilized and further leakage of confidential data is prevented. In summary, the technical solution of the embodiment of the present invention can greatly improve the hardware security of the processor on the premise of not significantly affecting the efficient operation performance of the processor.
Optionally, in an embodiment, when determining whether the access read instruction has a cache hit, the second detection analysis unit 520 is specifically configured to:
obtaining a first cache hit counter value at a first read time counter instruction and a second cache hit counter value at a second read time counter instruction of the processor; when the difference between the first cache hit frequency counter value and the second cache hit frequency counter value is 1, determining that the access read instruction has cache hit; and when the difference between the counter value of the first cache hit times and the counter value of the second cache hit times is 0, determining that the access read instruction does not have cache hit.
Optionally, in another embodiment, the security determining unit 530 is specifically configured to:
and when the first judgment result is that the access and read instruction has cache hit and the memory address corresponding to the access and read instruction is not read by the instruction positioned in front of the access and read instruction in the analyzed instruction stream of the processor, determining that the processor is attacked by the first type of side channel.
Optionally, in another embodiment, the security determining unit 530 is specifically configured to:
and when the first judgment result is that the access and read instruction does not have cache hit and the memory address corresponding to the access and read instruction is read by the instruction positioned before the access and read instruction in the analyzed instruction stream of the processor, determining that the processor is attacked by the second side channel.
Optionally, in a further embodiment, the apparatus 500 further comprises a third detection and analysis unit 540. The third detection and analysis unit 540 is configured to generate a prediction execution instruction set according to the instruction stream, generate a suspected address list according to the access and read addresses in the prediction execution instruction set, and determine whether the memory address corresponding to the access and read instruction is in the suspected address list, so as to generate a second determination result. In this case, the security determining unit 530 is specifically configured to determine the security of the processor according to the first determination result and the second determination result.
Optionally, in another embodiment, the security determining unit 530 is specifically configured to:
and when the first judgment result is that the access and read instruction has cache hit and the memory address corresponding to the access and read instruction is not read by the instruction positioned in front of the access and read instruction in the analyzed instruction stream of the processor, and the second judgment result is that the memory address corresponding to the access and read instruction is in the suspected address list, determining that the processor is attacked by the first type of side channel.
Optionally, in another embodiment, the third detection and analysis unit 540 generates the predicted execution instruction set according to an instruction stream, and is specifically configured to:
when analyzing a branch instruction into an instruction stream, a first-level prediction with a run depth of 3 is performed to obtain the instructions in the first-level prediction as elements of the predicted execution instruction set.
It should be understood that the first detection analysis unit 510, the second detection analysis unit 520, the third detection analysis unit 540, and the security determination unit 530 may be implemented in a single module, or any one of them may be split into a plurality of modules.
Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present invention, at least one of the first detection analysis unit 510, the second detection analysis unit 520, the third detection analysis unit 540 and the security determination unit 530 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable way of integrating or packaging a circuit, etc., or in a suitable combination of three implementations of software, hardware and firmware.
Alternatively, at least one of the first detection analysis unit 510, the second detection analysis unit 520, the third detection analysis unit 540 and the security determination unit 530 may be at least partially implemented as computer program modules, which, when executed by a computer, may perform the functions of the respective modules.
FIG. 6 schematically shows a block diagram of a system 600 for detecting processor security, in accordance with an embodiment of the present invention. As shown in FIG. 6, the system 600 includes a detection processor 610, a computer-readable storage medium 620, and a processor under test 630. Where detection processor 610 is one of the embodiments of detection processor 105 and processor under test 630 is one of the embodiments of processor 101. The detection system 600 may perform the methods described above with reference to fig. 2-4 to detect the processor under test 630.
In particular, the detection processor 610 may include, for example, a general purpose microprocessor, an instruction set processor and/or related chipset and/or a reconfigurable processor and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The detection processor 610 may also include onboard memory for caching purposes. The detection processor 610 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present invention described with reference to fig. 2-4.
Computer-readable storage medium 620 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 620 may include a computer program 621, which computer program 621 may include code/computer-executable instructions that, when executed by the detection processor 610, cause the detection processor 610 to perform a method flow, such as described above in connection with fig. 2-4, and any variations thereof.
The computer program 621 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 621 may include one or more program modules, including, for example, module 621A, module 621B. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to the actual situation, when these program modules are executed by the detection processor 610, the detection processor 610 may execute the method flows described above with reference to fig. 2 to 4, and any variations thereof, for example.
According to an embodiment of the present invention, at least one of the first detection analysis unit 510, the second detection analysis unit 520, the third detection analysis unit 540 and the security determination unit 530 may be implemented as a computer program module described with reference to fig. 6, which, when executed by the detection processor 610, may implement the respective operations described above.
The above-described methods, apparatuses, units and/or modules according to embodiments of the present invention may be implemented by an electronic device having computer capabilities executing software containing computer instructions. The system may include a storage device to implement the various storage described above. The computing-capable electronic device may include, but is not limited to, a general-purpose processor, a digital signal processor, a special-purpose processor, a reconfigurable processor, and the like, capable of executing computer instructions. Execution of such instructions causes the electronic device to be configured to perform the operations described above in accordance with the present invention. The above devices and/or modules may be implemented in one electronic device, or may be implemented in different electronic devices. Such software may be stored in a computer readable storage medium. The computer readable storage medium stores one or more programs (software modules) comprising instructions which, when executed by one or more processors in an electronic device, cause the electronic device to perform the methods of the invention.
Such software may be stored in the form of volatile memory or non-volatile storage (such as storage devices like ROM), whether erasable or rewritable, or in the form of memory (e.g., RAM, memory chips, devices or integrated circuits), or on optically or magnetically readable media (such as CD, DVD, magnetic disks or tapes, etc.). It should be appreciated that the storage devices and storage media are embodiments of machine-readable storage suitable for storing one or more programs that include instructions, which when executed, implement embodiments of the present invention. Embodiments provide a program and a machine-readable storage device storing such a program, the program comprising code for implementing the apparatus or method of any one of the claims of the present invention. Further, these programs may be delivered electronically via any medium (e.g., communication signals carried via a wired connection or a wireless connection), with various embodiments including the programs as appropriate.
It will be appreciated by a person skilled in the art that various combinations and/or combinations of features recited in the various embodiments and/or claims of the invention may be made, even if such combinations or combinations are not explicitly recited in the invention. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present invention may be made without departing from the spirit and teachings of the invention. All such combinations and/or associations fall within the scope of the present invention.
While the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents. Accordingly, the scope of the present invention should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
Claims (14)
1. A method of detecting processor security, comprising:
when a first reading time counter instruction to the processor is analyzed, judging whether an analyzed instruction stream of the processor has a specific pattern of instruction combination, wherein the specific pattern of instruction combination comprises the first reading time counter instruction and a second reading time counter instruction, the second reading time counter instruction is positioned before the first reading time counter instruction, and a memory reading instruction is arranged between the first reading time counter instruction and the second reading time counter instruction;
when the analyzed instruction stream of the processor has an instruction combination with a specific pattern, judging whether the access, storage and reading instruction has cache hit or not, and whether a memory address corresponding to the access, storage and reading instruction is read by an instruction positioned before the access, storage and reading instruction in the analyzed instruction stream of the processor, so as to generate a first judgment result;
determining the safety of the processor according to the first judgment result;
wherein the determining the safety of the processor according to the first judgment result comprises: and when the first judgment result is that the access reading instruction generates cache hit and the memory address corresponding to the access reading instruction is not read by the instruction which is positioned in front of the access reading instruction in the analyzed instruction stream of the processor, determining that the processor is attacked by the first type of side channel.
2. The method of claim 1, wherein determining whether the access read instruction has a cache hit comprises:
obtaining a first cache hit counter value at the first read time counter instruction and a second cache hit counter value at the second read time counter instruction for the processor;
when the difference between the first cache hit frequency counter value and the second cache hit frequency counter value is 1, determining that the access read instruction has cache hit;
and when the difference between the first cache hit frequency counter value and the second cache hit frequency counter value is 0, determining that the access reading instruction does not have cache hit.
3. The method according to claim 1 or 2, wherein the determining the security of the processor according to the first determination result further comprises:
and when the first judgment result shows that the access reading instruction does not have cache hit and the memory address corresponding to the access reading instruction is read by the instruction which is positioned in front of the access reading instruction in the analyzed instruction stream of the processor, determining that the processor is attacked by the second side channel.
4. The method according to claim 1 or 2, wherein before said determining the security of the processor according to the first determination result, the method further comprises:
generating a set of predicted execution instructions from the instruction stream;
generating a suspect address list according to the access and read addresses in the prediction execution instruction set;
judging whether a memory address corresponding to the access, storage and reading instruction is in the suspect address list or not so as to generate a second judgment result;
the determining the safety of the processor according to the first judgment result comprises:
and determining the safety of the processor according to the first judgment result and the second judgment result.
5. The method of claim 4, wherein the determining the security of the processor according to the first determination result and the second determination result comprises:
and when the first judgment result is that the access and read instruction has cache hit and the memory address corresponding to the access and read instruction is not read by the instruction positioned before the access and read instruction in the analyzed instruction stream of the processor, and the second judgment result is that the memory address corresponding to the access and read instruction is in the suspect address list, determining that the processor is attacked by a first-class side channel.
6. The method of claim 4, wherein generating a set of predicted execution instructions from the instruction stream comprises:
when analyzing a branch instruction in the instruction stream, executing a primary prediction with a running depth of 3 to obtain an instruction in the primary prediction as an element of a prediction execution instruction set.
7. An apparatus for detecting processor security, comprising:
the first detection analysis unit is used for judging whether a first reading time counter instruction of the processor is analyzed, wherein the analyzed instruction stream of the processor has a specific pattern of instruction combination, the specific pattern of instruction combination comprises the first reading time counter instruction and a second reading time counter instruction, the second reading time counter instruction is positioned before the first reading time counter instruction, and an access reading instruction is arranged between the first reading time counter instruction and the second reading time counter instruction;
the second detection and analysis unit is used for judging whether the access and memory reading instruction is subjected to cache hit or not and whether a memory address corresponding to the access and memory reading instruction is read by an instruction which is positioned in front of the access and memory reading instruction in the analyzed instruction stream of the processor or not when the analyzed instruction stream of the processor has an instruction combination with a specific pattern so as to generate a first judgment result;
the safety determination unit is used for determining the safety of the processor according to the first judgment result;
wherein, when determining the security of the processor according to the first determination result, the security determining unit is specifically configured to: and when the first judgment result is that the access reading instruction generates cache hit and the memory address corresponding to the access reading instruction is not read by the instruction which is positioned in front of the access reading instruction in the analyzed instruction stream of the processor, determining that the processor is attacked by the first type of side channel.
8. The apparatus of claim 7, wherein the second detection analysis unit, when determining whether the access read instruction has a cache hit, is specifically configured to:
obtaining a first cache hit counter value at the first read time counter instruction and a second cache hit counter value at the second read time counter instruction for the processor;
when the difference between the first cache hit frequency counter value and the second cache hit frequency counter value is 1, determining that the access read instruction has cache hit;
and when the difference between the first cache hit frequency counter value and the second cache hit frequency counter value is 0, determining that the access reading instruction does not have cache hit.
9. The apparatus according to claim 7 or 8, wherein the security determining unit, when determining the security of the processor according to the first determination result, is further specifically configured to:
and when the first judgment result shows that the access reading instruction does not have cache hit and the memory address corresponding to the access reading instruction is read by the instruction which is positioned in front of the access reading instruction in the analyzed instruction stream of the processor, determining that the processor is attacked by the second side channel.
10. The device according to claim 7 or 8, further comprising a third detection and analysis unit,
the third detection and analysis unit is configured to generate a prediction execution instruction set according to the instruction stream, generate a suspected address list according to access and read addresses in the prediction execution instruction set, and judge whether a memory address corresponding to the access and read instruction is in the suspected address list to generate a second judgment result;
the safety determination unit is specifically configured to determine the safety of the processor according to the first determination result and the second determination result.
11. The apparatus of claim 10, wherein the security determining unit, when determining the security of the processor according to the first determination result and the second determination result, is specifically configured to:
and when the first judgment result is that the access and read instruction has cache hit and the memory address corresponding to the access and read instruction is not read by the instruction positioned before the access and read instruction in the analyzed instruction stream of the processor, and the second judgment result is that the memory address corresponding to the access and read instruction is in the suspect address list, determining that the processor is attacked by a first-class side channel.
12. The apparatus of claim 10, wherein the third detection analysis unit, when generating the set of predicted execution instructions from the instruction stream, is further configured to:
when analyzing a branch instruction in the instruction stream, executing a primary prediction with a running depth of 3 to obtain an instruction in the primary prediction as an element of a prediction execution instruction set.
13. A system for detecting processor security, for detecting a processor under test, comprising:
one or more detection processors;
memory for storing one or more programs, wherein the one or more programs, when executed by the one or more detection processors, cause the one or more detection processors to perform the method of any of claims 1-6.
14. A computer-readable storage medium having instructions stored thereon for performing the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811001532.1A CN110750301B (en) | 2018-08-29 | 2018-08-29 | Method, device, system and storage medium for detecting safety of processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811001532.1A CN110750301B (en) | 2018-08-29 | 2018-08-29 | Method, device, system and storage medium for detecting safety of processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110750301A CN110750301A (en) | 2020-02-04 |
| CN110750301B true CN110750301B (en) | 2020-07-07 |
Family
ID=69275673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811001532.1A Active CN110750301B (en) | 2018-08-29 | 2018-08-29 | Method, device, system and storage medium for detecting safety of processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110750301B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113449344B (en) * | 2020-03-27 | 2023-03-17 | 支付宝(杭州)信息技术有限公司 | Safety calculation method, device, equipment and medium |
| CN113127880A (en) * | 2021-03-25 | 2021-07-16 | 华东师范大学 | Method for detecting channel vulnerability of speculative execution side in first-level data cache |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106030520A (en) * | 2014-03-27 | 2016-10-12 | 英特尔公司 | Instruction and logic for filtering of software prefetching instructions |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6157988A (en) * | 1997-08-01 | 2000-12-05 | Micron Technology, Inc. | Method and apparatus for high performance branching in pipelined microsystems |
| US8862861B2 (en) * | 2011-05-13 | 2014-10-14 | Oracle International Corporation | Suppressing branch prediction information update by branch instructions in incorrect speculative execution path |
| US9509707B2 (en) * | 2014-06-24 | 2016-11-29 | Qualcomm Incorporated | Methods and systems for thwarting side channel attacks |
| US9405708B1 (en) * | 2015-02-04 | 2016-08-02 | Amazon Technologies, Inc. | Preventing attacks that rely on same-page merging by virtualization environment guests |
| CN108123790B (en) * | 2016-11-30 | 2021-01-19 | 深圳先进技术研究院 | Side channel attack method and device |
| CN107622199B (en) * | 2017-09-21 | 2019-12-17 | 中国科学院信息工程研究所 | Channel attack defense method and device for Flush-Reload cache side in cloud environment |
-
2018
- 2018-08-29 CN CN201811001532.1A patent/CN110750301B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106030520A (en) * | 2014-03-27 | 2016-10-12 | 英特尔公司 | Instruction and logic for filtering of software prefetching instructions |
Non-Patent Citations (1)
| Title |
|---|
| 侧信道分析实用案例概述;王安 等;《密码学报》;20180831;第5卷(第4期);第383-398页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110750301A (en) | 2020-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108509791B (en) | Method for detecting processor, detection device and detection system | |
| US11347853B2 (en) | Hardware heuristic-driven binary translation-based execution analysis for return-oriented programming malware detection | |
| CN108388814B (en) | Method for detecting processor, detection device and detection system | |
| Wang et al. | {CacheD}: Identifying {Cache-Based} timing channels in production software | |
| US11777705B2 (en) | Techniques for preventing memory timing attacks | |
| US10565379B2 (en) | System, apparatus and method for instruction level behavioral analysis without binary instrumentation | |
| KR101807441B1 (en) | Detection of side channel attacks between virtual machines | |
| JP2014532944A (en) | Method, device, and system for detecting return-oriented programming exploits | |
| KR101701014B1 (en) | Reporting malicious activity to an operating system | |
| CN109508536A (en) | A kind of detection method and device alterring program stream attack | |
| CN102184360B (en) | Information flow safety monitoring method applied to embedded processor | |
| US20180096147A1 (en) | System, apparatus and method for performing on-demand binary analysis for detecting code reuse attacks | |
| CN102651062A (en) | System and method for tracking malicious behavior based on virtual machine architecture | |
| US20170091454A1 (en) | Lbr-based rop/jop exploit detection | |
| Sayadi et al. | Recent advancements in microarchitectural security: Review of machine learning countermeasures | |
| CN110750301B (en) | Method, device, system and storage medium for detecting safety of processor | |
| US11126721B2 (en) | Methods, systems and apparatus to detect polymorphic malware | |
| Polychronou et al. | Madman: Detection of software attacks targeting hardware vulnerabilities | |
| CN103116539A (en) | Performance loss testing method and device of fine-grained virtual system | |
| Wang et al. | Specularizer: Detecting speculative execution attacks via performance tracing | |
| WO2018071093A1 (en) | Programmable hardware security counters | |
| CN110875917B (en) | Method, device and storage medium for detecting mine excavation virus | |
| Li et al. | Vminsight: Hardware virtualization-based process security monitoring system | |
| Le et al. | Spectre attack detection with Neutral Network on RISC-V processor | |
| Su et al. | Catch you with cache: Out-of-VM introspection to trace malicious executions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |