CN104866767A - Embedded module of novel security mechanism - Google Patents
Embedded module of novel security mechanism Download PDFInfo
- Publication number
- CN104866767A CN104866767A CN201510236130.XA CN201510236130A CN104866767A CN 104866767 A CN104866767 A CN 104866767A CN 201510236130 A CN201510236130 A CN 201510236130A CN 104866767 A CN104866767 A CN 104866767A
- Authority
- CN
- China
- Prior art keywords
- module
- program
- monitor message
- hardware security
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Abstract
An embedded module of a novel security mechanism consists of a monitoring information comparison module, a monitoring information storage module and a hardware security sub module. An embedded processor sends a collected program counter and a current instruction value to the monitoring information comparison module, and data is processed by using the monitoring information storage module and the hardware security sub module. During execution of a program, the hardware security sub module reads key parameter information from the monitoring information storage module, and compares the key parameter information with parameter information in a real-time running process of the program; once inconsistency is found, it indicates that the program is attacked, and the hardware security sub module terminates running of the program. The embedded module provided by the present invention can quickly perform searching, reading and comparison on parameter information, consumes less resource and has high security.
Description
Technical field
The present invention relates to a kind of flush bonding module of new type of safe mechanism, it is the embedded system security module that a kind of hardware is assisted, the information produced when it utilizes the method for pure hardware supported program to be performed is compared with the information obtained by the process analysis of off-line in advance, prevents from occurring the malicious attack behavior of program code.Belong to embedded system security technical field.
Background technology
Along with the development of electronics science and computer technology, increasing embedded device enters in the life of people, plays the effect that important system controls automatically and data store gradually at numerous areas.Increasing application and more convenient network insertion, make embedded platform be faced with increasing security challenge simultaneously.Embedded system has strict resource constraint restriction in arithmetic capability, internal memory, energy etc.Adopt the virus scan on multi-purpose computer and anti-intrusion software to defend security attack, the reduction of performance and the increase of power consumption will be brought.Therefore, the safety problem of embedded system has more challenge than the safety problem of general-purpose system.
Malicious data or code are implanted in security attack, and the normal execution of Rogue program is final purpose.Program code determines the act of execution of program, plays conclusive effect to the Secure execution of the program of guarantee.But protection application routine data is extremely important equally too.In SPEC test benchmark program, function call constitutes few instruction ratio partly with returning, and branch instruction accounts for small part, and load/store (load/store) instruction has exceeded sum both them.Assuming that each steering order represents the point of attack that a malice controls transfer, so load and the destruction of storage operation to data value, also will play decisive role to the normal execution of program.
Integrity detection guarantee information can not suffer distorting or destroying of unauthorized ways in the process stored and transmit.Effective data and code integrity protection scheme comprise detection and illegally distort and prevent Replay Attack.Integrality relates to two processes, one on sending entity, one on receiving entity.Sending entity is to data cell affix one amount, and this amount is the function of these data, and can be the side information resemble block check code, also can be a cryptographic check value, and itself also can be encrypted.Receiving entity produces an accordingly amount, and it with receive that measure and compare to determine whether these data were tampered in passing on.
Attack is reacted to hardware layer, is exactly the execution error to binary data and code or destruction, the therefore integrality of monitor data and code, can effectively prevent from implanting the malice of data, code and destroying, and ensures the normal execution of program.
And application program is after compiling link, its deposit position and run location will be mapped to sections different in internal memory.These sections have respective reading and writing and the attribute such as can to perform, and a lot of security attack violates these attributes exactly, and as carried out illegal write operation to code segment, read-only data section, executive buffer overflows the attacker etc. be implanted in stacked data section.Therefore, researchist devises security tag technology, and these reading and writing and attribute-executable are encoded into data characteristic, and in the implementation of program, be used as security policy enforcement execution.
Summary of the invention
1, object: the flush bonding module that the object of this invention is to provide a kind of new type of safe mechanism, monitors in real time to flush bonding processor.The information produced when program performs by the method that it utilizes hardware to assist is compared in real time with the information obtained by the process analysis of off-line in advance, prevents from occurring the malicious attack behavior of program code.
Technical scheme:
The present invention design one with the application specific hardware modules of processor parallel running, the integrality of program service data and code is monitored, with strengthen embedded system program perform safety.Security module from flush bonding processor loading routine counter signals and present instruction value signal, by it with monitor message memory module in read the information that security module marks and carry out real time contrast.When program enters a new fundamental block, notice monitor message memory module reads the corresponding fundamental block monitor message prestored.When program performs in fundamental block, by current instruction value signal transmission to security module, iterative computation cryptographic hash.When program exits a fundamental block, the cryptographic hash in the cryptographic hash of whole fundamental block iterative computation gone out and fundamental block monitor message contrasts, if comparative information is inconsistent, can stop the operation of program, or carry out System recover.
The flush bonding module of a kind of new type of safe mechanism of the present invention, it is made up of monitor message comparison module, monitor message memory module and hardware security sub-module.Relation between three is: the programmable counter collected and current instruction value are sent to monitor message comparison module by flush bonding processor, is then processed data by monitor message memory module and hardware security sub-module.
Described monitor message comparison module mainly compares effect, it is from flush bonding processor loading routine counter signals and present instruction value signal, by it with monitor message memory module in the information that calculates of the information that reads and cyclic redundancy check (CRC) computing module contrast, to judge the legitimacy of the program of real time execution in flush bonding processor.
Described monitor message memory module mainly memory action, it stores the program control flow information extracted in advance, adopts the method for binary search, can search the information needing to read quickly and efficiently.
Described hardware security sub-module is verification effect, and its loading routine command signal value, carries out interative computation, exports the cryptographic hash of fundamental block.The embedded system security sub-module that whole hardware is assisted improves the security that program performs.Here input data to be bit wides the be instruction segment of 512, the bit wide exported after being calculated by hardware security sub-module is the proof test value of 80.Compared with CRC check module, this algorithm security is better, has taken into account again hardware resource cost and storage resources expense simultaneously.
3, advantage and effect: the embedded system security module that this hardware is assisted has following advantage:
(1) the embedded system security Module-embedding formula CPU parallel running that hardware of the present invention is auxiliary, can not be subject to software attacks, self-security aspect is very high.
(2) the present invention adopts the method that hardware is assisted, and described security module and flush bonding processor executed in parallel, all operations of security module all can complete within a clock period, improves the operational efficiency of system.
(3) it is few that the embedded system security module that hardware of the present invention is auxiliary takies resource, while improve security of system, less to taking of entire system resource.
(4) the embedded system security module that hardware of the present invention is auxiliary, is applicable to all kinds of embedded system, has good protection effect.
Accompanying drawing explanation
Fig. 1 is the security mechanism structural framing of module of the present invention.
Fig. 2 is module of the present invention structural representation in embedded systems.
In figure, symbol description is as follows:
In Fig. 2, IF is fetching level: the access of the buffer memory of instruction buffer or data; ID is decode stage: decoding instruction, changes register window simultaneously; EXE is execution level: branch's redirect, carries out arithmetic and logical operation simultaneously; MEM is internal storage access level: the access of data buffer storage; WB is write back stages: internal memory write-back.
Embodiment
See shown in Fig. 1, Fig. 2, its embodiment is as follows:
The flush bonding module of a kind of new type of safe mechanism of the present invention, it is made up of monitor message comparison module, monitor message memory module and hardware security sub-module.Relation between three is: the programmable counter collected and current instruction value are sent to monitor message comparison module by flush bonding processor, is then processed data by monitor message memory module and hardware security sub-module.
Fig. 1 describes the overall architecture of safety monitoring mechanism, mainly comprises program off-line analysis and program operation in-situ analysis two parts.Program source code generates executable binary code in the off-line analysis stage after cross compile, extract required control flow check fundamental block check information and jump instruction address information, the static monitoring model that these information will be formed in monitor message comparison module.In the program operation phase, monitor message comparison module and flush bonding processor parallel processing, monitor message comparison module monitors the command status of current execution from CPU streamline, and in key instruction, as redirect, bifurcation, generates the proof test value of dynamic data.Proof test value in the fundamental block calculated by monitor message comparison module real-time dynamic check value and static monitoring model carries out real time contrast, can find that whether the instruction of the current execution of processor is legal, just can judge that control flow check fundamental block has been attacked once discovery mistake, monitor message comparison module sends error signal and triggers emergency response mechanism.Due to the monitor message comparison module in the design and embedded system CPU parallel running, except extract information needed from CPU streamline except, there is no other communication behaviors, because this reducing the possibility of software attacks monitor message comparison module.In addition, the design can't change inner core and the instruction set of CPU, so existing crossstool can be utilized to generate static monitoring model.
As shown in Figure 2, as a whole, be exactly the IF stage at CPU, from I-Cache, read the instruction to be processed of current need according to programmable counter Program Counter (PC).According to current PC and fundamental block redirect signal, calculated the static code integrality monitoring model of its correspondence by lookup table algorithm.In the EXE stage, deposit the order register value Instruction Register (IR) of current execution, and calculate the real-time messages summary cryptographic hash of current basic block.If current basic block performs end, the monitor message comparison module of design completes comparing in real time dynamic and static state integrity value.Once difference be detected, look-at-me will be sent to CPU programmable interrupt controller, and trigger CPU and interrupt emergency response.When the arithmetic speed of monitoring hardware lags behind CPU, provide freeze signal and freeze processor pipeline by mask processor clock.
The input data length of the computing module of the design is 512, needs to carry out pre-service to instruction wherein, make to meet proof test value module input requirements so cross Cheng Qian at the hardware security sub-module calculating control flow check fundamental block.IR is the instruction that will perform of taking out from the execute phase order register of CPU streamline, the condition that should meet when enable signal is high level is the data length in register is just 512, now these data will be admitted to proof test value module and carry out computing, and control module sends reset signal and resets register and start to carry out next round order register simultaneously.Output signal describes the signal of preprocessed state, and this signal will be input to control module, carry out different pre-service according to different states.
Hardware security sub-module is from flush bonding processor loading routine counter signals and present instruction value signal, by it with monitor message memory module in the information that calculates of the information that reads and hardware security sub-module contrast, to judge the legitimacy of the program of real time execution in flush bonding processor.Monitor message memory module stores the program control flow information extracted in advance, adopts the method for binary search, can search the information needing to read quickly and efficiently.Hardware security sub-module loading routine command signal value, carries out interative computation, exports the cryptographic hash of fundamental block.When monitor message comparison module discovery procedure is abnormal, abort signal can be sent to flush bonding processor.
In actual applications, the embedded system security module that this hardware is assisted is connected with flush bonding processor, and source code produces binary file through compiling and link, and binary file obtains monitoring model through off-line analysis process analysis.When program is run, binary file is written into internal memory and is embedded into formula processor and performs.Meanwhile, hardware security sub-module reads monitoring model.Flush bonding processor is in the process of working procedure, execution information flow is passed to hardware security sub-module, it and monitoring model compare by hardware security sub-module hardware, once discovery procedure check errors or control flow check redirect mistake, transmission interruption is controlled signal to flush bonding processor and interrupts its operation by hardware security mould piecemeal.
Claims (1)
1. the flush bonding module of a new type of safe mechanism, it is characterized in that: it is made up of monitor message comparison module, monitor message memory module and hardware security sub-module, the programmable counter collected and current instruction value are sent to monitor message comparison module by flush bonding processor, are then processed data by monitor message memory module and hardware security sub-module;
Described monitor message comparison module mainly compares effect, it is from flush bonding processor loading routine counter signals and present instruction value signal, by it with monitor message memory module in the information that calculates of the information that reads and cyclic redundancy check (CRC) computing module contrast, to judge the legitimacy of the program of real time execution in flush bonding processor;
Described monitor message memory module mainly memory action, it stores the program control flow information extracted in advance, adopts the method for binary search, searches the information needing to read quickly and efficiently;
Described hardware security sub-module is verification effect, and its loading routine command signal value, carries out interative computation, exports the cryptographic hash of fundamental block; Whole hardware security module improves the security that program performs, here input data to be bit wides the be instruction segment of 512, the bit wide exported after being calculated by hardware security sub-module is the proof test value of 80, compared with CRC check module, this algorithm security is better, has taken into account again hardware resource cost and storage resources expense simultaneously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510236130.XA CN104866767B (en) | 2015-05-11 | 2015-05-11 | A kind of flush bonding module of security mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510236130.XA CN104866767B (en) | 2015-05-11 | 2015-05-11 | A kind of flush bonding module of security mechanism |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104866767A true CN104866767A (en) | 2015-08-26 |
| CN104866767B CN104866767B (en) | 2018-03-02 |
Family
ID=53912589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510236130.XA Active CN104866767B (en) | 2015-05-11 | 2015-05-11 | A kind of flush bonding module of security mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104866767B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022107A (en) * | 2015-10-30 | 2016-10-12 | 北京中电华大电子设计有限责任公司 | Method and system for protecting program execution integrity |
| CN106295322A (en) * | 2016-07-26 | 2017-01-04 | 北京航空航天大学 | A kind of hardware protection model for buffer overflow attack |
| CN106372505A (en) * | 2016-08-23 | 2017-02-01 | 北京航空航天大学 | Embedded system code attack-oriented quick recovery method |
| WO2017133442A1 (en) * | 2016-02-05 | 2017-08-10 | 中兴通讯股份有限公司 | Real-time measurement method and device |
| CN107133515A (en) * | 2017-03-09 | 2017-09-05 | 北京航空航天大学 | A kind of hardware based buffer overflow attack detection method |
| CN109033888A (en) * | 2018-07-27 | 2018-12-18 | 深圳市汇尊区块链技术有限公司 | It is a kind of intelligence contract source code mechanism is disclosed |
| CN112580052A (en) * | 2019-09-30 | 2021-03-30 | 龙芯中科技术股份有限公司 | Computer security protection method, chip, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477605A (en) * | 2009-01-15 | 2009-07-08 | 北京航空航天大学 | Embedded system program execution safety enhancing module based on hardware |
| CN103080905A (en) * | 2010-06-07 | 2013-05-01 | 杰森·A·苏利万 | Systems and methods for intelligent and flexible management and monitoring of computer systems |
| CN103500125A (en) * | 2013-10-10 | 2014-01-08 | 中国科学院上海技术物理研究所 | Anti-radiation data processing system and method based on FPGA |
| CN103530146A (en) * | 2013-09-16 | 2014-01-22 | 成都交大光芒科技股份有限公司 | Low-power-consumption embedded device remote wireless updating method |
| CN103676722A (en) * | 2012-09-14 | 2014-03-26 | 英飞凌科技股份有限公司 | Safety system challenge-and-response using modified watchdog timer |
| WO2014178889A1 (en) * | 2013-04-30 | 2014-11-06 | Bao Liu | Vlsi tamper detection and resistance |
| US20140344924A1 (en) * | 2013-05-14 | 2014-11-20 | Apple Inc. | Preventing unauthorized calls to a protected function |
-
2015
- 2015-05-11 CN CN201510236130.XA patent/CN104866767B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477605A (en) * | 2009-01-15 | 2009-07-08 | 北京航空航天大学 | Embedded system program execution safety enhancing module based on hardware |
| CN103080905A (en) * | 2010-06-07 | 2013-05-01 | 杰森·A·苏利万 | Systems and methods for intelligent and flexible management and monitoring of computer systems |
| CN103676722A (en) * | 2012-09-14 | 2014-03-26 | 英飞凌科技股份有限公司 | Safety system challenge-and-response using modified watchdog timer |
| WO2014178889A1 (en) * | 2013-04-30 | 2014-11-06 | Bao Liu | Vlsi tamper detection and resistance |
| US20140344924A1 (en) * | 2013-05-14 | 2014-11-20 | Apple Inc. | Preventing unauthorized calls to a protected function |
| CN103530146A (en) * | 2013-09-16 | 2014-01-22 | 成都交大光芒科技股份有限公司 | Low-power-consumption embedded device remote wireless updating method |
| CN103500125A (en) * | 2013-10-10 | 2014-01-08 | 中国科学院上海技术物理研究所 | Anti-radiation data processing system and method based on FPGA |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022107A (en) * | 2015-10-30 | 2016-10-12 | 北京中电华大电子设计有限责任公司 | Method and system for protecting program execution integrity |
| WO2017133442A1 (en) * | 2016-02-05 | 2017-08-10 | 中兴通讯股份有限公司 | Real-time measurement method and device |
| CN106295322A (en) * | 2016-07-26 | 2017-01-04 | 北京航空航天大学 | A kind of hardware protection model for buffer overflow attack |
| CN106295322B (en) * | 2016-07-26 | 2018-12-18 | 北京航空航天大学 | A kind of hardware protection device for buffer overflow attack |
| CN106372505A (en) * | 2016-08-23 | 2017-02-01 | 北京航空航天大学 | Embedded system code attack-oriented quick recovery method |
| CN106372505B (en) * | 2016-08-23 | 2018-12-28 | 北京航空航天大学 | A kind of quick recovery method for Embedded System Code attack |
| CN107133515A (en) * | 2017-03-09 | 2017-09-05 | 北京航空航天大学 | A kind of hardware based buffer overflow attack detection method |
| CN107133515B (en) * | 2017-03-09 | 2019-10-18 | 北京航空航天大学 | A kind of hardware based buffer overflow attack detection method |
| CN109033888A (en) * | 2018-07-27 | 2018-12-18 | 深圳市汇尊区块链技术有限公司 | It is a kind of intelligence contract source code mechanism is disclosed |
| CN112580052A (en) * | 2019-09-30 | 2021-03-30 | 龙芯中科技术股份有限公司 | Computer security protection method, chip, equipment and storage medium |
| CN112580052B (en) * | 2019-09-30 | 2023-05-30 | 龙芯中科技术股份有限公司 | Computer security protection method, chip, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104866767B (en) | 2018-03-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104866767A (en) | Embedded module of novel security mechanism | |
| US11392703B2 (en) | Systems, apparatuses, and methods for platform security | |
| Mao et al. | Hardware support for secure processing in embedded systems | |
| CN111931251B (en) | Trusted computing chip based on blockchain | |
| CN105103158A (en) | Profiling code execution | |
| WO2008092162A2 (en) | Systems, methods, and media for recovering an application from a fault or attack | |
| EP3270317B1 (en) | Dynamic security module server device and operating method thereof | |
| JP2014524088A (en) | Secure host execution architecture | |
| CN112948086B (en) | Trusted PLC control system | |
| WO2018064628A2 (en) | Systems, apparatuses, and methods for platform security | |
| WO2021139308A1 (en) | Cloud server monitoring method, apparatus and device, and storage medium | |
| Kulik et al. | A framework for threat-driven cyber security verification of iot systems | |
| Tabrizi et al. | Flexible intrusion detection systems for memory-constrained embedded systems | |
| Rajput et al. | Remote non-intrusive malware detection for plcs based on chain of trust rooted in hardware | |
| US11093605B2 (en) | Monitoring real-time processor instruction stream execution | |
| CN103034810A (en) | Detection method and detection device and electronic device | |
| Kaushik et al. | A novel intrusion detection system for internet of things devices and data | |
| Vella et al. | RV-TEE: secure cryptographic protocol execution based on runtime verification | |
| Peng et al. | Micro-architectural features for malware detection | |
| Thevenon et al. | iMRC: Integrated Monitoring & Recovery Component, a Solution to Guarantee the Security of Embedded Systems. | |
| Tidjon et al. | Extended algebraic state-transition diagrams | |
| KR102086375B1 (en) | System and method for real time prevention and post recovery for malicious software | |
| Wang et al. | DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton | |
| CN112671920B (en) | Sewage automatic control method based on block chain | |
| Park et al. | Assuring software security against buffer overflow attacks in embedded software development life cycle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |