CN106372505A - Embedded system code attack-oriented quick recovery method - Google Patents
Embedded system code attack-oriented quick recovery method Download PDFInfo
- Publication number
- CN106372505A CN106372505A CN201610705866.1A CN201610705866A CN106372505A CN 106372505 A CN106372505 A CN 106372505A CN 201610705866 A CN201610705866 A CN 201610705866A CN 106372505 A CN106372505 A CN 106372505A
- Authority
- CN
- China
- Prior art keywords
- basic block
- code
- program
- embedded system
- recovery
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an embedded system code attack-oriented quick recovery method. The method comprises the following steps of 1, compiling a source program to generate a target code; 2, segmenting the target code into program basic blocks; 3, taking the program basic blocks as feature parameters of pre-extraction; 4, writing the feature parameters into a storage unit; 5, resetting a system; 6, recording the current program basic block address and carrying out zero clearing; 7, executing the current program basic block; 8, dynamically calculating a feature parameter of the current program basic block, and comparing the feature parameter with the current program basic block feature parameter pre-extracted in a feature parameter storage unit in a process; 9, if the feature parameter is consistent with the current program basic block feature parameter, carrying out backup and skipping to the next program basic block to execute the step 6, and otherwise, executing the step 10; and 10, if the abnormity number is less than a recovery granularity adjustment threshold value, adding 1 to the abnormity number and skipping to the current program basic block address to execute the step 7, and otherwise, executing the step 5. Through above steps, the method can be used for effectively detecting the embedded system code attacks and rapidly recovering the detected code attacks.
Description
Technical field
The present invention provides a kind of quick recovery method for Embedded System Code attack, and the method is applied to embedded
Among system security protection and abnormal restoring process, the robustness of embedded system can be improved.Belong to embedded system information
Security technology area.
Background technology
Embedded device has obtained increasing application in daily life, more built-in terminals and widely
On line interconnection make embedded system security become designer must faced by problem.Reversely divided with hardware Trojan horse implantation, chip
Analysis and the hardware attack mode that circuit power consumption, voltage analysis are representative, using embedded system physical equipment as target of attack,
Generally require attacker directly participate in being attacked embedded device development or can with close contact to by attack equipment, this
Limit the harm of hardware attack mode to a certain extent.The software attacks mode being directed to embedded system implements more
Simply, attacker is without directly contact embedded system device, the side that it is mainly downloaded by network or system bus intercepts
Formula realize malicious code injection, instruction replay, data or code distort and relief area spilling, ultimately result in embedded system
System collapse or the leakage of key message.The main thought of software attacks mode is exactly to destroy correctly holding of embedded program code
OK.
Embedded system has the strict restriction of comparison in terms of computing capability, storage size and system power dissipation it is impossible to picture
Traditional computer equally distributes part system resource dedicated for the detection of intrusion code and rogue program and protection.Embedded
The integrity checking of system software code can verify whether embedded software is subject to evil in storage, transmission and running
That anticipates distorting and destroying.The specialized hardware being internally integrated for code integrity inspection in flush bonding processor is embedded software
The typical method of abnormality detection.This method typically requires setting confidence region inside flush bonding processor, and applies for sufficiently large
Trusted storage space, in advance code instructions are imported in the trusted storage area within processor, and operationally with
Instruct and compare for granularity.This detection method transfers to hardware to complete the checking process of software code it is ensured that safety
Accelerate processing speed simultaneously, but be added significantly to the storage overhead of flush bonding processor chip internal.
Embedded system is detecting the processing mode after software code is maliciously distorted and destroyed and processing speed, closes
It is tied to real-time and the reliability of embedded device.Most of commercialization flush bonding processor carries illegal command abnormal restoring machine
System, can check before instruction execution and obtain mistake and recover pc value to the instruction making a mistake, but this mechanism cannot
Differentiate executable malicious code.The common restoration methods abnormal for Embedded System Code are process heavy duties or system is multiple
Position, this processing method needs to regenerate process in each recovery process or reload program image, and loaded down with trivial details is first
Beginning process makes it cannot realize the fast quick-recovery to embedded system;The access of the system that increased outer flash memory of slower piece to speed
Number of times, reduces systematic function;For the system recovery running to different phase generation, the system after recovery needs to return to initially
State reruns all programs before an error, causes to recover larger difference it is impossible to right to the time of Error Location
Recovery time after code intrusion is effectively estimated.
In sum, currently it is directed to the detection of Embedded System Code attack and quick recovery method also exists with next
A little problems:
(1) for the Embedded System Code attack detection method of hardware auxiliary, the mode contrasting by instruction have impact on and is
System performance, is simultaneously embedded in substantial amounts of upper storage resource of the internal trusted storage space requirement of formula processor chips, causes anxiety
The waste of embedded hardware resource;
(2) common system recovery method is realized using the mode of process heavy duty or system reset, and recovery process needs many
The outer flash memory of the slower piece of secondary read or write speed is initialized, and limits resume speed, reduces system recovery performance;
(3) common system recovery method realizes the recovery of all hierarchical process, this section by fixing backup node
Point is normally provided as the bootstrap loader of embedded system, and the system after recovery needs to return to original state and reruns one
All programs before error are it is impossible to realize the dynamic renewal of backup, recovery nodes it is difficult to realize code is estimated recovery time
Meter.
Content of the invention
1. goal of the invention
For the problems referred to above, the present invention provides a kind of quick recovery method for Embedded System Code attack.We
Embedded code is divided into multiple program basic blocks by method, with program basic block for comparing granularity, runs letter with program basic block
The compression hashed value of breath is to compare the safety detection that characteristic parameter carries out embedded program code, and comparison number of times is greatly reduced,
It is effectively saved for hardware resource on the piece of storage.For recovery after under attack for the code, fast quick-recovery granularity is set and adjusts
Section threshold value, takes varigrained the fast restoring tactics according to the frequency of abnormity of present procedure basic block, it is right to be greatly reduced
The access times of the outer flash memory of the piece of embedded system speed bottle-neck, realize the dynamic renewal of system backup, recovery nodes, Ke Yiyou
Effect estimates instantaneous recovery time, realizes the fast quick-recovery after being subject to code under attack.
2. technical scheme
Specifically, the invention provides a kind of quick recovery method for Embedded System Code attack, the method
Comprise the following steps:
Step 1, the compiling of user's source program, link generate object code;
Step 2, with the jump instruction in object code as border, object code is divided into program basic block;
Step 3, is compressed to the object code in each program basic block calculating, obtains the pressure of each program basic block
Contracting hashed value, as the characteristic parameter during the user program operation of preextraction;
Step 4, the characteristic parameter during the user program operation that preextraction is arrived writes the feature ginseng within processor
Number memory element;
Step 5, reset embedded system is initialized, and system flash memory from piece runs bootloader bootstrap,
By user program code, from piece, flash memory is copied to the outer random access memory of piece, and jumps to user program initial address (the
One program basic block initial address) place's operation;
Step 6, record present procedure basic block initial address message (IAM) and from by present procedure basic block frequency of abnormity reset;
Step 7, executes the basic block code of present procedure;
Step 8, counts using the calculation of characteristic parameters unit (separately applying for a patent) within the processor of special exploitation is dynamic
Calculate the basic block code of present procedure characteristic parameter, and with processor internal feature parameter storage unit preextraction work as future
Sequence basic block characteristic parameter is compared verification;
Step 9, if comparison result is consistent, will be standby for the data in each for current processor register value and running memory space
Part is to archive memory space, and jumps to next program basic block initial address, then execution step 6;If comparing inconsistent,
Then execution step 10;
Step 10, if the recovery granularity that current frequency of abnormity is less than user preset adjusts threshold value, by archive memory space
In data recovery in each depositor of processor and running memory space, present procedure basic block frequency of abnormity adds 1, and again
Jump to present procedure basic block initial address, then execution step 7;If current frequency of abnormity is not less than the recovery of user preset
Granularity adjusts threshold value, then execution step 5, until user program operation finishes.
Wherein, during described in step 1 " compiling of user's source program, link generate object code ", in order to
In the minimizing program basic block running of limits, running memory backup, the time complexity recovering, need in link script
The address of middle fixed code section, data segment and stack segment, and strictly limit the length of each program segment.
Wherein, the process of described in step 3 " object code in each program basic block being compressed calculate "
In it is contemplated that each program basic block code middle finger makes quantity different, adopt with random length sequence for inputting, with regular length
One-way hash function for output realizes the compression calculating to program basic block object code.
Wherein, described in step 8 " characteristic parameter of the basic block code of dynamic calculation present procedure ", need using with
The compression of program in machine code basic block described in step 3 calculates identical and realizes algorithm, and by the feature in processor indoor design
The fast hardware that parameter verification module realizes algorithm calculates, and then completes the characteristic parameter of preextraction and the feature ginseng of dynamic calculation
The Inspection of number;For reducing realization price of hardware, accelerate hardware process speed, step 3 and step 8 Program basic block target
The compression of code calculates using the lightweight hash algorithm being easy to Hardware.
Wherein, described in step 10 " recover granularity and adjust threshold value ", is used to adjust restoring embedded system starting point
, for emerging program, basic block code is abnormal, attempts carrying out fast quick-recovery with program basic block for granularity, if passed through
Fast quick-recovery with program basic block as granularity still cannot return to the expecting state of program several times, then can assert in step 5
From piece, user program code during user program code copies to the outer random access memory of piece is received exception by flash memory
Distort, merely the code in random access memory from piece cannot the recovery to embedded system for the degree of realization, need execute step
Rapid 5 again from piece flash memory load user program code.
By above step, a kind of quick recovery method for Embedded System Code attack that the present invention provides is permissible
Realize the effective detection that Embedded System Code is attacked, the quick of embedded system can be realized to the code intrusion detecting
Recover.
3. advantage and effect
The beneficial functional of the present invention is:
The present invention is to provide a kind of quick recovery method for Embedded System Code attack.This method is with embedded
Program basic block is granularity, carries out safety detection with the compression hashed value of program basic block operation information for comparing characteristic parameter,
Decrease comparison number of times, saved storage hardware resource on processor piece, by hard-wired upper calculation of characteristic parameters school
Test module, can quickly and accurately find the exception in embedded code.After code is detected by abnormal aggression, the method
Threshold value can be adjusted by default fast quick-recovery granularity recovery process is controlled, take varigrained fast quick-recovery plan
Slightly, decrease the access times to the outer flash memory of piece for the embedded system, accelerate resume speed, system can also be realized standby simultaneously
Part, the dynamic renewal of recovery nodes, can effectively estimate instantaneous recovery time.
(1) detection method that the Embedded System Code of hardware auxiliary is attacked is optimized, and employs program generation
Code is divided into program basic block, and the method for verification of being compared using program basic block code lightweight Hash Value is significantly subtracted
Lack code integrity detection number of times, improve detection speed, saved the embedded system hardware resource of anxiety;
(2) thought dividing program code follow procedure basic block is applied in the abnormal fast quick-recovery of program code, right
Abnormal in newfound program basic block, from piece high-speed random access memory carry out quick with program basic block as granularity
Recover, need not the multiple slower piece of reading speed flash memory loading system outward, significantly accelerate the reparation speed of abnormal program code,
Achieve the abnormal fast quick-recovery of program code;
(3) quick recovery method with program basic block as granularity achieves the dynamic renewal of program backup, recovery nodes,
The backup of program basic block and recovery nodes can move forward with the correct operation of program, and user can be to abnormality processing and extensive
Complex velocity is effectively estimated;
Brief description
Fig. 1 is the operational flowchart of the method for the invention.
Fig. 2 is embodiment hardware block diagram of the present invention.
Fig. 3 is embodiment software flow pattern of the present invention.
Code name in Fig. 2, Fig. 3 is described as follows:
Flash is the outer flash memory of piece, and carry on embedded system bus, is characterized in that storage content power down is non-volatile, reads
Write access speed is slower;Ram is the outer random access memory of piece, and carry, on embedded system bus, is characterized in storage
Lose after content power down, read and write access speed;Custom processor is the processor after custom-modification, supports
The functions such as processor internal preextraction characteristic parameter storage, characteristic parameter hardware dynamic calculate, characteristic parameter verification (are separately applied for
Patent).
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in detail, but not as a limitation of the invention.
A kind of quick recovery method for Embedded System Code attack of the present invention, as shown in figure 1, the method includes tool
Body implementation steps are as follows:
Step 1, user's source program code is passed through compiling, link generates object code, in order to reduce program basic block fortune
The backup of running memory, recovery time during row, need the ground of fixed code section, data segment and stack segment in link script
Location, and strictly limit the length of each program segment;
Step 2, with the jump instruction in object code as border, object code is divided into several program basic blocks;
Step 3, is compressed to the object code in each program basic block calculating using lightweight hash algorithm, obtains
The compression hashed value of each program basic block, as the characteristic parameter in program operation process;
Step 4, the characteristic parameter during preextraction user program operation out is write the feature within processor
Parameter storage unit;
Step 5, resets to embedded system and initializes, and from piece, flash memory runs bootloader bootstrap, will
User program code copies are to the outer random access memory of piece, and (first program is basic to jump to user program initial address
Block initial address) place's operation;
Step 6, present procedure basic block frequency of abnormity is simultaneously reset by record present procedure basic block initial address message (IAM);
Step 7, executes present procedure basic block program code;
Step 8, basic using the calculation of characteristic parameters unit dynamic calculation present procedure within the processor of special exploitation
The characteristic parameter of block code, and with the present procedure basic block characteristic parameter that prestores in processor internal feature parameter storage unit
Compare verification.The dynamic calculation of described program basic block code characteristic parameter needs to adopt and program described in step 3
Basic block code compaction calculates identical and realizes algorithm, and is realized by the characteristic parameter correction verification module in processor indoor design
The fast hardware of algorithm calculates, so complete characteristic parameter that the characteristic parameter of preextraction is calculated with hardware dynamic compare school
Test.The lightweight hash algorithm that the compression of step 3 and step 8 Program basic block object code calculates using being easy to Hardware is real
Existing;
Step 9, if comparison result is consistent, will be standby for the data in each for current processor register value and running memory space
Part is to archive memory space, and jumps to next program basic block initial address, then execution step 6;If comparing inconsistent,
Then execution step 10;
Step 10, if the recovery granularity that the frequency of abnormity of present procedure basic block is less than user preset adjusts threshold value, will
To in each register value of processor and running memory space, current frequency of abnormity adds 1 to data recovery in archive memory space, and
Again present procedure basic block initial address, then execution step 7 are jumped to;If current frequency of abnormity is not less than user preset
Recover granularity and adjust threshold value, then execution step 5, until user program operation finishes.Described " recover granularity and adjust threshold value " is
It is used for adjusting restoring embedded system starting point, basic block code is abnormal for emerging program, attempt with program basic block
Carry out fast quick-recovery for granularity, if program still cannot be returned to by the repeatedly fast quick-recovery with program basic block as granularity
Expecting state, then can assert step 5 from piece flash memory by user program code copies to the outer random access memory mistake of piece
In journey user program code receive abnormal distort, merely the code in random access memory from piece cannot degree of realization to embedding
The recovery of embedded system, flash memory from piece loads user program code again to need execution step 5.
By above step, a kind of quick recovery method for Embedded System Code attack that the present invention provides is permissible
Realize the effective detection that Embedded System Code is attacked, the quick of embedded system can be realized to the code intrusion detecting
Recover.
Fig. 2 and Fig. 3 is a kind of hardware block diagram of embodiment and the software flow pattern of the present invention respectively, below with
As a example openrisc processor platform, enumerate the quickly extensive for Embedded System Code attack of the present invention in conjunction with Fig. 2 and Fig. 3
A kind of embodiment of compound recipe method.The quick recovery method attacked for Embedded System Code in this embodiment includes:
Step 1, is entered to user's source program code using the compatible compiler of openrisc processor instruction set and linker
Row compiling, link, generate binary object code file, run to reduce in subsequent step Program basic block running
Memory Backup and the time recovered, need the address of fixed code section, data segment and stack segment in link script, and strictly limit
Make the length of each program segment;
Step 2, inquires about openrisc processor instruction set, with the jump instruction in instruction set as border, by object code
It is divided into several program basic blocks;
Step 3, is carried out to the object code in each program basic block using the lightweight hash algorithm being easy to Hardware
Compression calculates, and obtains the compression hashed value of each program basic block, as the characteristic parameter in program operation process;
Step 4, builds the embedded system hardware platform based on openrisc processor, and the user by offline preextraction
Characteristic parameter in program operation process writes the characteristic parameter memory element within processor, as shown in Figure 2.In the present embodiment
Hardware minimum system include custom-modification after openrisc processor, the wishbone of compatible openrisc processor interface
The outer flash of standard system bus, the piece and outer ram of piece.Described " the openrisc processor after custom-modification " includes processor
Streamline, processor state controller, program backup, recovery controller, characteristic parameter memory element and characteristic parameter calibration mode
Block;
Step 5, carries out reset initialization to the openrisc processor platform of the present embodiment, runs from flash
Bootloader bootstrap, by user program code copies ram, and jumps to the user program initial address (in ram
One program basic block initial address) place brings into operation software program as shown in Figure 3;
Step 6, present procedure basic block frequency of abnormity is simultaneously reset by record present procedure basic block initial address message (IAM);
Step 7, executes present procedure basic block program code;
Step 8, current using the characteristic parameter correction verification module dynamic calculation within the openrisc processor of custom-modification
The characteristic parameter of the basic block code of program, and basic with the present procedure of preextraction in processor internal feature parameter storage unit
Block feature parameter is compared verification.
Step 9, if comparison result is consistent, will be standby for the data in each for current processor register value and running memory space
Part is to archive memory space, and jumps to next program basic block initial address, then execution step 6;If comparing inconsistent,
Then execution step 10;
Step 10, if the recovery granularity that the frequency of abnormity of present procedure basic block is less than user preset adjusts threshold value, will
To in each register value of processor and running memory space, current frequency of abnormity adds 1 to data recovery in archive memory space, and
Again present procedure basic block initial address, then execution step 7 are jumped to;If current frequency of abnormity is not less than user preset
Recover granularity and adjust threshold value, then execution step 5, until user program operation finishes.
The present invention also can have other various embodiments, in the case of without departing substantially from present invention spirit and its essence, is familiar with this
The technical staff in field can make various corresponding changes according to the present invention and deform, but these corresponding changes and deformation all belong to
Protection domain in appended claims of the invention.
Claims (5)
1. a kind of quick recovery method for Embedded System Code attack it is characterised in that: the method comprises the following steps:
Step 1, the compiling of user's source program, link generate object code;
Step 2, with the jump instruction in object code as border, object code is divided into program basic block;
Step 3, is compressed to the object code in each program basic block calculating, and the compression obtaining each program basic block dissipates
Train value, as the characteristic parameter during the user program operation of preextraction;
Step 4, by preextraction to user program operation during characteristic parameter write processor within characteristic parameter deposit
Storage unit;
Step 5, reset embedded system is initialized, and system flash memory from piece runs bootloader bootstrap, will use
Program code flash memory from piece in family is copied to the outer random access memory of piece, and to jump to user program initial address be first
Run at program basic block initial address;
Step 6, record present procedure basic block initial address message (IAM) and from by present procedure basic block frequency of abnormity reset;
Step 7, executes the basic block code of present procedure;
Step 8, using the calculation of characteristic parameters unit dynamic calculation present procedure basic block generation within the processor of special exploitation
The characteristic parameter of code, and enter with the present procedure basic block characteristic parameter of preextraction in processor internal feature parameter storage unit
Row Inspection;
Step 9, if comparison result is consistent, by the data backup in each for current processor register value and running memory space extremely
In archive memory space, and jump to next program basic block initial address, then execution step 6;If comparing inconsistent, hold
Row step 10;
Step 10, if the recovery granularity that current frequency of abnormity is less than user preset adjusts threshold value, by archive memory space
To in each depositor of processor and running memory space, present procedure basic block frequency of abnormity adds 1 to data recovery, and again redirects
To present procedure basic block initial address, then execution step 7;If current frequency of abnormity is not less than the recovery granularity of user preset
Adjust threshold value, then execution step 5, until user program operation finishes;
By above step, it is right that a kind of quick recovery method for Embedded System Code attack that the present invention provides enables
The effective detection that Embedded System Code is attacked, can realize the fast quick-recovery of embedded system to the code intrusion detecting.
2. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that:
In step 1 during described " compiling of user's source program, link generate object code ", in order to reduce journey to greatest extent
In sequence basic block running, running memory backup, the time complexity recovering, need fixed code section, number in link script
According to the address of section and stack segment, and strictly limit the length of each program segment.
3. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that:
It is contemplated that each during described in step 3 " being compressed to the object code in each program basic block calculating "
Program basic block code middle finger makes quantity different, adopts with random length sequence for input, unidirectional for output with regular length
Hash function is realized the compression to program basic block object code and is calculated.
4. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that:
In step 8 described " characteristic parameter of the basic block code of dynamic calculation present procedure ", need to adopt and generation described in step 3
The compression of coded program basic block calculates identical and realizes algorithm, and real by the characteristic parameter correction verification module in processor indoor design
The fast hardware of existing algorithm calculates, and then completes the Inspection of the characteristic parameter of preextraction and the characteristic parameter of dynamic calculation;
For reducing realization price of hardware, accelerate hardware process speed, the compressometer of step 3 and step 8 Program basic block object code
Calculate using the lightweight hash algorithm being easy to Hardware.
5. a kind of quick recovery method for Embedded System Code attack according to claim 1 it is characterised in that:
In step 10 described " recover granularity and adjust threshold value ", it is used to adjust restoring embedded system starting point, occurs for new
The basic block code of program abnormal, attempt carrying out fast quick-recovery with program basic block for granularity, if by several times with program base
This block is that the fast quick-recovery of granularity still cannot return to the expecting state of program, then assert that flash memory will be used from piece in step 5
During family program code is copied to the outer random access memory of piece, user program code receives abnormal distorting, merely from piece
Code in random access memory cannot the recovery to embedded system for the degree of realization, need execution step 5 again from piece dodge
Deposit loading user program code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610705866.1A CN106372505B (en) | 2016-08-23 | 2016-08-23 | A kind of quick recovery method for Embedded System Code attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610705866.1A CN106372505B (en) | 2016-08-23 | 2016-08-23 | A kind of quick recovery method for Embedded System Code attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106372505A true CN106372505A (en) | 2017-02-01 |
CN106372505B CN106372505B (en) | 2018-12-28 |
Family
ID=57878513
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610705866.1A Active CN106372505B (en) | 2016-08-23 | 2016-08-23 | A kind of quick recovery method for Embedded System Code attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106372505B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108572920A (en) * | 2017-03-09 | 2018-09-25 | 上海宝存信息科技有限公司 | It avoids reading the data-moving method disturbed and the device using this method |
CN113039411A (en) * | 2018-11-28 | 2021-06-25 | 三菱电机株式会社 | Attack removal device, attack removal method, and attack removal program |
CN113158184A (en) * | 2021-03-03 | 2021-07-23 | 中国人民解放军战略支援部队信息工程大学 | Attack script generation method based on finite state automaton and related device |
CN113835926A (en) * | 2021-09-15 | 2021-12-24 | 深圳壹账通智能科技有限公司 | Method, device and equipment for processing abnormal event and storage medium |
CN117909956A (en) * | 2024-03-20 | 2024-04-19 | 山东科技大学 | Hardware-assisted embedded system program control flow security authentication method |
CN117931532A (en) * | 2024-03-25 | 2024-04-26 | 山东科技大学 | Multi-granularity recovery method for embedded system program supported by on-chip hardware |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101599039A (en) * | 2008-06-03 | 2009-12-09 | 华为技术有限公司 | Abnormality eliminating method and device under the embedded type C language environment |
CN101777103A (en) * | 2003-09-18 | 2010-07-14 | 苹果公司 | The method of authenticating computer program, the method that computer program is provided and device thereof |
CN104866767A (en) * | 2015-05-11 | 2015-08-26 | 北京航空航天大学 | Embedded module of novel security mechanism |
US20160098555A1 (en) * | 2014-10-02 | 2016-04-07 | Arm Limited | Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method |
-
2016
- 2016-08-23 CN CN201610705866.1A patent/CN106372505B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101777103A (en) * | 2003-09-18 | 2010-07-14 | 苹果公司 | The method of authenticating computer program, the method that computer program is provided and device thereof |
CN101599039A (en) * | 2008-06-03 | 2009-12-09 | 华为技术有限公司 | Abnormality eliminating method and device under the embedded type C language environment |
US20160098555A1 (en) * | 2014-10-02 | 2016-04-07 | Arm Limited | Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method |
CN104866767A (en) * | 2015-05-11 | 2015-08-26 | 北京航空航天大学 | Embedded module of novel security mechanism |
Non-Patent Citations (1)
Title |
---|
吴适: "基于二进制代码混淆的软件保护研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108572920A (en) * | 2017-03-09 | 2018-09-25 | 上海宝存信息科技有限公司 | It avoids reading the data-moving method disturbed and the device using this method |
CN108572920B (en) * | 2017-03-09 | 2022-04-12 | 上海宝存信息科技有限公司 | Data moving method for avoiding read disturbance and device using same |
CN113039411A (en) * | 2018-11-28 | 2021-06-25 | 三菱电机株式会社 | Attack removal device, attack removal method, and attack removal program |
CN113158184A (en) * | 2021-03-03 | 2021-07-23 | 中国人民解放军战略支援部队信息工程大学 | Attack script generation method based on finite state automaton and related device |
CN113158184B (en) * | 2021-03-03 | 2023-05-19 | 中国人民解放军战略支援部队信息工程大学 | Attack script generation method and related device based on finite state automaton |
CN113835926A (en) * | 2021-09-15 | 2021-12-24 | 深圳壹账通智能科技有限公司 | Method, device and equipment for processing abnormal event and storage medium |
CN117909956A (en) * | 2024-03-20 | 2024-04-19 | 山东科技大学 | Hardware-assisted embedded system program control flow security authentication method |
CN117909956B (en) * | 2024-03-20 | 2024-06-14 | 山东科技大学 | Hardware-assisted embedded system program control flow security authentication method |
CN117931532A (en) * | 2024-03-25 | 2024-04-26 | 山东科技大学 | Multi-granularity recovery method for embedded system program supported by on-chip hardware |
CN117931532B (en) * | 2024-03-25 | 2024-05-31 | 山东科技大学 | Multi-granularity recovery method for embedded system program supported by on-chip hardware |
Also Published As
Publication number | Publication date |
---|---|
CN106372505B (en) | 2018-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106372505A (en) | Embedded system code attack-oriented quick recovery method | |
EP3694170B1 (en) | Method and device for withstanding denial-of-service attack | |
US10839085B1 (en) | Detection and healing of vulnerabilities in computer code | |
US9996696B2 (en) | Systems and methods to optimize execution of a software program using a type based self assembling control flow graph | |
CN100489805C (en) | Autonomous memory checker for runtime security assurance and method therefore | |
US11507669B1 (en) | Characterizing, detecting and healing vulnerabilities in computer code | |
CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
CN102473223B (en) | Information processing device and information processing method | |
US11163886B2 (en) | Information handling system firmware bit error detection and correction | |
CN108345786B (en) | Remote attestation method for software control flow integrity assisted by hardware | |
WO2006086301A1 (en) | System and method for providing a secure boot architecture | |
CN114981771B (en) | Memory device recoverable from network attacks and faults | |
JP2022009556A (en) | Method for securing software codes | |
US10757087B2 (en) | Secure client authentication based on conditional provisioning of code signature | |
US20120011353A1 (en) | Information processing apparatus having verification capability of configuration change | |
Zhou et al. | Hardware-assisted rootkit detection via on-line statistical fingerprinting of process execution | |
US8250652B1 (en) | Systems and methods for circumventing malicious attempts to block the installation of security software | |
JP4754635B2 (en) | Control flow protection mechanism | |
CN112115477B (en) | Kernel repairing method and device, electronic equipment and storage medium | |
Geier et al. | Compasec: a compiler-assisted security countermeasure to address instruction skip fault attacks on risc-v | |
CN112269996A (en) | Dynamic measurement method of block chain main node-oriented active immune trusted computing platform | |
US8065567B1 (en) | Systems and methods for recording behavioral information of an unverified component | |
US20180373623A1 (en) | Apparatus and method for software self test | |
US11475170B2 (en) | System and method for correction of memory errors | |
Peng et al. | Bitmap-Based Security Monitoring for Deeply Embedded Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |