CN106250099A - A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm - Google Patents

A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm Download PDF

Info

Publication number
CN106250099A
CN106250099A CN201610566278.4A CN201610566278A CN106250099A CN 106250099 A CN106250099 A CN 106250099A CN 201610566278 A CN201610566278 A CN 201610566278A CN 106250099 A CN106250099 A CN 106250099A
Authority
CN
China
Prior art keywords
instruction
module
processor
code
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610566278.4A
Other languages
Chinese (zh)
Inventor
范延滨
王正彦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao University
Original Assignee
Qingdao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao University filed Critical Qingdao University
Priority to CN201610566278.4A priority Critical patent/CN106250099A/en
Publication of CN106250099A publication Critical patent/CN106250099A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information

Abstract

The invention discloses the processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm, belong to integrated circuit, microprocessor and field of information security technology.Described reading instruction module is connected with instruction decryption module;Described instruction decryption module is connected with Instruction decoding module;Described Instruction decoding module is connected with performing instruction module;Described instruction decryption module comprises deciphering module group, clear crytpographic key, cipher instruction, module option code, plain code instruction;The instruction of described clear crytpographic key, cipher instruction, module option code, plain code is connected with deciphering module group respectively.Achieve the function that processor " directly performs encrypted instruction ", reached processor instruction and performed the safety of level;Program safety, data safety, communication security, execution safety, anti-virus, intellectual property protection etc. can be realized.

Description

A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm
Technical field
The present invention relates to integrated circuit, microprocessor and field of information security technology, be specifically related to a kind of fixing deciphering and calculate The processor architecture directly performing encrypted instruction of method.
Background technology
Relative words are defined as follows for the ease of reading and understanding: machine code is the finger that finger processor can directly perform Make binary code;Undefined machine code refers to the binary code not included in processor instruction system;Instruction refers to process Device performs the operation that machine code is capable of, instruction and machine code one_to_one corresponding;Encrypted machine code is referred to close machine code; Encrypted executable program is referred to close executable program;Cipher instruction refers to encrypted instruction;Plain code instruction refers to close The instruction that processor after code instruction is decrypted, existing can directly perform.
Summary processor architecture, its storage organization includes von Neumann structure and Harvard structure, and instruction system includes complexity Instruction set (CISC) and reduced instruction set computer (RISC), each class processor has the instruction system of oneself, and instruction operation is to pass through Pipeline organization realizes.In streamline (including three class pipeline and more stages streamline), all can include reading instruction mould Block and Instruction decoding module.In existing processor architecture, processor directly read from internal memory/caching machine code is held OK, one section of program can run (such as WORD can run on different PCs) on same architecture processor;If processor Read from internal memory/caching is undefined machine code, then processor just cannot perform this machine code and report an error.Namely Saying, if carrying close machine code (may become undefined machine code or mistake machine code after machine code encryption), processor is the most not Can perform or mistake performs, the most existing processor does not provide the security mechanism of instruction execution stage.The performance of processor Improve and mainly include that it performs speed, storage speed and Function Extension etc..Survey information safety, information security mainly includes entity Safety, operation safety, data safety and management four aspects of safety, these aspects are all the information security machines outside processor System, all performs instruction mode with processor unrelated.
Existing three class pipeline topology example: as it is shown in figure 1, during normal flowing water, a clock completes an instruction Perform.Processor performs the process of instruction: processor is first by reading instruction module read machine code from internal memory/caching, so After by Instruction decoding module to machine code decode, finally by perform instruction module complete command function.
In sum, under current processor architecture, information security system mainly uses licence, password, software The measures such as encryption, all of security mechanism is all not directed to processor and performs the safety of instruction-level, is all built upon processor On the basis of itself being safety, institute's research contents all concentrates on the communication security outside processor, data safely etc..
Summary of the invention
For the problems referred to above, the technical problem to be solved in the present invention is to provide a kind of rational in infrastructure, safe and reliable, realization letter Just the processor architecture directly performing encrypted instruction based on fixing decipherment algorithm.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm of the present invention, it comprises reading and refers to Make module, instruction decryption module, Instruction decoding module, perform instruction module;Described reading instruction module and instruction decryption mould Block connects;Described instruction decryption module is connected with Instruction decoding module;Described Instruction decoding module and execution instruction module Connect;Described instruction decryption module comprises deciphering module group, clear crytpographic key, cipher instruction, module option code, plain code instruction; Described clear crytpographic key, cipher instruction, module option code are connected with deciphering module group respectively;Described deciphering module group and plain code Instruction connects.
Described deciphering module group can include that multiple decipherment algorithm is (such as arithmetical operation AES, logical operations encryption Algorithm etc.), a certain decipherment algorithm can be selected to use by module option code;Deciphering module group can also operate in direct-connected shape State, i.e. operates in non-decrypted state, and this is also default conditions;By default, system can run unencrypted configuration journey Sequence, it is achieved to clear crytpographic key and the configuration etc. of module option code;Cipher instruction is that the instruction after encryption (namely carries close machine Code), can read in by command length, once one cipher instruction of deciphering, it is also possible to by block reading, once decipher a plurality of password and refer to Make and cache;Plain code instruction is the output after the deciphering of deciphering module group, i.e. machine code.
Processor based on present invention design performs the process of instruction: in execution process instruction, designs based on the present invention The binary program code performed by processor be all to have added close machine code, i.e. carry close machine code.Processor is first by reading Instruction fetch module reads the close machine code of band from memorizer, then by instruction decryption module to carrying the deciphering of close machine code to obtain machine Code, then by Instruction decoding module, machine code is decoded, the function of an instruction machine code is finally completed by execution instruction module.? In program development, this mode of program development having no effect on user and method, user uses existing general as beforely Computer language (such as C language etc.) coding also uses corresponding universal compiler to generate general executable program.Afterwards, use Rerun a corresponding encryption software at family, re-uses general executable program and a certain solution selected in deciphering module The corresponding AES of close algorithm is encrypted generation and carries close executable program, and the close executable program of this band is exactly by the present invention The program run of the processor that produced of processor architecture, it is achieved that to the direct execution having added close program.
The design of processor based on the present invention: the present invention, mainly in existing processor, reads instruction at it An instruction decryption module is added between instruction module and Instruction decoding module, it is also possible to reading before module or reading Instruction module and instruction decryption module are merged into a module or instruction decryption module and Instruction decoding module are merged into one Individual module;A level decryption water operation is with the addition of, it is achieved that the function of " directly performing encrypted instruction " in pile line operation, Reach processor instruction and perform the safety of level;Therefore, processor based on present invention design will not change existing process The instruction system of device, it is achieved that the maximum compatibility to existing processor.
Beneficial effects of the present invention: achieve the program safety performing level from processor;Program safety, data can be realized Safety, communication security, execution safety, anti-virus, intellectual property protection etc..
Accompanying drawing explanation
For ease of explanation, the present invention is embodied as and accompanying drawing is described in detail by following.
Fig. 1 is the structural representation of background technology;
Fig. 2 is the structural representation of the present invention;
Fig. 3 is the function structure chart instructing deciphering module in the present invention;
In figure:
Read instruction module 1, instruction decryption module 2, Instruction decoding module 3, perform instruction module 4, deciphering module group 21, Clear crytpographic key 22, cipher instruction 23, module option code 24, plain code instruction 25.
Detailed description of the invention
As shown in Figure 2 to Figure 3, this detailed description of the invention is by the following technical solutions: it comprises reading instruction module 1, refers to Make deciphering module 2, Instruction decoding module 3, perform instruction module 4;Described reading instruction module 1 is with instruction decryption module 2 even Connect;Described instruction decryption module 2 is connected with Instruction decoding module 3;Described Instruction decoding module 3 and execution instruction module 4 Connect;Described instruction decryption module 2 comprise deciphering module group 21, clear crytpographic key 22, cipher instruction 23, module option code 24, Plain code instruction 25;Described clear crytpographic key 22, cipher instruction 23, module option code 24 are connected with deciphering module group 21 respectively;Institute The deciphering module group 21 stated is connected with plain code instruction 25.
Described deciphering module group 21 can include that multiple decipherment algorithm is (as arithmetical operation AES, logical operations add Close algorithm etc.), a certain decipherment algorithm can be selected to use by module option code 24;Deciphering module group 21 can also operate in directly Even state, i.e. operates in and does not do decrypted state, and this is also default conditions;By default, system can be run unencrypted Configurator, it is achieved to clear crytpographic key and the configuration etc. of module option code;Cipher instruction 23 is i.e. to carry close machine code, can be by finger Make length read in, once decipher a cipher instruction, it is also possible to read in by block, once decipher a plurality of cipher instruction and cache;Bright Code instruction 25 is the machine code after the deciphering of deciphering module group.
This detailed description of the invention, mainly in existing processor design, reads instruction module 1 at it and translates with instruction An instruction decryption module 2 is added between code module 3;A level decryption water operation is with the addition of in pile line operation, it is achieved that The function " directly performing encrypted instruction ", has reached processor instruction and has performed the safety of level;Therefore, design based on the present invention Processor will not change the instruction system of existing processor, it is achieved that maximum compatible to existing processor.
This detailed description of the invention processor performs the process of instruction: in execution process instruction, based on present invention design Binary program code performed by processor is to carry close machine code.Processor is first by reading instruction module 1 from memorizer Read and carry close machine code, then by instruction decryption module 2 to carrying the deciphering of close machine code to obtain machine code, then by Instruction decoding module 3 pairs of machine code decodings, are finally completed the function of an instruction machine code by execution instruction module 4.In program development, Yong Huyi As previously used existing UNCOL (such as C language etc.) coding and using corresponding universal compiler to generate General executable program.Afterwards, user is reruned a corresponding encryption software, re-uses general executable program and deciphers The corresponding AES of a certain decipherment algorithm selected in module 21 is encrypted generation and carries close executable program, this band Close executable program is exactly the program that the processor produced by the processor architecture of the present invention is run, it is achieved that close to having added Program directly perform.
The beneficial effect of this detailed description of the invention: achieve the program safety performing level from processor;Program can be realized Safety, data safety, communication security, execution safety, anti-virus, intellectual property protection etc..
The ultimate principle of the present invention and principal character and advantages of the present invention have more than been shown and described.The skill of the industry The art personnel simply explanation it should be appreciated that the present invention is not restricted to the described embodiments, described in above-described embodiment and description The principle of the present invention, without departing from the spirit and scope of the present invention, the present invention also has various changes and modifications, these Changes and improvements both fall within scope of the claimed invention.Claimed scope by appending claims and Its equivalent defines.

Claims (4)

1. the processor architecture directly performing encrypted instruction of a fixing decipherment algorithm, it is characterised in that it comprises reading and refers to Make module, instruction decryption module, Instruction decoding module, perform instruction module;Described reading instruction module and instruction decryption mould Block connects;Described instruction decryption module is connected with Instruction decoding module;Described Instruction decoding module and execution instruction module Connect;Described instruction decryption module comprises deciphering module group, clear crytpographic key, cipher instruction, module option code, plain code instruction; Described clear crytpographic key, cipher instruction, module option code are connected with deciphering module group respectively;Described deciphering module group and plain code Instruction connects.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm the most according to claim 1, its It is characterised by the design of processor based on the present invention: main in existing processor architecture, reads instruction mould at it An instruction decryption module is added between instruction module and Instruction decoding module, it is also possible to reading is referred to before block or reading Module and instruction decryption module is made to merge into a module or instruction decryption module and Instruction decoding module are merged into one Module;In pile line operation, with the addition of a level decryption water operation, it is achieved that the function of " directly performing encrypted instruction ", reach Arrive processor instruction and perform the safety of level;Therefore, processor based on present invention design will not change existing processor Instruction system, it is achieved that maximum compatible to existing processor.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm the most according to claim 1, its It is characterised by the process performing instruction of processor based on the present invention: the first instruction system of its compatible existing processor, only It can perform to carry close executable program to need that general executable program is encrypted production.In execution process instruction, first From memorizer, the close machine code of band is read, then by instruction decryption module to carrying the deciphering of close machine code to obtain by reading instruction module Machine code, then by Instruction decoding module, machine code is decoded, the merit of an instruction machine code is finally completed by execution instruction module Energy.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm the most according to claim 1, its It is characterised by programming and the running of processor based on the present invention: in program development, have no effect on the journey of user The mode of sequence exploitation and method, user uses existing UNCOL coding as beforely and uses corresponding Universal compiler generate general executable program, afterwards, user rerun a corresponding encryption software to its encrypt, to general Executable program re-uses the AES corresponding with a certain decipherment algorithm selected in deciphering module and is encrypted life Becoming to carry close executable program, the close executable program of this band is exactly that the processor produced by the processor architecture of the present invention is run Program, it is achieved that to the direct execution having added close program.
CN201610566278.4A 2016-07-18 2016-07-18 A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm Pending CN106250099A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610566278.4A CN106250099A (en) 2016-07-18 2016-07-18 A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610566278.4A CN106250099A (en) 2016-07-18 2016-07-18 A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm

Publications (1)

Publication Number Publication Date
CN106250099A true CN106250099A (en) 2016-12-21

Family

ID=57613455

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610566278.4A Pending CN106250099A (en) 2016-07-18 2016-07-18 A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm

Country Status (1)

Country Link
CN (1) CN106250099A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1298143A (en) * 1999-11-30 2001-06-06 北京汇冠科技有限公司 Cipher keyboard and its data baking device and security method
CN1538656A (en) * 2003-09-29 2004-10-20 智慧第一公司 Method and apparatus for performing microprocessor block cipher coding decoding
CN102981428A (en) * 2012-10-29 2013-03-20 天津大学 Microcontroller order protection structure based on security application and encryption and decryption method thereof
CN103559045A (en) * 2013-11-21 2014-02-05 青岛大学 Hardware real-time operation system
US20160104011A1 (en) * 2010-05-25 2016-04-14 Via Technologies, Inc. Microprocessor with on-the-fly switching of decryption keys

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1298143A (en) * 1999-11-30 2001-06-06 北京汇冠科技有限公司 Cipher keyboard and its data baking device and security method
CN1538656A (en) * 2003-09-29 2004-10-20 智慧第一公司 Method and apparatus for performing microprocessor block cipher coding decoding
US20160104011A1 (en) * 2010-05-25 2016-04-14 Via Technologies, Inc. Microprocessor with on-the-fly switching of decryption keys
CN102981428A (en) * 2012-10-29 2013-03-20 天津大学 Microcontroller order protection structure based on security application and encryption and decryption method thereof
CN103559045A (en) * 2013-11-21 2014-02-05 青岛大学 Hardware real-time operation system

Similar Documents

Publication Publication Date Title
TWI705352B (en) Keyed-hash message authentication code processors, methods, systems, and instructions
Zhang et al. HCIC: Hardware-assisted control-flow integrity checking
Protzenko et al. Formally verified cryptographic web applications in webassembly
CN109981252B (en) Artificial intelligence processor security enhancement system and method based on key path encryption
CN105095772A (en) Method and apparatus for securely saving and restoring the state of a computing platform
US20100058477A1 (en) System and method for revising boolean and arithmetic operations
CN110210190A (en) A kind of Code obfuscation method based on secondary compilation
WO2021129714A1 (en) Intermediate code encryption method based on fully homomorphic encryption technology, and ciphertext virtual machine system
TW201723804A (en) Secure modular exponentiation processors, methods, systems, and instructions
CN106789006A (en) A kind of decryption method and system
CN104268444A (en) Cloud OS Java source code protection method
Jin et al. Exposing vulnerabilities of untrusted computing platforms
US10296765B2 (en) Multi-level security enforcement
Ahman et al. Recalling a witness: foundations and applications of monotonic state
CN109492418A (en) A kind of safe encrypting and deciphering system of general dsp based on aes algorithm
Kuang et al. Exploiting dynamic scheduling for VM-based code obfuscation
JP2005216027A (en) Encryption device, encryption system therewith, decryption device and semiconductor system therewith
Zhang et al. A hybrid-CPU-FPGA-based solution to the recovery of sha256crypt-hashed passwords
CN106250099A (en) A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm
CN108932436A (en) A kind of software security reinforcement means of APP specification based on android system
EP4264874A1 (en) Privacy-enhanced computation via sequestered encryption
CN114692223A (en) ISA support for programming hardware over untrusted links
CN113158203A (en) SOC chip, circuit and external data reading and writing method of SOC chip
CN112906073A (en) Method for realizing block chain secret calculation general model
Coniglio Combining program synthesis and symbolic execution to deobfuscate binary code

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20161221

WD01 Invention patent application deemed withdrawn after publication