CN108710809B - Safety control method, device and system for processor - Google Patents
Safety control method, device and system for processor Download PDFInfo
- Publication number
- CN108710809B CN108710809B CN201810239220.8A CN201810239220A CN108710809B CN 108710809 B CN108710809 B CN 108710809B CN 201810239220 A CN201810239220 A CN 201810239220A CN 108710809 B CN108710809 B CN 108710809B
- Authority
- CN
- China
- Prior art keywords
- processor
- enter
- timing
- timing instruction
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a safety control method, a safety control device and a safety control system of a processor. The method comprises the following steps: controlling the processor to enter a protection mode in response to the preset condition being met; when the processor is in the protection mode, the timing instruction executed by the processor is scrambled to change the return value of the timing instruction. According to the method provided by the embodiment of the invention, the effectiveness of the attack mode based on the time information is reduced, and the safety of the processor is further improved.
Description
Technical Field
The invention relates to a safety control method, a safety control device and a safety control system of a processor.
Background
Processors currently increase processing power by performing different tasks simultaneously at various stages of the pipeline. To make this pipeline mechanism more efficient, modern processors have introduced branch prediction and out-of-order execution mechanisms to operate more efficiently. The branch prediction is mainly used for improving the execution efficiency by predicting codes of an execution target address before a jump branch is completely determined. If the prediction fails, the pipeline may abandon the mispredicted code and roll back the state of the processor. Out-of-order execution improves parallel execution capability by breaking the execution order of the code. These processor optimization techniques are of great help to the performance of modern processors. Recently security researchers have discovered that these functions of modern processor architectures may pose security risks that attackers may utilize in certain situations to attack.
Disclosure of Invention
One aspect of the present invention provides a safety control method for a processor, including: the method comprises the steps of responding to the condition that a preset condition is met, controlling the processor to enter a protection mode, and scrambling a timing instruction executed by the processor when the processor is in the protection mode so as to change a return value of the timing instruction.
Optionally, the scrambling the timing instruction executed by the processor includes: and when the timing instruction is executed under the virtual machine system, controlling the processor to enter a physical machine system, scrambling the timing instruction under the physical machine system, and returning a return value after scrambling to the virtual machine system.
Optionally, when the timing instruction is executed in the virtual machine system, controlling the processor to enter the physical machine system includes: setting an instruction trap for a specific timing instruction, wherein the instruction trap triggers the processor to enter the physical machine system when the specific timing instruction is executed.
Optionally, the scrambling the timing instruction executed by the processor to change the return value of the timing instruction includes: and changing the value read by the timing instruction to change the return value of the timing instruction.
Optionally, the changing the value read by the timing instruction includes: and increasing or decreasing a random value on the value read by the timing instruction, or replacing the value read by the timing instruction with the random value.
Optionally, the above controlling the processor to enter the protection mode in response to the preset condition being met includes: setting a hardware switch in the processor, and controlling the processor to enter a protection mode in response to the hardware switch being turned on.
Optionally, the above controlling the processor to enter the protection mode in response to the preset condition being met includes: when the security requirement of the current operating environment is higher than a threshold value, controlling the processor to enter a protection mode, and/or responding to specific user operation, controlling the processor to enter the protection mode, and/or responding to entering a high access authority mode, and controlling the processor to enter the protection mode.
Optionally, the timing command is a high-precision timing command.
Another aspect of the present invention provides a security control apparatus for a processor, including a control module and a scrambling module. The control module controls the processor to enter a protection mode in response to the preset condition being met. And the scrambling module is used for scrambling the timing instruction executed by the processor when the processor is in the protection mode so as to change the return value of the timing instruction.
Optionally, the scrambling processing on the timing instruction executed by the processor includes: and when the timing instruction is executed under the virtual machine system, controlling the processor to enter a physical machine system, scrambling the timing instruction under the physical machine system, and returning a return value after scrambling to the virtual machine system.
Optionally, when the timing instruction is executed in the virtual machine system, controlling the processor to enter the physical machine system includes: setting an instruction trap for a specific timing instruction, wherein the instruction trap triggers the processor to enter the physical machine system when the specific timing instruction is executed.
Optionally, the scrambling the timing instruction executed by the processor to change the return value of the timing instruction includes: and changing the value read by the timing instruction to change the return value of the timing instruction.
Optionally, the changing the value read by the timing instruction includes: and increasing or decreasing a random value on the value read by the timing instruction, or replacing the value read by the timing instruction with the random value.
Optionally, the above controlling the processor to enter the protection mode in response to the preset condition being met includes: setting a hardware switch in the processor, and controlling the processor to enter a protection mode in response to the hardware switch being turned on.
Optionally, the above controlling the processor to enter the protection mode in response to the preset condition being met includes: when the security requirement of the current operating environment is higher than a threshold value, controlling the processor to enter a protection mode, and/or responding to specific user operation, controlling the processor to enter the protection mode, and/or responding to entering a high access authority mode, and controlling the processor to enter the protection mode.
Optionally, the timing command is a high-precision timing command.
Another aspect of the present invention provides a safety control system for a processor, including: one or more processors, a storage device to store one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the invention provides a computer readable medium having stored thereon executable instructions which, when executed by a processor, cause the processor to implement a method as described above.
Another aspect of the invention provides a computer program comprising computer executable instructions for implementing a method as described above when executed.
Therefore, in the technical scheme of the embodiment of the invention, the correct return value of the timing instruction is changed by scrambling the timing instruction executed by the processor, so that an attacker cannot obtain accurate time information through the timing instruction, the effectiveness of an attack mode based on the time information is greatly reduced, and the safety of the processor is improved.
Drawings
For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario of a safety control method and apparatus of a processor according to an embodiment of the present invention;
FIG. 2 schematically illustrates a flow chart of a method of safety control of a processor according to an embodiment of the invention;
FIG. 3 schematically illustrates a block diagram of a safety control device 300 of a processor according to an embodiment of the present invention; and
FIG. 4 schematically illustrates a block diagram of a safety control system that may be used with a processor in accordance with an embodiment of the present invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It is to be understood that such description is merely illustrative and not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). It will be further understood by those within the art that virtually any disjunctive word and/or phrase presenting two or more alternative terms, whether in the description, claims, or drawings, should be understood to contemplate the possibilities of including one of the terms, either of the terms, or both terms. For example, the phrase "a or B" should be understood to include the possibility of "a" or "B", or "a and B".
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Thus, the techniques of the present invention may be implemented in hardware and/or in software (including firmware, microcode, etc.). Furthermore, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of the present invention, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
According to the newly disclosed two attack methods of 'fusing' and 'ghost', an attacker repeatedly uses a CPU instruction to Flush a certain address of a memory out of a CPU cache (the Flush process is called Flush). After a period of time, the memory data for that address is read and the read time is measured (read and measure is referred to as Reload). Therefore, by means of the 'Flush + Reload' mode, an attacker can clearly know whether the address is read by the target program in the period of time, and then reversely deduces some sensitive information. This is because once the target program reads the address, the corresponding memory will enter the CPU cache, so that the access latency of the attacker to the address is significantly reduced. Under the branch prediction mechanism and the out-of-order execution mechanism, the attack mode can steal the confidential information in the processor, and great security threat is caused to the processor.
In view of the above security problem, an embodiment of the present invention provides a security control method for a processor. The method comprises the following steps: the method comprises the steps of responding to the satisfaction of a preset condition, controlling the processor to enter a protection mode, and scrambling a timing instruction executed by the processor when the processor is in the protection mode so as to change a return value of the timing instruction.
According to the safety control method provided by the embodiment of the invention, the timing instruction executed by the processor is scrambled under the protection mode, and the return value of the timing instruction is further changed, so that an attacker cannot obtain accurate time information through the timing instruction, the effectiveness of an attack mode based on the time information is greatly reduced, and the safety of the processor is improved.
It should be understood that the embodiments of the present invention are not limited to the application scenarios of the above "fusing" and "ghost" attacks, and the above two attack manners are only one example for facilitating understanding of the embodiments of the present invention, and the protection scope of the embodiments of the present invention should be subject to the technical features defined in the claims.
Fig. 1 schematically illustrates an application scenario 100 of a method and apparatus for safety control of a processor according to an embodiment of the present invention.
As shown in fig. 1, the application scenario 100 includes an attacker 110 and a processor 120. Attacker 110 may establish a communication connection with processor 120 through various connection means, such as a wired, wireless communication link, or fiber optic cable, among others.
The processor 120 may be a processing module in various electronic devices including, but not limited to, a smart phone, a tablet computer, a notebook computer, and various servers, among others.
In the embodiment of the present invention, the attacker 110 may attack the processor 120 in different attack manners for different working mechanisms of the processor 120.
For example, the attacker 110 may repeatedly use the FLUSH instruction of the processor 120 to FLUSH the memory array of all elements of the memory from the Cache back to the memory in advance, and then read out the target information through prediction execution to convert the target information into the Cache state. Then, the attacker reads all the elements one by one, and calculates the time for reading each array element to judge which element is in the Cache. And analyzing the access time to obtain an element with shorter access time, namely the target information.
According to the safety control method provided by the embodiment of the invention, the timing instruction of the processor is scrambled, so that an attacker cannot obtain accurate time information, the attacker is prevented from attacking the processor through the time information, and the safety of the processor is improved.
It should be understood that the number of attackers and processors in fig. 1 is merely illustrative. Embodiments of the invention may have any number of attackers and processors, as desired for implementation.
It should be noted that fig. 1 is only an example of a scenario in which the embodiment of the present invention may be applied to help those skilled in the art understand the technical content of the present invention, and does not mean that the embodiment of the present invention may not be applied to other devices, systems, environments or scenarios.
A security control method of a processor according to an exemplary embodiment of the present invention is described below with reference to fig. 2 in conjunction with an application scenario of fig. 1.
Fig. 2 schematically shows a flow chart of a safety control method of a processor according to an embodiment of the present invention.
As shown in fig. 2, the method includes operations S201 to S202.
In operation S201, the processor 120 is controlled to enter the guarded mode in response to the preset condition being satisfied.
For example, in embodiments of the present invention, a processor may have two modes of operation: a normal working mode and a protection mode. When the working environment of the processor meets the preset condition, the processor can be controlled to enter the protection mode from the normal working mode. The preset condition may be the turning on of a software/hardware switch of an application scenario with a high security requirement, or may be that the processor is in a high access right, which is not limited in the embodiment of the present invention.
In one embodiment, a hardware switch may be provided in the processor, and the processor may be controlled to enter the protection mode in response to the hardware switch being turned on. For example, when designing hardware, a hardware switch may be provided in the processor to add a security option, and the user may turn on the switch if necessary, so as to control the processor to enter the protection mode.
In another embodiment, the processor may be controlled to enter the guarded mode when the security requirement of the current operating environment is above a threshold. For example, a level may be set for the security requirement of the operating environment of the processor, and in the case that the security requirement of the current operating environment is at a higher level, the processor may be controlled to enter the protection mode, so as to reduce the probability of successful attack and improve the security of the processor operation.
In yet another embodiment, the processor may also be controlled to enter the guarded mode in response to a particular user action. For example, the user may start the protection mode of the processor through a specific operation, or may control the processor to exit the protection mode through a specific operation. By using the method, the processor can be controlled to switch the working mode according to the actual requirement of the user, for example, the processor can be controlled to switch to the normal working mode under the condition that the user needs to obtain the accurate return value of the timing instruction, and the processor can be controlled to switch to the protection mode under the condition that the user needs high safety.
In yet another embodiment, the processor may also be controlled to enter the guarded mode in response to entering the high access rights mode. For example, in a high access privilege mode, the current security requirements of the processor may be considered relatively high. Thus, the processor may be controlled to enter the guarded mode in response to the processor entering the high access privilege mode. Correspondingly, the embodiment of the invention can also control the processor to exit the protection mode in response to the processor entering the low access right so as to switch back to the normal working mode.
It is to be understood that the manner of controlling the processor to enter the protection mode in the above embodiments is only an exemplary embodiment, and the present invention is not limited to the preset condition for controlling the processor to enter the protection mode, and a person skilled in the art may set the preset condition according to actual situations.
In operation S202, when the processor 120 is in the protection mode, a scrambling process is performed on the timing instruction executed by the processor 120 to change a return value of the timing instruction.
In the embodiment of the invention, when the processor is in the protection mode, in order to prevent an attacker from acquiring sensitive information according to the time information of the timing instruction, the return value of the timing instruction can be modified, so that the attacker cannot acquire accurate time information.
In yet another embodiment, the timing instructions may be high precision timing instructions. For example, a timing instruction may be RDTSCP, RDTSC, or the like.
In yet another embodiment, when scrambling the timing instructions executed by the processor, the following steps may be performed: when the timing instruction is executed under the virtual machine system, the control processor enters the physical machine system, carries out scrambling processing on the timing instruction under the physical machine system, and returns a return value after scrambling processing to the virtual machine system. Specifically, when the control processor enters the physical machine system, the control processor may enter a virtual machine management layer of the physical machine, where the scrambling processing is performed on the timing instructions.
For example, an instruction trap may be set for a particular timing instruction, such that when the particular timing instruction is executed, the instruction trap triggers the processor to enter the physical machine system, thereby scrambling the timing instruction under the physical machine system.
In yet another embodiment, the value read by the timing instruction may be changed to change the return value of the timing instruction when scrambling the timing instruction executed by the processor. For example, a random value may be added or subtracted to or replaced with the correct value read by the timing instruction.
It is to be understood that since most of the software is currently running in a virtual machine environment, the virtual machine Host (i.e., the above physical machine system) is generally trusted, while the software running on the virtual machine Guest (i.e., the above virtual machine system) may come from the user, with a security risk. Therefore, according to the security control method of the embodiment of the invention, the instruction trap (for example, the instruction trap can be set by the Intel VT-X technology) is used for triggering the processor to enter the Host to scramble the timing instruction, so that a relatively ideal security control effect can be obtained.
According to the safety control method provided by the embodiment of the invention, when the processor is in the protection mode, the scrambling processing is carried out on the timing instruction executed by the processor so as to change the return value of the timing instruction. Therefore, an attacker can be prevented from reading the accurate numerical value of the timing instruction, and sensitive information can be illegally acquired according to the read numerical value. The method provided by the embodiment of the invention greatly reduces the effectiveness of the attack mode based on the time information and improves the safety of the processor.
Fig. 3 schematically shows a block diagram of a safety control device 300 of a processor according to an embodiment of the present invention.
As shown in fig. 3, the security control apparatus 300 of the processor includes a control module 310 and a scrambling module 320. The safety control device 300 of the processor may perform the method described above with reference to fig. 2.
The control module 310 controls the processor 120 to enter the guarded mode in response to the preset condition being met.
In one embodiment, in response to the preset condition being met, controlling the processor to enter the guarded mode may include: a hardware switch is arranged in the processor in advance, and the processor is controlled to enter a protection mode in response to the hardware switch being turned on.
In another embodiment, in response to the preset condition being met, controlling the processor to enter the guarded mode may include: and when the security requirement of the current operating environment is higher than a threshold value, controlling the processor to enter a protection mode, and/or responding to specific user operation, controlling the processor to enter the protection mode, and/or responding to entering a high access authority mode, and controlling the processor to enter the protection mode.
According to the embodiment of the present invention, the control module 310 may, for example, perform the operation S201 described above with reference to fig. 2, which is not described herein again.
The scrambling module 320 scrambles the timing instructions executed by the processor to change the return value of the timing instructions when the processor is in the guarded mode.
In one embodiment, scrambling the timing instructions executed by the processor may comprise: when the timing instruction is executed under the virtual machine system, the control processor enters the physical machine system, carries out scrambling processing on the timing instruction under the physical machine system, and returns a return value after scrambling processing to the virtual machine system.
In another embodiment, controlling the processor to enter the physical machine system when executing the timing instructions under the virtual machine system may include: and setting an instruction trap for the specific timing instruction, and triggering the processor to enter the physical machine system when the specific timing instruction is executed.
In yet another embodiment, scrambling the timing instructions executed by the processor to change the return value of the timing instructions may comprise: the value read by the timing instruction is changed to change the return value of the timing instruction.
In yet another embodiment, changing the value read by the timing instruction may include: a random value is added or subtracted to or replaced with the value read by the timing instruction.
In yet another embodiment, the timing instructions may be high precision timing instructions.
According to the embodiment of the present invention, the scrambling module 320 may, for example, perform the operation S202 described above with reference to fig. 2, which is not described herein again.
According to the security control device 300 of the embodiment of the invention, the correct return value of the timing instruction is changed by scrambling the timing instruction executed by the processor, so that an attacker cannot obtain accurate time information through the timing instruction, the validity of an attack mode based on the time information is greatly reduced, and the security of the processor is improved.
It is understood that the control module 310 and the scrambling module 320 may be combined in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present invention, at least one of the control module 310 and the scrambling module 320 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable manner of integrating or packaging a circuit, as hardware or firmware, or as a suitable combination of software, hardware, and firmware implementations. Alternatively, at least one of the control module 310 and the scrambling module 320 may be at least partially implemented as a computer program module, which when executed by a computer may perform the functions of the respective module.
FIG. 4 schematically illustrates a block diagram of a safety control system 400 that may be used with a processor in accordance with an embodiment of the present invention.
As shown in fig. 4, a safety control system 400 for a processor includes a processor 410, and a computer-readable storage medium 420.
In particular, processor 410 may include, for example, a general purpose microprocessor, an instruction set processor and/or related chip set and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 410 may also include onboard memory for caching purposes. Processor 410 may be a single processing unit or a plurality of processing units for performing the different actions of the method flow according to an embodiment of the invention described with reference to fig. 2.
Computer-readable storage medium 420 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 420 may include a computer program 421, which computer program 421 may include code/computer-executable instructions that, when executed by the processor 410, cause the processor 410 to perform a method flow such as that described above in connection with fig. 2 and any variations thereof.
The computer program 421 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 421 may include one or more program modules, including, for example, module 421A, module 421B, … …. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, which when executed by the processor 410, enable the processor 410 to perform the method flow described above in connection with fig. 2 and any variations thereof, for example.
According to an embodiment of the present invention, at least one of the control module 310 and the scrambling module 320 may be implemented as a computer program module described with reference to fig. 4, which, when executed by the processor 410, may implement the respective operations described above.
In another aspect, the present invention also provides a computer-readable medium, which may be included in the apparatus or system described in the above embodiments; or may exist alone without being assembled into the device or system. The computer readable medium carries one or more programs which, when executed by a device, cause the device to perform: the method comprises the steps of responding to the condition that a preset condition is met, controlling the processor to enter a protection mode, and scrambling a timing instruction executed by the processor when the processor is in the protection mode so as to change a return value of the timing instruction.
In an embodiment, the scrambling of the timing instruction executed by the processor includes: and when the timing instruction is executed under the virtual machine system, controlling the processor to enter a physical machine system, scrambling the timing instruction under the physical machine system, and returning a return value after scrambling to the virtual machine system.
In another embodiment, the controlling the processor to enter the physical machine system when the timing instruction is executed under the virtual machine system includes: setting an instruction trap for a specific timing instruction, wherein the instruction trap triggers the processor to enter the physical machine system when the specific timing instruction is executed.
In another embodiment, the scrambling the timing instruction executed by the processor to change the return value of the timing instruction includes: and changing the value read by the timing instruction to change the return value of the timing instruction.
In another embodiment, the changing the value read by the timing instruction includes: and increasing or decreasing a random value on the value read by the timing instruction, or replacing the value read by the timing instruction with the random value.
In another embodiment, the controlling the processor to enter the protection mode in response to the preset condition being met includes: setting a hardware switch in the processor, and controlling the processor to enter a protection mode in response to the hardware switch being turned on.
In another embodiment, the controlling the processor to enter the protection mode in response to the preset condition being met includes: when the security requirement of the current operating environment is higher than a threshold value, controlling the processor to enter a protection mode, and/or responding to specific user operation, controlling the processor to enter the protection mode, and/or responding to entering a high access authority mode, and controlling the processor to enter the protection mode.
In another embodiment, the timing command is a high-precision timing command.
It will be appreciated by a person skilled in the art that various combinations and/or combinations of features described in the various embodiments and/or in the claims of the invention are possible, even if such combinations or combinations are not explicitly described in the invention. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present invention may be made without departing from the spirit or teaching of the invention. All such combinations and/or associations fall within the scope of the present invention.
While the invention has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents. Accordingly, the scope of the present invention should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
Claims (10)
1. A method for secure control of a processor, comprising:
controlling the processor to enter a protection mode in response to a preset condition being met; and
scrambling a timing instruction executed by the processor to change a return value of the timing instruction when the processor is in a guarded mode,
wherein the controlling the processor to enter a protection mode in response to the preset condition being met comprises:
setting a hardware switch in the processor, controlling the processor to enter a protection mode in response to the hardware switch being turned on, and/or
Controlling the processor to enter a guarded mode when the security requirement of the current operating environment is higher than a threshold value, and/or
Controlling the processor to enter a protection mode in response to a specific user operation; and/or
Controlling the processor to enter a guarded mode in response to entering a high access rights mode,
wherein the scrambling of the timing instructions executed by the processor comprises:
when the timing instruction is executed under the virtual machine system, the processor is controlled to enter a physical machine system, the timing instruction is scrambled under the physical machine system, and a return value after scrambling is returned to the virtual machine system,
wherein, when the timing instruction is executed under the virtual machine system, controlling the processor to enter the physical machine system includes:
setting an instruction trap for a specific timing instruction, wherein the instruction trap triggers the processor to enter the physical machine system when the specific timing instruction is executed.
2. The method of claim 1, wherein scrambling the timing instructions executed by the processor to change the return value of the timing instructions comprises:
and changing the value read by the timing instruction to change the return value of the timing instruction.
3. The method of claim 2, wherein said changing the value read by said timing instruction comprises:
increasing or decreasing a random value on the value read by the timing instruction; or
And replacing the value read by the timing instruction with a random value.
4. The method of any one of claims 1 to 3, wherein the timing instructions are high precision timing instructions.
5. A safety control device for a processor, comprising:
the control module is used for controlling the processor to enter a protection mode in response to the preset condition being met; and
a scrambling module for scrambling a timing instruction executed by the processor to change a return value of the timing instruction when the processor is in a guard mode,
wherein the controlling the processor to enter a protection mode in response to the preset condition being met comprises:
setting a hardware switch in the processor, controlling the processor to enter a protection mode in response to the hardware switch being turned on, and/or
Controlling the processor to enter a guarded mode when the security requirement of the current operating environment is above a threshold, and/or
Controlling the processor to enter a protection mode in response to a specific user operation; and/or
Controlling the processor to enter a guarded mode in response to entering a high access rights mode,
wherein the scrambling of the timing instructions executed by the processor comprises:
when the timing instruction is executed under the virtual machine system, the processor is controlled to enter a physical machine system, the timing instruction is scrambled under the physical machine system, and a return value after scrambling is returned to the virtual machine system,
wherein, when the timing instruction is executed under the virtual machine system, controlling the processor to enter the physical machine system includes:
setting an instruction trap for a specific timing instruction, wherein the instruction trap triggers the processor to enter the physical machine system when the specific timing instruction is executed.
6. The apparatus of claim 5, wherein scrambling the timing instructions executed by the processor to change the return value of the timing instructions comprises:
and changing the value read by the timing instruction to change the return value of the timing instruction.
7. The apparatus of claim 6, wherein said changing the value read by said timing instruction comprises:
increasing or decreasing a random value on the value read by the timing instruction; or alternatively
And replacing the value read by the timing instruction with a random value.
8. The apparatus of any one of claims 5 to 7, wherein the timing instructions are high precision timing instructions.
9. A safety control system for a processor, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-4.
10. A computer readable medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810239220.8A CN108710809B (en) | 2018-03-21 | 2018-03-21 | Safety control method, device and system for processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810239220.8A CN108710809B (en) | 2018-03-21 | 2018-03-21 | Safety control method, device and system for processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108710809A CN108710809A (en) | 2018-10-26 |
| CN108710809B true CN108710809B (en) | 2022-08-09 |
Family
ID=63866269
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810239220.8A Active CN108710809B (en) | 2018-03-21 | 2018-03-21 | Safety control method, device and system for processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108710809B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291425B (en) * | 2020-05-09 | 2020-12-25 | 南京芯驰半导体科技有限公司 | Chip protection method and device, storage medium and vehicle-mounted chip |
| CN114969705A (en) * | 2022-06-01 | 2022-08-30 | 中国长城科技集团股份有限公司 | Fingerprint unlocking method and device, electronic equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100568181C (en) * | 2007-06-22 | 2009-12-09 | 浙江大学 | Dummy machine system and its implementation based on virtualizing technique of processor |
| CN101364253A (en) * | 2007-08-06 | 2009-02-11 | 电子科技大学 | Covert debug engine and method for anti-worm |
| WO2014065801A1 (en) * | 2012-10-25 | 2014-05-01 | Empire Technology Development Llc | Secure system time reporting |
-
2018
- 2018-03-21 CN CN201810239220.8A patent/CN108710809B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108710809A (en) | 2018-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11544070B2 (en) | Efficient mitigation of side-channel based attacks against speculative execution processing architectures | |
| US11687645B2 (en) | Security control method and computer system | |
| ES2857102T3 (en) | Malware behavior detection using an interpretation virtual machine | |
| EP3084615B1 (en) | Detection of unauthorized memory modification and access using transactional memory | |
| US10116436B1 (en) | Techniques for preventing memory timing attacks | |
| Irazoqui et al. | MASCAT: Stopping microarchitectural attacks before execution | |
| EP3198399B1 (en) | Detecting a change to system management mode bios code | |
| US11263314B2 (en) | Processor checking method, checking device and checking system | |
| KR20150059564A (en) | Method for integrity verification of electronic device, machine-readable storage medium and electronic device | |
| CN109643346B (en) | Control flow integrity | |
| Evtyushkin et al. | Covert channels through branch predictors: a feasibility study | |
| CN108388814B (en) | Method for detecting processor, detection device and detection system | |
| US9734329B2 (en) | Mitigating ROP attacks | |
| US10185633B2 (en) | Processor state integrity protection using hash verification | |
| CN108710809B (en) | Safety control method, device and system for processor | |
| US9965620B2 (en) | Application program interface (API) monitoring bypass | |
| Voulimeneas et al. | dmvx: Secure and efficient multi-variant execution in a distributed setting | |
| US20140366017A1 (en) | Techniques for Virtualization as Interprocess Communication, Synchronization and Code Obfuscation | |
| US20090300307A1 (en) | Protection and security provisioning using on-the-fly virtualization | |
| Xiao et al. | Hacky racers: Exploiting instruction-level parallelism to generate stealthy fine-grained timers | |
| CN108459973B (en) | Safety control method, device and system for processor | |
| Skarlatos et al. | Jamais vu: Thwarting microarchitectural replay attacks | |
| WO2014004212A1 (en) | Timer for hardware protection of virtual machine monitor runtime integrity watcher | |
| US8984263B2 (en) | Information processing device and emulation processing program and method | |
| CN115277142A (en) | Safety protection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |