CN114579477A - Dynamic information flow tracing processor structure based on hardware safety label - Google Patents

Dynamic information flow tracing processor structure based on hardware safety label Download PDF

Info

Publication number
CN114579477A
CN114579477A CN202210112760.6A CN202210112760A CN114579477A CN 114579477 A CN114579477 A CN 114579477A CN 202210112760 A CN202210112760 A CN 202210112760A CN 114579477 A CN114579477 A CN 114579477A
Authority
CN
China
Prior art keywords
tag
instruction
security
processor core
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210112760.6A
Other languages
Chinese (zh)
Inventor
李翔宇
赵颖渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN202210112760.6A priority Critical patent/CN114579477A/en
Publication of CN114579477A publication Critical patent/CN114579477A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0806Multiuser, multiprocessor or multiprocessing cache systems
    • G06F12/0811Multiuser, multiprocessor or multiprocessing cache systems with multilevel cache hierarchies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses dynamic information flow tracking processor structure based on hardware security tags, in the processor structure, security-related tag bits are newly added to a register in a processor core and a memory in a storage module, and real-time and efficient tracking of information flow is realized by newly adding tag checking and transmitting logic circuits to the processor core. By adding a security-related tag bit to the data cache in the storage module, protection against side channel attacks is achieved under the condition of small performance influence. Therefore, the method and the device utilize the newly added tag bit to divide the security level of the program, formulate the tag transmission rule in the processor core, define the abnormal behavior which can possibly damage the system security, prevent the side channel attack which can possibly utilize the cache, and ensure the standard and the security of the program operation. Therefore, the problems that potential safety hazards exist due to lack of dynamic information flow tracking monitoring, the performance of a cache mechanism is greatly influenced and the like are solved.

Description

Dynamic information flow tracing processor structure based on hardware safety label
Technical Field
The present application relates to the field of processor chip technologies, and in particular, to a dynamic information flow tracing processor structure based on a hardware security tag.
Background
An information stream, in a broad sense, refers to a set of information that propagates moving in the same direction, both spatially and temporally, and that has the same source and destination, i.e., the set of all information that is passed from one source unit to another destination unit. In a narrow sense, information flow refers to the transfer motion of information through a certain channel according to certain requirements, and this motion is also the main object of modern information technology research.
Information flow tracing technology, in the field of computer security, refers to tracing the flow of program information using some method for identifying operations in which the information security (confidentiality, integrity, availability) of a system may be damaged. Generally, information flow tracing can be divided into two technical schemes, namely static information flow tracing and dynamic information flow tracing: the static information flow tracking tracks the information flow before and after the processor system works, namely the system work and the tracking analysis are carried out separately; dynamic information flow tracking tracks information flow during processor system operation, i.e., system operation and tracking analysis are performed simultaneously. Compared with static information flow tracking, dynamic information flow tracking has the advantages of accurate problem positioning, good real-time prevention and the like, can effectively find potential malicious attacks in the working process of a system, and timely takes corresponding measures to prevent the malicious attacks from being carried out.
Dynamic flow tracking, in general, may be implemented by software or hardware. Regarding the dynamic information flow tracing implemented by software, it is mainly to add some tracing-related instruction segments or program segments in the original program to complete the run-time tracing, and these extra added program contents are redundant to the original program and do not change the running steps and running results of the original program. Regarding the dynamic information flow tracing implemented by hardware, some tracing related logic circuits are mainly added in the system hardware to complete the run-time tracing, and these extra added circuits are redundant to the original circuit and do not affect the working mode of the original circuit. Compared with dynamic information flow tracking realized by software, the dynamic information flow tracking realized by hardware has the advantages of high tracking speed, high processing authority and the like, can realize tracking by using a special logic circuit under the condition of not increasing redundant codes, and has larger degree of freedom to take precautionary measures after malicious attacks are found.
Within the scope of hardware implementation of dynamic information flow tracing, there are different hardware abstraction levels, and the abstraction levels include from low to high in order: circuit level, gate netlist level (gate level for short), Register Transfer Level (RTL), architecture level, algorithm level, and system level. The hardware implementation of the abstraction layer at the gate level and the architecture level is more mainstream, and certainly, the hardware implementation of dynamic information flow tracking at other abstraction layers is not lacked. Regarding dynamic information flow tracking of gate-level abstraction, logic gates are mainly regarded as carriers of information flow, the influence of each logic gate on the information flow is concerned, and hardware tracking of information flow on the logic gates is designed. Regarding dynamic information flow tracking of architecture level abstraction, instructions are mainly regarded as carriers of information flow, the influence of each instruction on the information flow is concerned, and the information flow on hardware tracking instructions is designed. Compared with the hardware implementation of gate level abstraction, the hardware implementation of architecture level abstraction can complete information flow tracing with less hardware resources, the realization of dynamic information flow tracing at the abstraction level can remove a plurality of relatively redundant hardware circuits, the realization of dynamic information flow tracing with relatively 'core' hardware circuits can realize dynamic information flow tracing with good effect, and the realization efficiency is higher.
A Memory Management Unit (MMU), also known as a Memory Management Unit, is a hardware module specially responsible for Memory access requests of a processor, is a relay control Unit for connecting a processor kernel to a cache (cache) and a physical Memory, and has main functions including conversion from a virtual address to a physical address, Memory protection, cache control, and the like.
RISC-V is an open source instruction set architecture based on the principle of a reduced instruction set, is designed to be suitable for modern computing equipment, considers the practical conditions of small size, high speed and low power consumption, has the characteristics of complete open source, simple architecture, easy operating system transplantation, modular design, complete tool chain and the like, does not excessively design a specific micro architecture, and can be used for realizing various customized designs and innovative exploration. The RISC-V instruction set architecture specifies three privilege modes, machine Mode (M-Mode), supervisor Mode (S-Mode), and user Mode (U-Mode), where M-Mode has the highest privilege, S-Mode has the next highest privilege, and U-Mode has the lowest privilege.
In the related art, a processor architecture (TIMBER-V) based on RISC-V instruction set architecture, which utilizes tags (Tag) for fine-grained memory isolation, adds a 2-bit Tag to each 32-bit memory data or instruction in a memory, and performs privilege control on memory access in combination with an MMU. In the scheme, a general domain and a credible domain are respectively divided for an original U-mode and an S-mode, so that the original U-mode is divided into a current 'general U-mode' and a 'credible U-mode' (TU-mode), and the original S-mode is divided into a current 'general S-mode' and a 'credible S-mode' (TS-mode). The role of the added 2-bit tag is equivalent to that of metadata (data describing data), and is used to represent the security domain where the corresponding storage data or instruction is located, and the specific security domain division is as follows (the instruction itself is also regarded as data and is not distinguished here): the data in the 'general U-mode' and the 'general S-mode' are N-tag data and have the lowest security; the data in the TU-mode is TU-tag data and has medium safety; the data in the TS-mode is TS-tag data and has the highest security; the TC-tag data is a kind of special data, is used as a call point or an entry point of the N-tag data for accessing the TU-tag data or the TS-tag data in a program, and has the same highest security as the TS-tag data. The defects in the United states are that the TIMBER-V technical scheme only examines Tag at a memory end in a data access and storage link, and a security hole may exist due to lack of tracking and monitoring of information flow of a non-memory access instruction and a program segment in the program execution process.
At an abstract level of a framework level, most of dynamic information flow tracking realized by hardware adopts a dynamic taint propagation analysis technology, and the main principle of the technology is as follows: in the program running process, whether the taint data can affect the safety sensitive operation is detected through the dissemination of the taint data of the real-time monitoring program, and a taint source, a dissemination rule and a monitoring point are often defined according to different attack and defense scenes. The dynamic taint propagation analysis is an effective technical scheme capable of judging whether program information flow is safe, but the attention is that certain taint data are used for tracking a propagation path of the existing defined taint data, and therefore the reporting failure condition can occur under the condition that the taint data are not completely covered.
The cache invalidation technology and the cache locking technology are two common technologies in the aspect of cache side channel protection. Regarding the cache invalidation technique, the purpose of side channel protection is mainly achieved by invalidating a specific cache line (cacheline), at this time, it is equivalent to that the specific cache line is bypassed, and the processor directly accesses the memory. Regarding the cache locking technology, the purpose of side channel protection is mainly achieved by locking a specific cache line, at this time, it is equivalent to that the content in the specific cache line is "solidified", and only constant cache hit (hit) and cache miss (miss) situations can be generated. Although the two technologies can realize effective side channel protection, the original cache mechanism is basically and completely shielded, so the performance cost is not negligible.
Disclosure of Invention
The application provides a dynamic information flow tracking processor structure based on a hardware security tag, which aims to solve the problems that potential safety hazards exist due to lack of tracking monitoring of non-memory access instructions and information flows of program segments in the program execution process, abnormal and missed report conditions occur when dirty data are not completely covered, and the influence of safety protection measures on the performance of an original cache mechanism is large.
The embodiment of the first aspect of the present application provides a dynamic information flow tracing processor structure based on a hardware security tag, including the following steps: a processor core; processor tag bits disposed on a plurality of registers within the processor core to represent security domains in which values of the plurality of registers reside; the processor core label logic circuit is arranged in the processor core and is used for transmitting the label and checking the rule of the dynamic information flow according to the label transmission rule in the processor core; a storage module; and the storage tag bit is arranged in the storage module and is used for carrying out storage isolation and cache isolation among different security domains.
Optionally, in an embodiment of the present application, the method further includes: and the memory management unit is arranged between the processor core and the storage module and is used for carrying out storage isolation between different users in the same security domain.
Optionally, in an embodiment of the present application, the processor core tag logic circuit includes: the instruction logic circuit is used for monitoring the safety condition of the instruction stream in the processor core so as to ensure the safe execution of the instruction;
and the data logic circuit is used for completing label transmission calculation of each instruction and monitoring the safety condition of the data flow so as to ensure the safety access of the data.
Optionally, in an embodiment of the present application, a 2-bit tag is set on each 64-bit wide register.
Optionally, in an embodiment of the present application, the processor core tag logic circuitry is disposed on an instruction pipeline and/or a data path within the processor core.
Optionally, in an embodiment of the present application, the storage tag bit is disposed on an instruction buffer memory inside the storage module, and is used for storing a tag provided to the processor core, wherein a 2-bit tag is added to each 32-bit storage instruction.
Optionally, in an embodiment of the present application, the storage tag bit is disposed on a data buffer memory inside the storage module, and is used for isolating different security domains at a cache level, wherein a 2-bit tag is added to each 32-bit storage data, and a 1-bit tag is added to each buffer block for isolating different processes of the same security domain at the cache level.
Optionally, in an embodiment of the present application, a memory tag logic circuit disposed on the data buffer memory is used for controlling secure access to the data buffer memory.
Optionally, in an embodiment of the present application, the memory tag bits are disposed on a physical memory inside the memory module, wherein a 2-bit tag is added for every 32-bit memory data or instruction.
Optionally, in an embodiment of the present application, the method further includes: and the exception generating module is arranged in the processor core and is used for generating a trigger signal and corresponding exception information when the logic circuit detects an exception.
Therefore, the application has at least the following beneficial effects:
1) the data is subjected to full-flow safety tracking and safety limitation in three layers of a memory, a cache and a processor core, so that complete system safety is guaranteed to a great extent;
2) by adopting a fine-grained Tag management mode, the safety of each instruction and each data can be monitored in real time, and information flow tracking can be more accurately carried out;
3) the safety level of the program is divided, so that the compromise between the execution speed and the safety degree can be made when the program is written;
4) the Tag mechanism and the storage management mechanism are independent from each other and can be combined to achieve more complete safety or higher overall efficiency;
5) the security isolation measures introduced at the cache layer have small influence on the original cache mechanism, and the cache side channel protection with good effect can be realized at low performance cost.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a block diagram of a dynamic information flow tracking processor based on a hardware security tag according to an embodiment of the present application;
FIG. 2 is a block diagram illustrating an overview of a hardware security tag based dynamic traffic trace processor architecture, according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a dynamic information flow tracing processor architecture for data security tracing based on hardware security tags according to an embodiment of the present application;
FIG. 4 is a diagram illustrating a dynamic information flow tracing processor architecture for instruction security tracing based on hardware security tags, according to an embodiment of the present application.
Description of reference numerals: processor core-100, memory module-200.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
A hardware security tag-based dynamic information flow tracing processor architecture according to an embodiment of the present application is described below with reference to the accompanying drawings. Aiming at the problems that in the related technology mentioned in the background technology, the tag bit is only examined at the memory end of the data access link, and the non-memory access instruction and the information flow of the program segment in the program execution process are lack of tracking and monitoring, so that the program operation may have a security hole, and meanwhile, the abnormal report missing condition easily occurs under the condition that the dirty data coverage is incomplete. In addition, when the side channel is protected, the original cache mechanism is basically and completely shielded, the performance loss is serious and the like, the application provides a dynamic information flow tracking processor structure based on a hardware security tag, and in the structure, the information flow is tracked efficiently in real time by newly adding security related tag bits to a register in a processor core and a memory in a storage module and by newly adding tag checking and transmitting logic circuits to the processor core. In addition, security-related tag bits are added to the data cache in the storage module, so that protection against side channel attacks is achieved under the condition of small performance influence. Meanwhile, the embodiment of the application fully utilizes the newly added tag bit, divides the security level of the program, formulates the tag transmission rule in the processor core, defines the abnormal behavior which can possibly damage the security of the system, prevents the side channel attack which can be carried out by utilizing the cache, and ensures the specification and the security of the program operation to a great extent. Therefore, the problems that potential safety hazards exist due to lack of tracking and monitoring of information flow of non-memory access instructions and program segments in the program execution process, abnormal and missed report situations occur when dirty data are not completely covered, and the performance of an original cache mechanism is greatly influenced by safety protection measures and the like are solved.
Specifically, fig. 1 is a block diagram of a dynamic information flow tracking processor based on a hardware security tag according to an embodiment of the present disclosure.
As shown in fig. 1, the dynamic information flow tracking processor architecture 10 based on hardware security tags includes: a processor core 100 and a memory module 200.
Specifically, the processor core 100 includes a controller, an operator, a register set, and the like. The controller consists of an instruction register, an instruction decoder, a program counter and a corresponding circuit. The arithmetic unit is composed of an arithmetic Logic unit alu (arithmetic Logic unit), an accumulator, and a flag register. The register set typically includes general purpose registers such as instruction registers, address registers, and the like.
Optionally, in an embodiment of the present application, in the processor core 100, further includes: processor tag bits, which are provided on a plurality of registers within processor core 100, are used to indicate the security domains in which the values of the plurality of registers reside.
It should be understood that the embodiments of the present application add 2-bit tags to the registers within processor core 100, and these additional tags are "hardware security tags". Comprehensively considering the granularity of data and the matching degree with the TIMBER-V technical scheme, the embodiment of the application adds a 2-bit label to each register with 64 bit width (including an instruction visible general register and an instruction invisible PC register) for representing the security domain where the corresponding register value is located, thereby realizing the information flow tracking with finer granularity.
In the embodiments of the present application, Tag is used to refer to the added Tag bit in the embodiments of the present application.
The security domain represented by the specific value of the 2-bit tag is defined as follows: "0 b 00" represents N-tag domain, "0 b 01" represents TC-tag domain, "0 b 10" represents TU-tag domain, and "0 b 11" represents TS-tag domain. All instructions and static data tags related in the program are marked when the program is initialized, and dynamic data appearing in the program running process can mark the tags in real time according to the current instruction execution condition. It should be noted that the TC-tag does not represent an actual security domain, but merely serves as an entry for securely transitioning from the N-tag domain to the TU-tag domain or the TS-tag domain, and when performing tag transfer in the processor core 100, the tag of the TC-tag instruction is set to be TU-tag (where the TC-tag is an entry of the TU-tag) or TS-tag (where the TC-tag is an entry of the TS-tag) according to the tag of the next sequential instruction, that is, the TC-tag label does not actually appear in the process of tag transfer in the core.
Optionally, in an embodiment of the present application, in the processor core 100, further including: and the processor core 100 tag logic circuit is arranged in the processor core 100 and is used for carrying out tag transmission and rule check on the dynamic information flow according to a tag transmission rule in the processor core 100.
It should be understood that the above-mentioned label delivery rules include data-oriented label delivery rules and control-oriented label delivery rules. The embodiment of the application carries out dynamic information flow tracking on the basis of the RV64I instruction set of RISC-V, analyzes the influence of each instruction in the instruction set on the information flow respectively, and then adapts a tracking related logic circuit based on a label transfer rule for each instruction according to the analysis result.
It should be noted that, the embodiments of the present application perform dynamic information flow tracing at the instruction set level, and the abstraction layer belonging to the architecture level, the gate level abstraction and other abstraction layers are not referred to in the present application for a while.
To facilitate understanding of the tag passing rules, embodiments of the present application first separate the instructions in the instruction set into three classes: the first type of instruction is an instruction (type I instruction) which only accesses an in-core register, and comprises an integer calculation instruction and a control transfer instruction; the second type of instruction is an instruction (class II instruction) which needs to access the out-of-core memory, specifically a Load (Load) and Store (Store) instruction; the third class of instructions are instructions that access neither in-core registers nor out-of-core memory (class III instructions), including store sequencing instructions and portions of system instructions. Meanwhile, the application provides that the Tag of the immediate operand in the instruction is the same as the Tag of the instruction itself.
The specific rule for data-oriented label delivery is as follows:
1) for integer calculation instructions in class I instructions, the source operand is an immediate or general purpose register, the destination operand is a general purpose register only, and the tag passing rule is: when "the Tag of the low-security data is dominant and the Tag of the instruction does not affect the Tag of the data", that is, when both the high-security data and the low-security data generate output data through calculation, the Tag of the output data is marked as the Tag of the low-security data, and the Tag of the instruction itself does not affect the Tag of the output data.
2) For a control transfer instruction in a class I instruction, the source operand is an immediate or general purpose register, and the destination operand is a PC register or general purpose register, since the transfer behavior generated by the instruction can be considered as overwriting the value of the PC register. When the destination operand is a PC register, the Tag passing rule is "low-security data or Tag of an instruction is dominant", that is, no matter whether the two data are compared to judge whether a branch action is generated or not or whether the branch action is directly generated, the Tag of the PC is determined according to the Tag of the instruction itself, and the Tag with the lowest indicated security is taken as the Tag of the PC. When the destination operand is a general register, the Tag passing rule is "Tag of a low-security instruction is dominant", that is, if the security of the instruction is lower than that of the target instruction, the Tag of the register is the Tag of the instruction, otherwise, the Tag is the Tag of the target instruction.
3) For class II instructions, the source operand is an immediate or general register, the destination operand is only a general register, although the form of the instruction is similar to that of the integer calculation instruction in the class I instructions, the data which needs to be accessed is actually located in an off-core memory, and therefore the access operation which is different from the integer calculation instruction is carried out; similar to the immediate, register-related Tag transfer rules and integer calculation instructions, the memory-related Tag transfer rule is that "Tag can be normally transferred when the security of the access address or instruction is not lower than that of the access data", that is, the Load and Store instructions need to first determine the Tag of the access address according to the Tag of the immediate and the Tag of the register, and then determine whether the Tag of the access data can be normally transferred by combining the Tag of the instruction itself, and the corresponding access operation can be executed when the lowest security indicated by the two is not lower than that indicated by the Tag of the access data.
4) For class III instructions, there is no tag passing rule since there is no impact on the in-core registers and the out-of-core memory.
As shown in FIG. 2, the structure of the internal pipeline of processor core 100 is shown and the locations of the Tag and Tag logic in the datapath are indicated. In fig. 2, a Tag logic is added beside general logic such as ALU and LSU, and is used to complete Tag transfer calculation of each instruction and monitor security of data stream, so as to ensure secure access of data.
The above-mentioned label delivery rules are all data-oriented label delivery rules, i.e. the concern is the influence of the function of the instruction itself on the registers and memories. Whereas the control-oriented tag delivery rules focus on the order of execution between instructions. Specifically, within processor core 100, Tag logic maintains a Tag that represents the instruction execution state of processor core 100, i.e., the Tag of the PC register, independent of the Tag of the fetched instruction. The label transmission rule is that the security of the current instruction is generally the same as that of the next instruction, the current instruction with low security can be transferred to the next instruction with high security through the next TC-Tag instruction, and the current instruction with high security can be directly transferred to the next instruction with low security, that is, the security indicated by the Tag of the current instruction is not lower than that indicated by the Tag of the next instruction, unless the TC-Tag instruction is transited from the low security domain to the high security domain, the Tag of the PC register and the Tag of the fetched instruction are compared, and the Tag of the PC register can be updated to the Tag of the fetched instruction after the above conditions are met. It should be noted that the calculation of the control transfer instruction in the class I instruction can change the value of the PC register, but is also within the limits of the tag passing rules.
For example, as shown in FIG. 2, each of the 64-bit wide PC registers and general purpose registers is added with a 2-bit Tag to indicate the security domain of the data therein; a Tag logic is added beside the instruction fetching unit for monitoring the safety condition of the instruction stream and ensuring the safe execution of the instruction, and the Tag logic is mainly implemented on the specific circuits of the control-oriented Tag transmission rule and the execution rule described below.
It should be noted that the Tag of the PC register may be updated by the Tag logic beside the fetch unit (sequential execution) or updated by the execution result of the control branch instruction (branch execution), and the PC register and the Tag thereof are updated almost simultaneously in practice, but the identification of updating the PC register is omitted in fig. 2. The Tag of the general register can only be updated by the write-back operation of the instruction, the value of the written-back Tag is calculated by the Tag logic beside the general logic, and the general register and the Tag thereof are updated almost simultaneously in reality, but the identification of updating the general register is omitted in fig. 2.
Optionally, in an embodiment of the present application, the processor core 100 tag logic circuit includes: instruction logic to monitor the security of the instruction stream within processor core 100 to ensure safe execution of instructions; and the data logic circuit is used for completing label transmission calculation of each instruction and monitoring the safety condition of the data flow so as to ensure the safety access of the data. In particular implementations, tag logic of embodiments of the present application may be disposed in an instruction pipeline and/or data path within processor core 100.
It is to be understood that the information flow mentioned in the embodiments of the present application refers to the information flow covered by the narrow definition information flow, and the structure of the embodiments of the present application is only directed to dynamic information flow tracking and does not refer to static information flow tracking. The dynamic information flow tracking processor structure stated in the embodiment of the application is the dynamic information flow tracking realized by hardware, compared with the dynamic information flow tracking realized by software, the dynamic information flow tracking realized by hardware has the advantages of high tracking speed, high processing authority and the like, can realize tracking by using a special logic circuit under the condition of not increasing redundant codes, and has larger freedom to take precautionary measures after discovering malicious attacks. Therefore, the embodiment of the present application adds a logic circuit (Tag logic) dedicated to processing Tag to the instruction pipeline and data path in the processor core 100, which needs to take charge of Tag passing and rule checking of Tag in core according to Tag passing rule in core.
It can be understood that, the embodiment of the application adds a tag inside the processor on the basis of the TIMBER-V technical scheme, and performs information flow tracing of the whole process. On the one hand, security problems during execution of non-memory access instructions can be discovered; on the other hand, the label information can be utilized to carry out safety protection more accurately, and the energy efficiency of the safety mechanism operation is improved. Meanwhile, the idea similar to the dynamic taint propagation analysis is adopted, the flow path of the information is tracked based on a certain propagation rule, but the point of attention is that the whole system is not certain data, the information transmission of the whole system with the security domain division is tracked, whether unreasonable information flow behaviors crossing the security domain exist in the system operation process is mainly considered, and the completeness is high.
In addition, the dynamic information flow tracing processor structure proposed by the embodiment of the present application further includes a storage module 200, and fig. 2 illustrates a storage structure of the storage module 200. Specifically, as shown in fig. 2, the memory module 200 generally includes: the main memory includes a physical memory, a Cache memory, and the like, wherein the Cache memory is separated into an instruction Cache (icache) and a data Cache (dcache) and indicates a position of the Tag therein.
Optionally, in an embodiment of the present application, the storage module 200 further includes: the memory tag bit in the memory module 200 is used for performing memory isolation and cache isolation between different security domains.
Optionally, in an embodiment of the present application, the storage tag bit is disposed on an instruction buffer memory inside the storage module 200, for storing a tag provided to the processor core 100, wherein a 2-bit tag is added to each 32-bit storage instruction.
Specifically, the ICache is dedicated to the caching of instructions, where 2-bit tags are added for every 32-bit store instruction, where the added Tag bits are used only to temporarily store the tags that need to be provided to processor core 100, and no other security circuitry is added to the ICache that operates on the tags.
Optionally, in an embodiment of the present application, the storage tag bits are disposed on a data buffer memory inside the storage module 200, and are used to isolate different security domains at a cache level, where a 2-bit tag is added to each 32-bit storage data, and a 1-bit tag is added to each buffer block to isolate different processes of the same security domain at the cache level.
It should be noted that, in the present application, a Tag-based security domain isolation mechanism is introduced into a data cache, which is dedicated to caching data. In the data cache, a 2-bit tag is added to each 32-bit cache data, and the specific meaning of the 2-bit tag is the same as that of a register tag in the processor core 100, that is, the 2-bit tag is used for isolation between different security domains. A1-bit Tag TV-Tag is added to each cacheline to realize mutual isolation between different processes of the same security domain (TU-Tag) on the cache level, and a tightly coupled Tag logic is added in the DCache to control the security access to the DCache. The TV-tag only acts on the TU-tag security domain, and program segments of other security domains are not affected by the TV-tag.
The TV-tag label is used for indicating whether the corresponding cacheline is effective to the TU-tag process currently running, namely the cacheline is invalid when the value is 0 and effective when the value is 1; if the TU-tag process currently running accesses a cacheline, if the corresponding TV-tag label is 0, the process accesses the cacheline for the first time in the running process, so that a miss access is generated, and the TV-tag is set to be 1 after the access is finished; if the corresponding TV-tag label is 1, the process does not access the cacheline for the first time in the running process, and then a normal access is generated (hit or miss is generated according to whether the necessary data exists in the cacheline); when the TU-tag process is interrupted or its normal operation ends, the TV-tag tags of all cachelines are reset to 0.
In summary, this additional TV-tag is similar to the valid bit originally in the cache structure, but differs in that the valid bit is "global" (i.e., all processes share the valid bit) and the TV-tag is "local" (i.e., each TU-tag process shares the TV-tag separately).
Optionally, in an embodiment of the present application, memory tag logic on the data buffer memory is used to control secure access to the data buffer memory.
Specifically, cache access of program segments of different security is described as follows: when a Load/Store instruction of a low-security program accesses a cacheline which is just used by a high-security program, even if the cache can be identified with a bit, miss is generated because the total security of the access instruction is lower than the security of the corresponding cacheline, and at the moment, information left in the cache by the high-security program is not leaked to the low-security program, and the flow direction of a security information stream is not violated; when the Load/Store instruction of the high-security program accesses the cacheline which is just used by the low-security program, if the cache can be marked with the bit, and the total security of the access instruction is not lower than that of the corresponding cacheline, the cache access can generate hit, which accords with the flow direction of the security information stream.
In summary, the newly added "hardware security tag" in the data cache implements a security domain isolation mechanism on the cache layer, and security domain isolation is respectively performed between the low security program segment and the high security program segment, and between each TU-tag process, and does not have a large influence on the original cache mechanism.
Optionally, in an embodiment of the present application, the storage tag bits are disposed on a physical memory inside the storage module 200, wherein a 2-bit tag is added to each 32-bit storage data or instruction.
It should be noted that, at the memory side of the embodiment of the present application, the physical memory follows the memory structure and isolation method of TIMBER-V, that is, each 32-bit memory data or instruction has 2 additional tags, but the added circuit for security isolation is not shown in the drawings. And different security domains are subjected to storage isolation through additional labels, and different user processes in the same security domain are subjected to storage isolation through an MMU (memory management unit).
By way of introduction of the above embodiments, the hardware circuit of the embodiment of the present application mainly includes two major modules: a processor core 100 and a memory module 200, and further includes a relay control unit MMU as the processor core 100 and the memory module 200, as shown in fig. 2. The unit is a hardware module specially responsible for the storage access request of the processor, is a relay control unit of the kernel connection cache and the physical memory of the processor, and has the main functions of the conversion from a virtual address to a physical address, the storage protection, the cache control and the like. When the processor core 100 performs memory access through the MMU memory access interface, and when the memory module 200 responds to the memory access request of the processor core 100 through the memory access interface, the control through the MMU is required, and in addition, the MMU also takes part in the security isolation of part of the physical memory.
Optionally, in an embodiment of the present application, the method further includes: and the exception generating module is arranged in the processor core 100 and is used for generating a trigger signal and corresponding exception information when the logic circuit detects an exception.
It should be noted that, a series of security rules related to data and instruction Tag are defined in the present application, and a behavior violating the security rules is defined as an abnormal behavior, and if the abnormal behavior occurs, it indicates that there may be an operation for destroying the security of the system, and at this time, certain measures need to be taken for prevention.
In particular, the defined security rules include execution rules, which are rules regarding instruction execution, and memory access rules, which are rules regarding memory data access, and the corresponding violations are referred to as exception execution and exception access.
The specific execution rule is as follows:
1) some instruction → an instruction having the same security as "some instruction";
2) low security instruction → TC-tag instruction → high security instruction;
3) high security instruction → low security instruction.
In the instruction execution process of the processor, an instruction with a Tag of TC-Tag needs to be executed first when the low-security instruction changes into the high-security instruction, whereas if the low-security instruction (not passing through the TC-Tag instruction) → the high-security instruction occurs, that is, the security of the program running segment is improved without passing through the trusted entry point, this behavior violates the security execution rule, and the Tag embodied as the PC register is not updated according to the Tag transfer rule, which is defined as abnormal execution.
The specific access rules are as follows:
1) certain data → a security domain having the same security as "certain data";
2) low security data → high security domain.
Information can only flow between security domains with the same security or from a low security domain to a high security domain, if the overall security (generated after the security of an access address is compared with the security of an instruction) of a Load/Store instruction is lower than the security of accessed data, namely the low security instruction accesses the high security data, the row violates a security access rule, is specifically embodied that a Tag related to a class II instruction cannot be updated according to a Tag transmission rule, and is defined as an abnormal access. In a hardware circuit, Tag logics of an instruction fetch unit and a memory access unit (LSU) of a processor check the two safety rules, and when abnormal execution or abnormal access is detected, corresponding operation is refused to be executed, and simultaneously 'abnormity' is triggered, and a programmer can define processing measures in an abnormity processing program.
The following describes the operation of a hardware security tag-based dynamic traffic tracing processor structure according to the present application in detail by using specific embodiments.
FIG. 3 is a diagram of a dynamic information flow tracking processor architecture for secure tracking of data based on hardware security tags. Fig. 3 omits most of the structures that have little influence on the data flow tracing in fig. 2, and shows a specific flow of the hardware circuit to perform the secure tracing on the data. As shown in fig. 3, first, data a is read into general register a of processor core 100 by a Load instruction, and then a corresponding Tag is also read into processor core 100 from memory module 200; in the process that the data a enters the processor core 100 through the memory access interface, the Tag of the data a is checked by the Tag logic according to the security rule, so as to determine whether the Load is secure. Secondly, the data in the general register A is subjected to various calculations through general logic, and the final calculation result is stored in a general register B; meanwhile, the corresponding Tag also performs corresponding calculation according to the Tag transmission rule through the Tag logic, and the final calculation result is stored in the Tag bit of the general register B. Finally, the data B in the general register B is written into the physical memory through the Store instruction, and the corresponding Tag is also written into the memory module 200 from the processor core 100; during the process that the data B enters the storage module 200 through the memory access interface, the Tag of the data B is checked by the Tag logic according to the security rule, so as to determine whether the Store is secure. The Tag logic, if it detects an unsafe operation in the above process, provides a trigger signal and corresponding exception information to the exception generating module, which then causes the processor core 100 to generate an exception.
FIG. 4 is a diagram of a dynamic information flow tracing processor architecture based on hardware security tags to track the security of instructions. Fig. 4 omits most of the structures in fig. 2 that have little influence on instruction flow tracing, and shows a specific flow of the hardware circuit to perform secure tracing on the instruction. As shown in FIG. 4, starting from the black dot on the PC register in FIG. 4, instruction A and its Tag are located in physical memory via PC decoding, and then instruction A and its Tag are fetched simultaneously, instruction A being fed into the general logic within processor core 100 and its Tag being fed into the Tag logic. Next, according to the Tag passing rule, in combination with the Tag of the PC register maintained by the processor core 100 itself, the Tag logic performs security check on the instruction, and updates the Tag of the PC register if the security check passes. Thereafter, the general logic may perform calculations based on the fetched instruction to generate the next PC, and the new PC generated may then be decoded to find the location of instruction B and its Tag in physical memory, whereupon the program continues to run as above. The Tag logic, if it detects an unsafe operation in the above process, provides a trigger signal and corresponding exception information to the exception generating module, which then causes the processor core 100 to generate an exception.
According to the dynamic information flow tracking processor structure based on the hardware security tag, provided by the embodiment of the application, the security level of a program is divided by newly adding security-related tag bits to a register in a processor core and a memory in a storage module, newly adding a tag checking and transmitting logic circuit to the processor core, and newly adding security-related tag bits to a data cache in the storage module, a tag transmission rule in the processor core is formulated, and abnormal behaviors which possibly damage the system security are defined. Therefore, the label is utilized to quickly and efficiently track the information flow of the program operation in real time so as to find potential malicious operation and attack for damaging the system security in real time, and meanwhile, the label is utilized to improve the security isolation mechanism of the data cache, so that the cache side channel protection with better effect is realized at lower performance cost, and the specification and the security of the program operation are guaranteed.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "N" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of implementing the embodiments of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. If implemented in hardware as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.

Claims (10)

1. A dynamic information flow tracing processor architecture based on hardware security tags, comprising:
a processor core;
processor tag bits disposed on a plurality of registers within the processor core to represent security domains in which values of the plurality of registers reside;
the processor core label logic circuit is arranged in the processor core and is used for transmitting the label and checking the rule of the dynamic information flow according to the label transmission rule in the processor core;
a storage module;
and the storage tag bit is arranged in the storage module and is used for carrying out storage isolation and cache isolation among different security domains.
2. The structure of claim 1, further comprising:
and the memory management unit is arranged between the processor core and the storage module and is used for carrying out storage isolation between different users in the same security domain.
3. The structure of claim 1, wherein the processor core tag logic circuitry comprises:
the instruction logic circuit is used for monitoring the safety condition of the instruction stream in the processor core so as to ensure the safe execution of the instruction;
and the data logic circuit is used for completing label transmission calculation of each instruction and monitoring the safety condition of the data flow so as to ensure the safety access of the data.
4. The architecture according to claim 1, wherein a 2-bit tag is provided on each 64-bit wide register.
5. The structure of claim 1,
the processor core tag logic circuit is disposed on an instruction pipeline and/or a data path within the processor core.
6. The structure of claim 1,
the memory tag bits are disposed on an instruction buffer memory inside the memory module for storing a tag provided to the processor core, wherein a 2-bit tag is added to each 32-bit memory instruction.
7. The structure of claim 1,
the storage tag bit is arranged on a data buffer memory inside the storage module and used for isolating different security domains on a cache level, wherein 2-bit tags are added to every 32-bit storage data, and 1-bit tags are added to each buffer block and used for isolating different processes of the same security domain on the cache level.
8. The structure of claim 7, further comprising:
and the memory tag logic circuit is arranged on the data buffer memory and is used for controlling the safe access to the data buffer memory.
9. The structure of claim 1,
the memory tag bits are placed on physical memory inside the memory module, with a 2-bit tag added for every 32-bit memory data or instruction.
10. The structure of claims 1-9, further comprising:
and the exception generating module is arranged in the processor core and is used for generating a trigger signal and corresponding exception information when the logic circuit detects an exception.
CN202210112760.6A 2022-01-29 2022-01-29 Dynamic information flow tracing processor structure based on hardware safety label Pending CN114579477A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210112760.6A CN114579477A (en) 2022-01-29 2022-01-29 Dynamic information flow tracing processor structure based on hardware safety label

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210112760.6A CN114579477A (en) 2022-01-29 2022-01-29 Dynamic information flow tracing processor structure based on hardware safety label

Publications (1)

Publication Number Publication Date
CN114579477A true CN114579477A (en) 2022-06-03

Family

ID=81771024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210112760.6A Pending CN114579477A (en) 2022-01-29 2022-01-29 Dynamic information flow tracing processor structure based on hardware safety label

Country Status (1)

Country Link
CN (1) CN114579477A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115292723A (en) * 2022-10-09 2022-11-04 支付宝(杭州)信息技术有限公司 Method and device for detecting side channel loophole

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115292723A (en) * 2022-10-09 2022-11-04 支付宝(杭州)信息技术有限公司 Method and device for detecting side channel loophole
CN115292723B (en) * 2022-10-09 2023-03-24 支付宝(杭州)信息技术有限公司 Method and device for detecting side channel loophole

Similar Documents

Publication Publication Date Title
Sakalis et al. Efficient invisible speculative execution through selective delay and value prediction
Wang et al. {CacheD}: Identifying {Cache-Based} timing channels in production software
US9098700B2 (en) Systems and methods for detecting attacks against a digital circuit
Xiong et al. Survey of transient execution attacks and their mitigations
US7769964B2 (en) Technique to perform memory reference filtering
KR20200106042A (en) Speculative cache storage
US20090307770A1 (en) Apparatus and method for performing integrity checks on sofware
He et al. New models for understanding and reasoning about speculative execution attacks
Yuce et al. FAME: Fault-attack aware microprocessor extensions for hardware fault detection and software fault response
Kong et al. Improving software security via runtime instruction-level taint checking
Lee et al. Efficient security monitoring with the core debug interface in an embedded processor
Chen et al. Leaking control flow information via the hardware prefetcher
CN114579477A (en) Dynamic information flow tracing processor structure based on hardware safety label
CN114662426A (en) Detecting simulation states of transient execution attacks
TW201939272A (en) Branch target variant of branch-with-link instruction
Choudhari et al. SpecDefender: Transient Execution Attack Defender using Performance Counters
Schwarz Software-based Side-Channel Attacks and Defenses in Restricted Environments
Branco et al. Cache-related hardware capabilities and their impact on information security
Ying et al. CPP: A lightweight memory page management extension to prevent code pointer leakage
He Lightweight mitigation against transient cache side-channel attacks
Danger et al. Processor Anchor to Increase the Robustness Against Fault Injection and Cyber Attacks
Ge et al. More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System
Zhang et al. Security Support on Memory Controller for Heap Memory Safety
Ke et al. Model checking for microarchitectural data sampling security
LI et al. A technique preventing code reuse attacks based on RISC processor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination