JP5069406B2 - System and method for identifying and preventing security breaches in computer systems - Google Patents

Description

  This case relates to detecting that a malicious program is running in a microprocessor-based system. In some cases, execution of a malicious program may be stopped and the user may be notified by visual and / or audible notification that an attack has been detected.

  Microprocessor-based consumer electronic devices are designed with two privilege levels: an operating system (O / S) and a user software application. In some microprocessor-based systems, two privilege levels of security are not sufficient. This is mainly because the effective realization of the operating system privilege level (sometimes referred to as protected mode) depends on the correct operation of the O / S software. As such, depending on the correct operation of the O / S software, the system is vulnerable to malicious programs such as computer viruses.

Some microprocessor-based systems address this problem by implementing a third “safe” operating level in hardware. This security hardware can prevent software access to at least some hardware components (eg, memory, memory management unit, cash registers, etc.). The security hardware may monitor the system for security breaches and reset the entire system if any violation is detected. However, resetting the system itself is an attack, so resetting the system often renders the system unusable. Such attacks are often referred to as “denial of service (DoS)” attacks.
Therefore, a system that can detect and stop attacks without appealing to the extreme means of resetting the system is desired.

  Most of the problems described above can be addressed by systems and methods that identify and prevent security breaches within a computer system. One exemplary embodiment monitors activity on a core bus coupled to a processor core (a processor core operating within a computer system), identifies activity on the core bus as a security breach, It may include a method comprising preventing execution of certain instructions in the processor core in response to a violation.

  Another exemplary embodiment tracks activity on the core bus of a computer system processor core, recognizes activity on the core bus as a security breach, and interrupts the processor core in response to a security breach It may include a method comprising asserting a signal and executing security response software in response to the asserted interrupt signal.

  Yet another exemplary embodiment includes a computer system comprising a processor core coupled to the primary bus and a monitoring system coupled to the primary bus (this monitoring system tracks activity on the primary bus). It's okay. The monitoring system recognizes security breaches, including activity on the primary bus due to programs executing on the processor core, and prevents completion of the activity by flushing the pipeline stages of the processor core.

  Yet another exemplary embodiment includes a monitoring system, a plurality of computer system components, and a firewall system (a plurality of computer systems for monitoring attempts to access at least one of the plurality of system components). A computer system comprising a firewall system coupled between the component and the monitoring system. The firewall system recognizes at least one breach of a plurality of stored firewall constraints as a security breach and prevents the access attempt if it recognizes the access attempt as a security breach.

(Notation and terminology)
In the following description and claims, a number of terms are used to refer to specific system components. This document does not distinguish between components that have different names but the same function.

  In the following description and claims, the terms “including” and “comprising” are used non-restrictively and should be interpreted to mean “including but not limited to”. The term “couple” means indirect or direct electrical connection. Thus, when the first device is coupled to the second device, the connection may be a direct electrical connection or an indirect electrical connection through another device or connection.

(Detailed description of preferred embodiments)
FIG. 1 illustrates a computer system 100 constructed in accordance with at least some embodiments of the invention. The computer system 100 is a multiprocessing unit (coupled to various other system components by a data and instruction bus and a security firewall (eg, L3 bus / firewall 254, L4 bus / firewall 256, external memory firewall 252)). MPU) 104 may be provided. The MPU 104 may include a processor core (core) 106 that has a plurality of processing pipelines and executes programs. The MPU 104 may also include a core security controller (CSC) 258 that assists in placing the MPU 104 in secure mode for executing secure programs on the core 106. The core security controller 258 performs a monitoring operation for ensuring a safe operation during the safe mode and preventing access to a safe component of the computer system 100 during the non-safe mode.

  The computer system 100 may also include a digital signal processor (DSP) 108 that is coupled to the MPU 104 by an L3 bus / firewall 254. The DSP 108 may assist the MPU 104 to perform task specific calculations (graphics processing, audio processing, etc.). The DSP 108 may have its own core 110 and its own core security controller 260. A graphics accelerator (GFX) 112 may also be coupled to the MPU 104 and the DSP 108 by an L3 bus / firewall 254. Graphics accelerator 112 may perform calculations and information conversions necessary to display information on display device 142 or the like. Similar to MPU 104 and DSP 108, graphics accelerator 112 may have its own core 114 and its own core security controller 262. As with the MPU 104, the DSP 108 and graphics accelerator 112 may independently enter a secure mode and execute security programs on the core 110 and core 114, respectively.

  The computer system 100 is also coupled to the on-chip memory 118 and the stacked memory 120 via the L3 bus / firewall 254 and to the external memory 116 via the L3 bus / firewall 254 and the external memory firewall 252. A controller (DMA CTLR) 122 may be provided. The direct memory access controller 122 provides access between the on-chip memory 118, the stacked memory 120, and the external memory 116, such as any other MPU 104, DSP 108, graphics accelerator 112, etc. It may be controlled by system components. On-chip memory 118, stacked memory 120, and external memory 116 may be any suitable memory. For example, a synchronous RAM, a RAMBUS (registered trademark) type RAM, a programmable ROM (PROM), an erasable programmable ROM (EPROM), an electrically erasable programmable ROM (EEPROM), or the like may be used. Stacked memory is embedded in the same semiconductor package as system-on-a-chip (SoC) 102, but is on any semiconductor die that is separate from the system-on-a-chip 102 semiconductor die (die) Any suitable memory may be used.

  The computer system 100 may also include a USB interface (USB I / F) 124 that is coupled to various system components by an L4 bus / firewall 256. The USB interface 124 allows the computer system 100 to communicate with an external device.

  Each core security controller (eg, core security controller 258) may be implemented as a hardware-based state machine that monitors the system parameters of each individual processor core (eg, core 106). The core security controller causes the processor to enter a safe mode of operation to execute a secure program from a secure memory (eg, from the secure address range of the on-chip memory 118) and a secure resource (eg, Direct memory access controller 122 secure channel control registers) can be accessed. Having this secure mode (ie third level privilege) is valuable to any kind of computer system (eg, laptop computer, desktop computer, server in a bank of servers). However, in at least some embodiments of the present invention, the computer system 100 may be a mobile computer system. For example, it may be a cellular phone, a personal digital assist (PDA), a text messaging system, or a computing device that combines a messaging system with the functions of a personal digital assist and a cellular phone. Some embodiments may include a modem chipset 138 that couples to the external antenna 136 and / or a global positioning system (GPS) circuit 128 that also couples to the external antenna 130.

  Since the computer system 100 according to at least some embodiments is a mobile device, the computer system 100 may also include a battery 132 that is possibly controlled by a power management unit 134 to provide power to various processing elements. A user may input data and / or messages to the computer system 100 through a user interface (user I / F) 140 such as a keyboard, a keypad, or a touch panel. Since many cellular phones also have the capability to handle digital still images and video images, in one embodiment, the computer system 100 includes a camera interface (CAM I / F) 126 to charge coupled devices that capture digital images. A camera function can be provided by coupling the computer system 100 to a (CCD) array (not shown).

  The various firewalls of the system 100 shown in FIG. 1 each provide additional protection beyond that provided by the core security controller. The firewall may block or allow other components (or software executing on the components) from accessing the components of the computer system 100 according to a set of programmed rules. This rule establishes a relationship between a component and an operating mode (eg, safe or unsafe) pair. Such a rule may be implemented in hardware or software in the form of a permission table that cross-references the component that is attempting access to the address range of the component that is the desired access destination. If the permission obtained for the requested operation and the current mode of operation denies access, the firewall signals a security breach.

  Firewalls 252, 254, 256, core security controllers 258, 260, 262, and security indicator 264 are coupled to platform security controller 250, respectively. Platform security controller 250 serves as a hub for detecting security breaches. The core security controller and firewall each assert a separate security breach signal monitored by the platform security controller 250. Upon detecting any assertion of an individual security breach signal, the platform security controller responds by activating one or more core security controllers and initiating a security response sequence (discussed later). The platform security controller may also alert the user of computer system 100 that a violation has been detected, such as by activating attack indicator 264.

  The various security components described above operate as a monitoring system 200. The monitoring system 200 includes a platform security controller 250, firewalls 252, 254, 256, core security controllers 258, 260, 262, and an attack indicator 264. FIG. 2 shows details of the monitoring system 200 and illustrates an exemplary configuration that combines the components in the monitoring system 200 and the components in the MPU 104. In at least some embodiments of the present invention, MPU 104 overlaps core 106, interrupt controller 174, secondary bus 182, and core security controller 258 (monitoring system 200 that also includes core security controller 258). ). The core 106 includes a processor 170, a primary bus 180 (a unique bus of the processor 170), and a bus bridge 172. In at least some embodiments of the present invention, processor 170 may be any processor suitable for incorporation into an on-chip system, such as an ARM1136 series processor.

  The processor 170 is coupled to the primary bus 180 as is the bus bridge 172 and the core security controller 258. Processor 170 is also coupled to core security controller 258 and interrupt controller 174. Core security controller 258 couples to bus bridge 172 and platform security controller 250. Platform security controller 250 is coupled to attack indicator 264, external memory firewall 252, L3 bus / firewall 254, and L4 bus / firewall 256. L4 bus / firewall 256 is coupled to L3 bus / firewall 254, and L3 bus / firewall 254 is coupled to secondary bus 182.

  The core security controller tracks the activity of the processor 170 by monitoring signals on the primary bus 180. These signals may include instruction bus signals, data bus signals, status signals, and control signals. Such signals may be organized as separate buses within the primary bus (eg, an instruction bus, a data read bus, and a data write bus as found in Harvard Computer Architecture). By monitoring such signals on the primary bus 180, the core security controller 258 can be used in the actual instructions and data provided to the processor 170 for execution, in the security mode of the MPU 104, and in the current security mode. It can be determined whether instructions and / or data are allowed. For example, if a program executing on processor 170 attempts to access a safe address range of memory while processor 170 is operating in non-secure mode, core security controller 258 identifies this as a security breach. Similarly, if a program executing on processor 170 attempts to access an insecure address range of memory while processor 170 is operating in secure mode, core security controller 258 also identifies this as a security breach.

  Other activities on the primary bus 180 are also identified as security breaches. If the security levels of the two resources do not match, the core security controller 258 identifies access from one resource to the other as a security breach. Thus, for example, if a non-secure channel of direct memory access controller 122 accesses a secure address range of on-chip memory 118, it is identified as a security breach. Similarly, if a secure channel of direct memory access controller 122 accesses an insecure address range in external memory 116, this is also identified as a security breach. The core security controller 258 also identifies the instruction abandonment sequence provided to the processor 170 as a security breach. Examples of this type of attack include a malicious program trying to interrupt a safe mode entry sequence using an instruction abandonment sequence, or trying to interrupt software that is already running in safe mode. There is. Both are identified as security breaches.

  Other activities on the system monitored by the security controller 258 include malicious processing of the voltage level of the electronic communication system 100, malicious processing of the clock frequency, and intentional hardware fault generation (e.g., using lasers). ) And unauthorized testing and debugging activities (eg, attempting to put the electronic communication system 100 in operation into test mode). All attempts at these activities detected by the security controller 258 are also identified as security breaches.

  If a security breach is detected, the core security controller 258 may initiate a security response sequence. The security response sequence may prevent or stop the execution of an infringing operation, prevent future execution of a harmful program (eg, by deleting the program from computer system 100), and possibly both actions. Including. Each will be described in turn.

  In at least some embodiments of the present invention, if the instruction or data associated with the instruction violates a security constraint programmed into the core security controller 258, the core security controller 258 may have a primary bus. The instructions given to processor 170 on 180 may be discarded. The core security controller 258 asserts a security abandon signal 282, which the bus bridge 172 converts to a unique processor hardware based abandon. Hardware-based abandonment prevents the execution of harmful instructions and includes a pipeline of processor 170 that includes prefetch units, internal instructions and / or data prediction mechanisms, and additional program instructions that are part of a breach or attack. You can flush the stage. Such flash erases the context of the malicious program and terminates the execution of the program. Since abandonment is hardware-based and not subject to software control or interference, malicious programs are very difficult to intercept or bypass the security response sequence thus implemented.

  In at least some embodiments of the present invention, the processor 170 may be an ARM1136 series processor. Such a processor provides a hardware-based instruction abandonment sequence of the type described above necessary to prevent execution of instructions identified as having breached security, and all expectation and pipeline instructions as part of the abandonment sequence. Provides the ability to flush the stage and prevent execution of all other prefetch instructions that are part of the attack sequence.

  The core security controller 258 of FIG. 2 also generates an interrupt to the processor 170 in response to a security breach. In at least some embodiments of the invention, the core security controller asserts a security abandonment interrupt signal 284. The interrupt controller 174 monitors this. In response to asserting a security abandonment interrupt, the interrupt controller may assert an interrupt request (IRQ) signal 281 that may initiate an interrupt request to the processor 170.

  An interrupt service routine that is triggered by the interrupt request signal 281 and executed on the processor 170 identifies the source of the malicious program and prevents future execution of the program (eg, removing that source from the computer system 100). One or more software programs (e.g., anti-virus software) that can be executed. The processor 170 may inform the core security controller 258 that the interrupt service routine is complete by asserting the breach erase signal 280. In at least some embodiments of the present invention, high performance, high priority processor interrupts (eg, FIQ interrupts for ARM1136 series processors) may be used. This is because it is very difficult for the attacking software to bypass the interrupt service routine triggered by such an interrupt.

  Core security controller 258 may also respond to security breaches detected by one of the various firewalls of monitoring system 200. Each of the various firewalls of the monitoring system 200 may assert a firewall breach signal (eg, L3 firewall breach signal 292) to indicate to the platform controller 250 that a security breach has been detected. Platform controller 250 may assert firewall breach signal 286 in response to a security breach detected by the firewall. In some embodiments, the core security controller 258 may respond to the firewall breach indication in the same manner as it responds to the security breach detected by the core security controller 258.

  In another embodiment, core security controller 258 may respond to firewall security breaches in other ways. For example, if a USB device coupled to the USB port 124 (see FIG. 1) attempts to access a secure address range in the on-chip memory 118, the L4 bus / firewall 256 will deny access, The security controller 250 may be notified. Platform security controller 250 may notify core security controller 258 of a violation detected by the firewall, and core security controller 258 may send an interrupt request to processor 170. An interrupt service routine executed on processor 170 in response to an interrupt request may take the necessary action. Such action may be security breach logging. This is because access is already blocked by the firewall and no further protection or compensation measures need to be taken.

  The firewall of the monitoring system 200 constructed in accordance with at least some embodiments of the present invention may separate between components of the computer system 100 that can operate at different security levels. A firewall may be incorporated into the bus that links the various components of the computer system 100 to control the request / response mechanism within the bus. Such a request / response mechanism allows a component requesting access (sometimes referred to as an “initiator”) to access another component (sometimes referred to as a “target”), which Only if the security firewall built into the combined bus allows access. For example, the direct memory access controller 122 may request access to the stacked memory 120, but the security firewall embedded within the L3 bus / firewall 254 will only allow access if the access does not violate security constraints. to approve.

  Also, in at least some embodiments of the present invention, the L3 bus / firewall 254 is implemented using digital hardware to provide all access requests from the graphics controller 112 to the direct memory access controller 122. You may always refuse. Such hardware uses the initiator and target identification information placed on the bus portion of the L3 bus / firewall 254 by the graphics controller 112 as an input to the security firewall portion of the L3 bus / firewall 254. Logic within the security firewall decrypts this information to determine whether access from the initiator to the target is allowed (in the example described here, access is always denied). Such a hardware-based firewall provides a high level of security. This is because reprogramming and modification are not easy.

  Another embodiment of the L3 bus / firewall 254 may use a memory-based lookup table. In such an embodiment, the permission table may be realized as a multidimensional table. For example, the table may be indexed using initiator identification, target identification, and security mode of the MPU 104 to generate a response to the access request. This table may be implemented using any suitable memory. Depending on the type of memory used, various degrees of flexibility and security can be obtained. For example, if a ROM is used, the computer system 100 is not very flexible but very safe because the program executed on the computer system 100 cannot change the security constraints encoded in the memory. In contrast, when a RAM is used, a program executed on the computer system 100 can dynamically reconfigure security constraints encoded in the memory at the time of execution (other programs incorporated in the system). The computer system 100 becomes more flexible when properly bound by security means.

  In addition to monitoring violations detected by the firewall, the platform security controller 250 may alert the user when a security violation occurs. As shown in FIG. 2, and in at least some embodiments of the present invention, platform security controller 250 may also monitor core security controller 258 for violations indicated by CSC violation signal 288. With this signal and similar signals from other core security controllers and firewalls included in the monitoring system 200, the platform security controller 250 will address security breaches detected by other elements of the monitoring system 200. Can do. The platform security controller asserts the attack signal 296 in response to the asserted security breach signal and activates the attack indicator 174 to alert the user that a breach (and therefore an attack on the computer system 100) has occurred. To do.

  FIG. 3 shows a method suitable for use by the monitoring system 200 for responding to a security breach, stopping an attack, and notifying a user. In at least some embodiments of the present invention, such methods include a security breach detection block 302, a user notification block 304, a security abandonment signal assertion block 306, a security abandonment interrupt assertion block 308, and interrupt service routine execution. Block 310 and security breach elimination block 312 may be included.

  Still referring to FIG. 3, if a security breach is detected (eg, by the core security controller 258) as shown in block 302, the user may be notified of the breach at block 304 (eg, an attack indication). By activating vessel 174). After notifying the user that an attack has been attempted, a security abandonment signal is asserted, as shown in block 306, and the instructions given to the processor in the monitoring system 200 are abandoned. This may flush all predictions or pipeline stages associated with the processor. Next, a security abandonment interrupt is asserted as shown in block 308 and the interrupt service routine is preferentially executed as shown in block 310. The interrupt service routine executes one or more software programs (eg, virus scanner software) that can directly address a security breach or locate the source of a harmful attack instruction. Prevent the source from executing instructions in the future (eg, by removing the source from the device 100). After the interrupt service routine of block 310 completes execution, the violation may be marked for erasure as shown in block 312 (eg, asserting a breach erase signal to the core security controller that first detected the security breach. By doing).

  The above disclosure is intended to illustrate the principles and various embodiments of the present invention. Various changes and modifications will become apparent to those skilled in the art once the above disclosure is fully appreciated. This disclosure includes all such changes and modifications.

  The present invention provides a system and method for identifying and preventing security breaches within a computer system. The computer system 100 includes a multiprocessing unit 104 having a processor core 106 that executes a program. The monitoring system 200 includes a platform security controller 250 that monitors activity on the core bus to identify security breaches. In response to identifying the security breach, further execution of the program in the processor core 106 is prevented.

1 illustrates a computer system constructed in accordance with at least some embodiments of the present invention. 1 illustrates a monitoring device constructed in accordance with at least some embodiments of the present invention. 6 illustrates a method for stopping an attack according to at least some embodiments of the present invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Computer system 104 Multiprocessing unit 106 Processor core 200 Monitoring system 250 Platform security controller

Claims (5)

Monitoring at least one of a voltage level, clock frequency, hardware fault injection, and test activity associated with the electronic device on a core bus coupled to the processor core;
Identifying at least one unauthorized operation of the voltage level, clock frequency, hardware fault injection, and test activity as a security breach;
Preventing execution of instructions in the processor core in response to the security breach;
Including a method. The method of claim 1, comprising:
Identifying a software program executing on the processor core as causing the security breach;
Preventing the software program from executing;
The method further comprising : The method of claim 1 , comprising:
Activating a visual indicator to inform a user that the security breach has been detected . The method of claim 1, comprising:
Activating a visual indicator to inform a user that the security breach has been erased . The method of claim 1, comprising:
A method further comprising activating an audible indicator to inform a user that the security breach has been detected .

Images