WO2002027478A1 - Emission d'instructions par un processeur - Google Patents
Emission d'instructions par un processeur Download PDFInfo
- Publication number
- WO2002027478A1 WO2002027478A1 PCT/GB2001/004298 GB0104298W WO0227478A1 WO 2002027478 A1 WO2002027478 A1 WO 2002027478A1 GB 0104298 W GB0104298 W GB 0104298W WO 0227478 A1 WO0227478 A1 WO 0227478A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- instructions
- instruction
- execution
- random
- dependency
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 35
- 239000011159 matrix material Substances 0.000 claims description 10
- 230000000694 effects Effects 0.000 claims description 4
- 230000001419 dependent effect Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 230000004044 response Effects 0.000 claims description 2
- 239000000872 buffer Substances 0.000 description 22
- 238000004458 analytical method Methods 0.000 description 9
- 238000013478 data encryption standard Methods 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 235000005612 Grewia tenax Nutrition 0.000 description 3
- 244000041633 Grewia tenax Species 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 239000012141 concentrate Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000053 physical method Methods 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3836—Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3836—Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
- G06F9/3838—Dependency mechanisms, e.g. register scoreboarding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
Definitions
- This invention relates to the issue of instructions in a processor, and particularly to a method of issuing instructions and to a processor.
- DPA provides the most powerful attack using very cheap resources. Many people have started to examine this problem and S. Chari et al provides a worrying analysis regarding the weakness of AES (Advanced Encryption Standard) algorithms on Smart cards, see the article entitled “A Cautionary Note Regarding the Evaluation of AES Candidates on Smart-Cards" in the Second Advanced Encryption Standard Conference, Rome, March 1999.
- AES Advanced Encryption Standard
- the present invention seeks to improve tamper resistance according to the third approach, that is, by decorrelating the timing of power traces on successive program executions.
- Kocher et al also describe two ways of producing the required temporal misalignment by introducing: i) introducing random clock signals, and ii) introducing randomness into the execution order.
- Kocher et al in "Differential Power Analysis” mention that randomising execution order can help defeat DPA, but can lead to other problems if not done carefully.
- One randomising approach uses the idea of randomised multi-threading at an instruction level using a set of essentially "shadow" registers. This allows auxiliary threads to execute random encryptions, hence hoping to mask the correct encryption operation.
- the disadvantage is that additional computational tasks are again required and this requires a more complex processor architecture having separate banks of registers, one for each thread.
- DES operates on the 64-bit blocks using key sizes of 56- bits.
- the keys are actually stored as being 64 bits long, but every 8th bit in the key is not used (i.e. bits numbered 7, 15, 23, 31 , 39, 47, 55, and 63).
- bits numbered 7, 15, 23, 31 , 39, 47, 55, and 63 bits numbered 7, 15, 23, 31 , 39, 47, 55, and 63.
- the aim of the present invention is to allow extensive randomised execution of instructions to be performed at run time so that successive program executions are uncorrelated.
- a method of issuing instructions to an execution unit in a processor comprising: identifying in an ordered sequence of instructions a set of instructions for which the order of execution is not critical; and selecting instructions in said set for successive execution on a random basis each time the ordered sequence of instructions is executed.
- instructions for which the order of execution is not critical are those where the outcome does not depend on their order of execution.
- a method of executing a computer program a plurality of times comprising a sequence of instructions, wherein each time the program is executed a set of said instructions is identified for which the order of execution is not critical, and instructions from that set are selected for successive execution on a random basis whereby the execution profile of the program differs each time the program is executed.
- the execution profile of the program is the physical indicators that result from execution of a code sequence, for example a power trace.
- a processor comprising: a fetch unit for fetching instructions from an instruction memory which holds an ordered sequence of instructions to be executed; an execution unit for executing instructions supplied from the fetch unit; an instruction selection unit connected to control the fetch unit and arranged to select successive executable instructions from said ordered sequence on a random basis, for supply to the execution unit.
- a still further aspect of the invention provides a method of operating a computer to effect a series of operations, the method comprising: selectively controlling the order in which the operations are effected between a random order and predetermined order.
- the step of selectively controlling the order in which the operations are effected can be carried out in response to a mode control signal (e.g. mode bit) which selectively enables a random number generator connected to control said order.
- a mode control signal e.g. mode bit
- a still further aspect provides a processor comprising: a functional unit for effecting a series of operations; a random number generator connected to said functional unit which, when enabled, causes said functional unit to effect the operation in a random sequence; and means for selectively enabling the random number generator to allow said operation to be effected in one of a random order and a predetermined order.
- a processor which provides for the selection of successive executable instructions on a random basis is referred to as a non- deterministic processor.
- Figure 1 shows a block diagram of a generic CPU architecture
- Figure 2 shows a non-deterministic processor executing two instructions compared to other processors
- Figure 3 shows an embodiment of the random issue unit
- Figure 4 shows a flow chart explaining how instructions are issued at random
- Figure 5 shows an example of two input random selection unit
- Figures 6A and 6B show a generic model and a 16 input random selection unit
- Figure 7 shows a flow chart describing a method for choosing which random instruction in the issue buffer to execute.
- FIG. 1 is a block diagram illustrating the standard functional units that make up a pipelined computer system.
- a program memory 2 contains program instructions, which are addressable at different memory locations.
- An ADDRESS bus 6 and a DATA bus 4 transfer information to and from the various elements that make up the processor 8.
- the system contains an instruction fetch unit 10 having a program counter 12 that stores the address of the next instruction to be fetched. For sequential execution of instructions the program counter will normally be incremented by a single addressing unit. However, if a branch instruction is encountered, the program flow is broken and the program counter 12 needs to be loaded with the address of a target instruction (that is, the first instruction of the branch sequence).
- the instructions are fetched from the program memory and stored in an instruction issue buffer 14.
- the program counter referred to herein is used to control instruction fetches from memory. There may also be an execution counter which is used by the execution unit 18 to specify which instruction is currently being executed.
- the instructions are decoded and supplied to relevant execution units. In this example, only one execution unit 18 or pipeline is shown, however the present invention is intended to be used in conjunction with modern processors which may have several execution units allowing parallel execution paths. Encryption algorithms need a substantial level of computational power and modern processor architectures such as superscalar, VLIW (Very Long Instruction Word) and SIMD (Single Instruction Multiple Data) are ideally suited to the present invention.
- the results of the operations are written back by a result write stage 22 into temporary registers of a register file 20, which is used to load and store data in and out of main memory.
- the present invention is concerned mainly with the block of functionality denoted by the reference numeral 24.
- the present invention deals with a modified issue buffer 14 which will be described in more detail later.
- the issue buffer generates an instruction fetch signal 13 to control which instructions are supplied from the fetch unit 10.
- part of the decode circuitry may be used to decode the instruction dependencies. This will also be described in more detail at a later stage.
- Non-deterministic processing as described herein means that for successive runs of the program, although the result will be the same the order of execution of the instructions will be random. This reduces the impact of a DPA-type attack in that the power traces resulting from successive program runs will be different.
- Figure 2 serves to highlight the differences between a non-deterministic processor and other known processors when executing a simple program consisting of the following two lines of code:
- the execution flow on the left of Figure 2 represents a standard processor having a single execution pipeline where the two instructions are executed sequentially, i.e. the ADD instruction is executed in cycle 1 followed by the XOR instruction in cycle 2.
- the middle execution flow represents a modern Pentium processor having a plurality of execution paths, which execute independent instructions in parallel.
- the execution flow on the right of Figure 2 represents a non-deterministic processor having a single pipeline. The important point to note is that the non-deterministic processor allows the instructions to be executed in any order provided that it has been established that the instructions are independent. So in the first cycle either the >ADD or the XOR instruction can be carried out and in the second cycle the other instruction will be executed.
- the standard processor executes instructions sequentially and although there is a little "out of order" execution to help with branch prediction, this occurs on a small scale. In any event, in such a processor each time a program is run containing a certain sequence of instructions, the execution sequence will be identical.
- the Pentium processor has a plurality of execution units (A) and (B), which execute the independent instructions in parallel the processor is still deterministic in that the ADD and the XOR instructions are executed concurrently in pipes (A) and (B).
- the purpose of 11 is to LOAD a value addressed by register R2 into register R9.
- the intention of the code sequence is to add the loaded value from R8 to the value in R9. Therefore, if the ADD instruction 12 is carried out before 11 , the old value of R9 will be added to R8 yielding an incorrect value for the resulting summation R10. We say that there is a dependency between the ADD instruction 12 and the LOAD instruction 11.
- the present invention makes use of the fact that in many code sequences a number of instructions are independent and thus can, in theory, be executed in any order.
- the invention exploits this by executing the instructions in a random order at run time. This causes the access patterns to memory for either data or instructions to be uncorrelated for successive program executions, and thus causes the power trace to be different each time.
- FIG. 3 shows an example of the implementation of a random issue unit.
- the random issue unit comprises an instruction table 32 with an associated dependency matrix table 30. Instructions are prefetched into the instruction table 32 using conventional instruction fetch circuitry.
- the dependency matrix table has slots and columns, where the slots represent bit-masks associated with each instruction in the instruction table 32.
- the bit-masks or dependency bits are an indication as to whether an instruction has a dependency on another instruction. Broadly speaking there are two types of dependencies that need to be considered for an instruction:
- the Used and Defined Register tables 34, 36 shown in Figure 3 each comprise a number of rows and columns. Each row corresponds to a register (or operand) and each column corresponds to a particular slot (or instruction) in the instruction issue table 32. Each register comprises a plurality of slots corresponding to the number of instructions in the instruction table 32 and is the sp-called bit-mask for a register.
- the bit-mask for a register is a binary stream where a "1 " indicates which instruction has a dependency on that register.
- each table has five rows corresponding to registers R1 to R5, i.e. R1 corresponds to the top row and R5 to the bottom row.
- the processor performs a logical OR operation 38 of the bit mask of the Used Registers table 34 and the Defined Registers table 36 thereby creating a new bit-mask stored in a free slot of the dependency matrix 30.
- a test can be performed by OR-ing with OR gates 40 each of the dependency bits of a slot of the dependency matrix. If all the dependency bits of a slot associated with a particular instruction are set to zero, then the instruction can be executed and a FIRE signal 42 is generated to the Random Selection Unit 44. Given the result of the OR for each row of the table, a number of zeros (indicating instructions to be executed) and a number of ones (indicating instructions that are blocked) are obtained. The random selection unit 44 selects one of the slots which is indicated at value zero, at random, and causes that instruction to be executed next. In the described embodiment, the dependency bits are overwritten with new values when the dependencies of the next instruction are loaded into the matrix.
- the random issue unit supplies an instruction to be executed from the instruction table 32 along instruction supply path 50 and loads an instruction into the instruction table 32 along instruction load path 52 at the same time.
- Figure 4 is a flow chart indicating how the instructions in the instruction issue buffer 14 are issued for execution and loaded concurrently.
- the load operations are represented by the left branch flow (C), while the issue operations are represented by the right branch flow (D).
- the left branch flow (C) of figure 4 relates to an instruction load operation starting at step S1 where the next instruction, specified by the program counter 12, is loaded into the instruction table 32 of the issue buffer 14.
- the load operations will firstly be described in general terms, and then more specifically in relation to one example.
- Each instruction defines two source operands 54 and a destination operand 56. These will nearly always be defined as registers although that is not necessary. Direct addresses or immediates are possible.
- the source and destination operands 54,56 are simultaneously decoded.
- the decoded information is translated into bit-masks that are set in the Used Registers and Defined Registers tables 34,36. These bit-masks are OR-ed by OR gate 38 ( Figure 3) to create dependency bits indicating on which instructions the loaded instruction depends.
- the empty slot E associated with the loaded instruction is then selected for replacement by setting the InValid flag 58 to zero.
- the dependency bits are loaded into the selected slot E of the dependency matrix.
- the bit-masks in column E of the Registers Used and Registers Defined tables 34,36 are set to "1" along path 62 for the corresponding rows of these tables to ensure that future instructions that use those registers are going to wait for the instruction to finish.
- the Used and Defined Register tables 34, 36 are set-up during the instruction fetch or LOAD sequence, as already indicated.
- the fetched instruction is decoded and the bit-masks associated with each of the registers specified in the instruction are checked for dependencies with other instructions. For example, assume the instruction: ADD R2, R3, R4 is fetched.
- the bit masks associated with the registers R2 and R3 in the Used Registers table 34 i.e. the source registers
- OR gate 38 the bit mask associated with register R4 in the Defined Registers Table (i.e. the destination register) is sent to the OR gate 38.
- each bit mask has N slots where each slot corresponds to a particular instruction.
- the OR gate 38 receives the bit-masks and performs a bit-wise logical OR operation for each slot simultaneously. For example, assume the following bit- masks exist:
- the first step includes simultaneously performing a second OR operation 40 across all the dependency bits for each slot of the dependency matrix 30 to determine which instructions have no dependencies. For the example, a "1" set in the third bit of the dependency mask for the instruction in question means that the OR'ed result will be a "1". Therefore this instruction still has dependencies stage and cannot be fired at the random selection unit 44.
- the final step is to set the appropriate bit masks associated with the currently loaded instruction.
- the appropriate bit-masks being the registers that cannot be used by future instructions until the current instruction has been issued.
- register R4 in the Used Registers table 34 for the present instruction column in set to "1" to inform all future instructions that R4 cannot be used as a source register (i.e. read from), because the present instruction uses this as a destination register (i.e. write to).
- registers R2 and R3 are source registers for the present instruction and thus these registers are set to "1" in the Defined Registers table 36 to indicate that these registers cannot be written to until the present instruction has completed.
- the right branch flow (D) of Figure 4 relates to random instruction issue starting at S1 where the dependency bits associated with each instruction are checked using an OR operation via OR gate 40. Then all of the independent instructions are flagged as ready for issue and appropriate fire signals are sent to the Random Selection Unit.
- the Random Selection Unit 44 selects one of the instructions 46 for example the instruction X, which is issued along instruction supply path 50 to the relevant execution unit.
- column X is then cleared (i.e. bits are set to zero) from the dependency matrix 30 as well as from the Registers Used and Registers Defined tables 34, 36. Also, the InValid flag is set (i.e. to 1 ).
- step S4 a pointer E is initialised for the next iteration.
- E is a pointer that points to an empty slot which is available in the issue table. After every instruction has been loaded, E must point to another free slot. One could, for example, use the instruction previously executed to initialise E. In that way, the pointer E would follow the executed instructions around the table.
- Figure 5 represents a two input example of how a random selection unit 44 may be implemented.
- the truth table for the random selector is shown below: ii R E A
- Figure 5 shows two inputs 70 and 72 for the random selection unit 44. It should be apparent from figure 3 that each input lo or Ii will either be a '0' or a '1'. More generally, a '0' will appear if all of the dependency bits of the relevant slot are '0'. Thus, a '0' indicates an independent instruction, which can be selected by the Random Selection Unit 44. An inspection of truth table 2 reveals that if one of the inputs is a '1', then the output 46 of the random selector will always take the logical value of the other input. Input is shown coupled to an AND gate 76 through an inverting element 75. The AND gate 76 accepts two other inputs, i.e. a random signal R 80 and an enable signal E 78. The output of the AND gate is OR-ed 74 with input l 0 to produce the selected output 46 of the random selection unit 44.
- each input lo or Ii will either be a '0' or a '1'. More generally,
- the enable signal E, 78 can be controlled by a mode bit MB. That allows the random number generator to be selectively controlled between an on and an off state.
- the output 46 is pseudo-randomly generated and is used as discussed herein.
- the random selector is off, the instruction issue operation is carried out normally, that is in the order of the instruction sequence. This is useful to allow the processor to be operated in a deterministic fashion, for example for debugging and other control purposes.
- the random signal R does not have to be truly random. It could be typically generated using a pseudo-random generator that is reseeded regularly with some entropy.
- the enable signal 78 allows random issue to be disabled, i.e. non- determinism can be turned off, for example to allow a programmer to debug code by stepping through the instructions.
- Figures 6A and 6B show a slightly more complex example of a random selection unit having 16 inputs.
- a 16 input random issue unit can be provided by adapting the simple two input structure shown in Figure 5 and connecting it in a cascaded structure.
- Figure 6A shows a generalised stage of one of the random selection units. The inputs run from l 0 to l 2 K+1 -1. The generalised stage can be applied to the 16 input random selector shown by Figure 6B.
- the 16 inputs are divided in half with the even inputs 10, I2...I14 being input to a first multiplexer 82 and the odd inputs 11 , 13, ...115 being input to a second multiplexer 84.
- Each multiplexer selects 1 output from 2 k inputs (i.e. 8:1 in the final stage) and each multiplexer accepts control signals from the lower stages A 0 ...A K - ⁇ (i.e. A 0 , At, A 2 in the final stage). This is confirmed by diagram on the right, which shows the selected signals from the lower stages being feedback into the higher stages. Then the relevant stage behaves as the two input model shown in Figure 5.
- Figure 7 is a flow chart illustrating a method to choose which instruction in the instruction buffer to execute.
- the issue buffer is assigned the symbol B.
- step S13a issues this instruction to the relevant execution unit and the program sequence is completed i.e. EXIT. If however, there is more than one instruction in the buffer, step S13b involves dividing the buffer into two sets of roughly equal size and assigning the symbols L and R respectively. Then at S14, the instructions within the L buffer are examined to see if any independent instructions can be issued. If not, step S15b sets the active issue buffer B to look at buffer R and the process is repeated from step S12.
- step S15a the R buffer is examined to see if it contains any instructions ready for issue. If not, step S16b sets the active buffer B to be buffer L and the process is repeated from step S12. If both L and R contain instructions that are ready for issue, the flow proceeds to step S16a where a random bit is generated. If the random bit is '1' then the process moves to step S16b where the L buffer is selected or if the bit is a '0' then the process moves to step S15b where the R buffer is selected. In both cases, the process will be repeated until there is only one instruction in one of the buffers in which case step S13a is invoked and the program sequence is completed.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Advance Control (AREA)
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001290111A AU2001290111A1 (en) | 2000-09-27 | 2001-09-26 | Instruction issue in a processor |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB0023698.4A GB0023698D0 (en) | 2000-09-27 | 2000-09-27 | Instruction issue in a processor |
GB0023698.4 | 2000-09-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002027478A1 true WO2002027478A1 (fr) | 2002-04-04 |
Family
ID=9900250
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2001/004298 WO2002027478A1 (fr) | 2000-09-27 | 2001-09-26 | Emission d'instructions par un processeur |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2001290111A1 (fr) |
GB (1) | GB0023698D0 (fr) |
WO (1) | WO2002027478A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012066458A1 (fr) * | 2010-11-16 | 2012-05-24 | Nds Limited | Traitement multifilières de matériel obscurci |
EP2860656A2 (fr) | 2013-10-01 | 2015-04-15 | Commissariat à l'Énergie Atomique et aux Énergies Alternatives | Procédé d'exécution par un microprocesseur d'un code binaire polymorphique d'une fonction prédéterminée |
CN108027762A (zh) * | 2016-06-24 | 2018-05-11 | Arm 有限公司 | 生成和处理指示处理电路的指令执行的跟踪流的装置和方法 |
EP3891635A4 (fr) * | 2018-12-05 | 2022-09-14 | Micron Technology, Inc. | Protection contre des attaques de sécurité basées sur la synchronisation sur des tampons de réordonnancement |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5710902A (en) * | 1995-09-06 | 1998-01-20 | Intel Corporation | Instruction dependency chain indentifier |
US5745726A (en) * | 1995-03-03 | 1998-04-28 | Fujitsu, Ltd | Method and apparatus for selecting the oldest queued instructions without data dependencies |
US5881308A (en) * | 1991-06-13 | 1999-03-09 | International Business Machines Corporation | Computer organization for multiple and out-of-order execution of condition code testing and setting instructions out-of-order |
WO2000011548A1 (fr) * | 1998-08-24 | 2000-03-02 | Advanced Micro Devices, Inc. | Mecanisme pour bloc de chargement, intervenant lors de la generation d'adresses de stockage, et vecteur de dependance universel |
-
2000
- 2000-09-27 GB GBGB0023698.4A patent/GB0023698D0/en not_active Ceased
-
2001
- 2001-09-26 AU AU2001290111A patent/AU2001290111A1/en not_active Abandoned
- 2001-09-26 WO PCT/GB2001/004298 patent/WO2002027478A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5881308A (en) * | 1991-06-13 | 1999-03-09 | International Business Machines Corporation | Computer organization for multiple and out-of-order execution of condition code testing and setting instructions out-of-order |
US5745726A (en) * | 1995-03-03 | 1998-04-28 | Fujitsu, Ltd | Method and apparatus for selecting the oldest queued instructions without data dependencies |
US5710902A (en) * | 1995-09-06 | 1998-01-20 | Intel Corporation | Instruction dependency chain indentifier |
WO2000011548A1 (fr) * | 1998-08-24 | 2000-03-02 | Advanced Micro Devices, Inc. | Mecanisme pour bloc de chargement, intervenant lors de la generation d'adresses de stockage, et vecteur de dependance universel |
Non-Patent Citations (1)
Title |
---|
FORREST ET AL: "Building diverse computer systems", OPERATING SYSTEMS, 1997., THE SIXTH WORKSHOP ON HOT TOPICS IN CAPE COD, MA, USA 5-6 MAY 1997, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 5 May 1997 (1997-05-05), pages 67 - 72, XP010226847, ISBN: 0-8186-7834-8 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012066458A1 (fr) * | 2010-11-16 | 2012-05-24 | Nds Limited | Traitement multifilières de matériel obscurci |
US8621186B2 (en) | 2010-11-16 | 2013-12-31 | Cisco Technology Inc. | Obfuscated hardware multi-threading |
EP2860656A2 (fr) | 2013-10-01 | 2015-04-15 | Commissariat à l'Énergie Atomique et aux Énergies Alternatives | Procédé d'exécution par un microprocesseur d'un code binaire polymorphique d'une fonction prédéterminée |
US9489315B2 (en) | 2013-10-01 | 2016-11-08 | Commissariat à l'énergie atomique et aux énergies alternatives | Method of executing, by a microprocessor, a polymorphic binary code of a predetermined function |
CN108027762A (zh) * | 2016-06-24 | 2018-05-11 | Arm 有限公司 | 生成和处理指示处理电路的指令执行的跟踪流的装置和方法 |
EP3891635A4 (fr) * | 2018-12-05 | 2022-09-14 | Micron Technology, Inc. | Protection contre des attaques de sécurité basées sur la synchronisation sur des tampons de réordonnancement |
Also Published As
Publication number | Publication date |
---|---|
GB0023698D0 (en) | 2000-11-08 |
AU2001290111A1 (en) | 2002-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
May et al. | Non-deterministic processors | |
EP3757854B1 (fr) | Circuit de pipeline de microprocesseur pour prendre en charge le calcul cryptographique | |
May et al. | Random register renaming to foil DPA | |
US7949883B2 (en) | Cryptographic CPU architecture with random instruction masking to thwart differential power analysis | |
US8417961B2 (en) | Apparatus and method for implementing instruction support for performing a cyclic redundancy check (CRC) | |
US20100246814A1 (en) | Apparatus and method for implementing instruction support for the data encryption standard (des) algorithm | |
US9317286B2 (en) | Apparatus and method for implementing instruction support for the camellia cipher algorithm | |
JP2006510126A (ja) | データ処理システムでの処理動作マスキング | |
US20100246815A1 (en) | Apparatus and method for implementing instruction support for the kasumi cipher algorithm | |
Albert et al. | Combatting software piracy by encryption and key management | |
US7570760B1 (en) | Apparatus and method for implementing a block cipher algorithm | |
CN113673002A (zh) | 一种基于指针加密机制和risc-v协处理器的内存溢出防御方法 | |
JP2000501541A (ja) | 予測不可能なマイクロプロセッサまたはマイクロコンピュータ | |
US20210350030A1 (en) | Data Protection in Computer Processors | |
WO2002027478A1 (fr) | Emission d'instructions par un processeur | |
WO2002054228A1 (fr) | Renomination de registre | |
JP2004310752A (ja) | データ処理装置における誤り検出 | |
WO2002027474A1 (fr) | Execution d'une instruction combinee | |
Boneh et al. | Hardware support for tamper-resistant and copy-resistant software | |
WO2002027479A1 (fr) | Instructions machine | |
WO2002027476A1 (fr) | Affectation des registres dans un processeur | |
US20220075901A1 (en) | Attack protection by power signature blurring | |
US7711955B1 (en) | Apparatus and method for cryptographic key expansion | |
WO2022029443A1 (fr) | Procédé et appareil pour réduire le risque d'attaques fructueuses par canal auxiliaire et injection d'erreurs | |
Hossain et al. | Hexon: Protecting firmware using hardware-assisted execution-level obfuscation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |