WO2023132474A1 - Device and method for risc-five architecture instruction extension for branch tagging extension - Google Patents

Device and method for risc-five architecture instruction extension for branch tagging extension Download PDF

Info

Publication number
WO2023132474A1
WO2023132474A1 PCT/KR2022/018593 KR2022018593W WO2023132474A1 WO 2023132474 A1 WO2023132474 A1 WO 2023132474A1 KR 2022018593 W KR2022018593 W KR 2022018593W WO 2023132474 A1 WO2023132474 A1 WO 2023132474A1
Authority
WO
WIPO (PCT)
Prior art keywords
instruction
tag value
command
branch
extension
Prior art date
Application number
PCT/KR2022/018593
Other languages
French (fr)
Korean (ko)
Inventor
권동현
박성환
Original Assignee
부산대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 부산대학교 산학협력단 filed Critical 부산대학교 산학협력단
Publication of WO2023132474A1 publication Critical patent/WO2023132474A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • G06F8/36Software reuse
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands
    • G06F9/30021Compare instructions, e.g. Greater-Than, Equal-To, MINMAX
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3005Arrangements for executing specific machine instructions to perform operations for flow control
    • G06F9/30058Conditional branch instructions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30072Arrangements for executing specific machine instructions to perform conditional operations, e.g. using predicates or guards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • G06F9/3012Organisation of register space, e.g. banked or distributed register file
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30181Instruction operation extension or modification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3824Operand accessing

Definitions

  • the present invention relates to security of the Internet of Things, and specifically, a branch to ensure control-flow integrity of IoT devices and to prevent control-flow hijacking attacks, which are representative security threats. It relates to an apparatus and method for extending risk five architecture instructions for tagging extension.
  • IoT Internet of Things
  • FIG. 1 is a block diagram showing prior art Intel-CET and ARM-BTI security technologies.
  • Prior art includes technologies such as Intel-CET and ARM-BTI.
  • Security technologies such as Intel-CET or ARM-BTI are provided for devices such as smartphones, home PCs, or server workstations, and various solutions using these functions are being developed. Due to problems such as memory overhead, it is difficult to mount it on low-performance devices such as IoT devices.
  • the present invention is to solve the problems of the IoT security technology of the prior art, to ensure control-flow integrity of IoT devices and to prevent control-flow hijacking attacks, which are representative security threats. Its purpose is to provide a device and method for extending the risk five architecture instruction for branch tagging extension so as to be prevented.
  • the present invention extends Risk-Five, an open instruction architecture, adds new instructions for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these instructions, thereby controlling code with low execution time overhead.
  • An object of the present invention is to provide a device and method for extending a risk five architecture instruction for extending branch tagging to ensure flow integrity.
  • the present invention eliminates the need to modify the source code by modifying the compiler to insert the added instruction into a legal location, and enables the reuse of the existing source code, guaranteeing the control flow integrity of the code with a small execution time overhead, and the Internet of Things
  • An object of the present invention is to provide a device and method for extending risk five architecture commands for one branch tagging extension to prevent control flow theft attacks targeting devices.
  • the present invention is an apparatus for extending a risk five architecture instruction for extending branch tagging so that an executable file produced by a compiler can ensure control flow integrity by utilizing an added function by being executed on a CPU to which an extended architecture is applied, and Its purpose is to provide a method.
  • the present invention utilizes the RISC-V architecture to add a new register, protect the value of the register through a dedicated instruction, and store the identification value for the destination to ensure CFI.
  • Risk Five architecture instruction extension for branch tagging extension Its purpose is to provide an apparatus and method for
  • the present invention uses a method of allocating a new instruction to an unused HINT Instruction among existing instructions rather than adding a new instruction to add a dedicated instruction, thereby establishing a policy using the added functions and developing a compiler to apply these functions.
  • An object of the present invention is to provide a device and method for extending risk five architecture instructions for branch tagging extension.
  • the device for extending the risk five architecture command for branch tagging extension is a tag value storage command that inserts a setTag command for storing a tag value at a location immediately before an indirect branch when compiling source code. Insertion unit; Tag value comparison command insertion unit that inserts the checkTag command for tag value comparison immediately after indirect branch execution; Correct destination by comparing the value stored in the control status register at the entry point of the function with the value given to the command at the entry point of the function and a tag value comparison unit that determines whether or not control flow transmission has been performed; a command execution unit that permits execution of a command through comparison of the tag values of the tag value comparison unit, and handles an exception when they do not match.
  • control status register is a 32-bit register including four areas each consisting of 8 bits, and is characterized in that control flow integrity is guaranteed by comparing up to four verification values at the same time.
  • the tag value storage instruction inserting unit may perform an operation of writing a unique identification value according to an objective function to the first status register immediately before an indirect branch instruction.
  • control flow integrity is guaranteed without an increase in execution time overhead by reusing existing source codes without modifying source codes by inserting instructions added by modifying the compiler.
  • a method for extending a risk five architecture command for branch tagging extension includes a tag value storage command insertion step of inserting a setTag command to store a tag value at a location immediately before an indirect branch when compiling source code.
  • an operation of writing a unique identification value according to the objective function to the first status register is performed immediately before the indirect branch instruction.
  • control flow integrity is guaranteed without an increase in execution time overhead by reusing existing source codes without modifying source codes by inserting instructions added by modifying the compiler.
  • the device and method for extending the risk five architecture command for branch tagging extension according to the present invention have the following effects.
  • the executable file produced by the compiler is executed on the CPU to which the extended architecture is applied, so that control flow integrity can be guaranteed by utilizing the added function.
  • FIG. 1 is a block diagram showing prior art Intel-CET and ARM-BTI security technologies
  • FIG. 2 is a block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
  • FIG. 3 is a detailed block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
  • Figure 4 is a block diagram showing an operation for risk five architecture instruction extension for branch tagging extension according to the present invention
  • FIG. 5 is a flow chart illustrating a method for risk five architecture instruction extension for branch tagging extension according to the present invention
  • FIG. 2 is a block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
  • Apparatus and method for extending risk five architecture commands for branch tagging extension ensure control-flow integrity of IoT devices and prevent control-flow hijacking attack, which is a representative security threat. attack) can be effectively prevented.
  • the present invention extends risk-five, an open instruction architecture, adds new instructions for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these instructions to reduce execution time overhead. It may include a configuration that allows to ensure the control flow integrity of the code.
  • the present invention eliminates the need to modify the source code by modifying the compiler to insert the added instruction into a legal location, and enables the reuse of the existing source code, guaranteeing the control flow integrity of the code with a small execution time overhead, and the Internet of Things It may include a configuration to prevent control flow hijacking attacks targeting the device.
  • the present invention may include a configuration for guaranteeing control flow integrity by utilizing functions added by executing an executable file produced by a compiler on a CPU to which an extended architecture is applied.
  • the present invention may include a configuration for adding a new register by utilizing the RISC-V architecture, protecting the value of the register through a dedicated instruction, and storing an identification value for a destination to ensure CFI.
  • the present invention may include a configuration using a method of allocating a new instruction to an unused HINT Instruction among existing instructions rather than adding a new instruction to add a dedicated instruction.
  • FIG. 2 is a schematic diagram of the architecture of the present invention, and newly modified elements are represented by blue boxes.
  • the present invention adds a separate register for storing an identification value and adds a dedicated command for controlling the corresponding register.
  • Adding a dedicated instruction uses a method of allocating a new instruction to an unused HINT Instruction among existing instructions, rather than adding a new instruction.
  • FIG. 3 is a detailed block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
  • the Risk Five architecture is an open architecture that anyone can freely use. It is a RISC (Reduced Instruction Set Computer) type command structure that has a simpler structure and lower power consumption than CISC, making it suitable for use in embedded devices.
  • RISC Reduced Instruction Set Computer
  • the apparatus for extending the risk five architecture command for branch tagging extension is a tag value storage command insertion unit for inserting a setTag command for storing a tag value at a position immediately before an indirect branch when compiling source code. (30), and a tag value comparison command inserting unit 31 for inserting a checkTag command for comparing tag values immediately after performing an indirect branch, and a value stored in the control status register at the entry point of the function and a command given to the command at the entry point of the function.
  • the tag value comparison unit 32 that determines whether the control flow is transmitted to the correct destination by comparing the values, and through the comparison of the tag values of the tag value comparison unit 32, command execution is allowed if they match, and exception handling if they do not match. It includes a command execution unit 33 that does.
  • FIG. 4 is a block diagram showing an operation for risk five architecture instruction extension for branch tagging extension according to the present invention.
  • the setTag command for storing the tag value is inserted (Line 2-3) immediately before the indirect branch.
  • control flow transfer to the correct destination is performed by comparing the value stored in the control status register at the entry point of the function with the value given to the command at the entry point of the function.
  • the function goo in the 10th line indicates that control flow transmission is impossible because the tag value of area 0 in line 11 matches but the tag value of area 1 does not match C in line 12.
  • FIG. 5 is a flow chart illustrating a method for risk five architecture instruction extension for branch tagging extension according to the present invention.
  • the setTag command for storing the tag value is inserted at the position just before the indirect branch (S501).
  • the present invention described above extends the risk-five, an open command architecture, adds a new command for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these commands.
  • the newly added register is a 32-bit register containing four areas of 8 bits each, and can ensure control flow integrity by comparing up to four verification values at the same time.
  • the apparatus and method for extending the risk five architecture command for branch tagging extension according to the present invention described above guarantees control-flow integrity of IoT devices and prevents control-flow hijacking attacks, which are representative security threats. -flow hijacking attack).
  • the present invention extends Risk-Five, an open instruction architecture, adds new instructions for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these instructions, thereby controlling code with low execution time overhead. This is to ensure flow integrity.
  • the present invention relates to security of the Internet of Things, and specifically, a branch to ensure control-flow integrity of IoT devices and to prevent control-flow hijacking attacks, which are representative security threats. It relates to an apparatus and method for extending risk five architecture instructions for tagging extension.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

The present invention relates to a device and a method for RISC-five architecture instruction extension for branch tagging extension to ensure the control-flow integrity of IoT devices and prevent a control-flow hijacking attack which is a typical security threat, the device comprising: a tag value storage instruction insertion unit configured to insert a setTag instruction for storage of a tag value into a location immediately before indirect branching when compiling a source code; a tag value comparison instruction insertion unit configured to insert a checkTag instruction for tag value comparison immediately after performing indirect branching; a tag value comparison unit configured to compare a value stored in a control state register at an entry point of a function with a value given to an instruction at the entry point of the function, so as to determine whether control-flow transmission to a correct destination has been performed; and an instruction execution unit configured to, through tag value comparison of the tag value comparison unit, allow an instruction execution when the values match, and execute an exception processing when the values do not match.

Description

분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법Apparatus and method for extending risk five architecture instruction for branch tagging extension
본 발명은 사물 인터넷 보안에 관한 것으로, 구체적으로 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 막아낼 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법에 관한 것이다.The present invention relates to security of the Internet of Things, and specifically, a branch to ensure control-flow integrity of IoT devices and to prevent control-flow hijacking attacks, which are representative security threats. It relates to an apparatus and method for extending risk five architecture instructions for tagging extension.
현대 사회는 정보통신기술(ICT)의 발달로 제4차 산업혁명이 가져오는 지능정보사회에 다가가고 있다.Modern society is approaching the intelligent information society brought about by the 4th industrial revolution with the development of information and communication technology (ICT).
우리 주변의 사람과 사물, 사물과 사물 등은 사물인터넷 기술의 발달로 공간에 제약을 받지 않고 네트워크로 연결되어 빅데이터가 산출되고 서로 정보를 송 수신 할 수 있게 되었다.With the development of IoT technology, the people and things around us and things and things around us are connected through networks without being restricted by space, so that big data can be calculated and information can be sent and received.
그러나 단말기 분실 및 물리적 파괴, 무선신호 교란 정보유출, 데이터 위 변조, 서비스 거부 등 기존의 통신환경에서 생성되는 위협들은 정보보안의 3대 요소인 기밀성, 무결성, 가용성을 침해하여 사물인터넷의 보안을 위협할 수 있다.However, threats generated in the existing communication environment, such as device loss and physical destruction, radio signal disturbance information leakage, data forgery and falsification, and denial of service, threaten the security of the IoT by violating the three elements of information security: confidentiality, integrity, and availability. can do.
이런 위협에 대비하여 사물인터넷에 대한 보안과 정보유출 등의 정보보호 기술을 강화해야 한다.In preparation for these threats, information protection technologies such as security and information leakage for the Internet of Things should be strengthened.
이와 같이, 최근 사물 인터넷 기술은 활용 범위가 점차 넓어져 실생활 전반에서 찾아 볼 수 있게 되었다. 이처럼 사물 인터넷 기기가 실생활과 밀접해질수록 많은 양의 개인 정보를 포함하게 되었으며 이에 따라 사물 인터넷 기기를 대상으로 한 공격에 대한 우려의 목소리 또한 높아지는 실정이다.In this way, the recent Internet of Things (IoT) technology has gradually expanded its application range and can be found throughout real life. In this way, as IoT devices become closer to real life, a large amount of personal information is included, and accordingly, voices of concern about attacks targeting IoT devices are also increasing.
도 1은 종래 기술의 Intel-CET및 ARM-BTI 보안 기술을 나타낸 구성도이다.1 is a block diagram showing prior art Intel-CET and ARM-BTI security technologies.
종래 기술로는 Intel-CET및 ARM-BTI와 같은 기술이 있다.Prior art includes technologies such as Intel-CET and ARM-BTI.
Intel-CET의 경우 목적 명령어만을 기준으로 판별하기 때문에 우회 가능성 높고, ARM-BTI의 경우 목적 명령어 외에도 분기 형식을 추가로 사용하나 4가지여서 취약성이 갖는다.In the case of Intel-CET, the possibility of bypassing is high because it is determined based on only the target instruction, and in the case of ARM-BTI, a branch format is additionally used in addition to the target instruction, but it has 4 types of vulnerabilities.
이와 같은 Intel-CET 또는 ARM-BTI와 같이 스마트폰, 가정용 PC 또는 서버용 워크스테이션과 같은 기기를 대상으로 한 보안 기술들을 제공하고 이러한 기능을 활용한 다양한 솔루션들이 개발되고 있지만 낮은 탐지 정밀도와 높은 성능 및 메모리 오버헤드 등의 문제점으로 인해 사물 인터넷 기기와 같이 저성능의 기기에 탑재하기에는 많은 어려움이 따른다.Security technologies such as Intel-CET or ARM-BTI are provided for devices such as smartphones, home PCs, or server workstations, and various solutions using these functions are being developed. Due to problems such as memory overhead, it is difficult to mount it on low-performance devices such as IoT devices.
임베디드 기기 산업의 규모가 커져 감에 따라 보안 문제가 대두되고 있고, 프로그램의 실행 흐름을 보장하기 위한 기술들이 존재 하나 임베디드 기기의 한계로 적용 불가하고, 적용 가능한 일부 기술의 경우 보안성에 부족으로 보완이 필요하다.As the size of the embedded device industry grows, security issues are emerging. There are technologies to ensure the execution flow of programs, but they cannot be applied due to the limitations of embedded devices, and some applicable technologies cannot be supplemented due to lack of security. need.
따라서, 임베디드 기기에의 적용 가능성을 높이고, 보안성을 높여 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 막아낼 수 있는 새로운 기술의 개발이 요구되고 있다.Therefore, it is possible to increase the applicability to embedded devices, increase security, ensure control-flow integrity of IoT devices, and prevent control-flow hijacking attacks, which are representative security threats. The development of new technologies is required.
본 발명은 종래 기술의 사물 인터넷 보안 기술의 문제점을 해결하기 위한 것으로, 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 막아낼 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법을 제공하는데 그 목적이 있다.The present invention is to solve the problems of the IoT security technology of the prior art, to ensure control-flow integrity of IoT devices and to prevent control-flow hijacking attacks, which are representative security threats. Its purpose is to provide a device and method for extending the risk five architecture instruction for branch tagging extension so as to be prevented.
본 발명은 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위한 명령어를 새로 추가하고 이러한 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터를 추가하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장할 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법을 제공하는데 그 목적이 있다.The present invention extends Risk-Five, an open instruction architecture, adds new instructions for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these instructions, thereby controlling code with low execution time overhead. An object of the present invention is to provide a device and method for extending a risk five architecture instruction for extending branch tagging to ensure flow integrity.
본 발명은 컴파일러를 수정해 추가된 명령어를 적법한 위치에 삽입하게 함으로써 소스코드 수정의 필요성을 없애고 기존의 소스코드를 재사용할 수 있게 하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장하고 사물 인터넷 기기를 대상으로 한 제어 흐름 탈취 공격을 막아낼 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법을 제공하는데 그 목적이 있다.The present invention eliminates the need to modify the source code by modifying the compiler to insert the added instruction into a legal location, and enables the reuse of the existing source code, guaranteeing the control flow integrity of the code with a small execution time overhead, and the Internet of Things An object of the present invention is to provide a device and method for extending risk five architecture commands for one branch tagging extension to prevent control flow theft attacks targeting devices.
본 발명은 컴파일러가 생산해낸 실행가능 파일이 확장된 아키텍처가 적용된 CPU상에서 수행됨으로써 추가된 기능을 활용하여 제어 흐름 무결성을 보장할 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법을 제공하는데 그 목적이 있다.The present invention is an apparatus for extending a risk five architecture instruction for extending branch tagging so that an executable file produced by a compiler can ensure control flow integrity by utilizing an added function by being executed on a CPU to which an extended architecture is applied, and Its purpose is to provide a method.
본 발명은 RISC-V 아키텍처를 활용해 새로운 레지스터를 추가하고 전용 명령어를 통해 레지스터의 값을 보호하고 목적지에 대한 식별 값을 저장하여 CFI 보장할 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법을 제공하는데 그 목적이 있다.The present invention utilizes the RISC-V architecture to add a new register, protect the value of the register through a dedicated instruction, and store the identification value for the destination to ensure CFI. Risk Five architecture instruction extension for branch tagging extension Its purpose is to provide an apparatus and method for
본 발명은 전용 명령어 추가를 새로운 명령어를 추가하기 보다는 기존 명령어 중 사용되지 않고 있는 HINT Instruction에 새로운 명령어를 할당하는 방식을 사용하여 추가된 기능들을 활용한 정책 수립과 이러한 기능을 적용시켜 줄 컴파일러 개발을 용이하도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법을 제공하는데 그 목적이 있다.The present invention uses a method of allocating a new instruction to an unused HINT Instruction among existing instructions rather than adding a new instruction to add a dedicated instruction, thereby establishing a policy using the added functions and developing a compiler to apply these functions. An object of the present invention is to provide a device and method for extending risk five architecture instructions for branch tagging extension.
본 발명의 다른 목적들은 이상에서 언급한 목적으로 제한되지 않으며, 언급되지 않은 또 다른 목적들은 아래의 기재로부터 당업자에게 명확하게 이해될 수 있을 것이다.Other objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned above will be clearly understood by those skilled in the art from the description below.
상기와 같은 목적을 달성하기 위한 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치는 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어를 삽입하는 태그값 저장 명령어 삽입부;간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어를 삽입하는 태그값 비교 명령어 삽입부;함수의 진입 지점에서 제어 상태 레지스터에 저장된 값과 함수 진입지점의 명령어에 부여된 값을 비교함으로써 올바른 목적지로 제어 흐름 전송이 수행되었는지 판단하는 태그값 비교부;태그값 비교부의 태그 값 비교를 통해 일치시에는 명령어 실행 허용을 하고, 불일치시 예외처리를 하는 명령어 실행부;를 포함하는 것을 특징으로 한다.In order to achieve the above object, the device for extending the risk five architecture command for branch tagging extension according to the present invention is a tag value storage command that inserts a setTag command for storing a tag value at a location immediately before an indirect branch when compiling source code. Insertion unit; Tag value comparison command insertion unit that inserts the checkTag command for tag value comparison immediately after indirect branch execution; Correct destination by comparing the value stored in the control status register at the entry point of the function with the value given to the command at the entry point of the function and a tag value comparison unit that determines whether or not control flow transmission has been performed; a command execution unit that permits execution of a command through comparison of the tag values of the tag value comparison unit, and handles an exception when they do not match.
여기서, 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위해 새로 추가된 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터가 추가되는 것을 특징으로 한다.Here, by extending Risk-Five, an open instruction architecture, a dedicated control status register that can be accessed and read and written only through newly added instructions is added to verify control flow integrity.
그리고 제어 상태 레지스터는, 각 8비트로 구성된 4개의 영역을 포함는 32비트 크기의 레지스터로 동시에 최대 4개까지의 검증 값을 비교하여 제어 흐름 무결성을 보장하는 것을 특징으로 한다.In addition, the control status register is a 32-bit register including four areas each consisting of 8 bits, and is characterized in that control flow integrity is guaranteed by comparing up to four verification values at the same time.
그리고 태그값 저장 명령어 삽입부는, 간접 분기 명령어 직전에 제에 상태 레지스터에 목적 함수에 따른 고유 식별 값을 쓰는 동작이 수행되는 것을 특징으로 한다.The tag value storage instruction inserting unit may perform an operation of writing a unique identification value according to an objective function to the first status register immediately before an indirect branch instruction.
그리고 컴파일러를 수정해 추가된 명령어를 삽입하는 것에 의해 소스코드 수정없이 기존의 소스코드를 재사용하여 수행시간 오버헤드의 증가없이 제어 흐름 무결성을 보장하는 것을 특징으로 한다.In addition, it is characterized in that control flow integrity is guaranteed without an increase in execution time overhead by reusing existing source codes without modifying source codes by inserting instructions added by modifying the compiler.
그리고 컴파일러가 생산해낸 실행가능 파일이 확장된 아키텍처가 적용된 CPU상에서 수행되도록 하고, 기존 명령어 중 사용되지 않고 있는 HINT Instruction에 새로운 명령어를 할당하는 방식을 사용하는 것을 특징으로 한다.In addition, it is characterized by using a method in which the executable file produced by the compiler is executed on a CPU with an extended architecture and a new instruction is allocated to an unused HINT Instruction among existing instructions.
다른 목적을 달성하기 위한 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법은 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어를 삽입하는 태그값 저장 명령어 삽입 단계;간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어를 삽입하는 태그값 비교 명령어 삽입 단계;함수의 진입 지점에서 제어 상태 레지스터에 저장된 값과 함수 진입지점의 명령어에 부여된 값을 비교함으로써 올바른 목적지로 제어 흐름 전송이 수행되었는지 판단하는 태그값 비교 단계;태그값 비교 단계의 태그 값 비교를 통해 일치시에는 명령어 실행 허용을 하고, 불일치시 예외처리를 하는 명령어 실행 단계;를 포함하는 것을 특징으로 한다.In order to achieve another object, a method for extending a risk five architecture command for branch tagging extension according to the present invention includes a tag value storage command insertion step of inserting a setTag command to store a tag value at a location immediately before an indirect branch when compiling source code. ;Inserting a tag value comparison command to insert a checkTag command for tag value comparison right after indirect branching; Controlling to the correct destination by comparing the value stored in the control status register at the entry point of the function with the value given to the command at the entry point of the function A tag value comparison step of determining whether flow transfer is performed; a command execution step of permitting execution of a command if they match through the tag value comparison of the tag value comparison step and handling an exception if they do not match; characterized by including a.
그리고 태그값 저장 명령어 삽입 단계는, 간접 분기 명령어 직전에 제에 상태 레지스터에 목적 함수에 따른 고유 식별 값을 쓰는 동작이 수행되는 것을 특징으로 한다.In the step of inserting the tag value storage instruction, an operation of writing a unique identification value according to the objective function to the first status register is performed immediately before the indirect branch instruction.
그리고 컴파일러를 수정해 추가된 명령어를 삽입하는 것에 의해 소스코드 수정없이 기존의 소스코드를 재사용하여 수행시간 오버헤드의 증가없이 제어 흐름 무결성을 보장하는 것을 특징으로 한다.In addition, it is characterized in that control flow integrity is guaranteed without an increase in execution time overhead by reusing existing source codes without modifying source codes by inserting instructions added by modifying the compiler.
이상에서 설명한 바와 같은 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법은 다음과 같은 효과가 있다.As described above, the device and method for extending the risk five architecture command for branch tagging extension according to the present invention have the following effects.
첫째, 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 효과적으로 막아낼 수 있도록 한다.First, it guarantees control-flow integrity of IoT devices and effectively blocks control-flow hijacking attacks, which are a representative security threat.
둘째, 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위한 명령어를 새로 추가하고 이러한 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터를 추가하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장할 수 있도록 한다.Second, by extending Risk-Five, an open instruction architecture, by adding new instructions for verifying control flow integrity, and by adding a dedicated control status register that can be accessed and read and written only through these instructions, the control flow of the code is reduced in execution time overhead. to ensure integrity.
셋째, 컴파일러를 수정해 추가된 명령어를 적법한 위치에 삽입하게 함으로써 소스코드 수정의 필요성을 없애고 기존의 소스코드를 재사용할 수 있게 하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장하고 사물 인터넷 기기를 대상으로 한 제어 흐름 탈취 공격을 효과적으로 막아낼 수 있도록 한다.Third, by modifying the compiler and inserting the added instruction into a legitimate location, the need to modify the source code is eliminated and the existing source code can be reused, ensuring the integrity of the control flow of the code with little execution time overhead and IoT device It can effectively block control flow stealing attacks targeting .
넷째, 컴파일러가 생산해낸 실행가능 파일이 확장된 아키텍처가 적용된 CPU상에서 수행됨으로써 추가된 기능을 활용하여 제어 흐름 무결성을 보장할 수 있도록 한다.Fourth, the executable file produced by the compiler is executed on the CPU to which the extended architecture is applied, so that control flow integrity can be guaranteed by utilizing the added function.
다섯째, RISC-V 아키텍처를 활용해 새로운 레지스터를 추가하고 전용 명령어를 통해 레지스터의 값을 보호하고 목적지에 대한 식별 값을 저장하여 CFI 보장할 수 있도록 한다.Fifth, by using the RISC-V architecture, a new register is added, the value of the register is protected through a dedicated instruction, and the identification value for the destination is stored to ensure CFI.
여섯째, 전용 명령어 추가를 새로운 명령어를 추가하기 보다는 기존 명령어 중 사용되지 않고 있는 HINT Instruction에 새로운 명령어를 할당하는 방식을 사용하여 추가된 기능들을 활용한 정책 수립과 이러한 기능을 적용시켜 줄 컴파일러 개발을 용이하도록 한다.Sixth, rather than adding a new instruction to add a dedicated instruction, it is easy to establish a policy using the added functions and develop a compiler to apply these functions by assigning a new instruction to the HINT Instruction that is not used among existing instructions. let it do
도 1은 종래 기술의 Intel-CET및 ARM-BTI 보안 기술을 나타낸 구성도1 is a block diagram showing prior art Intel-CET and ARM-BTI security technologies
도 2는 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 구성도2 is a block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
도 3은 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치의 세부 구성 블록도3 is a detailed block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
도 4는 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 동작을 나타낸 구성도Figure 4 is a block diagram showing an operation for risk five architecture instruction extension for branch tagging extension according to the present invention
도 5는 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법을 나타낸 플로우 차트5 is a flow chart illustrating a method for risk five architecture instruction extension for branch tagging extension according to the present invention;
이하, 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법의 바람직한 실시 예에 관하여 상세히 설명하면 다음과 같다.Hereinafter, a preferred embodiment of a device and method for extending risk five architecture instructions for branch tagging extension according to the present invention will be described in detail.
본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법의 특징 및 이점들은 이하에서의 각 실시 예에 대한 상세한 설명을 통해 명백해질 것이다.Features and advantages of an apparatus and method for extending risk five architecture instructions for branch tagging extension according to the present invention will become clear through detailed description of each embodiment below.
도 2는 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 구성도이다.2 is a block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법은 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 효과적으로 막아낼 수 있도록 한 것이다.Apparatus and method for extending risk five architecture commands for branch tagging extension according to the present invention ensure control-flow integrity of IoT devices and prevent control-flow hijacking attack, which is a representative security threat. attack) can be effectively prevented.
이를 위하여, 본 발명은 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위한 명령어를 새로 추가하고 이러한 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터를 추가하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장할 수 있도록 하는 구성을 포함할 수 있다.To this end, the present invention extends risk-five, an open instruction architecture, adds new instructions for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these instructions to reduce execution time overhead. It may include a configuration that allows to ensure the control flow integrity of the code.
본 발명은 컴파일러를 수정해 추가된 명령어를 적법한 위치에 삽입하게 함으로써 소스코드 수정의 필요성을 없애고 기존의 소스코드를 재사용할 수 있게 하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장하고 사물 인터넷 기기를 대상으로 한 제어 흐름 탈취 공격을 막아낼 수 있도록 하는 구성을 포함할 수 있다.The present invention eliminates the need to modify the source code by modifying the compiler to insert the added instruction into a legal location, and enables the reuse of the existing source code, guaranteeing the control flow integrity of the code with a small execution time overhead, and the Internet of Things It may include a configuration to prevent control flow hijacking attacks targeting the device.
본 발명은 컴파일러가 생산해낸 실행가능 파일이 확장된 아키텍처가 적용된 CPU상에서 수행됨으로써 추가된 기능을 활용하여 제어 흐름 무결성을 보장할 수 있도록 하는 구성을 포함할 수 있다.The present invention may include a configuration for guaranteeing control flow integrity by utilizing functions added by executing an executable file produced by a compiler on a CPU to which an extended architecture is applied.
본 발명은 RISC-V 아키텍처를 활용해 새로운 레지스터를 추가하고 전용 명령어를 통해 레지스터의 값을 보호하고 목적지에 대한 식별 값을 저장하여 CFI 보장할 수 있도록 하는 구성을 포함할 수 있다.The present invention may include a configuration for adding a new register by utilizing the RISC-V architecture, protecting the value of the register through a dedicated instruction, and storing an identification value for a destination to ensure CFI.
본 발명은 전용 명령어 추가를 새로운 명령어를 추가하기 보다는 기존 명령어 중 사용되지 않고 있는 HINT Instruction에 새로운 명령어를 할당하는 방식을 사용하는 구성을 포함할 수 있다.The present invention may include a configuration using a method of allocating a new instruction to an unused HINT Instruction among existing instructions rather than adding a new instruction to add a dedicated instruction.
도 2는 본 발명의 아키텍처를 도식화 한 그림으로 새롭게 수정된 요소들은 파란색 상자로 표현되어 있다. 2 is a schematic diagram of the architecture of the present invention, and newly modified elements are represented by blue boxes.
본 발명은 도 2에서와 같이, 식별 값 저장을 위한 별도의 레지스터를 추가하고, 해당 레지스터를 제어하기 위한 전용 명령어 추가한 것이다.As shown in FIG. 2, the present invention adds a separate register for storing an identification value and adds a dedicated command for controlling the corresponding register.
전용 명령어 추가는 새로운 명령어를 추가하기 보다는 기존 명령어 중 사용되지 않고 있는 HINT Instruction에 새로운 명령어를 할당하는 방식을 사용한다.Adding a dedicated instruction uses a method of allocating a new instruction to an unused HINT Instruction among existing instructions, rather than adding a new instruction.
컴파일러를 수정해 추가된 명령어를 적법한 위치에 삽입하게 함으로써 소스코드 수정의 필요성을 없애고 기존의 소스코드를 재사용할 수 있도록 하고, 이러한 컴파일러가 생산해낸 실행가능 파일이 확장된 아키텍처가 적용된 CPU상에서 수행됨으로써 추가된 기능을 활용하여 제어 흐름 무결성을 보장할 수 있다.By modifying the compiler and inserting the added instructions into the proper place, the need to modify the source code is eliminated and the existing source code can be reused. Added functionality can be utilized to ensure control flow integrity.
도 3은 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치의 세부 구성 블록도이다.3 is a detailed block diagram of a device for extending risk five architecture instructions for branch tagging extension according to the present invention.
리스크 파이브 아키텍처는 개방형 아키텍처로 누구든지 자유롭게 이용 가능한 것으로, RISC(Reduced Instruction Set Computer)형식의 명령어 구조로 CISC 보다 구조가 단순해고 전력소모가 적어 임베디드 기기에 사용하기 적합하다.The Risk Five architecture is an open architecture that anyone can freely use. It is a RISC (Reduced Instruction Set Computer) type command structure that has a simpler structure and lower power consumption than CISC, making it suitable for use in embedded devices.
본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치는 도 3에서와 같이, 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어를 삽입하는 태그값 저장 명령어 삽입부(30)와, 간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어를 삽입하는 태그값 비교 명령어 삽입부(31)와, 함수의 진입 지점에서 제어 상태 레지스터에 저장된 값과 함수 진입지점의 명령어에 부여된 값을 비교함으로써 올바른 목적지로 제어 흐름 전송이 수행되었는지 판단하는 태그값 비교부(32)와, 태그값 비교부(32)의 태그 값 비교를 통해 일치시에는 명령어 실행 허용을 하고, 불일치시 예외처리를 하는 명령어 실행부(33)를 포함한다.As shown in FIG. 3, the apparatus for extending the risk five architecture command for branch tagging extension according to the present invention is a tag value storage command insertion unit for inserting a setTag command for storing a tag value at a position immediately before an indirect branch when compiling source code. (30), and a tag value comparison command inserting unit 31 for inserting a checkTag command for comparing tag values immediately after performing an indirect branch, and a value stored in the control status register at the entry point of the function and a command given to the command at the entry point of the function. The tag value comparison unit 32 that determines whether the control flow is transmitted to the correct destination by comparing the values, and through the comparison of the tag values of the tag value comparison unit 32, command execution is allowed if they match, and exception handling if they do not match. It includes a command execution unit 33 that does.
도 4는 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 동작을 나타낸 구성도이다.4 is a block diagram showing an operation for risk five architecture instruction extension for branch tagging extension according to the present invention.
도 4에서와 같이, 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어 삽입(2~3 Line)한다.As in FIG. 4, when compiling the source code, the setTag command for storing the tag value is inserted (Line 2-3) immediately before the indirect branch.
간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어 삽입(7~8 Line)한다.Insert checkTag command (Line 7~8) for tag value comparison immediately after indirect branching.
이러한 태그 값 비교를 통해 일치 시 실행 허용을 하고, 불일치시 예외 처리(11~12 Line)를 한다.Through comparison of these tag values, if they match, execution is permitted, and if they do not match, exceptions are processed (lines 11 to 12).
구체적으로, 4번째 줄과 같은 간접 분기 명령어 직전에 2, 3번째 줄과 같이 제에 상태 레지스터에 목적 함수에 따른 고유 식별 값을 쓰는 동작이 수행된다.Specifically, an operation of writing a unique identification value according to an objective function to the first state register as in lines 2 and 3 immediately before an indirect branch instruction such as in line 4 is performed.
그 후 7, 8번째 줄과 같이 함수의 진입 지점에서 제어 상태 레지스터에 저장된 값과 함수 진입지점의 명령어에 부여된 값을 비교함으로써 올바른 목적지로 제어 흐름 전송이 수행되었는지 판단한다.Then, as shown in lines 7 and 8, it is determined whether control flow transfer to the correct destination has been performed by comparing the value stored in the control status register at the entry point of the function with the value given to the command at the entry point of the function.
10번째 줄의 함수 goo는 11번째 줄에서 영역 0의 태그 값은 일치 하였으나 12번째 줄에서 영역 1의 태그 값이 C로 일치 하지 않아 제어 흐름 전송이 불가함을 나타내고 있다.The function goo in the 10th line indicates that control flow transmission is impossible because the tag value of area 0 in line 11 matches but the tag value of area 1 does not match C in line 12.
도 5는 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법을 나타낸 플로우 차트이다.5 is a flow chart illustrating a method for risk five architecture instruction extension for branch tagging extension according to the present invention.
본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법은 먼저, 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어 삽입한다.(S501)In the method for extending the risk five architecture command for branch tagging extension according to the present invention, first, when compiling the source code, the setTag command for storing the tag value is inserted at the position just before the indirect branch (S501).
이어, 간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어를 삽입한다.(S502)Then, immediately after performing the indirect branch, the checkTag command for tag value comparison is inserted (S502).
그리고 태그 값 비교를 통해 일치 시 실행 허용하고, 불일치시 예외 처리를 한다.(S503)Then, through tag value comparison, if they match, execution is permitted, and if they do not match, an exception is processed. (S503)
이상에서 설명한 본 발명은 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위한 명령어를 새로 추가하고 이러한 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터를 추가한 것이다.The present invention described above extends the risk-five, an open command architecture, adds a new command for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these commands.
새로 추가된 레지스터는 각 8비트로 구성된 4개의 영역을 포함는 32비트 크기의 레지스터로 동시에 최대 4개까지의 검증 값을 비교하여 제어 흐름 무결성을 보장할 수 있다.The newly added register is a 32-bit register containing four areas of 8 bits each, and can ensure control flow integrity by comparing up to four verification values at the same time.
이를 통해 평균 4.8%의 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장 하고 사물 인터넷 기기를 대상으로 한 제어 흐름 탈취 공격을 막아낼 수 있다.Through this, it is possible to guarantee the control flow integrity of the code with a small execution time overhead of 4.8% on average and to prevent control flow hijacking attacks targeting IoT devices.
이상에서 설명한 본 발명에 따른 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법은 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 막아낼 수 있도록 한 것이다.The apparatus and method for extending the risk five architecture command for branch tagging extension according to the present invention described above guarantees control-flow integrity of IoT devices and prevents control-flow hijacking attacks, which are representative security threats. -flow hijacking attack).
본 발명은 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위한 명령어를 새로 추가하고 이러한 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터를 추가하여 적은 수행시간 오버헤드로 코드의 제어 흐름 무결성을 보장할 수 있도록 한 것이다.The present invention extends Risk-Five, an open instruction architecture, adds new instructions for verifying control flow integrity, and adds a dedicated control status register that can be accessed and read and written only through these instructions, thereby controlling code with low execution time overhead. This is to ensure flow integrity.
이상에서의 설명에서와 같이 본 발명의 본질적인 특성에서 벗어나지 않는 범위에서 변형된 형태로 본 발명이 구현되어 있음을 이해할 수 있을 것이다.As described above, it will be understood that the present invention is implemented in a modified form without departing from the essential characteristics of the present invention.
그러므로 명시된 실시 예들은 한정적인 관점이 아니라 설명적인 관점에서 고려되어야 하고, 본 발명의 범위는 전술한 설명이 아니라 특허청구 범위에 나타나 있으며, 그와 동등한 범위 내에 있는 모든 차이점은 본 발명에 포함된 것으로 해석되어야 할 것이다.Therefore, the specified embodiments should be considered from an explanatory point of view rather than a limiting point of view, and the scope of the present invention is shown in the claims rather than the foregoing description, and all differences within the equivalent range are considered to be included in the present invention. will have to be interpreted
본 발명은 사물 인터넷 보안에 관한 것으로, 구체적으로 사물 인터넷 기기의 제어 흐름 무결성(Control-flow integrity)를 보장하고 대표적인 보안 위협인 제어 흐름 탈취 공격(Control-flow hijacking attack)을 막아낼 수 있도록 한 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치 및 방법에 관한 것이다.The present invention relates to security of the Internet of Things, and specifically, a branch to ensure control-flow integrity of IoT devices and to prevent control-flow hijacking attacks, which are representative security threats. It relates to an apparatus and method for extending risk five architecture instructions for tagging extension.

Claims (9)

  1. 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어를 삽입하는 태그값 저장 명령어 삽입부;a tag value storage command insertion unit for inserting a setTag command for storing a tag value at a location immediately before an indirect branch when compiling the source code;
    간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어를 삽입하는 태그값 비교 명령어 삽입부;a tag value comparison command insertion unit for inserting a checkTag command for tag value comparison immediately after performing an indirect branch;
    함수의 진입 지점에서 제어 상태 레지스터에 저장된 값과 함수 진입지점의 명령어에 부여된 값을 비교함으로써 올바른 목적지로 제어 흐름 전송이 수행되었는지 판단하는 태그값 비교부;a tag value comparison unit that determines whether the control flow transfer to the correct destination has been performed by comparing a value stored in the control status register at the entry point of the function with a value given to a command at the entry point of the function;
    태그값 비교부의 태그 값 비교를 통해 일치시에는 명령어 실행 허용을 하고, 불일치시 예외처리를 하는 명령어 실행부;를 포함하는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치.Device for risk five architecture command extension for branch tagging extension, characterized in that it comprises a; command execution unit that permits command execution through comparison of tag values of the tag value comparison unit and handles exceptions in case of inconsistency.
  2. 제 1 항에 있어서, 개방형 명령어 아키텍처인 리스크-파이브를 확장해 제어 흐름 무결성 검증을 위해 새로 추가된 명령어를 통해서만 접근해 읽고 쓰기가 가능한 전용 제어 상태 레지스터가 추가되는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치.The branch tagging extension according to claim 1, characterized by adding a dedicated control status register that can be accessed, read, and written only through a newly added instruction to verify control flow integrity by extending Risk-Five, an open instruction architecture. Facility for risk five architecture instruction extensions.
  3. 제 2 항에 있어서, 제어 상태 레지스터는,3. The method of claim 2, wherein the control status register comprises:
    각 8비트로 구성된 4개의 영역을 포함는 32비트 크기의 레지스터로 동시에 최대 4개까지의 검증 값을 비교하여 제어 흐름 무결성을 보장하는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치.Device for risk five architecture instruction extension for branch tagging extension, characterized by ensuring control flow integrity by comparing up to four verification values at the same time with a 32-bit register containing four areas composed of 8 bits each .
  4. 제 1 항에 있어서, 태그값 저장 명령어 삽입부는,The method of claim 1, wherein the tag value storage command inserting unit comprises:
    간접 분기 명령어 직전에 제에 상태 레지스터에 목적 함수에 따른 고유 식별 값을 쓰는 동작이 수행되는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치.Apparatus for extending risk five architecture instructions for branch tagging extension, characterized in that an operation of writing a unique identification value according to the objective function to the first status register is performed immediately before the indirect branch instruction.
  5. 제 1 항에 있어서, 컴파일러를 수정해 추가된 명령어를 삽입하는 것에 의해 소스코드 수정없이 기존의 소스코드를 재사용하여 수행시간 오버헤드의 증가없이 제어 흐름 무결성을 보장하는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치.The branch tagging extension according to claim 1, characterized in that control flow integrity is guaranteed without an increase in runtime overhead by reusing an existing source code without modifying the source code by inserting an instruction added by modifying a compiler. Facility for risk five architecture instruction extension for .
  6. 제 5 항에 있어서, 컴파일러가 생산해낸 실행가능 파일이 확장된 아키텍처가 적용된 CPU상에서 수행되도록 하고,The method of claim 5, wherein the executable file produced by the compiler is executed on a CPU with an extended architecture,
    기존 명령어 중 사용되지 않고 있는 HINT Instruction에 새로운 명령어를 할당하는 방식을 사용하는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 장치.A device for extending risk five architecture instructions for branch tagging extension, characterized by using a method of allocating a new instruction to a HINT Instruction that is not used among existing instructions.
  7. 소스 코드 컴파일시 간접 분기 직전위치에 태그 값 저장을 위한 setTag명령어를 삽입하는 태그값 저장 명령어 삽입 단계;inserting a tag value storage command inserting a setTag command for tag value storage at a location immediately before an indirect branch when source code is compiled;
    간접분기 수행 직후 태그 값 비교를 위한 checkTag명령어를 삽입하는 태그값 비교 명령어 삽입 단계;inserting a tag value comparison command for inserting a checkTag command for tag value comparison immediately after performing an indirect branch;
    함수의 진입 지점에서 제어 상태 레지스터에 저장된 값과 함수 진입지점의 명령어에 부여된 값을 비교함으로써 올바른 목적지로 제어 흐름 전송이 수행되었는지 판단하는 태그값 비교 단계;A tag value comparison step of determining whether control flow transfer to a correct destination has been performed by comparing a value stored in a control status register at a function entry point with a value given to a command at the function entry point;
    태그값 비교 단계의 태그 값 비교를 통해 일치시에는 명령어 실행 허용을 하고, 불일치시 예외처리를 하는 명령어 실행 단계;를 포함하는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법.A method for extending risk five architecture instructions for branch tagging extension, comprising: a command execution step of permitting command execution through comparison of tag values in the tag value comparison step and exception handling in case of mismatch; .
  8. 제 7 항에 있어서, 태그값 저장 명령어 삽입 단계는,The method of claim 7, wherein the step of inserting a tag value storage command comprises:
    간접 분기 명령어 직전에 제에 상태 레지스터에 목적 함수에 따른 고유 식별 값을 쓰는 동작이 수행되는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법.A method for extending risk five architecture instructions for branch tagging extension, characterized in that an operation of writing a unique identification value according to the objective function to the first status register is performed immediately before the indirect branch instruction.
  9. 제 7 항에 있어서, 컴파일러를 수정해 추가된 명령어를 삽입하는 것에 의해 소스코드 수정없이 기존의 소스코드를 재사용하여 수행시간 오버헤드의 증가없이 제어 흐름 무결성을 보장하는 것을 특징으로 하는 분기 태그 지정 확장을 위한 리스크 파이브 아키텍처 명령어 확장을 위한 방법.8. The branch tagging extension according to claim 7, characterized in that control flow integrity is ensured without an increase in execution time overhead by reusing an existing source code without source code modification by inserting an instruction added by modifying a compiler. A method for extending the risk five architecture instruction for .
PCT/KR2022/018593 2022-01-06 2022-11-23 Device and method for risc-five architecture instruction extension for branch tagging extension WO2023132474A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020220002304A KR20230106427A (en) 2022-01-06 2022-01-06 System and Method for Branch Target Tagging Extension on RISC-V
KR10-2022-0002304 2022-01-06

Publications (1)

Publication Number Publication Date
WO2023132474A1 true WO2023132474A1 (en) 2023-07-13

Family

ID=87073955

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/018593 WO2023132474A1 (en) 2022-01-06 2022-11-23 Device and method for risc-five architecture instruction extension for branch tagging extension

Country Status (2)

Country Link
KR (1) KR20230106427A (en)
WO (1) WO2023132474A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003140926A (en) * 2001-10-30 2003-05-16 Ricoh Co Ltd Trace obtaining method of memory access, and cash failure detecting method
KR100688503B1 (en) * 2004-11-02 2007-03-02 삼성전자주식회사 Processor and processing method for predicting a cache way using the branch target address
KR101228899B1 (en) * 2011-02-15 2013-02-06 주식회사 안랩 Method and Apparatus for categorizing and analyzing Malicious Code Using Vector Calculation
KR20180064825A (en) * 2016-12-06 2018-06-15 서울대학교산학협력단 Method and apparatus for explicit and implicit information flow tracking
KR20180121485A (en) * 2015-12-17 2018-11-07 더 차레스 스타크 드레이퍼 래보레이토리, 인코포레이티드 Metadata Processing Technology

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101996842B1 (en) 2018-12-26 2019-07-08 (주)자람테크놀로지 RISC-V implemented processor with hardware acceleration supporting user defined instruction set and method therof
KR102416325B1 (en) 2019-05-31 2022-07-04 한국전자통신연구원 Method for generating and processing extended instruction and apparatus using the method
KR102119257B1 (en) 2019-09-24 2020-06-26 프라이빗테크놀로지 주식회사 System for controlling network access of terminal based on tunnel and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003140926A (en) * 2001-10-30 2003-05-16 Ricoh Co Ltd Trace obtaining method of memory access, and cash failure detecting method
KR100688503B1 (en) * 2004-11-02 2007-03-02 삼성전자주식회사 Processor and processing method for predicting a cache way using the branch target address
KR101228899B1 (en) * 2011-02-15 2013-02-06 주식회사 안랩 Method and Apparatus for categorizing and analyzing Malicious Code Using Vector Calculation
KR20180121485A (en) * 2015-12-17 2018-11-07 더 차레스 스타크 드레이퍼 래보레이토리, 인코포레이티드 Metadata Processing Technology
KR20180064825A (en) * 2016-12-06 2018-06-15 서울대학교산학협력단 Method and apparatus for explicit and implicit information flow tracking

Also Published As

Publication number Publication date
KR20230106427A (en) 2023-07-13

Similar Documents

Publication Publication Date Title
WO2015053509A1 (en) Method and apparatus for protecting dynamic libraries
US7320129B2 (en) Native language verification system and method
WO2015046655A1 (en) Application code obfuscation device based on self-conversion and method therefor
WO2015023024A1 (en) Device for obfuscating application code and method for same
WO2018056601A1 (en) Device and method for blocking ransomware using contents file access control
WO2019198885A1 (en) Decentralized service platform using multiple blockchain-based service nodes
GB2447154A (en) Information processing device, information processing method, and program
Viega et al. Statically scanning java code: Finding security vulnerabilities
WO2019039730A1 (en) Device and method for preventing ransomware
WO2018174486A1 (en) Unauthorized command control method of access control system for server security enhancement
WO2011108877A2 (en) System and method for logical separation of a server by using client virtualization
WO2019004638A1 (en) Method and system for setting electronic controller security function
WO2021112494A1 (en) Endpoint-based managing-type detection and response system and method
WO2023132474A1 (en) Device and method for risc-five architecture instruction extension for branch tagging extension
US11829492B1 (en) System and method for hardware-based register protection mechanism
WO2010093071A1 (en) Internet site security system and method thereof
WO2019225849A1 (en) Security device and method for providing security service through control of file input/output and integrity of guest operating system
WO2015093671A1 (en) Arm processor based file obfuscation method
WO2011037321A2 (en) Windows kernel alteration searching method
WO2015046775A1 (en) Method of verifying integrity of program using hash
CN117633777A (en) Process protection method based on linux
WO2014092381A1 (en) System and method for managing scratchpad memory
WO2012008631A1 (en) Method for loading java class on terminal having dalvik virtual machine
WO2014030978A1 (en) Mobile storage medium safety system and method thereof
WO2020106025A1 (en) Gateway device and authority verification method therfor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22919011

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE