CN110502933B - Method and system for realizing soft and hard cooperative timer capable of resisting cache attack based on flush operation - Google Patents
Method and system for realizing soft and hard cooperative timer capable of resisting cache attack based on flush operation Download PDFInfo
- Publication number
- CN110502933B CN110502933B CN201910604224.6A CN201910604224A CN110502933B CN 110502933 B CN110502933 B CN 110502933B CN 201910604224 A CN201910604224 A CN 201910604224A CN 110502933 B CN110502933 B CN 110502933B
- Authority
- CN
- China
- Prior art keywords
- resolution
- hardware module
- timer
- initialization
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
The invention relates to a method and a system for realizing a soft and hard cooperative timer capable of resisting cache attacks based on flush operation. The system includes an initialization software module, a hardware module, and a runtime software module. In the initialization stage, the initialization software module and the hardware module cooperate with each other to test the highest time resolution within the safety range and adjust the safety low resolution timer in the hardware module to the time resolution; in the runtime phase, when a flush operation occurs, the self-resolution can be temporarily reduced, and when there is no flush operation, the self-resolution is restored. Through the cooperative mechanism of the flush operation and the timer resolution, cache attacks based on the flush operation can be effectively resisted. Meanwhile, the invention ensures high safety and has very low performance loss through the optimized design, thereby being a high-efficiency and safe timer implementation method.
Description
Technical Field
The invention belongs to the technical field of information security software and hardware collaborative design, and particularly relates to a method and a system for realizing a software and hardware collaborative timer based on an ARM-FPGA embedded SoC. The invention can resist cache attack based on flush operation under the condition of ensuring high security and low performance loss, and is an efficient and safe timer implementation method.
Background
In recent years, as the market demands for high-performance small electronic devices are increasing, the functions of SoC (System on Chip) commodities are becoming more powerful, complex and personalized. The ARM-FPGA embedded SoC combines an ARM and an FPGA (Field Programmable Gate Array), and provides a flexible platform for a system architect and an ARM development engineer to meet the personalized requirements of consumers. This type of SoC is represented by the Zynq series of Xilinx corporation, and has been widely applied to unmanned aerial vehicles and high-performance embedded and internet-of-things devices. However, as with Intel and AMD chip products, ARM-FPGA embedded socs also face a wide variety of security threats, of which micro-architecture attacks, typified by cache attacks, are a non-negligible type.
Over the last decade, more and more researchers have successfully implemented micro-architectural attacks with cache (cache) as a breakthrough. Cache attacks have become an important security threat for modern processors and operating systems. More attractive to note was the fact that, in the early 2018, Meltdown (see M.Lipp, M.Schwarz, D.Gruss, T.Prescher, W.Haas, A.Fogh, J.Horn, S.Mangard, P.Kocher, D.Genkin, Y.Yarom, M.Hamburg.Meltdown: Reading Kernel Memory from User space.In 27th USENIX Security Symposium,2018) and spectra attack (see P.Kocher, J.Horn, A.Fogh, D.Genkin, D.Gruss, W.Haas, M.Hamburg, M.Lipp, S.GArd, T.Prescher, M.Schwarz, Y.Yarom.Spectrum: spectra: Explority behavior, IEEE 2019 published on the Internet. The method combines the cache attack technology with the out-of-order execution and branch prediction technology, and greatly expands the data stealing capability of the cache attack. In recent years, in order to reduce noise in a cache attack and increase the resolution of the attack, many researchers have started to apply Flush operations (cleanup operations) in the cache attack, such as Flush + Reload, Flush + Flush, and Flush operation-based spectrum attacks (spectrum attacks using Flush + Reload principles). We refer to this type of cache attack as a "flush operation based cache attack".
Most types of modern processors have either off-the-shelf instructions or cache-related control registers that can perform flush operations on cache lines, which is also the most efficient method of cleaning cache lines. Since the flush operation of the cache is very useful or even indispensable in the system, it is not feasible to shut down the flush operation directly. For example, DMA data transfers typically require a flush operation to ensure consistency in the cache data. Another example is that a Symmetric Multiprocessor (SMP) architecture without a hardware cache coherency mechanism is likely to exist. In this case, a fast cache line flush operation is very useful. Therefore, how to guarantee the availability of the fast flush operation and avoid the security vulnerability caused by the fast flush operation has become a problem to be solved in the industry and academia.
Many methods of detecting and defending against cache attacks based on flush operations have been proposed currently in the academic and industrial circles. These methods fall into two major categories, static code analysis/repair methods and runtime defense methods. Static code analysis/repair is very effective for detecting cache attacks based on flush operations. However, obfuscation and packaging techniques may make malicious code effectively evade detection by static code analysis techniques. Moreover, the use of static code repair techniques can greatly increase the performance penalty of the system. Another large defense type is runtime defense strategies. Most proposed runtime defense schemes utilize hardware performance counters to continuously monitor malicious programs in real time. However, such real-time monitoring strategies often result in high false-positive rates. In addition, such defense schemes often fail to detect malicious processes quickly enough due to the need to collect recorded data for a certain period of time, and thus fail to kill them in time. Also, Flush + Flush attacks cannot be detected by a defense scheme using performance counters due to their own characteristics.
There is another runtime defense strategy — permanently reducing the resolution of the temporal interface. Many browser vendors and the W3C organization have made improvements in this regard. After successful implementation of a Cache attack on the browser by Oren et al (see Y.Oren, V.P.Kemeris, S.Sethompavan, A.D.Keromotis.the Spy in the Sandbox: Practical Cache anchors in JavaScript and the ir implications. in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security 2015), the browser manufacturer and W3C modified the resolution of the performance. now from nanosecond level to 5 μ s or more. However, since high resolution time is very useful in native applications of operating systems, most operating system vendors do not disable the high resolution time interface in user space. On an Intel x86 processor, the rdtsc instruction can get the high resolution timestamp directly in user space, while systems running on ARM-FPGA embedded SoCs typically provide high resolution APIs, such as perf _ event _ open system calls and POSIX function clock _ gettime (). Even if the high resolution time interface is disabled in user space, an attacker with root privileges and physical address of the timer can still access the high resolution timer.
Disclosure of Invention
The invention aims to design a safer high-resolution timer on an ARM-FPGA embedded SoC by utilizing a soft and hard cooperation technology. The soft and hard cooperative timer can self-adaptively adjust the resolution according to whether flush operation occurs in the system. The soft and hard cooperative timer can not only resist cache attacks based on flush operation initiated by an attacker with the timer access right, but also ensure the availability of high resolution time when the flush operation does not occur in the system.
The soft and hard cooperative timer is divided into two stages according to stages, namely an initialization stage and a running stage. According to the functional module, the software and hardware coordinated timer can be divided into three modules, namely an initialization software module, a running software module and a hardware module. Fig. 1 shows the overall working principle of the soft and hard co-timer. The main components of the hardware module are two timers, a secure low resolution timer and a high resolution timer, respectively. The hardware module can adaptively enable the two timers to be accessible or inaccessible in the system according to different stages of the soft and hard cooperative timers and whether flush operation is called during system operation. When a flush operation occurs in a process, the secure low-resolution timer can be accessed through a hardware module first address, and the high-resolution timer is not accessible, which is called a secure low-resolution state. Correspondingly, when no flush operation occurs in the process, the high-resolution timer can be accessed through the head address of the hardware module, but the secure low-resolution timer is not accessible, and the state is called a high-resolution state.
The parameters used by the hardware modules of the software and hardware coordinated timer are shown in table 1:
table 1: parameters and interpretation of hardware modules
The hardware module and the software module of the present invention communicate and cooperate with each other through signals, and the signals and explanations are shown in the following table 2:
table 2: signal and interpretation between software module and hardware module
| Signal name | Explanation of the invention |
| Reduced resolution signal | Reducing 1 bit resolution of a secure low resolution timer |
| Raising resolution signals | Raising 1 bit resolution of a secure low resolution timer |
| Initialization complete signal | Informing the hardware part that the initialization phase has been completed |
| Invoking flush operation signals | Notifying the hardware component that flush operation is invoked |
In the initialization phase, the secure low resolution timer of the hardware module is always accessible, i.e. the high resolution timer is always inaccessible. And the initialization software module circularly runs the selected cache attack based on flush operation by utilizing the safe low-resolution time provided by the hardware module of the software and hardware cooperative timer. Based on the results of each cycle, the initialization software module sends a signal to the hardware module to adjust the resolution safe _ resolution of the secure low resolution timer. When the attack fails, the initialization software module sends a resolution raising signal to the hardware module so as to raise the resolution of 1 bit of the safety low resolution timer, namely safe _ overload-1. When the attack is successful, the initialization software module sends a resolution reduction signal to the hardware module to reduce the resolution of 1 bit of the security resolution timer, namely, safe _ resolution + 1. Meanwhile, the initialization software module sends an initialization completion signal to the hardware module to complete the initialization phase. After the hardware module receives the initialization completion signal, the software and hardware coordinated timer enters a runtime stage.
In the operation stage, the hardware module of the software and hardware coordinated timer adaptively converts the resolution according to whether flush operation occurs in the system, so as to achieve the purpose of resisting cache attack based on the flush operation. When the flush operation is performed, the soft and hard cooperative timers are converted into a safe low-resolution timer state, and the safe low-resolution timer state is recovered to the high-resolution state after the safe _ time CPU clock period lasts. When the flush operation does not occur, the soft and hard cooperative timer is always in a high-resolution state.
Specifically, the method for implementing the soft and hard cooperative timer capable of resisting cache attacks based on flush operation provided by the invention is divided into two working stages, namely an initialization stage and a running stage. Wherein:
(1) in the initialization stage, the initialization software module and the hardware module cooperate with each other to test the highest time resolution within the safety range and adjust the safety low resolution timer in the hardware module to the time resolution;
(2) in the runtime stage, the runtime software module and the hardware module adaptively convert the time resolution according to whether the system process calls flush operation.
Further, the initialization stage (1) includes the following steps:
step 1: circularly initiating selected cache attacks based on flush operation, and adjusting the security resolution ratio safe _ resolution of the hardware module of the software and hardware cooperative timer according to the attack result of each circulation.
Step 2: when the cycle attack is successful, the initialization software module of the software and hardware coordinated timer sends an initialization completion signal to the hardware module, and the software and hardware coordinated timer starts to enter the operation stage.
Further, in step 1, the selected cache attack based on the flush operation is performed as follows:
the first step is as follows: and respectively carrying out multiple accesses on data in the cache and data not in the cache, recording time, and then respectively calculating the average access time of the two data.
The second step is that: and calculating the difference value of the two average access times, judging that the attack fails when the difference value is less than 1 bit, and judging that the attack succeeds when the difference value is greater than or equal to 1.
Further, in step 1, the operation of adjusting the safety resolution of the hardware module according to the result of each cycle is as follows:
when the attack fails: the initialization software module sends a resolution raising signal to the hardware module to increase the safe low resolution of the hardware module by 1 bit, and then the attack is restarted.
When the attack is successful: the initialization software module sends a resolution reduction signal to the hardware module to reduce the security resolution of the hardware module by 1 bit.
Further, in step 2, after the attack is successful, the operations of initializing the software module and the hardware module are as follows:
firstly, initializing a software module to send a resolution reduction signal to a hardware module to reduce the security resolution of the hardware module by 1 bit.
The second step is that: the initialization software module sends an initialization completion signal to the hardware module.
And thirdly, the hardware module receives the initialization completion signal and authenticates the signal.
And fourthly, after the authentication is passed, the hardware module receives an initialization completion command, and the hardware module automatically adjusts to the state of the high-resolution timer.
Further, the runtime phase (2) includes the following steps:
step 1: when the hash operation is called, the runtime software module sends a flush operation calling signal to the hardware module.
Step 2: and after receiving the flush operation calling signal, the hardware module converts the state of the high-resolution timer into the state of a safe low-resolution timer, namely the safe low-resolution timer can be accessed at the first address.
And step 3: the hardware module automatically reverts to the high resolution timer state after a certain number of CPU clock cycles in the secure low resolution timer state.
Correspondingly to the method, the invention also provides a software and hardware coordinated timer system capable of resisting cache attack based on flush operation, which comprises an initialization software module, a software module in operation and a hardware module; the hardware module comprises a safe low-resolution timer and a high-resolution timer; in the initialization stage, the initialization software module and the hardware module cooperate with each other to test the highest time resolution within the safety range and adjust the safety low resolution timer in the hardware module to the time resolution; in the runtime stage, the runtime software module and the hardware module adaptively convert the time resolution according to whether the system process calls flush operation.
The invention also provides an ARM-FPGA embedded SoC which comprises the soft and hard coordinated timer system capable of resisting cache attacks based on flush operation.
Compared with the prior art, the invention has the following beneficial effects:
first, the invention is safer than the existing high resolution timer design method in terms of resisting cache attacks based on flush operations. Since the resolution conversion process of the soft and hard coordinated timers is realized in hardware, an attacker still cannot obtain high-resolution time even if the attacker has root authority and the actual physical address of the timer.
Secondly, the resolution of the software and hardware coordinated timer can be temporarily reduced only when the flush operation is performed, so that the system can be used when the high-resolution timer is used in most running time (no flush operation occurs) while the cache attacker using the flush operation cannot obtain the high-resolution time required by the attack.
Thirdly, the invention optimizes the design of the timer, greatly improves the safety of the high-resolution timer, and only increases tiny access delay, thereby reducing the performance loss to be within an acceptable range.
Drawings
FIG. 1 is a schematic diagram of the overall operation of a soft and hard co-timer;
FIG. 2 is a flowchart of the operation of initializing software modules;
FIG. 3 is a flowchart of the operation of the runtime software modules;
FIG. 4 is a flowchart of the operation of the hardware module;
FIG. 5 is a graph of a comparison of the results of a Flush + Reload attack; the method comprises the following steps that (a) a graph is a result of using a global timer to carry out Flush + Reload attack, (b) a graph is a result of using a PMCNTR (Performance monitoring cycle count register) to carry out Flush + Reload attack, and (c) a graph is a result of using a soft and hard coordinated timer to carry out Flush + Reload attack;
FIG. 6 is a diagram illustrating the relationship between the success rate of Spectre attack based on flush operation and the safe resolution safe _ resolution of the soft and hard co-timer;
FIG. 7 is a graph of time consumption of a modified flush operation compared to the original flush operation.
The specific implementation mode is as follows:
the invention will be further described with reference to the accompanying drawings.
The invention comprises two software modules and a hardware module, which are respectively an initialization software module, a runtime software module and a hardware module.
FIG. 2 is a workflow of the initialization software module of the present invention. The operational steps for initializing the software module are described in detail below:
step 1: and respectively accessing the data in the cache and the data not in the cache for 100 times, recording the access time of each time by using the safe low-resolution time provided by a soft and hard cooperative timer, and then calculating the average access time T1 of the data in the cache and the average access time T2 of the data not in the cache.
Step 2: and when the difference value between the T1 and the T2 is less than 1 bit, judging that the attack fails, sending a resolution increasing signal to the hardware module by the initialization software module to increase the safe low resolution of the hardware module by 1 bit, and then restarting from the step 1. And when the difference value between the T1 and the T2 is more than or equal to 1 bit, judging that the attack is successful, and sending a resolution reduction signal to the hardware module by the initialization software module to reduce the safety resolution of the hardware module by 1 bit.
And step 3: after the attack successfully sends the signal for reducing the resolution ratio, the initialization software stage sends an initialization completion signal to the hardware module, and the initialization stage is ended.
Fig. 3 is a detailed workflow of the hardware module of the present invention. The operation steps of the hardware part are explained in detail below:
step 1: until the initialization completion signal is not received, the hardware module is in the secure low resolution state and the first address can access the secure low resolution timer. After power-up, the secure resolution safe _ resolution of the secure low resolution timer is 16, i.e. the least significant bit is the 16 th bit. At this time, the resolution of the hardware module is in an absolutely safe range.
Step 2: the hardware module receives 32-bit signals from two software modules, wherein the first 8 bits of the signals represent the content of the signals, and the last 24 bits are authentication codes.
And step 3: and authenticating the last 24-bit authentication code. If the authentication fails, nothing is done, i.e. the content contained in the first 8 bits of the signal is ignored. If the authentication is successful, the contents of the first 8 bits of the signal are read.
And 4, step 4: the hardware module realizes different functions according to different contents of the signals of the first 8 bits. When the signal content is reduced resolution, the hardware module reduces the resolution of the secure low resolution timer by 1 bit; when the signal content is an increased resolution, the hardware module increases the resolution of the secure resolution timer by one bit; when the initialization of the signal content is completed, the hardware module makes the high resolution timer visible to the system, i.e. accessible at the first address; when the signal content is to call flush operation, the hardware module is converted into a safe low-resolution timer state, and the high-resolution timer state is recovered after safe _ time CPU clock cycles are continued.
Fig. 4 is a workflow of the runtime software module of the present invention, which mainly completes the function of flush operation, i.e., clears the data of the corresponding L1 and L2cache lines. The operational steps of the runtime software modules are described in detail below:
step 1: IRQ and FIQ interrupts are turned off-bit 7 and bit 8 of the CPSR (program status register) are set to 1 to turn off the IRQ and FIQ interrupts.
Step 2: clearing the data of the corresponding L1cache line, firstly setting the 2nd, 3 rd and 4 th bits of a CSSELR (cache size selection register) as 0 to select the L1 cache; the virtual address is then written to DCCIMVAC (MVA-based data cache clean and invalidate) to clean the corresponding L1cache line.
And step 3: convert virtual addresses to physical addresses — virt _ to _ phys () is used to convert virtual addresses to physical addresses.
And 4, step 4: clear the data for the corresponding L2cache line-first, write3 to Register 15 (debug control Register) in the PL310 controller, write Register 7 in PL310 with a physical address (clear cache line by PA) to clear the data for the L2cache line; finally, a 0 is written to the Register 15 of the PL310 controller to enable the write-back mode of the cache and turn on the linefill function.
And 5: IRQ and FIQ interrupts are turned on-0 is set to bits 7 and 8 of the CPSR (program status register) to turn the IRQ and FIQ interrupts off.
Step 6: and sending a flush operation calling signal to the hardware module, wherein when the flush operation is finished each time, the flush operation calling signal is sent to the hardware module so as to trigger the resolution conversion of the hardware module.
In order to illustrate the effect of the invention on resisting cache attacks based on Flush operation, firstly, a comparison result of Flush + Reload attacks using different timers is given, and then a relation graph of the success rate of the spectrum attack based on Flush operation and the soft and hard coordinated timer security resolution (safe _ resolution) is given.
On an ARM processor, the global timer and pmcntr (performance monitoring cycle technology register) are two commonly used high resolution timers, and the high resolution time API is often implemented with these two underlying hardware timers. In order to compare defense effects of the soft and hard cooperative timers, kernel drivers are respectively designed for the global timer, the PMCNTR and the soft and hard cooperative timers to realize a high-resolution time API, and are respectively used for running Flush + Reload attacks. FIG. 5 is a comparison of the results of running a Flush + Reload attack with different timers. The attack object we chose is the AES encryption T-table implementation in OpenSSL. In fig. 5, (a) is a result of Flush + Reload attack using a global timer, (b) is a result of Flush + Reload attack using a pmcntr (performance monitoring cycle count register), and (c) is a result of Flush + Reload attack using a soft and hard co-timer according to the present invention. The abscissa of the three graphs represents the index of the cache line flush operation and the ordinate represents the offset address (/4) relative to the Te0 table header address in the AES encryption T table implementation. We encrypt 1000 times at each offset address in each cache line index. The shades of colors in the figure represent the number of cache hits.
Due to the first byte k of the key0We set to 0x00, so the offset address of the ordinate also corresponds to
We have the first byte of plaintext to grow from 0 to 255 in 16 steps, so when the Flush + Reload attack is successful, the number of cache hits on the main diagonal should be significantly higher than elsewhere. In other words, the main diagonal line should be a light straight line. From the three graphs of fig. 5 we can see a Flush + Reload attack using pmcntr and a global timer. The main diagonal is a very obvious light straight line, which indicates the success of the attack. However, use soft and hard coordinated timer to do Flush +And in the Reload attack, the color distribution of the main diagonal line is approximate to random, and the attack failure is shown. The comparison result of the Flush + Reload attack proves that the soft and hard cooperative timer can effectively defend the Flush + Reload attack compared with other two high-resolution timers.
FIG. 6 is a diagram of spectrum attack based on flush operation versus secure resolution safe _ resolution of soft and hard co-timers. The abscissa represents the value of safe _ resolution, and the ordinate represents the success rate of the spectrum attack. We transplanted the original spectrum attack source code (see p.kocher, j.horns, a.fogh, d.genkin, d.gruss, w.haas, m.hamburg, m.lipp, s.mangard, t.prescher, m.schwarz, y.yarom.spectra adapters: explicit diagnosis. in 40th IEEE Symposium on Security and Privacy,2019) onto the ARM-FPGA embedded SoC platform and simply modified it to one byte per attack, breaking out the correct byte represents the success of the attack.
As can be seen from fig. 6, the attack success rate as a whole decreases as the safe _ resolution increases. The leftmost bit of the abscissa is 1, i.e., the least significant bit is the 1 st bit. It represents the high resolution state of the soft and hard co-timer when no flush operation is occurring in the system. When the value of the abscissa increases to 10, i.e., the 10 th bit of the least significant bit, the attack success rate decreases to approximately 0. This value, i.e., the location of the safe _ resolution parameter at the end of initialization, is marked by the red dashed line in FIG. 6. The rightmost side of the abscissa is 16, i.e., the least significant bit is the 16 th bit, representing the state of safe _ resolution before initialization. As is apparent from fig. 6, the initialized soft and hard co-timer can reduce the attack success rate to a level close to 0, and can effectively resist the spectrum attack based on flush operation.
To illustrate the performance of the present invention, a comparison table of the access times of the above three timers is given first, and then a comparison graph of the time consumption of the original and modified flush operations is given.
Table 3 below compares the average access delays of the various timers, all normalized to 667MHz of CPU clock.
Table 3: average access delay of different timers
| Kind of timer | Average access latency |
| Global timer | 509 |
| PMCCNTR | 442 |
| Soft and hard co-timer | 484 |
As can be seen from table 3, the soft and hard co-timer access latency of the present invention is 9.5% slower than pmcntr, but 5% faster than the global timer. This indicates that the access delay of the soft and hard co-timers is not significantly increased compared to the global timer and pmcntr.
FIG. 7 is a distribution of time consumption for two flush operation APIs. The triangles represent the original flush operation API and the black squares represent the flush operation API modified specifically for the soft and hard co-timer of the present invention. Overall, the modified flush operation API consumed 12% more time than the original flush operation API. This is mainly because the flush operation API of the present invention has one more function of iowrite32() than the original flush operation API to implement communication with the hardware module.
Another embodiment of the present invention provides an ARM-FPGA embedded SoC, which includes the above-described software and hardware coordinated timer system capable of resisting cache attacks based on flush operations. The software and hardware coordinated timer system comprises an initialization software module, a runtime software module and a hardware module; the hardware module comprises a safe low-resolution timer and a high-resolution timer; in the initialization stage, the initialization software module and the hardware module cooperate with each other to test the highest time resolution within the safety range and adjust the safety low resolution timer in the hardware module to the time resolution; in the runtime stage, the runtime software module and the hardware module adaptively convert the time resolution according to whether the system process calls flush operation.
The above embodiments are only intended to illustrate the technical solution of the present invention and not to limit the same, and a person skilled in the art can modify the technical solution of the present invention or substitute the same without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.
Claims (5)
1. A method for realizing soft and hard cooperative timers capable of resisting cache attacks based on flush operation is characterized by comprising an initialization phase and a runtime phase, wherein:
in the initialization stage, the initialization software module and the hardware module cooperate with each other to test the highest time resolution within the safety range and adjust the safety low resolution timer in the hardware module to the time resolution;
in the runtime stage, the runtime software module and the hardware module adaptively convert the time resolution according to whether the system process calls flush operation;
the initialization phase comprises the following steps:
circularly initiating selected cache attacks based on flush operation, and continuously adjusting the safety resolution of the hardware module according to the attack result of each circulation;
when the cycle attack is successful, the initialization software module and the hardware module work cooperatively, so that the hardware module finishes the initialization stage and starts to enter the operation stage;
when the attack is successful, the initialization software module and the hardware module perform cooperative work, and the method operates according to the following steps:
firstly, initializing a software module to send a resolution reduction signal to a hardware module to reduce the safety resolution of the hardware module by 1 bit;
secondly, the initialization software module sends an initialization completion signal to the hardware module;
thirdly, the hardware module receives the initialization completion signal and authenticates the signal;
fourthly, after the authentication is passed, the hardware module receives an initialization completion command, and the hardware module adaptively adjusts the self state to be a high-resolution timer state;
the runtime phase steps include:
when the hash operation is called, the runtime software module sends a flush operation calling signal to the hardware module;
after receiving the flush operation calling signal, the hardware module converts the state of the high-resolution timer into a safe state of a low-resolution timer, namely the safe low-resolution timer can be accessed at a first address;
the hardware module automatically reverts to the high resolution timer state after a certain number of CPU clock cycles in the secure low resolution timer state.
2. The method of claim 1, wherein the selected flush operation based cache attack is performed according to the following steps:
respectively accessing data in the cache and data not in the cache for multiple times, recording time, and then respectively calculating the average access time of the two data;
and calculating the difference value of the two average access times, judging that the attack fails when the difference value is less than 1 bit, and judging that the attack succeeds when the difference value is greater than or equal to 1.
3. The method according to claim 1, wherein the security resolution of the hardware module is continuously adjusted according to the attack result of each loop, and the operations are respectively as follows:
when the attack fails: initializing a software module to send a resolution increasing signal to a hardware module to increase the safe low resolution of the hardware module by 1 bit, and then restarting the attack;
when the attack is successful: the initialization software module sends a resolution reduction signal to the hardware module to reduce the security resolution of the hardware module by 1 bit.
4. A software and hardware coordinated timer system capable of resisting cache attacks based on flush operation by adopting the method of any one of claims 1-3 is characterized by comprising an initialization software module, a runtime software module and a hardware module; the hardware module comprises a safe low-resolution timer and a high-resolution timer; in the initialization stage, the initialization software module and the hardware module cooperate with each other to test the highest time resolution within the safety range and adjust the safety low resolution timer in the hardware module to the time resolution; in the runtime stage, the runtime software module and the hardware module adaptively convert the time resolution according to whether the system process calls flush operation.
5. An ARM-FPGA embedded SoC, comprising the soft and hard co-timer system of claim 4, which is resistant to cache attacks based on flush operations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910604224.6A CN110502933B (en) | 2019-07-05 | 2019-07-05 | Method and system for realizing soft and hard cooperative timer capable of resisting cache attack based on flush operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910604224.6A CN110502933B (en) | 2019-07-05 | 2019-07-05 | Method and system for realizing soft and hard cooperative timer capable of resisting cache attack based on flush operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110502933A CN110502933A (en) | 2019-11-26 |
| CN110502933B true CN110502933B (en) | 2021-07-13 |
Family
ID=68585955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910604224.6A Active CN110502933B (en) | 2019-07-05 | 2019-07-05 | Method and system for realizing soft and hard cooperative timer capable of resisting cache attack based on flush operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110502933B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111898127A (en) * | 2020-07-02 | 2020-11-06 | 中国科学院信息工程研究所 | Method and system capable of resisting Spectre attack based on flush operation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2521412A1 (en) * | 2008-10-31 | 2012-11-07 | HTC Corporation | Method fro improving random access procedure in wireless communications system and related communication device |
| CN105022956A (en) * | 2015-08-14 | 2015-11-04 | 中国科学院计算技术研究所 | Method for protecting against code reuse attack |
| CN109213301A (en) * | 2017-06-29 | 2019-01-15 | 美商安迈科技股份有限公司 | Support the UEFI shell program technic and its computer system of battery saving mode |
| CN109918928A (en) * | 2019-03-05 | 2019-06-21 | 中国人民解放军32082部队 | A kind of password chronometric analysis method of cache access collision |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090089564A1 (en) * | 2006-12-06 | 2009-04-02 | Brickell Ernie F | Protecting a Branch Instruction from Side Channel Vulnerabilities |
| DE102014212224A1 (en) * | 2014-06-25 | 2015-12-31 | Robert Bosch Gmbh | Method and device for generating a secret key |
| CN104144165A (en) * | 2014-08-11 | 2014-11-12 | 互联网域名系统北京市工程研究中心有限公司 | Caching method and system for resisting DNS dead domain attacks |
| CN107820605B (en) * | 2017-03-27 | 2021-06-01 | 香港应用科技研究院有限公司 | System and method for dynamic low-latency optimization |
| CN107085545B (en) * | 2017-06-01 | 2020-06-19 | 北京智慧云测科技有限公司 | Security assessment method and system based on AES algorithm of Cache |
| CN108650075B (en) * | 2018-05-11 | 2020-09-08 | 中国科学院信息工程研究所 | Soft and hard combined AES (advanced encryption standard) rapid encryption implementation method and system for resisting side channel attack |
-
2019
- 2019-07-05 CN CN201910604224.6A patent/CN110502933B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2521412A1 (en) * | 2008-10-31 | 2012-11-07 | HTC Corporation | Method fro improving random access procedure in wireless communications system and related communication device |
| CN105022956A (en) * | 2015-08-14 | 2015-11-04 | 中国科学院计算技术研究所 | Method for protecting against code reuse attack |
| CN109213301A (en) * | 2017-06-29 | 2019-01-15 | 美商安迈科技股份有限公司 | Support the UEFI shell program technic and its computer system of battery saving mode |
| CN109918928A (en) * | 2019-03-05 | 2019-06-21 | 中国人民解放军32082部队 | A kind of password chronometric analysis method of cache access collision |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110502933A (en) | 2019-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gruss et al. | Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR | |
| US9710651B2 (en) | Secure processor for SoC initialization | |
| GB2544452B (en) | Data processing systems | |
| US10095862B2 (en) | System for executing code with blind hypervision mechanism | |
| US20070226795A1 (en) | Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture | |
| US9740887B2 (en) | Methods and systems to restrict usage of a DMA channel | |
| Martignoni et al. | Live and trustworthy forensic analysis of commodity production systems | |
| US20070180269A1 (en) | I/O address translation blocking in a secure system during power-on-reset | |
| Strackx et al. | The Heisenberg defense: Proactively defending SGX enclaves against page-table-based side-channel attacks | |
| US8843742B2 (en) | Hypervisor security using SMM | |
| US20190050570A1 (en) | Computer resource access control based on the state of a non-accessing component | |
| CN111898127A (en) | Method and system capable of resisting Spectre attack based on flush operation | |
| US20100138616A1 (en) | Input-output virtualization technique | |
| Schwarzl et al. | Dynamic process isolation | |
| CN110502933B (en) | Method and system for realizing soft and hard cooperative timer capable of resisting cache attack based on flush operation | |
| Brumley | Cache storage attacks | |
| EP1987430B1 (en) | Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture | |
| Tiemann et al. | IOTLB-SC: An accelerator-independent leakage source in modern cloud systems | |
| Ge et al. | More secure collaborative apis resistant to flush+ reload and flush+ flush attacks on armv8-a | |
| Ge et al. | More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System | |
| Ge et al. | AdapTimer: Hardware/Software Collaborative Timer Resistant to Flush-Based Cache Attacks on ARM-FPGA Embedded SoC | |
| JP2021012679A (en) | Controller with flash emulation function and control method | |
| He et al. | Flush-detector: More secure API resistant to flush-based spectre attacks on ARM cortex-A9 | |
| US20240289438A1 (en) | Memory Controller, Method for a Memory Controller and Apparatus for Providing a Trusted Domain-Related Management Service | |
| CN111480160A (en) | Process verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |