CN106250099A - A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm - Google Patents
A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm Download PDFInfo
- Publication number
- CN106250099A CN106250099A CN201610566278.4A CN201610566278A CN106250099A CN 106250099 A CN106250099 A CN 106250099A CN 201610566278 A CN201610566278 A CN 201610566278A CN 106250099 A CN106250099 A CN 106250099A
- Authority
- CN
- China
- Prior art keywords
- instruction
- module
- processor
- code
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims description 12
- 238000013461 design Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 4
- 230000002155 anti-virotic effect Effects 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 7
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 239000012141 concentrate Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Abstract
The invention discloses the processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm, belong to integrated circuit, microprocessor and field of information security technology.Described reading instruction module is connected with instruction decryption module;Described instruction decryption module is connected with Instruction decoding module;Described Instruction decoding module is connected with performing instruction module;Described instruction decryption module comprises deciphering module group, clear crytpographic key, cipher instruction, module option code, plain code instruction;The instruction of described clear crytpographic key, cipher instruction, module option code, plain code is connected with deciphering module group respectively.Achieve the function that processor " directly performs encrypted instruction ", reached processor instruction and performed the safety of level;Program safety, data safety, communication security, execution safety, anti-virus, intellectual property protection etc. can be realized.
Description
Technical field
The present invention relates to integrated circuit, microprocessor and field of information security technology, be specifically related to a kind of fixing deciphering and calculate
The processor architecture directly performing encrypted instruction of method.
Background technology
Relative words are defined as follows for the ease of reading and understanding: machine code is the finger that finger processor can directly perform
Make binary code;Undefined machine code refers to the binary code not included in processor instruction system;Instruction refers to process
Device performs the operation that machine code is capable of, instruction and machine code one_to_one corresponding;Encrypted machine code is referred to close machine code;
Encrypted executable program is referred to close executable program;Cipher instruction refers to encrypted instruction;Plain code instruction refers to close
The instruction that processor after code instruction is decrypted, existing can directly perform.
Summary processor architecture, its storage organization includes von Neumann structure and Harvard structure, and instruction system includes complexity
Instruction set (CISC) and reduced instruction set computer (RISC), each class processor has the instruction system of oneself, and instruction operation is to pass through
Pipeline organization realizes.In streamline (including three class pipeline and more stages streamline), all can include reading instruction mould
Block and Instruction decoding module.In existing processor architecture, processor directly read from internal memory/caching machine code is held
OK, one section of program can run (such as WORD can run on different PCs) on same architecture processor;If processor
Read from internal memory/caching is undefined machine code, then processor just cannot perform this machine code and report an error.Namely
Saying, if carrying close machine code (may become undefined machine code or mistake machine code after machine code encryption), processor is the most not
Can perform or mistake performs, the most existing processor does not provide the security mechanism of instruction execution stage.The performance of processor
Improve and mainly include that it performs speed, storage speed and Function Extension etc..Survey information safety, information security mainly includes entity
Safety, operation safety, data safety and management four aspects of safety, these aspects are all the information security machines outside processor
System, all performs instruction mode with processor unrelated.
Existing three class pipeline topology example: as it is shown in figure 1, during normal flowing water, a clock completes an instruction
Perform.Processor performs the process of instruction: processor is first by reading instruction module read machine code from internal memory/caching, so
After by Instruction decoding module to machine code decode, finally by perform instruction module complete command function.
In sum, under current processor architecture, information security system mainly uses licence, password, software
The measures such as encryption, all of security mechanism is all not directed to processor and performs the safety of instruction-level, is all built upon processor
On the basis of itself being safety, institute's research contents all concentrates on the communication security outside processor, data safely etc..
Summary of the invention
For the problems referred to above, the technical problem to be solved in the present invention is to provide a kind of rational in infrastructure, safe and reliable, realization letter
Just the processor architecture directly performing encrypted instruction based on fixing decipherment algorithm.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm of the present invention, it comprises reading and refers to
Make module, instruction decryption module, Instruction decoding module, perform instruction module;Described reading instruction module and instruction decryption mould
Block connects;Described instruction decryption module is connected with Instruction decoding module;Described Instruction decoding module and execution instruction module
Connect;Described instruction decryption module comprises deciphering module group, clear crytpographic key, cipher instruction, module option code, plain code instruction;
Described clear crytpographic key, cipher instruction, module option code are connected with deciphering module group respectively;Described deciphering module group and plain code
Instruction connects.
Described deciphering module group can include that multiple decipherment algorithm is (such as arithmetical operation AES, logical operations encryption
Algorithm etc.), a certain decipherment algorithm can be selected to use by module option code;Deciphering module group can also operate in direct-connected shape
State, i.e. operates in non-decrypted state, and this is also default conditions;By default, system can run unencrypted configuration journey
Sequence, it is achieved to clear crytpographic key and the configuration etc. of module option code;Cipher instruction is that the instruction after encryption (namely carries close machine
Code), can read in by command length, once one cipher instruction of deciphering, it is also possible to by block reading, once decipher a plurality of password and refer to
Make and cache;Plain code instruction is the output after the deciphering of deciphering module group, i.e. machine code.
Processor based on present invention design performs the process of instruction: in execution process instruction, designs based on the present invention
The binary program code performed by processor be all to have added close machine code, i.e. carry close machine code.Processor is first by reading
Instruction fetch module reads the close machine code of band from memorizer, then by instruction decryption module to carrying the deciphering of close machine code to obtain machine
Code, then by Instruction decoding module, machine code is decoded, the function of an instruction machine code is finally completed by execution instruction module.?
In program development, this mode of program development having no effect on user and method, user uses existing general as beforely
Computer language (such as C language etc.) coding also uses corresponding universal compiler to generate general executable program.Afterwards, use
Rerun a corresponding encryption software at family, re-uses general executable program and a certain solution selected in deciphering module
The corresponding AES of close algorithm is encrypted generation and carries close executable program, and the close executable program of this band is exactly by the present invention
The program run of the processor that produced of processor architecture, it is achieved that to the direct execution having added close program.
The design of processor based on the present invention: the present invention, mainly in existing processor, reads instruction at it
An instruction decryption module is added between instruction module and Instruction decoding module, it is also possible to reading before module or reading
Instruction module and instruction decryption module are merged into a module or instruction decryption module and Instruction decoding module are merged into one
Individual module;A level decryption water operation is with the addition of, it is achieved that the function of " directly performing encrypted instruction " in pile line operation,
Reach processor instruction and perform the safety of level;Therefore, processor based on present invention design will not change existing process
The instruction system of device, it is achieved that the maximum compatibility to existing processor.
Beneficial effects of the present invention: achieve the program safety performing level from processor;Program safety, data can be realized
Safety, communication security, execution safety, anti-virus, intellectual property protection etc..
Accompanying drawing explanation
For ease of explanation, the present invention is embodied as and accompanying drawing is described in detail by following.
Fig. 1 is the structural representation of background technology;
Fig. 2 is the structural representation of the present invention;
Fig. 3 is the function structure chart instructing deciphering module in the present invention;
In figure:
Read instruction module 1, instruction decryption module 2, Instruction decoding module 3, perform instruction module 4, deciphering module group 21,
Clear crytpographic key 22, cipher instruction 23, module option code 24, plain code instruction 25.
Detailed description of the invention
As shown in Figure 2 to Figure 3, this detailed description of the invention is by the following technical solutions: it comprises reading instruction module 1, refers to
Make deciphering module 2, Instruction decoding module 3, perform instruction module 4;Described reading instruction module 1 is with instruction decryption module 2 even
Connect;Described instruction decryption module 2 is connected with Instruction decoding module 3;Described Instruction decoding module 3 and execution instruction module 4
Connect;Described instruction decryption module 2 comprise deciphering module group 21, clear crytpographic key 22, cipher instruction 23, module option code 24,
Plain code instruction 25;Described clear crytpographic key 22, cipher instruction 23, module option code 24 are connected with deciphering module group 21 respectively;Institute
The deciphering module group 21 stated is connected with plain code instruction 25.
Described deciphering module group 21 can include that multiple decipherment algorithm is (as arithmetical operation AES, logical operations add
Close algorithm etc.), a certain decipherment algorithm can be selected to use by module option code 24;Deciphering module group 21 can also operate in directly
Even state, i.e. operates in and does not do decrypted state, and this is also default conditions;By default, system can be run unencrypted
Configurator, it is achieved to clear crytpographic key and the configuration etc. of module option code;Cipher instruction 23 is i.e. to carry close machine code, can be by finger
Make length read in, once decipher a cipher instruction, it is also possible to read in by block, once decipher a plurality of cipher instruction and cache;Bright
Code instruction 25 is the machine code after the deciphering of deciphering module group.
This detailed description of the invention, mainly in existing processor design, reads instruction module 1 at it and translates with instruction
An instruction decryption module 2 is added between code module 3;A level decryption water operation is with the addition of in pile line operation, it is achieved that
The function " directly performing encrypted instruction ", has reached processor instruction and has performed the safety of level;Therefore, design based on the present invention
Processor will not change the instruction system of existing processor, it is achieved that maximum compatible to existing processor.
This detailed description of the invention processor performs the process of instruction: in execution process instruction, based on present invention design
Binary program code performed by processor is to carry close machine code.Processor is first by reading instruction module 1 from memorizer
Read and carry close machine code, then by instruction decryption module 2 to carrying the deciphering of close machine code to obtain machine code, then by Instruction decoding module
3 pairs of machine code decodings, are finally completed the function of an instruction machine code by execution instruction module 4.In program development, Yong Huyi
As previously used existing UNCOL (such as C language etc.) coding and using corresponding universal compiler to generate
General executable program.Afterwards, user is reruned a corresponding encryption software, re-uses general executable program and deciphers
The corresponding AES of a certain decipherment algorithm selected in module 21 is encrypted generation and carries close executable program, this band
Close executable program is exactly the program that the processor produced by the processor architecture of the present invention is run, it is achieved that close to having added
Program directly perform.
The beneficial effect of this detailed description of the invention: achieve the program safety performing level from processor;Program can be realized
Safety, data safety, communication security, execution safety, anti-virus, intellectual property protection etc..
The ultimate principle of the present invention and principal character and advantages of the present invention have more than been shown and described.The skill of the industry
The art personnel simply explanation it should be appreciated that the present invention is not restricted to the described embodiments, described in above-described embodiment and description
The principle of the present invention, without departing from the spirit and scope of the present invention, the present invention also has various changes and modifications, these
Changes and improvements both fall within scope of the claimed invention.Claimed scope by appending claims and
Its equivalent defines.
Claims (4)
1. the processor architecture directly performing encrypted instruction of a fixing decipherment algorithm, it is characterised in that it comprises reading and refers to
Make module, instruction decryption module, Instruction decoding module, perform instruction module;Described reading instruction module and instruction decryption mould
Block connects;Described instruction decryption module is connected with Instruction decoding module;Described Instruction decoding module and execution instruction module
Connect;Described instruction decryption module comprises deciphering module group, clear crytpographic key, cipher instruction, module option code, plain code instruction;
Described clear crytpographic key, cipher instruction, module option code are connected with deciphering module group respectively;Described deciphering module group and plain code
Instruction connects.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm the most according to claim 1, its
It is characterised by the design of processor based on the present invention: main in existing processor architecture, reads instruction mould at it
An instruction decryption module is added between instruction module and Instruction decoding module, it is also possible to reading is referred to before block or reading
Module and instruction decryption module is made to merge into a module or instruction decryption module and Instruction decoding module are merged into one
Module;In pile line operation, with the addition of a level decryption water operation, it is achieved that the function of " directly performing encrypted instruction ", reach
Arrive processor instruction and perform the safety of level;Therefore, processor based on present invention design will not change existing processor
Instruction system, it is achieved that maximum compatible to existing processor.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm the most according to claim 1, its
It is characterised by the process performing instruction of processor based on the present invention: the first instruction system of its compatible existing processor, only
It can perform to carry close executable program to need that general executable program is encrypted production.In execution process instruction, first
From memorizer, the close machine code of band is read, then by instruction decryption module to carrying the deciphering of close machine code to obtain by reading instruction module
Machine code, then by Instruction decoding module, machine code is decoded, the merit of an instruction machine code is finally completed by execution instruction module
Energy.
The processor architecture directly performing encrypted instruction of a kind of fixing decipherment algorithm the most according to claim 1, its
It is characterised by programming and the running of processor based on the present invention: in program development, have no effect on the journey of user
The mode of sequence exploitation and method, user uses existing UNCOL coding as beforely and uses corresponding
Universal compiler generate general executable program, afterwards, user rerun a corresponding encryption software to its encrypt, to general
Executable program re-uses the AES corresponding with a certain decipherment algorithm selected in deciphering module and is encrypted life
Becoming to carry close executable program, the close executable program of this band is exactly that the processor produced by the processor architecture of the present invention is run
Program, it is achieved that to the direct execution having added close program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610566278.4A CN106250099A (en) | 2016-07-18 | 2016-07-18 | A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610566278.4A CN106250099A (en) | 2016-07-18 | 2016-07-18 | A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106250099A true CN106250099A (en) | 2016-12-21 |
Family
ID=57613455
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610566278.4A Pending CN106250099A (en) | 2016-07-18 | 2016-07-18 | A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106250099A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1298143A (en) * | 1999-11-30 | 2001-06-06 | 北京汇冠科技有限公司 | Cipher keyboard and its data baking device and security method |
CN1538656A (en) * | 2003-09-29 | 2004-10-20 | 智慧第一公司 | Method and apparatus for performing microprocessor block cipher coding decoding |
CN102981428A (en) * | 2012-10-29 | 2013-03-20 | 天津大学 | Microcontroller order protection structure based on security application and encryption and decryption method thereof |
CN103559045A (en) * | 2013-11-21 | 2014-02-05 | 青岛大学 | Hardware real-time operation system |
US20160104011A1 (en) * | 2010-05-25 | 2016-04-14 | Via Technologies, Inc. | Microprocessor with on-the-fly switching of decryption keys |
-
2016
- 2016-07-18 CN CN201610566278.4A patent/CN106250099A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1298143A (en) * | 1999-11-30 | 2001-06-06 | 北京汇冠科技有限公司 | Cipher keyboard and its data baking device and security method |
CN1538656A (en) * | 2003-09-29 | 2004-10-20 | 智慧第一公司 | Method and apparatus for performing microprocessor block cipher coding decoding |
US20160104011A1 (en) * | 2010-05-25 | 2016-04-14 | Via Technologies, Inc. | Microprocessor with on-the-fly switching of decryption keys |
CN102981428A (en) * | 2012-10-29 | 2013-03-20 | 天津大学 | Microcontroller order protection structure based on security application and encryption and decryption method thereof |
CN103559045A (en) * | 2013-11-21 | 2014-02-05 | 青岛大学 | Hardware real-time operation system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI705352B (en) | Keyed-hash message authentication code processors, methods, systems, and instructions | |
Zhang et al. | HCIC: Hardware-assisted control-flow integrity checking | |
Protzenko et al. | Formally verified cryptographic web applications in webassembly | |
CN109981252B (en) | Artificial intelligence processor security enhancement system and method based on key path encryption | |
CN105095772A (en) | Method and apparatus for securely saving and restoring the state of a computing platform | |
US20100058477A1 (en) | System and method for revising boolean and arithmetic operations | |
CN110210190A (en) | A kind of Code obfuscation method based on secondary compilation | |
WO2021129714A1 (en) | Intermediate code encryption method based on fully homomorphic encryption technology, and ciphertext virtual machine system | |
TW201723804A (en) | Secure modular exponentiation processors, methods, systems, and instructions | |
CN106789006A (en) | A kind of decryption method and system | |
CN104268444A (en) | Cloud OS Java source code protection method | |
Jin et al. | Exposing vulnerabilities of untrusted computing platforms | |
US10296765B2 (en) | Multi-level security enforcement | |
Ahman et al. | Recalling a witness: foundations and applications of monotonic state | |
CN109492418A (en) | A kind of safe encrypting and deciphering system of general dsp based on aes algorithm | |
Kuang et al. | Exploiting dynamic scheduling for VM-based code obfuscation | |
JP2005216027A (en) | Encryption device, encryption system therewith, decryption device and semiconductor system therewith | |
Zhang et al. | A hybrid-CPU-FPGA-based solution to the recovery of sha256crypt-hashed passwords | |
CN106250099A (en) | A kind of directly perform encrypted instruction the processor architecture of fixing decipherment algorithm | |
CN108932436A (en) | A kind of software security reinforcement means of APP specification based on android system | |
EP4264874A1 (en) | Privacy-enhanced computation via sequestered encryption | |
CN114692223A (en) | ISA support for programming hardware over untrusted links | |
CN113158203A (en) | SOC chip, circuit and external data reading and writing method of SOC chip | |
CN112906073A (en) | Method for realizing block chain secret calculation general model | |
Coniglio | Combining program synthesis and symbolic execution to deobfuscate binary code |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161221 |
|
WD01 | Invention patent application deemed withdrawn after publication |