CN116502224A - Hardware monitor method and device applied to software safety execution - Google Patents

Abstract

The invention provides a hardware monitor method and a device applied to software safety execution, wherein the device comprises a modified core, an information selector, a special out-of-order architecture, a parallel comparator, a monitor register, a data structure, a cache, a rule bypass cache and a first-in first-out buffer FIFO; the special out-of-order architecture is used for improving performance; the parallel comparator is used for reducing monitoring delay; the data structure is used for recording a security rule table containing security rules; the rule bypass cache is used for reducing redundant monitoring operation; the invention has high flexibility, can realize a wider range of security policies, has similar performance cost to a special hardware monitor, and can realize the security policies with high calculation demands due to high flexibility and high performance.

Description

Hardware monitor method and device applied to software safety execution

Technical Field

The invention relates to a hardware monitor method and a device applied to software safety execution.

Background

A security monitor is a device for monitoring whether a computer is under software attack, and determines whether a software attack has occurred by monitoring a series of operations in the computer, including memory access addresses, frequencies, and jumps of branch instructions of a Central Processing Unit (CPU), etc. The security monitor may be implemented by means of software programming or on-chip by means of hardware circuitry. The monitoring by the monitor may slow down the running of the program, and the slower time is compared with the performance overhead caused by the safety monitoring of the original program.

Hardware-based monitors are now of great interest for better performance than software-based monitors, particularly in areas where higher security is required, such as artificial intelligence, big data, and communication systems. Some classical Hardware-based monitors such as CHERI (reference: watson R N M, woodwff J, neumann P G, et al CHERI Ahybrid capability-system architecture for scalable software compartmentalization [ C ]//2015IEEE Symposium on Security and Privacy.IEEE,2015:20-37 ], HCFI (ref: christulouis N, christou G, athanassopoulos E, et al HCFI: hardware-advanced control-Flow Integrity [ C ]// Proceedings of the Sixth ACM Conference on Data and Application Security and price [ 2016:38-49 ]), ABCFI (ref: li J, chen L, shi G, et al ABCFI: fast and lightweight fine-trained hard-advanced control [ J ]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2020,39 (11): 3165-3176.), HDFI (ref: song C, moon H, am M, et al HDFI: hardware-advanced control data-Flow Integrity [ C ]/[ 26:38-49 ]), and RcfI (ref: RIP 1: RISC L, sharpl, sharpl.55-35F) are capable of implementing safety monitoring in accordance with the methods of dynamic safety conditions, such as described in accordance with the patent application of the following patent application, R.J, neumann R N, neumann P, et al. However, in the face of increasingly secure application scenarios, it is not enough to be able to implement only a few security policies. For example, in military applications where security requirements are high, and in commercial systems where a balance of security and performance is required, such as on personal computers where security requirements are low, a dedicated hardware monitor can only implement a few specific security policies and is far from coping with such wide demands. Furthermore, hardware monitors can be easily redesigned and updated as compared to software-based monitors, which require longer update cycles and significant design costs.

In view of the above drawbacks, some flexible hardware monitors have been proposed in the field in recent years. These monitors, or monitors that can handle multiple security policies or reconfigurable hardware designs with one security rule, can implement multiple security policies with lower performance overhead. For example, PUMP (reference: dhawan U, hritcu C, rubin R, et al architecture support for software-defined metadata processing [ C ]// Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating systems.2015:487-502.) is a tag-based flexible monitor that integrates a cache of security rules into a pipeline of a processor, implements multiple security policies by way of designer configuration tag checks, and has an average performance overhead of only around 10%, however in some scenarios its performance overhead exceeds 50%. CHEx86 (reference: sharifi R, venkat A. CHEx86: context-sensitive enforcement of memory safety via microcode-enabled capabilities [ C ]//2020ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). IEEE, 2020:762-775.) is a tag-based hardware monitor for the x86 architecture that is capable of checking pointers through programming of different microcode, with an average performance overhead of approximately 14%. PHMon (reference: delshdatehrani L, canakci S, zhou B, et al, { PHMon }: AProgrammable Hardware Monitor and Its Security Use Cases [ C ]//29th USENIX Security Symposium (USENIX Security 20). 2020:807-824.) is an event-based hardware monitor deployed on a reduced instruction set processor (RISC-V processor) that has only 0.9% performance overhead while implementing multiple Security policies after programming the monitor with monitor rules. However, while these monitors are capable of implementing a variety of security policies, their configuration mechanisms and hardware designs can only be directed to security policies within a specific range, such as pointer permission checks or tag-based security policies. And these existing flexible hardware monitors do not implement security policies that require significant computational requirements.

The disadvantages of the existing solutions are summarized below:

flexibility is limited: the existing schemes do not take into account the co-operation in different security policies, so that only one specific range of security policies can be implemented, e.g. only tag-based or event-based security policies.

The security is limited: existing flexible hardware monitor schemes do not implement security policies that are highly computationally demanding, such as Data Flow Integrity (DFI) that specifies that data read by each read instruction can only be written by a particular legitimate write instruction.

Disclosure of Invention

The invention aims to: hardware monitors have received attention for the ability to monitor various types of software attacks in a computer system in real time with high performance. However, dedicated hardware monitors can only be applied to very few scenarios, with very limited flexibility. And the security and configurability of some flexible hardware monitors still have many limitations. The present invention is directed to the above problems, and provides a programmable hardware monitor ProMiSE with a monitor instruction set and various security auxiliary designs, which can be applied to a very wide range of situations, and has high performance and security. The monitoring delay is only 18-59 processor cycles, and the performance overhead is between 0% and 23.4%. The monitor proposed by the invention is the most advanced scheme at present.

The invention provides a hardware monitor method applied to software safety execution, which comprises an off-line stage before program execution and an on-line stage in program execution;

the off-line stage comprises the steps of compiling a monitor program and performing program instrumentation according to requirements by a user, wherein the program instrumentation represents the insertion of new instructions into an original program;

the online stage comprises the steps of acquiring software execution information and monitoring by a software runtime monitor;

in an offline stage, a user writes a monitor program through a monitor instruction set, so that the operation of different security strategies is realized, and different software execution information is selected;

in an offline stage, for a software program to be monitored, inserting a specific instruction ExInfo for carrying additional software execution information into the program, wherein the specific instruction ExInfo is executed in a core, and instruction codes except for operation codes for distinguishing different instructions in the specific instruction ExInfo can be defined by a user to carry additional information; the user can insert specific instructions ExInfo at any position in the monitored software program according to the requirements.

The invention also provides a hardware monitor device applied to software safety execution, which comprises a modified core (central processing unit), an information selector, a special out-of-order architecture, a parallel comparator, a monitor register, a data structure, a cache, a rule bypass cache and a first-in first-out buffer FIFO;

The special out-of-order architecture is used for improving performance;

the parallel comparator is used for reducing monitoring delay;

the data structure is used for recording a security rule table containing security rules;

the rule bypass cache is used for reducing redundant monitoring operation;

the first-in first-out buffer FIFO comprises two types, namely a high-bandwidth FIFO with 512 bits of bit width and a low-bandwidth FIFO with 64 bits;

the modified core is used for connecting a program counter signal for counting instruction addresses to the monitor so that the monitor can acquire the core instruction address information, and is also used for connecting a memory controller signal of a functional unit of a core access memory to the monitor so that the monitor can acquire the core memory access information;

the special out-of-order architecture comprises a storage unit, a reading unit, a checking unit and an arithmetic unit;

the storage unit is used for storing monitor data into the memory, the reading unit is used for reading the data from the memory, the checking unit is used for checking whether software execution information meets the safety rule or not, and the arithmetic unit is used for performing simple arithmetic and logic operation;

the information selector is used for the monitor to acquire a core signal;

The monitor register is used for temporarily storing data of the monitor;

the cache is used for accelerating the process of accessing the memory by the monitor.

The monitor registers have 64 bits each with a bit width of 64 bits. The bit widths of the monitor register and the core register are the same and the number is more, so that software execution information and intermediate operation data of the monitor can be well temporarily stored.

The security rule table comprises a continuous memory for storing legal information and security rule mapping, the legal information is used for identifying whether software execution is legal, and the security rule mapping is used for inquiring legal information.

The execution state of the core is called as a core state, for example, the program count value of the core, the core state is set to 64 bits, so that the core state in each scene can be better represented, and the security rule mapping is searched through the core state, so that the corresponding legal information is searched;

the 64-bit core state can be used for searching legal information, the access mode of the security rule table can support any core state with the bit width of 64 bits, and the 64-bit core state is divided into four segments with 16 bits in each segment; the security rule mapping has four levels in total, each core state represents the entrance of one level security rule mapping, and the security rule mapping of the other levels possibly comprises more than two mappings except that the security rule mapping of one level has only one mapping; when a security rule table needs to be queried, given a core state, the first segment (16 bits lower) will be used to query the first level security rule map; when the highest bit of the searched value is 1, the rest 63 bits of the searched value record the length and the address of legal information; when the most significant bit of the found value is 0, the higher level entry will be used to find the next level security rule map until the most significant bit of the found value is 1.

The working mode of the monitor comprises an offline stage before program execution and an online stage in program execution;

the off-line stage comprises the steps of compiling a monitor program and performing program instrumentation according to requirements by a user, wherein the program instrumentation represents the insertion of new instructions into an original program;

the online phase includes acquiring software execution information and monitoring by a software runtime monitor.

In an offline stage, a user writes a monitor program through a monitor instruction set so as to realize the operation of different security policies (the security policies represent the specifications of how the software execution needs to meet from the top layer), and different software execution information is selected;

in an offline stage, for a software program to be monitored, a specific instruction ExInfo for carrying additional software execution information (such as a core instruction type) can be inserted into the program, the specific instruction ExInfo is executed in a core, and instruction codes except for operation codes for distinguishing different instructions in the specific instruction ExInfo can be defined by a user to carry additional information; the user can insert specific instructions ExInfo at any position in the monitored software program according to the requirements.

The monitor instruction set comprises a read-write operation instruction, a control instruction, a memory instruction and a safety instruction; the instruction length in the monitor instruction set is unified to 64 bits, with 6 bits being used as an operation code to distinguish between different kinds of monitor instructions. Other parts of the instruction code are used as operands, and some typical operands are immediate (imm) directly involved in the operation in the instruction, an operated source register (rs), a destination register (rd) for storing the operation result, and the like.

The arithmetic instructions include add, subtract, AND, compare instructions, shift instructions, the add, subtract, AND for completing operations between registers and immediate; the comparison instruction is used for completing 4 comparison modes, including greater than, less than, equal to and unequal to; the shift instruction is used for shift operation, and is also used for combining left shift and right shift and extracting high or low data;

the control instructions comprise unconditional control instructions for directly unconditionally modifying the program counter and branch control instructions for modifying the program counter based on a comparison of the source register and the immediate;

the memory instruction comprises a read instruction and a write instruction, and a user can select whether to use the cache to perform memory read-write operation by configuring a cache-valid operand in instruction encoding; the cache-valid operand is used to identify whether a monitor cache is used;

the safety instruction comprises an information selection instruction, an information waiting instruction, an information splitting instruction, a reset instruction and a checking instruction, wherein the information selection instruction is used for selecting different software execution information as a request instruction to acquire different software execution information data, the information waiting instruction is used for waiting for effective software execution information after a selection signal is completed, the information waiting instruction can automatically block the execution of a subsequent monitor instruction, wait for the FIFO of a first-in first-out buffer until the effective software execution information, and write the software execution information into a destination register after successfully waiting for the software execution information; when the information waiting instruction waits for a high bandwidth FIFO, the information waiting instruction automatically writes data into a 56 th register to a 63 st register respectively in one clock period, and additionally reads the FIFO as the start of another round of processing, and a user clears all registers by setting a reg-clear operand in instruction encoding to 1, wherein the reg-clear operand is used for identifying to clear a monitor register;

The information splitting instruction is used for splitting more than two pieces of information positioned in one 64 bits into 8 pieces of data in one clock period;

the reset instruction is used for resetting the safety bypass cache;

the checking instruction is used for verifying whether the software execution information is legal or not, the checking instruction comprises a series of operations of checking safety rules, the operations comprise reading a safety rule table to obtain the software legal execution information, comparing the software execution information with the legal information, and the time for taking the instructions by the monitor is saved by completing the operations of more than two monitor instructions in one checking instruction.

In the on-line phase, software execution information is physically signaled to the monitor by modifying the design of the core.

The safety rule table can be automatically generated in the program static analysis (a method for analyzing the program codes before the program is executed) in the off-line stage, and can be used for mapping and searching the address and the length of legal information in the safety rule of the intermediate stage, so that the safety rule table can be optimized off-line; when more than two core states correspond to the same legal information, the security rule mapping corresponding to the core states stores the same legal information address and length;

The rule bypass buffer memory has two stages, the first stage rule bypass buffer memory records the core state and the checked software executing information, when the checking instruction starts to execute, the first stage rule bypass buffer memory is searched, if the same core state and the same checked software executing information exist in the rule bypass buffer memory, the checking instruction is removed; the second-level rule bypass buffer records the memory address of legal information and checked software execution information, when the first-level rule bypass buffer does not record the same information, the second-level rule bypass buffer is inquired, if the same legal information as the second-level rule bypass buffer exists, the legal information is used for checking the same software execution information, and the checking instruction is removed;

when the checking instruction is executed, the first-level rule bypass cache is searched first, if the checking instruction is hit, the checking instruction is completed immediately, otherwise, the second-level rule bypass cache is searched, if the checking instruction is hit, the checking instruction is completed immediately, otherwise, the checking instruction which is not completed is executed continuously; the two-stage rule bypass caches are updated by adopting a first-in first-out mechanism, and the searching and the comparison of the rule bypass caches are performed in parallel;

The special out-of-order architecture means that only one instruction is transmitted for execution in one clock cycle, and the execution of the arithmetic instruction and the control instruction only needs one clock cycle; for memory instructions, a user can configure the dependency problem of data in a read instruction and a write instruction by configuring OoO-valid operands for identifying whether to use an out-of-order architecture; if OoO-valid is 1, then the read and write instructions will execute out of order until the instruction ends; if the previous read instruction or write instruction is not executed, a new read instruction or write instruction is fetched, and the monitor is automatically blocked; if OoO-valid is equal to 0, then execution of the read and write instructions will block the monitor until execution is complete; for monitor instructions with special functions, automatically blocking the monitor until the execution is completed; the execution of the check instruction is always out of order and may block read and write instructions that execute after the check instruction;

the parallel comparator can perform more than two comparison operations within one clock cycle, legal information to be compared is read from a security rule table stored in a memory or a cache when an inspection instruction is executed, and when the bit width of the legal information is 8 bytes, the parallel comparator can compare 8 bytes of information in total, and a user can configure the parallel comparator through an info-width operand for identifying the data bit width of the legal information.

The invention is characterized in that the invention is different from other schemes as follows:

(1) Monitor instruction set. The invention summarizes the common operation in different security policies, and proposes a monitor instruction set, and the monitor completes the operation required by the different security policies by executing the instructions in the instruction set. Unlike the instruction set of a general purpose processor, the monitor instruction set is a lightweight, security-monitoring oriented instruction set.

(2) And (5) safety auxiliary design. The invention provides a safety auxiliary design comprising a data structure, a hardware design and a framework, which aims to accelerate the processing process of a monitor.

The beneficial effects are that: through the novel characteristics, compared with other existing schemes, the invention has the following advantages:

(1) Higher flexibility. A wider range of security policies can be implemented.

(2) Higher performance. The performance cost of the invention is similar to that of a special hardware monitor.

(3) Higher security. The security policy of high computational demand can be realized thanks to the high flexibility and high performance of the system.

Drawings

The foregoing and/or other advantages of the invention will become more apparent from the following detailed description of the invention when taken in conjunction with the accompanying drawings and detailed description.

Fig. 1 is a schematic overview of the promisce system of the present invention.

Fig. 2 is a schematic diagram of a rule table structure.

Fig. 3 is a schematic diagram of an example security rule table.

Fig. 4 is a schematic diagram of an example rule bypass cache.

FIG. 5a is a schematic illustration of instrumentation and monitor procedures for a program under the security policy of white-list.

Fig. 5b is a schematic illustration of instrumentation and monitor procedures for the procedure under the security policy of white-list.

Detailed Description

The invention provides a hardware monitor device applied to software safety execution, which firstly summarizes the safety monitoring conditions:

(1) Security policy (security policy). The security policy represents, from the top level, what specifications the software execution needs to meet. For example, control-flow integrity (CFI) is a security policy that specifies that the execution of each branch instruction in a program must meet the wishes of a programmer.

(2) Security rule (security rule). The security rules are specifications of validity for execution details of each software program. The security rules describe from a level of detail what conditions the software execution needs to satisfy. For example, in CFI, the security rules specify that the destination address of each branch instruction must be in a set of legitimate addresses. The method provided by the invention can analyze and obtain the legal address set before the program is executed. The present invention describes the security rules as a basic correspondence: core state → { legal information 0, legal information 1 … }, for example, in CFI, the security rule is expressed as: branch instruction address → { legal destination jump address 0, legal destination jump address 1, … }. Through the core state, the corresponding legal information can be found. Symbol→representing correspondence.

(3) Software execution information (software execution information). The software execution information is information in the process of executing the software in real time. Such as the value of a register or the destination address of a memory access at a certain time. Such software execution information may be derived from hardware signals in the system.

The invention also provides a hardware monitor method applied to the safe execution of the software, which comprises an off-line stage before the program execution and an on-line stage in the program execution. The offline stage includes monitor programming and instrumentation by the user as desired. The online phase includes the acquisition of software execution information and the monitoring of the software runtime monitor.

In the off-line stage, a user can write a monitor program through the monitor instruction set provided by the invention, so that the operation of different security strategies is realized. The monitor instruction not only comprises basic read-write memory, light control and operation instructions, but also comprises some safety auxiliary instructions, so that a user can be helped to more efficiently complete a series of safety-related operations. This step is shown in step 1 of fig. 1.

For some software programs that need to be monitored, the present invention provides a method of adding additional information (e.g., identifying the type of core instruction) by adding additional specific instructions to the program. This instruction is referred to herein as ExInfo. Unlike monitor instructions that are executed in monitors, the instructions are executed in the sum core, portions of which are instruction codes that can be defined by a user to carry additional information. The invention provides software for automatic program instrumentation, and a user can insert ExInfo at any position in a monitored software program according to requirements. At the same time, some security rules are also obtained at this point by offline analysis of the software program. This step is shown in step 2 of fig. 1.

In the on-line phase, the invention sends the software execution information to ProMiSE in a physical signal manner by modifying the design of the core, such as the core program count value, the core memory access destination address, the core register value and the extra information in ExInfo. This step is shown in step 3 of fig. 1. Note that these signals can be added very easily as required. Through the monitor instruction set provided by the invention, a user can easily select different software execution information. And through a series of security-assisted designs as illustrated in step 4 of fig. 1, a user is able to implement security policies efficiently. These designs include a special out-of-order architecture to improve performance, a data structure for a security rule table to efficiently record security rules, a monitor cache that is controllable by monitor instructions, configurable parallel comparators that can reduce monitoring latency, and a rule bypass cache to cut redundant monitoring operations. There are also some infrastructures, such as monitor registers that function similarly to registers in general purpose processors, which are 64 in total, each bit wide being 64 bits.

Monitor instruction set

The invention fully summarizes the common operation in different security strategies and proposes a monitor instruction set. The instruction can achieve a better balance between flexibility and performance. The monitor instruction length is unified to 64 bits, with 6 bits being the opcode to distinguish between different kinds of monitor instructions. Other parts of the instruction code are used as operands, some typical operands have immediate (imm) directly involved in the operation, an operated on register source register (rs), a destination register (rd) storing the result of the operation, etc., which are monitor registers. In addition, there are special operands, such as an imm-valid operand in Add that is 1 bit long to identify whether an immediate is used, as shown in Table 1.

TABLE 1

An arithmetic instruction. The invention considers that the safety monitoring performed in real time only needs some basic arithmetic operations, and proposes a lightweight arithmetic instruction, which comprises addition, subtraction And addition (Add, sub And Add), and can support the operation between a register And an immediate. Also the Compare instruction Compare, a total of 4 comparison modes may be supported including greater than, less than, equal to, and unequal to. There is also a Shift instruction Shift that supports not only conventional Shift operations but also a combination of left and right shifts, which is mainly applied to the extraction of the high or low bits of data.

Control instructions. The monitor instruction set provided by the invention provides control instructions for ensuring flexibility. One is an unconditional control instruction Jump that directly unconditionally modifies the program counter of the monitor. The other is a Branch control instruction Branch, which enables modification of the program counter of the monitor based on the result of the comparison of the source register and the immediate. The compare mode support is greater than, less than, equal to, and not equal to, and the user can select by a mode operand configured to flag the mode of comparison.

And (5) storing instructions. The monitor instruction set provides basic memory read and write instructions, including read instruction Load and write instruction Store. And a user can select whether to use the monitor cache to perform memory read-write operation or not according to the locality of the read-write data required by the user through the operand cache-valid.

A security instruction. This type of instruction is designed to achieve the relevant requirements of security monitoring.

Information selection instruction Info-select. The instruction may choose to take different software execution information (additional information valid, branch valid) as the request indication to fetch different software execution information data (core program count value, core memory access destination address, core register value, and additional information). And the present invention provides a high bandwidth and a low bandwidth first-in-first-out buffer (FIFO) for better adaptation to the requirements of different security policies, as shown in step 4 of fig. 1. The info-FIFO operation indicates which FIFO the instruction writes the software execution information data. In the invention, 10 kinds of software execution information are supported as request instructions, and 47 kinds of software execution information are used as data. In addition, in order to enable fine-grained selection of software execution information, the present invention sets each data signal to a width of 16 bits, which provides the user with sufficient flexibility to manage different software execution information.

Information wait instruction Info-wait. After the select signal is complete, the information wait instruction Info-wait in the monitor instruction set is designed to wait for valid software execution information. This instruction will automatically block execution of subsequent monitor instructions waiting for FIFO until valid software execution information. And after successfully waiting for the software execution information, writing the software execution information into a destination register. The present invention allows for a balance of hardware overhead and performance, when the Info-wait waits for a high bandwidth FIFO, the instruction will automatically write data into the 8 registers (registers 56 to 63) respectively in one clock cycle. In addition, the read FIFO may clear all registers by setting the reg-clear operand in the instruction encoding to 1, which is used to identify whether to clear the monitor registers, as the start of another round of processing.

Information splitting instruction Info-split. Considering that in general, a plurality of information are stored in one register, if the split operation is performed by using the monitor arithmetic instruction, it takes more clock cycles, which is inefficient. Based on this background, info-select can split a 64-bit data into 8 data bits in one clock cycle.

And a Reset instruction Reset, wherein a user can Reset the security bypass cache through the Reset instruction Reset.

Check instruction Check. The instruction is used for checking whether the software execution information is legal or not. In the operation of security monitoring, the most important step is to check whether the software execution information meets the security rules. This step can be achieved by the different monitor instruction combinations mentioned before. Then, since the security rule checking has a series of operations with high correlation and high calculation requirement, the invention provides checking instructions to increase the performance of the system without losing flexibility. The instruction comprises a series of operation of safety rule checking, and the time for fetching the instruction of the monitor can be effectively saved by completing the operation of various monitor instructions in one instruction.

Safety assistance design

Safety rule table (Security Rule Table)

For some security policies with higher requirements, the security rules are larger and can only be stored in the memory. However, storing security rules in memory faces two problems, namely that the security rules often have no regularity and therefore are difficult to store effectively (the legal information in the security rules has different sizes, and the core states used for searching the legal information also have different, possibly any number). The second challenge is how to efficiently access security rules. According to the two problems, the invention provides a new data structure and a security rule table.

Fig. 2 shows the basic structure of a rule table, which contains a continuous memory storing legal information and a security rule map, and searches the security rule map through the core state to find the corresponding legal information. The security rule mapping proposed by the present invention is quite similar to the page table of the operating system. In the design of the invention, a 64-bit core state can be used to find legal information, and the access mode of the security rule table can support a core state with larger bit width. The 64-bit core state is divided equally into four segments, each segment having 16 bits. Also, the security rule map has four levels in total, so each segment of core state represents an entry for the level of security rule map. The remaining levels of security rule mappings may contain multiple mappings in addition to only one mapping for the primary security rule mapping. When a security rule table needs to be queried, given a core state, the lower 16 bits of it will be used to query the first level security rule map. When the most significant bit of the value found is 1, this indicates that the rest of the value records the length and address of the legitimate information. The entire look-up flow is thus complete and the process is illustrated in the dashed look-up flow in fig. 2. Instead, the higher level entry will be used to find the next level security rule map until the highest value found is 1.

The security rule table can be automatically generated in the program static analysis of the off-line stage. The flow of table generation is similar to that of a page table, and the difference is that the security rule table can map and find the address and length of legal information in the security rule of the middle stage, and the page table can only find the result in the last stage. In addition, the security rule table will be optimized offline. When a plurality of core states correspond to the same legal information, the security rule mapping corresponding to the core states stores the same legal information address and length. In the present design, the security rule table is not always used, for example, in CFI, the security rule table is only used to record the legal address of the indirect jump instruction, not the legal return address of the function.

An example of a specific security rule table is shown in fig. 3. In this example, a total of three core states (corresponding to branch 0, branch 1, and branch 2) are shown to query for legitimate execution information. When the core state is 0x10038, the lower 16 bits of 0x0038 will be used to query the first level security rule map, with the highest value queried being 1. The address and length of the legitimate information are 0x0 and 2. The address and length of the legal information will be used to query the legal information 0x100020,0x 100048. If the core state is 0x100018, since the lower 16 bits of the plurality of core states are all 0x0018, the second segment of core state 0x10 will be used to query the second level security rule map, where the address and length of the security information is 0x10 and 1.

Through the data structure of the security rule table provided by the invention, any legal execution information can be obtained through mapping and inquiring the security rule for at most 4 times. And the security rule table can be allocated only when needed, and the memory overhead of the security rule is within a reasonable range thanks to offline optimization.

High speed buffer storage

For modern processors, multi-level caches can greatly reduce the latency of memory accesses. Similar methods are also employed in the present invention. The invention provides a mechanism for adopting direct writing and single-way mapping in a cache. Considering that different data has different locality, for example, a security rule table has high locality. However, some low-locality data may interfere with memory access operations for high-locality data, such that the hit rate of the monitor cache is reduced.

Based on the above characteristics, according to the lightweight characteristics of the monitor program, a user can select whether to use the monitor cache for memory access by configuring the cache-valid when using Load and Store monitor instructions. The hardware design can enable higher efficiency of monitor caches.

Rule bypass caching

During the software execution process, the dense software execution information needs to be checked by looking up the security rule table, and the operation can bring about larger performance cost. However, since the software has many similar execution modes in the process, there are a large number of repeated checking operations in the process. To remove redundancy of the check, the invention proposes a regular bypass buffer. When Check is executed, the rule bypass cache is searched first, once the Check is recorded by the rule bypass cache, the rule bypass cache hits, the Check is completed immediately and the next monitor instruction starts executing.

The rule bypass cache has two stages, and the first stage rule bypass cache records the core state and the checked software execution information. When Check is executed, the first level rule bypass cache is searched, and if the same core state and the same checked software execution information exist in the rule bypass cache, the Check is removed. The second level rule bypass cache records the memory address of legal information and checked software execution information. When the same information is not recorded in the first-level rule bypass buffer, the second-level rule bypass buffer is queried, and if the same legal information as the legal information in the second-level rule bypass buffer is used for checking the same software execution information, the Check is removed as well.

When Check is executed, the first-level rule bypass cache is searched first, if hit occurs, check is completed immediately, otherwise the second-level rule bypass cache is searched, if hit occurs, check is completed immediately, otherwise, subsequent operations of Check are continued to be executed. A total of two levels of rule bypass cache are updated using a first-in-first-out (FIFO) mechanism. And both the lookup and the comparison of the rule bypass cache are performed in parallel, the design is such that only one clock cycle is required for the lookup and the comparison of the rule bypass cache. In order to avoid interference caused by historical information left in the previous monitor program execution process, a user can Reset the safety bypass buffer memory through Reset.

Fig. 4 illustrates an example rule bypass cache, which shows three processes for looking up rule bypass cache. The first piece of Check software execution information is 0x1400, and the core state is 0x1000. At this point the primary bypass cache did not hit and 0x8010,0x1400 did not hit in the secondary bypass cache as well. The next Check operation continues. The second Check can hit in the secondary bypass cache, so that the next Check operation time is saved. Similarly, the third Check hits in the level one bypass cache. As can be seen from the examples, the regular bypass cache provided by the present invention can improve performance by eliminating the method of repeating Check instruction operations.

Special out-of-order architecture

In modern processor designs, performance is increased by out-of-order execution, and similar approaches are also used in the present invention. While the out-of-order architecture in the general processor tends to consume a large amount of hardware resources and greatly increase the complexity of the whole system, the present invention proposes a dedicated out-of-order architecture, which achieves a good balance between performance and hardware overhead.

The out-of-order structure in the general processor needs to consume a great deal of hardware resources to realize the hardware structures such as the reorder buffer, the reservation station, the general data bus and the like. However, thanks to the light-weight feature of the monitor program, the user is enabled to configure the dependency between different data, so unnecessary hardware overhead is saved in the present invention. Architecture is proposed in the present invention, which only transmits one instruction execution per clock cycle. In the different types of monitor instructions shown in table 1, only one clock cycle is required for execution of arithmetic instructions and control instructions, so there are no data dependency problems in these instructions. For a memory instruction, a user can configure a data dependence problem in a read instruction and a write instruction by configuring a OoO-valid operand for identifying whether to use an out-of-order architecture; if OoO-valid is 1, load and Store instructions will execute out-of-order until the instruction ends. In the design of the invention, if the previous Load or Store instruction is not executed, and a new Load or Store instruction is fetched, the monitor is automatically blocked. Conversely, if OoO-valid is equal to 0, execution of Load and Store will block the monitor until its execution is complete. Whereas monitor instructions for some special functions, such as Info-select and Info-wait, will automatically block ProMiSE until its execution is complete. While the execution of Check is always out of order and blocks loads and stores that execute after it.

Parallel comparator

When Check is used to Check whether the software information satisfies the security rule, the software execution information and the legal information need to be compared. Whereas legal information may be multiple (meaning that multiple comparisons are required) and each comparison operation is performed independently. The present invention proposes a parallel comparator of fig. 1 that is capable of performing multiple comparison operations in one clock cycle.

When Check is executed, legal information to be compared is read from the memory or cache, and the data bit width is 8 bytes. To meet this, the parallel comparator designed by the present invention can compare 8 bytes of information in total. Because of the different security policies, this 8-byte information may contain multiple parts that need to be compared, and a user may configure the parallel comparator through an info-width operand that identifies the legitimate information bit width. For example, when info-width is 2, this means that each part to be compared is 2 bytes at this time, and 4 parts need to be compared among 8 bytes of information in total. The parallel comparator will now perform 4 comparison operations in parallel in one clock cycle.

The security aided design comprises a cache, a special out-of-order architecture, a parallel comparator, a security rule table and a rule bypass cache, which are devices for improving the performance of the device, are unnecessary devices, and the device without the security aided design is also within the protection scope of the invention.

Examples

This embodiment deploys a 64-bit, sequential execution, RISC-V processor with 5-stage pipeline, and promisce hardware monitor on the Virtex-7 FPGA VC707 Evaluation Kit development board. The processor has a 16KB instruction and data cache, 1GB DDR4 memory and 32 cache Miss Status Handling Registers (MSHR). And LLVM was used as a compiler, and control analysis software (ref: fastCFI GitHub Repository, https:// gitsub. Com/flwave/FastCFI, 2019.) and SVF software (ref: sui Y, xue J. SVF: interprocedural static value-flow analysis in LLVM [ C ]// Proceedings of the 25th international conference on compiler construction.2016:265-266.). The present invention performs performance testing with a SPEC CPU 2006 test suite.

The present invention implements five security policies in total, including a shadow stack (shadow stack) to record functional legal return addresses, a white list (white-list) to allow only read instructions in the white list to read sensitive memory areas, control Flow Integrity (CFI) to restrict instruction flow transfer to legal target addresses, HDFI (reference: song C, moon H, alam, et al HDFI: hard-accepted data-flow isolation [ C ]//2016IEEE Symposium on Security and Privacy (SP). IEEE, 2016:1-17.), and Data Flow Integrity (DFI) to specify that data read by each read instruction can only be written by a specific legal write instruction. And the present invention summarizes the features of these security policies implemented on promisc. The features of these security policies include security, security scope (whether for control flow data or non-control flow data), computational requirements, monitor mechanisms (event-based or tag-based), security rules (whether they remain unchanged during software execution or are updated dynamically, e.g., function legal return addresses in shadow stack are updated continuously according to function calls), program instrumentation.

TABLE 2

Figures 5a and 5b show details of instrumentation and monitor procedures for the procedure under the security policy of white-list.

Whilte-list is a security policy, and monitors whether an illegal reading instruction reads data in a sensitive area through a sensitive memory area and a white list reading instruction specified by a user.

In order to implement various security policies, the instrumentation of the program is performed according to the needs of the user, for example, in the white-list, in order to obtain the address of the memory area which is not easy to obtain before the program is executed, in this embodiment, the information of the sensitive area is marked by inserting the ExInfo after the write instruction written in the sensitive area for the first time in the program. And, the read instruction that needs to be monitored is marked by inserting ExInfo after the non-whitelist read instruction.

The monitor program is shown in fig. 5a and 5b, and various security policies can be implemented by appropriate configuration by the user. In the write-list, it is first necessary to obtain the memory address of the read/write instruction and the memory of the sensitive area through the Info-select, in this instruction, the Exinfo data and the memory address are obtained by configuring the Exinfo as a request instruction (line 1), and the memory address is written into the high-bandwidth FIFO (line 2 because the data width exceeds the width of the low-bandwidth FIFO). Line 3 Info-split will decompose the complex information in ExInfo, such as region length and flags, into different monitor registers. If the Branch of the 4 th row judges that the mark is the reference access, the method jumps to the ninth row to initialize the start address of the sensitive area, otherwise jumps to the Branch of the 5 th row. If the mark is judged to be the area length, the line 11 initialization ending address is jumped. Otherwise, the method jumps to the sixth line, and compares whether the memory address of the read instruction is in the sensitive area so as to judge whether an attack occurs.

The results of the implementation demonstrate a comparison of the present invention with the rest of the flexible hardware monitor, as shown in table 3:

TABLE 3 Table 3

/>

The "-" in table 3 indicates that the corresponding information is not mentioned in the corresponding work. The performance overhead in the table is based on the respective articles. The cost of the experimental result is negative because of errors and random number in the experimental process.

Compared with the existing flexible monitor, the ProMiSE provided by the invention can realize more kinds of security policies, and covers the security policies capable of defending against control flow data attacks and non-control flow data attacks, and the security is from low to high. And ProMiSE can realize monitoring based on labels and event. Also comparing the performance overhead of ProMiSE with the current state-of-the-art dedicated hardware monitor, as shown in Table 4:

TABLE 4 Table 4

Security policy	ProMiSE performance overhead	Advanced dedicated monitor performance overhead
			Shadow Stack	-0.2％	～0％
White-List	-0.1％	～0％
			CFI	2.9％	～0％
LW-DIFT	19.7％	<2％
			DFI	23.4％	～17.8％

It can be seen from table 4 that the performance overhead of promisce is similar to that of the most advanced dedicated monitors.

The invention tests the safety of the system. The tools used include a RIPE test suite, a fine-grained control data stream attack (because the control data stream attack in the RIPE test suite can be monitored by a plurality of less accurate security strategies, the invention uses a fine-grained data stream attack test system to accurately monitor illegal indirect jump addresses), heartbleed (a non-control stream data attack), nullhttpd (a heap overflow vulnerability), and a fine-grained non-control stream data attack (in which a plurality of illegal write instructions are required to have accurate monitoring capability). Table 5 is the monitoring of the procise for different attacks implementing different security policies.

TABLE 5

/>

The monitoring delay is defined as the number of clock cycles from the monitor to the completion of the information processing by obtaining corresponding software execution information.

From the above table, it can be seen that the five security policies implemented by promisc can accurately detect attacks, and the monitoring delay of the five security policies is low enough.

The present invention provides a method and apparatus for a hardware monitor for software security execution, and the method and apparatus for implementing the technical scheme are numerous, the above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several improvements and modifications can be made without departing from the principles of the present invention, and these improvements and modifications should also be regarded as the protection scope of the present invention. The components not explicitly described in this embodiment can be implemented by using the prior art.

Claims (10)

1. A hardware monitor method applied to software safety execution, which is characterized by comprising an off-line stage before program execution and an on-line stage in program execution;

the off-line stage comprises the steps of compiling a monitor program and performing program instrumentation according to requirements by a user, wherein the program instrumentation represents the insertion of new instructions into an original program;

The online stage comprises the steps of acquiring software execution information and monitoring by a software runtime monitor;

in an offline stage, a user writes a monitor program through a monitor instruction set, so that the operation of different security strategies is realized, and different software execution information is selected;

in an offline stage, for a software program to be monitored, inserting a specific instruction ExInfo for carrying additional software execution information into the program, wherein the specific instruction ExInfo is executed in a core, and instruction codes except for operation codes for distinguishing different instructions in the specific instruction ExInfo can be defined by a user to carry additional information; the user can insert specific instructions ExInfo at any position in the monitored software program according to the requirements.

2. A hardware monitor device for software secure execution, comprising a modified core, an information selector, a special out-of-order architecture, a parallel comparator, a monitor register, a data structure, a cache, a rule bypass buffer, and a first-in first-out buffer FIFO;

the special out-of-order architecture is used for improving performance;

the parallel comparator is used for reducing monitoring delay;

the data structure is used for recording a security rule table containing security rules;

The rule bypass cache is used for reducing redundant monitoring operation;

the first-in first-out buffer FIFO comprises two types, namely a high-bandwidth FIFO with 512 bits of bit width and a low-bandwidth FIFO with 64 bits;

the modified core is used for connecting a program counter signal for counting instruction addresses to the monitor so that the monitor can acquire the core instruction address information, and is also used for connecting a memory controller signal of a functional unit of a core access memory to the monitor so that the monitor can acquire the core memory access information;

the special out-of-order architecture comprises a storage unit, a reading unit, a checking unit and an arithmetic unit;

the storage unit is used for storing monitor data into the memory, the reading unit is used for reading the data from the memory, the checking unit is used for checking whether software execution information meets the safety rule or not, and the arithmetic unit is used for performing simple arithmetic and logic operation;

the information selector is used for the monitor to acquire a core signal;

the monitor register is used for temporarily storing data of the monitor;

the cache is used for accelerating the process of accessing the memory by the monitor.

3. A hardware monitor device for software secure execution according to claim 2, wherein said monitor registers are 64, each bit wide being 64 bits.

4. A hardware monitor device for use in secure execution of software according to claim 3, wherein said security rule table comprises a continuous memory for storing legal information for identifying whether the software execution is legal and a security rule map for querying legal information.

5. The hardware monitor device for software secure execution according to claim 4, wherein the execution state of the core is called core state, 64 bits of core state can be used to find legal information, the access mode of the security rule table can support any core state with a bit width of 64 bits, the 64 bits of core state is equally divided into four segments, each segment having 16 bits; the security rule mapping has four levels in total, each core state represents the entrance of one level security rule mapping, and the security rule mapping of the other levels possibly comprises more than two mappings except that the security rule mapping of one level has only one mapping; when the security rule table needs to be queried, a core state is given, and the first segment is used for querying the first-level security rule mapping; when the highest bit of the searched value is 1, the rest 63 bits of the searched value record the length and the address of legal information; when the most significant bit of the found value is 0, the higher level entry will be used to find the next level security rule map until the most significant bit of the found value is 1.

6. A hardware monitor device for secure execution of software according to claim 5, wherein the monitor's mode of operation comprises an offline phase prior to program execution and an online phase in program execution;

the off-line stage comprises the steps of compiling a monitor program and performing program instrumentation according to requirements by a user, wherein the program instrumentation represents the insertion of new instructions into an original program;

the online phase includes acquiring software execution information and monitoring by a software runtime monitor.

7. A hardware monitor device for software secure execution according to claim 6, wherein, during the off-line phase, a user programs the monitor program through the monitor instruction set to implement the operation of different security policies and select different software execution information;

in an offline stage, for a software program to be monitored, inserting a specific instruction ExInfo for carrying additional software execution information into the program, wherein the specific instruction ExInfo is executed in a core, and instruction codes except for operation codes for distinguishing different instructions in the specific instruction ExInfo can be defined by a user to carry additional information; the user can insert specific instructions ExInfo at any position in the monitored software program according to the requirements.

8. The hardware monitor apparatus for software secure execution of claim 7, wherein the monitor instruction set comprises read-write arithmetic instructions, control instructions, memory instructions, and security instructions; the instruction length in the monitor instruction set is unified to 64 bits, wherein 6 bits are used as operation codes to distinguish different types of monitor instructions; the other parts of the instruction code are used as operands, wherein the operands comprise immediate data imm directly participating in operation, an operated source register rs and a destination register rd for storing operation results.

9. A hardware monitor apparatus for use in software secure execution according to claim 8, wherein the arithmetic instructions comprise add, subtract, and, compare instructions, shift instructions, the add, subtract, and operations for completing operations between registers and immediate; the comparison instruction is used for completing 4 comparison modes, including greater than, less than, equal to and unequal to; the shift instruction is used for shift operation, and is also used for combining left shift and right shift and extracting high or low data;

the control instructions comprise unconditional control instructions and branch control instructions, wherein the unconditional control instructions are used for directly modifying the program counter, and the branch control instructions are used for modifying the program counter according to the comparison result of the source register and the immediate;

The memory instruction comprises a read instruction and a write instruction, and a user can select whether to use the cache to perform memory read-write operation by configuring a cache-valid operand in instruction encoding; the cache-valid operand is used to identify whether a monitor cache is used;

the safety instruction comprises an information selection instruction, an information waiting instruction, an information splitting instruction, a reset instruction and a checking instruction, wherein the information selection instruction is used for selecting different software execution information as a request instruction to acquire different software execution information data, the information waiting instruction is used for waiting for effective software execution information after a selection signal is completed, the information waiting instruction can automatically block the execution of a subsequent monitor instruction, wait for the FIFO of a first-in first-out buffer until the effective software execution information, and write the software execution information into a destination register after successfully waiting for the software execution information; when the information waiting instruction waits for a high bandwidth FIFO, the information waiting instruction automatically writes data into a 56 th register to a 63 st register respectively in one clock period, and additionally reads the FIFO as the start of another round of processing, and a user clears all registers by setting a reg-clear operand in instruction encoding to 1, wherein the reg-clear operand is used for identifying to clear a monitor register;

The information splitting instruction is used for splitting more than two pieces of information positioned in one 64 bits into 8 pieces of data in one clock period;

the reset instruction is used for resetting the safety bypass cache;

the checking instruction is used for verifying whether the software execution information is legal or not, the checking instruction comprises a series of operations of checking safety rules, the operations comprise reading a safety rule table to obtain the software legal execution information, comparing the software execution information with the legal information, and the time for taking the instructions by the monitor is saved by completing the operations of more than two monitor instructions in one checking instruction.

10. A hardware monitor device for secure execution of software according to claim 9, wherein the software execution information is physically signaled to the monitor during the on-line phase by modifying the design of the core;

the safety rule table can be automatically generated in the program static analysis of the offline stage, the safety rule table can be used for mapping and searching the address and the length of legal information in the safety rule of the intermediate stage, and the safety rule table can be optimized offline; when more than two core states correspond to the same legal information, the security rule mapping corresponding to the core states stores the same legal information address and length;

The rule bypass buffer memory has two stages, the first stage rule bypass buffer memory records the core state and the checked software executing information, when the checking instruction starts to execute, the first stage rule bypass buffer memory is searched, if the same core state and the same checked software executing information exist in the rule bypass buffer memory, the checking instruction is removed; the second-level rule bypass buffer records the memory address of legal information and checked software execution information, when the first-level rule bypass buffer does not record the same information, the second-level rule bypass buffer is inquired, if the same legal information as the second-level rule bypass buffer exists, the legal information is used for checking the same software execution information, and the checking instruction is removed;

when the checking instruction is executed, the first-level rule bypass cache is searched first, if the checking instruction is hit, the checking instruction is completed immediately, otherwise, the second-level rule bypass cache is searched, if the checking instruction is hit, the checking instruction is completed immediately, otherwise, the checking instruction which is not completed is executed continuously; the two-stage rule bypass caches are updated by adopting a first-in first-out mechanism, and the searching and the comparison of the rule bypass caches are performed in parallel;

The special out-of-order architecture means that only one instruction is transmitted for execution in one clock cycle, and the execution of the arithmetic instruction and the control instruction only needs one clock cycle; for memory instructions, a user can configure the dependency problem of data in a read instruction and a write instruction by configuring OoO-valid operands for identifying whether to use an out-of-order architecture; if OoO-valid is 1, then the read and write instructions will execute out of order until the instruction ends; if the previous read instruction or write instruction is not executed, a new read instruction or write instruction is fetched, and the monitor is automatically blocked; if OoO-valid is equal to 0, then execution of the read and write instructions will block the monitor until execution is complete; for monitor instructions with special functions, automatically blocking the monitor until the execution is completed; the execution of the check instruction is always out of order and may block read and write instructions that execute after the check instruction;

the parallel comparator can perform more than two comparison operations within one clock cycle, legal information to be compared is read from a security rule table stored in a memory or a cache when an inspection instruction is executed, and when the bit width of the legal information is 8 bytes, the parallel comparator can compare 8 bytes of information in total, and a user can configure the parallel comparator through an info-width operand for identifying the data bit width of the legal information.