CN106372505A - Embedded system code attack-oriented quick recovery method - Google Patents

Embedded system code attack-oriented quick recovery method Download PDF

Info

Publication number
CN106372505A
CN106372505A CN201610705866.1A CN201610705866A CN106372505A CN 106372505 A CN106372505 A CN 106372505A CN 201610705866 A CN201610705866 A CN 201610705866A CN 106372505 A CN106372505 A CN 106372505A
Authority
CN
China
Prior art keywords
basic block
code
program
embedded system
recovery
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610705866.1A
Other languages
Chinese (zh)
Other versions
CN106372505B (en
Inventor
王翔
王维克
庞树松
赵宗民
周成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201610705866.1A priority Critical patent/CN106372505B/en
Publication of CN106372505A publication Critical patent/CN106372505A/en
Application granted granted Critical
Publication of CN106372505B publication Critical patent/CN106372505B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an embedded system code attack-oriented quick recovery method. The method comprises the following steps of 1, compiling a source program to generate a target code; 2, segmenting the target code into program basic blocks; 3, taking the program basic blocks as feature parameters of pre-extraction; 4, writing the feature parameters into a storage unit; 5, resetting a system; 6, recording the current program basic block address and carrying out zero clearing; 7, executing the current program basic block; 8, dynamically calculating a feature parameter of the current program basic block, and comparing the feature parameter with the current program basic block feature parameter pre-extracted in a feature parameter storage unit in a process; 9, if the feature parameter is consistent with the current program basic block feature parameter, carrying out backup and skipping to the next program basic block to execute the step 6, and otherwise, executing the step 10; and 10, if the abnormity number is less than a recovery granularity adjustment threshold value, adding 1 to the abnormity number and skipping to the current program basic block address to execute the step 7, and otherwise, executing the step 5. Through above steps, the method can be used for effectively detecting the embedded system code attacks and rapidly recovering the detected code attacks.

Description

A kind of quick recovery method for Embedded System Code attack
Technical field
The present invention provides a kind of quick recovery method for Embedded System Code attack, and the method is applied to embedded Among system security protection and abnormal restoring process, the robustness of embedded system can be improved.Belong to embedded system information Security technology area.
Background technology
Embedded device has obtained increasing application in daily life, more built-in terminals and widely On line interconnection make embedded system security become designer must faced by problem.Reversely divided with hardware Trojan horse implantation, chip Analysis and the hardware attack mode that circuit power consumption, voltage analysis are representative, using embedded system physical equipment as target of attack, Generally require attacker directly participate in being attacked embedded device development or can with close contact to by attack equipment, this Limit the harm of hardware attack mode to a certain extent.The software attacks mode being directed to embedded system implements more Simply, attacker is without directly contact embedded system device, the side that it is mainly downloaded by network or system bus intercepts Formula realize malicious code injection, instruction replay, data or code distort and relief area spilling, ultimately result in embedded system System collapse or the leakage of key message.The main thought of software attacks mode is exactly to destroy correctly holding of embedded program code OK.
Embedded system has the strict restriction of comparison in terms of computing capability, storage size and system power dissipation it is impossible to picture Traditional computer equally distributes part system resource dedicated for the detection of intrusion code and rogue program and protection.Embedded The integrity checking of system software code can verify whether embedded software is subject to evil in storage, transmission and running That anticipates distorting and destroying.The specialized hardware being internally integrated for code integrity inspection in flush bonding processor is embedded software The typical method of abnormality detection.This method typically requires setting confidence region inside flush bonding processor, and applies for sufficiently large Trusted storage space, in advance code instructions are imported in the trusted storage area within processor, and operationally with Instruct and compare for granularity.This detection method transfers to hardware to complete the checking process of software code it is ensured that safety Accelerate processing speed simultaneously, but be added significantly to the storage overhead of flush bonding processor chip internal.
Embedded system is detecting the processing mode after software code is maliciously distorted and destroyed and processing speed, closes It is tied to real-time and the reliability of embedded device.Most of commercialization flush bonding processor carries illegal command abnormal restoring machine System, can check before instruction execution and obtain mistake and recover pc value to the instruction making a mistake, but this mechanism cannot Differentiate executable malicious code.The common restoration methods abnormal for Embedded System Code are process heavy duties or system is multiple Position, this processing method needs to regenerate process in each recovery process or reload program image, and loaded down with trivial details is first Beginning process makes it cannot realize the fast quick-recovery to embedded system;The access of the system that increased outer flash memory of slower piece to speed Number of times, reduces systematic function;For the system recovery running to different phase generation, the system after recovery needs to return to initially State reruns all programs before an error, causes to recover larger difference it is impossible to right to the time of Error Location Recovery time after code intrusion is effectively estimated.
In sum, currently it is directed to the detection of Embedded System Code attack and quick recovery method also exists with next A little problems:
(1) for the Embedded System Code attack detection method of hardware auxiliary, the mode contrasting by instruction have impact on and is System performance, is simultaneously embedded in substantial amounts of upper storage resource of the internal trusted storage space requirement of formula processor chips, causes anxiety The waste of embedded hardware resource;
(2) common system recovery method is realized using the mode of process heavy duty or system reset, and recovery process needs many The outer flash memory of the slower piece of secondary read or write speed is initialized, and limits resume speed, reduces system recovery performance;
(3) common system recovery method realizes the recovery of all hierarchical process, this section by fixing backup node Point is normally provided as the bootstrap loader of embedded system, and the system after recovery needs to return to original state and reruns one All programs before error are it is impossible to realize the dynamic renewal of backup, recovery nodes it is difficult to realize code is estimated recovery time Meter.
Content of the invention
1. goal of the invention
For the problems referred to above, the present invention provides a kind of quick recovery method for Embedded System Code attack.We Embedded code is divided into multiple program basic blocks by method, with program basic block for comparing granularity, runs letter with program basic block The compression hashed value of breath is to compare the safety detection that characteristic parameter carries out embedded program code, and comparison number of times is greatly reduced, It is effectively saved for hardware resource on the piece of storage.For recovery after under attack for the code, fast quick-recovery granularity is set and adjusts Section threshold value, takes varigrained the fast restoring tactics according to the frequency of abnormity of present procedure basic block, it is right to be greatly reduced The access times of the outer flash memory of the piece of embedded system speed bottle-neck, realize the dynamic renewal of system backup, recovery nodes, Ke Yiyou Effect estimates instantaneous recovery time, realizes the fast quick-recovery after being subject to code under attack.
2. technical scheme
Specifically, the invention provides a kind of quick recovery method for Embedded System Code attack, the method Comprise the following steps:
Step 1, the compiling of user's source program, link generate object code;
Step 2, with the jump instruction in object code as border, object code is divided into program basic block;
Step 3, is compressed to the object code in each program basic block calculating, obtains the pressure of each program basic block Contracting hashed value, as the characteristic parameter during the user program operation of preextraction;
Step 4, the characteristic parameter during the user program operation that preextraction is arrived writes the feature ginseng within processor Number memory element;
Step 5, reset embedded system is initialized, and system flash memory from piece runs bootloader bootstrap, By user program code, from piece, flash memory is copied to the outer random access memory of piece, and jumps to user program initial address (the One program basic block initial address) place's operation;
Step 6, record present procedure basic block initial address message (IAM) and from by present procedure basic block frequency of abnormity reset;
Step 7, executes the basic block code of present procedure;
Step 8, counts using the calculation of characteristic parameters unit (separately applying for a patent) within the processor of special exploitation is dynamic Calculate the basic block code of present procedure characteristic parameter, and with processor internal feature parameter storage unit preextraction work as future Sequence basic block characteristic parameter is compared verification;
Step 9, if comparison result is consistent, will be standby for the data in each for current processor register value and running memory space Part is to archive memory space, and jumps to next program basic block initial address, then execution step 6;If comparing inconsistent, Then execution step 10;
Step 10, if the recovery granularity that current frequency of abnormity is less than user preset adjusts threshold value, by archive memory space In data recovery in each depositor of processor and running memory space, present procedure basic block frequency of abnormity adds 1, and again Jump to present procedure basic block initial address, then execution step 7;If current frequency of abnormity is not less than the recovery of user preset Granularity adjusts threshold value, then execution step 5, until user program operation finishes.
Wherein, during described in step 1 " compiling of user's source program, link generate object code ", in order to In the minimizing program basic block running of limits, running memory backup, the time complexity recovering, need in link script The address of middle fixed code section, data segment and stack segment, and strictly limit the length of each program segment.
Wherein, the process of described in step 3 " object code in each program basic block being compressed calculate " In it is contemplated that each program basic block code middle finger makes quantity different, adopt with random length sequence for inputting, with regular length One-way hash function for output realizes the compression calculating to program basic block object code.
Wherein, described in step 8 " characteristic parameter of the basic block code of dynamic calculation present procedure ", need using with The compression of program in machine code basic block described in step 3 calculates identical and realizes algorithm, and by the feature in processor indoor design The fast hardware that parameter verification module realizes algorithm calculates, and then completes the characteristic parameter of preextraction and the feature ginseng of dynamic calculation The Inspection of number;For reducing realization price of hardware, accelerate hardware process speed, step 3 and step 8 Program basic block target The compression of code calculates using the lightweight hash algorithm being easy to Hardware.
Wherein, described in step 10 " recover granularity and adjust threshold value ", is used to adjust restoring embedded system starting point , for emerging program, basic block code is abnormal, attempts carrying out fast quick-recovery with program basic block for granularity, if passed through Fast quick-recovery with program basic block as granularity still cannot return to the expecting state of program several times, then can assert in step 5 From piece, user program code during user program code copies to the outer random access memory of piece is received exception by flash memory Distort, merely the code in random access memory from piece cannot the recovery to embedded system for the degree of realization, need execute step Rapid 5 again from piece flash memory load user program code.
By above step, a kind of quick recovery method for Embedded System Code attack that the present invention provides is permissible Realize the effective detection that Embedded System Code is attacked, the quick of embedded system can be realized to the code intrusion detecting Recover.
3. advantage and effect
The beneficial functional of the present invention is:
The present invention is to provide a kind of quick recovery method for Embedded System Code attack.This method is with embedded Program basic block is granularity, carries out safety detection with the compression hashed value of program basic block operation information for comparing characteristic parameter, Decrease comparison number of times, saved storage hardware resource on processor piece, by hard-wired upper calculation of characteristic parameters school Test module, can quickly and accurately find the exception in embedded code.After code is detected by abnormal aggression, the method Threshold value can be adjusted by default fast quick-recovery granularity recovery process is controlled, take varigrained fast quick-recovery plan Slightly, decrease the access times to the outer flash memory of piece for the embedded system, accelerate resume speed, system can also be realized standby simultaneously Part, the dynamic renewal of recovery nodes, can effectively estimate instantaneous recovery time.
(1) detection method that the Embedded System Code of hardware auxiliary is attacked is optimized, and employs program generation Code is divided into program basic block, and the method for verification of being compared using program basic block code lightweight Hash Value is significantly subtracted Lack code integrity detection number of times, improve detection speed, saved the embedded system hardware resource of anxiety;
(2) thought dividing program code follow procedure basic block is applied in the abnormal fast quick-recovery of program code, right Abnormal in newfound program basic block, from piece high-speed random access memory carry out quick with program basic block as granularity Recover, need not the multiple slower piece of reading speed flash memory loading system outward, significantly accelerate the reparation speed of abnormal program code, Achieve the abnormal fast quick-recovery of program code;
(3) quick recovery method with program basic block as granularity achieves the dynamic renewal of program backup, recovery nodes, The backup of program basic block and recovery nodes can move forward with the correct operation of program, and user can be to abnormality processing and extensive Complex velocity is effectively estimated;
Brief description
Fig. 1 is the operational flowchart of the method for the invention.
Fig. 2 is embodiment hardware block diagram of the present invention.
Fig. 3 is embodiment software flow pattern of the present invention.
Code name in Fig. 2, Fig. 3 is described as follows:
Flash is the outer flash memory of piece, and carry on embedded system bus, is characterized in that storage content power down is non-volatile, reads Write access speed is slower;Ram is the outer random access memory of piece, and carry, on embedded system bus, is characterized in storage Lose after content power down, read and write access speed;Custom processor is the processor after custom-modification, supports The functions such as processor internal preextraction characteristic parameter storage, characteristic parameter hardware dynamic calculate, characteristic parameter verification (are separately applied for Patent).
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in detail, but not as a limitation of the invention.
A kind of quick recovery method for Embedded System Code attack of the present invention, as shown in figure 1, the method includes tool Body implementation steps are as follows:
Step 1, user's source program code is passed through compiling, link generates object code, in order to reduce program basic block fortune The backup of running memory, recovery time during row, need the ground of fixed code section, data segment and stack segment in link script Location, and strictly limit the length of each program segment;
Step 2, with the jump instruction in object code as border, object code is divided into several program basic blocks;
Step 3, is compressed to the object code in each program basic block calculating using lightweight hash algorithm, obtains The compression hashed value of each program basic block, as the characteristic parameter in program operation process;
Step 4, the characteristic parameter during preextraction user program operation out is write the feature within processor Parameter storage unit;
Step 5, resets to embedded system and initializes, and from piece, flash memory runs bootloader bootstrap, will User program code copies are to the outer random access memory of piece, and (first program is basic to jump to user program initial address Block initial address) place's operation;
Step 6, present procedure basic block frequency of abnormity is simultaneously reset by record present procedure basic block initial address message (IAM);
Step 7, executes present procedure basic block program code;
Step 8, basic using the calculation of characteristic parameters unit dynamic calculation present procedure within the processor of special exploitation The characteristic parameter of block code, and with the present procedure basic block characteristic parameter that prestores in processor internal feature parameter storage unit Compare verification.The dynamic calculation of described program basic block code characteristic parameter needs to adopt and program described in step 3 Basic block code compaction calculates identical and realizes algorithm, and is realized by the characteristic parameter correction verification module in processor indoor design The fast hardware of algorithm calculates, so complete characteristic parameter that the characteristic parameter of preextraction is calculated with hardware dynamic compare school Test.The lightweight hash algorithm that the compression of step 3 and step 8 Program basic block object code calculates using being easy to Hardware is real Existing;
Step 9, if comparison result is consistent, will be standby for the data in each for current processor register value and running memory space Part is to archive memory space, and jumps to next program basic block initial address, then execution step 6;If comparing inconsistent, Then execution step 10;
Step 10, if the recovery granularity that the frequency of abnormity of present procedure basic block is less than user preset adjusts threshold value, will To in each register value of processor and running memory space, current frequency of abnormity adds 1 to data recovery in archive memory space, and Again present procedure basic block initial address, then execution step 7 are jumped to;If current frequency of abnormity is not less than user preset Recover granularity and adjust threshold value, then execution step 5, until user program operation finishes.Described " recover granularity and adjust threshold value " is It is used for adjusting restoring embedded system starting point, basic block code is abnormal for emerging program, attempt with program basic block Carry out fast quick-recovery for granularity, if program still cannot be returned to by the repeatedly fast quick-recovery with program basic block as granularity Expecting state, then can assert step 5 from piece flash memory by user program code copies to the outer random access memory mistake of piece In journey user program code receive abnormal distort, merely the code in random access memory from piece cannot degree of realization to embedding The recovery of embedded system, flash memory from piece loads user program code again to need execution step 5.
By above step, a kind of quick recovery method for Embedded System Code attack that the present invention provides is permissible Realize the effective detection that Embedded System Code is attacked, the quick of embedded system can be realized to the code intrusion detecting Recover.
Fig. 2 and Fig. 3 is a kind of hardware block diagram of embodiment and the software flow pattern of the present invention respectively, below with As a example openrisc processor platform, enumerate the quickly extensive for Embedded System Code attack of the present invention in conjunction with Fig. 2 and Fig. 3 A kind of embodiment of compound recipe method.The quick recovery method attacked for Embedded System Code in this embodiment includes:
Step 1, is entered to user's source program code using the compatible compiler of openrisc processor instruction set and linker Row compiling, link, generate binary object code file, run to reduce in subsequent step Program basic block running Memory Backup and the time recovered, need the address of fixed code section, data segment and stack segment in link script, and strictly limit Make the length of each program segment;
Step 2, inquires about openrisc processor instruction set, with the jump instruction in instruction set as border, by object code It is divided into several program basic blocks;
Step 3, is carried out to the object code in each program basic block using the lightweight hash algorithm being easy to Hardware Compression calculates, and obtains the compression hashed value of each program basic block, as the characteristic parameter in program operation process;
Step 4, builds the embedded system hardware platform based on openrisc processor, and the user by offline preextraction Characteristic parameter in program operation process writes the characteristic parameter memory element within processor, as shown in Figure 2.In the present embodiment Hardware minimum system include custom-modification after openrisc processor, the wishbone of compatible openrisc processor interface The outer flash of standard system bus, the piece and outer ram of piece.Described " the openrisc processor after custom-modification " includes processor Streamline, processor state controller, program backup, recovery controller, characteristic parameter memory element and characteristic parameter calibration mode Block;
Step 5, carries out reset initialization to the openrisc processor platform of the present embodiment, runs from flash Bootloader bootstrap, by user program code copies ram, and jumps to the user program initial address (in ram One program basic block initial address) place brings into operation software program as shown in Figure 3;
Step 6, present procedure basic block frequency of abnormity is simultaneously reset by record present procedure basic block initial address message (IAM);
Step 7, executes present procedure basic block program code;
Step 8, current using the characteristic parameter correction verification module dynamic calculation within the openrisc processor of custom-modification The characteristic parameter of the basic block code of program, and basic with the present procedure of preextraction in processor internal feature parameter storage unit Block feature parameter is compared verification.
Step 9, if comparison result is consistent, will be standby for the data in each for current processor register value and running memory space Part is to archive memory space, and jumps to next program basic block initial address, then execution step 6;If comparing inconsistent, Then execution step 10;
Step 10, if the recovery granularity that the frequency of abnormity of present procedure basic block is less than user preset adjusts threshold value, will To in each register value of processor and running memory space, current frequency of abnormity adds 1 to data recovery in archive memory space, and Again present procedure basic block initial address, then execution step 7 are jumped to;If current frequency of abnormity is not less than user preset Recover granularity and adjust threshold value, then execution step 5, until user program operation finishes.
The present invention also can have other various embodiments, in the case of without departing substantially from present invention spirit and its essence, is familiar with this The technical staff in field can make various corresponding changes according to the present invention and deform, but these corresponding changes and deformation all belong to Protection domain in appended claims of the invention.

Claims (5)

1. a kind of quick recovery method for Embedded System Code attack it is characterised in that: the method comprises the following steps:
Step 1, the compiling of user's source program, link generate object code;
Step 2, with the jump instruction in object code as border, object code is divided into program basic block;
Step 3, is compressed to the object code in each program basic block calculating, and the compression obtaining each program basic block dissipates Train value, as the characteristic parameter during the user program operation of preextraction;
Step 4, by preextraction to user program operation during characteristic parameter write processor within characteristic parameter deposit Storage unit;
Step 5, reset embedded system is initialized, and system flash memory from piece runs bootloader bootstrap, will use Program code flash memory from piece in family is copied to the outer random access memory of piece, and to jump to user program initial address be first Run at program basic block initial address;
Step 6, record present procedure basic block initial address message (IAM) and from by present procedure basic block frequency of abnormity reset;
Step 7, executes the basic block code of present procedure;
Step 8, using the calculation of characteristic parameters unit dynamic calculation present procedure basic block generation within the processor of special exploitation The characteristic parameter of code, and enter with the present procedure basic block characteristic parameter of preextraction in processor internal feature parameter storage unit Row Inspection;
Step 9, if comparison result is consistent, by the data backup in each for current processor register value and running memory space extremely In archive memory space, and jump to next program basic block initial address, then execution step 6;If comparing inconsistent, hold Row step 10;
Step 10, if the recovery granularity that current frequency of abnormity is less than user preset adjusts threshold value, by archive memory space To in each depositor of processor and running memory space, present procedure basic block frequency of abnormity adds 1 to data recovery, and again redirects To present procedure basic block initial address, then execution step 7;If current frequency of abnormity is not less than the recovery granularity of user preset Adjust threshold value, then execution step 5, until user program operation finishes;
By above step, it is right that a kind of quick recovery method for Embedded System Code attack that the present invention provides enables The effective detection that Embedded System Code is attacked, can realize the fast quick-recovery of embedded system to the code intrusion detecting.
2. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that: In step 1 during described " compiling of user's source program, link generate object code ", in order to reduce journey to greatest extent In sequence basic block running, running memory backup, the time complexity recovering, need fixed code section, number in link script According to the address of section and stack segment, and strictly limit the length of each program segment.
3. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that: It is contemplated that each during described in step 3 " being compressed to the object code in each program basic block calculating " Program basic block code middle finger makes quantity different, adopts with random length sequence for input, unidirectional for output with regular length Hash function is realized the compression to program basic block object code and is calculated.
4. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that: In step 8 described " characteristic parameter of the basic block code of dynamic calculation present procedure ", need to adopt and generation described in step 3 The compression of coded program basic block calculates identical and realizes algorithm, and real by the characteristic parameter correction verification module in processor indoor design The fast hardware of existing algorithm calculates, and then completes the Inspection of the characteristic parameter of preextraction and the characteristic parameter of dynamic calculation; For reducing realization price of hardware, accelerate hardware process speed, the compressometer of step 3 and step 8 Program basic block object code Calculate using the lightweight hash algorithm being easy to Hardware.
5. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that: In step 10 described " recover granularity and adjust threshold value ", it is used to adjust restoring embedded system starting point, occurs for new The basic block code of program abnormal, attempt carrying out fast quick-recovery with program basic block for granularity, if by several times with program base This block is that the fast quick-recovery of granularity still cannot return to the expecting state of program, then assert that flash memory will be used from piece in step 5 During family program code is copied to the outer random access memory of piece, user program code receives abnormal distorting, merely from piece Code in random access memory cannot the recovery to embedded system for the degree of realization, need execution step 5 again from piece dodge Deposit loading user program code.
CN201610705866.1A 2016-08-23 2016-08-23 A kind of quick recovery method for Embedded System Code attack Active CN106372505B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610705866.1A CN106372505B (en) 2016-08-23 2016-08-23 A kind of quick recovery method for Embedded System Code attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610705866.1A CN106372505B (en) 2016-08-23 2016-08-23 A kind of quick recovery method for Embedded System Code attack

Publications (2)

Publication Number Publication Date
CN106372505A true CN106372505A (en) 2017-02-01
CN106372505B CN106372505B (en) 2018-12-28

Family

ID=57878513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610705866.1A Active CN106372505B (en) 2016-08-23 2016-08-23 A kind of quick recovery method for Embedded System Code attack

Country Status (1)

Country Link
CN (1) CN106372505B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108572920A (en) * 2017-03-09 2018-09-25 上海宝存信息科技有限公司 It avoids reading the data-moving method disturbed and the device using this method
CN113039411A (en) * 2018-11-28 2021-06-25 三菱电机株式会社 Attack removal device, attack removal method, and attack removal program
CN113158184A (en) * 2021-03-03 2021-07-23 中国人民解放军战略支援部队信息工程大学 Attack script generation method based on finite state automaton and related device
CN113835926A (en) * 2021-09-15 2021-12-24 深圳壹账通智能科技有限公司 Method, device and equipment for processing abnormal event and storage medium
CN117909956A (en) * 2024-03-20 2024-04-19 山东科技大学 Hardware-assisted embedded system program control flow security authentication method
CN117931532A (en) * 2024-03-25 2024-04-26 山东科技大学 Multi-granularity recovery method for embedded system program supported by on-chip hardware

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599039A (en) * 2008-06-03 2009-12-09 华为技术有限公司 Abnormality eliminating method and device under the embedded type C language environment
CN101777103A (en) * 2003-09-18 2010-07-14 苹果公司 The method of authenticating computer program, the method that computer program is provided and device thereof
CN104866767A (en) * 2015-05-11 2015-08-26 北京航空航天大学 Embedded module of novel security mechanism
US20160098555A1 (en) * 2014-10-02 2016-04-07 Arm Limited Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101777103A (en) * 2003-09-18 2010-07-14 苹果公司 The method of authenticating computer program, the method that computer program is provided and device thereof
CN101599039A (en) * 2008-06-03 2009-12-09 华为技术有限公司 Abnormality eliminating method and device under the embedded type C language environment
US20160098555A1 (en) * 2014-10-02 2016-04-07 Arm Limited Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method
CN104866767A (en) * 2015-05-11 2015-08-26 北京航空航天大学 Embedded module of novel security mechanism

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴适: "基于二进制代码混淆的软件保护研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108572920A (en) * 2017-03-09 2018-09-25 上海宝存信息科技有限公司 It avoids reading the data-moving method disturbed and the device using this method
CN108572920B (en) * 2017-03-09 2022-04-12 上海宝存信息科技有限公司 Data moving method for avoiding read disturbance and device using same
CN113039411A (en) * 2018-11-28 2021-06-25 三菱电机株式会社 Attack removal device, attack removal method, and attack removal program
CN113158184A (en) * 2021-03-03 2021-07-23 中国人民解放军战略支援部队信息工程大学 Attack script generation method based on finite state automaton and related device
CN113158184B (en) * 2021-03-03 2023-05-19 中国人民解放军战略支援部队信息工程大学 Attack script generation method and related device based on finite state automaton
CN113835926A (en) * 2021-09-15 2021-12-24 深圳壹账通智能科技有限公司 Method, device and equipment for processing abnormal event and storage medium
CN117909956A (en) * 2024-03-20 2024-04-19 山东科技大学 Hardware-assisted embedded system program control flow security authentication method
CN117909956B (en) * 2024-03-20 2024-06-14 山东科技大学 Hardware-assisted embedded system program control flow security authentication method
CN117931532A (en) * 2024-03-25 2024-04-26 山东科技大学 Multi-granularity recovery method for embedded system program supported by on-chip hardware
CN117931532B (en) * 2024-03-25 2024-05-31 山东科技大学 Multi-granularity recovery method for embedded system program supported by on-chip hardware

Also Published As

Publication number Publication date
CN106372505B (en) 2018-12-28

Similar Documents

Publication Publication Date Title
CN106372505A (en) Embedded system code attack-oriented quick recovery method
EP3694170B1 (en) Method and device for withstanding denial-of-service attack
US10839085B1 (en) Detection and healing of vulnerabilities in computer code
US9996696B2 (en) Systems and methods to optimize execution of a software program using a type based self assembling control flow graph
CN100489805C (en) Autonomous memory checker for runtime security assurance and method therefore
US11507669B1 (en) Characterizing, detecting and healing vulnerabilities in computer code
CN105205401B (en) Trusted computer system and its trusted bootstrap method based on security password chip
CN102473223B (en) Information processing device and information processing method
US11163886B2 (en) Information handling system firmware bit error detection and correction
CN108345786B (en) Remote attestation method for software control flow integrity assisted by hardware
WO2006086301A1 (en) System and method for providing a secure boot architecture
CN114981771B (en) Memory device recoverable from network attacks and faults
JP2022009556A (en) Method for securing software codes
US10757087B2 (en) Secure client authentication based on conditional provisioning of code signature
US20120011353A1 (en) Information processing apparatus having verification capability of configuration change
Zhou et al. Hardware-assisted rootkit detection via on-line statistical fingerprinting of process execution
US8250652B1 (en) Systems and methods for circumventing malicious attempts to block the installation of security software
JP4754635B2 (en) Control flow protection mechanism
CN112115477B (en) Kernel repairing method and device, electronic equipment and storage medium
Geier et al. Compasec: a compiler-assisted security countermeasure to address instruction skip fault attacks on risc-v
CN112269996A (en) Dynamic measurement method of block chain main node-oriented active immune trusted computing platform
US8065567B1 (en) Systems and methods for recording behavioral information of an unverified component
US20180373623A1 (en) Apparatus and method for software self test
US11475170B2 (en) System and method for correction of memory errors
Peng et al. Bitmap-Based Security Monitoring for Deeply Embedded Systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant