CN106372505B - A kind of quick recovery method for Embedded System Code attack - Google Patents
A kind of quick recovery method for Embedded System Code attack Download PDFInfo
- Publication number
- CN106372505B CN106372505B CN201610705866.1A CN201610705866A CN106372505B CN 106372505 B CN106372505 B CN 106372505B CN 201610705866 A CN201610705866 A CN 201610705866A CN 106372505 B CN106372505 B CN 106372505B
- Authority
- CN
- China
- Prior art keywords
- program
- basic block
- code
- embedded system
- recovery
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 78
- 238000011084 recovery Methods 0.000 title claims abstract description 64
- 230000006835 compression Effects 0.000 claims description 17
- 238000007906 compression Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 16
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000012937 correction Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 2
- 230000005856 abnormality Effects 0.000 abstract description 3
- 238000001514 detection method Methods 0.000 description 12
- 238000012986 modification Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 208000019901 Anxiety disease Diseases 0.000 description 1
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 230000036506 anxiety Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005056 compaction Methods 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
一种针对嵌入式系统代码攻击的快速恢复方法,步骤如下:1,源程序生成目标代码;2,目标代码程序基本块;3,程序基本块作为预提取的特征参数;4,将特征参数写入存储单元;5,复位系统;6,记录当前程序基本块地址并清零;7,执行当前程序基本块;8,动态计算程序基本块特征参数,并;9,若比对一致,则备份并跳下一程序基本块执行步骤6;执行步骤10;10,若异常数小于恢复粒度调节阈值,则恢复常次加1,并跳当前程序基本块地址,执行步骤7;执行步骤5;通过以上步骤,本发明能对嵌入式系统代码攻击有效检测,对检测到的代码攻击实现快速恢复。
A quick recovery method for embedded system code attack, the steps are as follows: 1, source program generates target code; 2, target code program basic block; 3, program basic block is used as pre-extracted feature parameter; 4, feature parameter is written 5. Reset the system; 6. Record the address of the basic block of the current program and clear it; 7. Execute the basic block of the current program; 8. Dynamically calculate the characteristic parameters of the basic block of the program; 9. If the comparison is consistent, backup And jump to the next program basic block to execute step 6; execute step 10; 10, if the number of abnormalities is less than the recovery granularity adjustment threshold, add 1 to the normal recovery time, and jump to the current program basic block address, execute step 7; execute step 5; pass Through the above steps, the present invention can effectively detect the code attack of the embedded system, and realize rapid recovery of the detected code attack.
Description
Technical field
The present invention provides a kind of quick recovery method for Embedded System Code attack, and this method is applied to embedded
Among system security protection and abnormal restoring process, the robustness of embedded system can be improved.Belong to embedded system information
Security technology area.
Background technique
Embedded device has obtained more and more applications in daily life, more built-in terminals and widely
Interconnection on line is so that embedded system security becomes the problem of designer must face.Reversely divided with hardware Trojan horse implantation, chip
Analysis and circuit power consumption, the hardware attack mode that voltage analysis is representative, using embedded system physical equipment as target of attack,
Generally require attacker directly participate in by the development of attack embedded device or can with close contact to by attack equipment, this
The harm of hardware attack mode is limited to a certain extent.The software attacks mode for being directed to embedded system implements more
Simply, for attacker without directly contacting embedded system device, it mainly passes through the side of network downloading or system bus interception
Injection, instruction replay, data or the code of formula realization malicious code are distorted and the spilling of buffer area, eventually leads to embedded system
System collapse or the leakage of key message.The main thought of software attacks mode is exactly to destroy correctly holding for embedded program code
Row.
The limitation that embedded system has comparison stringent in terms of computing capability, storage size and system power dissipation, no image of Buddha
Traditional computer distributes part system resource equally dedicated for the detection and protection of intrusion code and rogue program.It is embedded
The integrity checking of system software code can verify whether embedded software is subject to evil in storage, transmission and operational process
Meaning is distorted and is destroyed.Being internally integrated in embeded processor for the specialized hardware of code integrity inspection is embedded software
The typical method of abnormality detection.This method usually requires that confidence region is arranged inside embeded processor, and applies sufficiently large
Trusted storage space, program code instruction is imported into the trusted storage area inside processor in advance, and at runtime with
Instruction is compared for granularity.The checking process of software code is transferred to hardware to complete by this detection method, it is ensured that safety
Processing speed is accelerated simultaneously, but is added significantly to the storage overhead of embeded processor chip interior.
Processing mode and processing speed of the embedded system after detecting that software code is maliciously distorted and destroyed are closed
It is the real-time and reliability to embedded device.Most of commercialization embeded processor has illegal command abnormal restoring machine
System can check before instruction execution and obtain mistake and restore PC value to the instruction that mistake occurs, but this mechanism can not
Identify executable malicious code.The common restoration methods for Embedded System Code exception are that process heavy duty or system are multiple
Position, this processing method needs regenerate process in each recovery process or reload program image, and cumbersome is first
Beginning process makes it cannot achieve the fast quick-recovery to embedded system;Increase access of the system to flash memory outside the slower piece of speed
Number reduces system performance;The system for running to different phase generation is restored, the system needs after recovery return to initial
State reruns all programs before an error, causes to restore larger difference occur to the time of Error Location, can not be right
Recovery time after code intrusion is effectively estimated.
In conclusion currently there is also with next for the detection for Embedded System Code attack and quick recovery method
A little problems:
(1) for the Embedded System Code attack detection method of hardware auxiliary, it is by instructing the mode of comparison to affect
System performance, while embeded processor chip interior trusted storage space needs a large amount of on piece storage resource, causes anxiety
The waste of embedded hardware resource;
(2) common system recovery method realizes that recovery process needs more using the mode of process heavy duty or system reset
The outer flash memory of the secondary slower piece of read or write speed is initialized, and is limited resume speed, is reduced system resilience energy;
(3) common system recovery method realizes the recovery of all hierarchical process, this section by fixed backup node
Point is normally provided as the bootstrap loader of embedded system, and the system after recovery needs to return to original state and reruns one
All programs before error cannot achieve backup, the dynamic of recovery nodes updates, it is difficult to which code recovery time is estimated in realization
Meter.
Summary of the invention
1. goal of the invention
In view of the above-mentioned problems, the present invention provides a kind of quick recovery method for Embedded System Code attack.We
Embedded code is divided into multiple program basic blocks by method, is to compare granularity with program basic block, is run and believed with program basic block
The compression hashed value of breath is the safety detection for comparing characteristic parameter and carrying out embedded program code, and comparison number is greatly reduced,
It is effectively saved the on piece hardware resource for storage.For recovery of the code after under attack, fast quick-recovery granularity tune is set
Threshold value is saved, varigrained the fast restoring tactics are taken according to the frequency of abnormity of present procedure basic block, can be greatly reduced pair
The access times of the outer flash memory of the piece of embedded system speed bottle-neck realize system backup, the dynamic of recovery nodes updates, Ke Yiyou
Effect estimation instantaneous recovery time, realize the fast quick-recovery by code after under attack.
2. technical solution
Specifically, the present invention provides a kind of quick recovery method for Embedded System Code attack, this method
The following steps are included:
Step 1, the compiling of user's source program, link generate object code;
Step 2, using the jump instruction in object code as boundary, object code is divided into program basic block;
Step 3, compression calculating is carried out to the object code in each program basic block, obtains the pressure of each program basic block
Contracting hashed value, as the characteristic parameter during the user program operation of preextraction;
Step 4, the feature ginseng inside characteristic parameter write-in processor during user program operation preextraction arrived
Number storage unit;
Step 5, embedded system being resetted to be initialized, system flash memory outside piece runs Bootloader bootstrap,
By user program code, flash memory is copied to random access memory outside piece outside piece, and jumps to user program initial address (
One program basic block initial address) at run;
Step 6, it records present procedure basic block initial address message (IAM) and is reset from by present procedure basic block frequency of abnormity;
Step 7, the basic block code of present procedure is executed;
Step 8, it is counted using calculation of characteristic parameters unit (separately the applying for a patent) dynamic inside the processor specially developed
The characteristic parameter of the basic block code of present procedure is calculated, and works as future with preextraction in processor internal feature parameter storage unit
Verification is compared in sequence basic block characteristic parameter;
Step 9, if comparison result is consistent, the data in each register value of current processor and running memory space are standby
Part jumps to next program basic block initial address into archive memory space, then executes step 6;If comparison is inconsistent,
Then follow the steps 10;
Step 10, if the recovery granularity that current frequency of abnormity is less than user preset adjusts threshold value, by archive memory space
In data be restored in each register of processor and running memory space, present procedure basic block frequency of abnormity adds 1, and again
Present procedure basic block initial address is jumped to, step 7 is then executed;If current frequency of abnormity is not less than the recovery of user preset
Granularity adjusts threshold value, 5 is thened follow the steps, until user program operation finishes.
Wherein, in step 1 during " compiling of user's source program, link generate object code ", in order to most
The time complexity of running memory backup, recovery in the reduction program basic block operational process of limits, needs in link script
The address of middle fixed code section, data segment and stack segment, and strictly limit the length of each program segment.
Wherein, the process of described " compression calculating is carried out to the object code in each program basic block " in step 3
In, it is contemplated that each basic block code middle finger of program enables quantity different, uses with random length sequence for input, with regular length
Realize that the compression to program basic block object code calculates for the one-way hash function of output.
Wherein, " characteristic parameter that dynamic calculates the basic block code of present procedure " in step 8, need using with
The compression of program in machine code basic block described in step 3 calculates identical realization algorithm, and passes through the feature in processor interior design
Parameter verification module realizes that the fast hardware of algorithm calculates, and then the feature completing the characteristic parameter of preextraction and dynamically calculating is joined
Several Inspections;To reduce realization price of hardware, accelerate hardware process speed, program basic block target in step 3 and step 8
The compression of code is calculated using the lightweight hash algorithm for being easy to Hardware.
Wherein, described " restore granularity and adjust threshold value " in step 10, is for adjusting restoring embedded system starting point
, block code basic for emerging program is abnormal, attempts to carry out fast quick-recovery by granularity of program basic block, if passed through
The expecting state of program still can not be restored to using program basic block as the fast quick-recovery of granularity several times, then can be assert in step 5
User program code during random access memory outside user program code copies to piece is received exception by flash memory outside piece
It distorts, merely the recovery from the code degree of cannot achieve outside piece in random access memory to embedded system, needs to be implemented step
Rapid 5 again outside piece flash memory load user program code.
By above step, a kind of quick recovery method for Embedded System Code attack provided by the invention can be with
It realizes the effective detection attacked Embedded System Code, the quick of embedded system can be realized to the code intrusion detected
Restore.
3. advantage and effect
Beneficial functional of the invention is:
The present invention is to provide a kind of quick recovery methods for Embedded System Code attack.This method is with embedded
Program basic block is granularity, is to compare characteristic parameter to carry out safety detection with the compression hashed value of program basic block operation information,
Reduce comparison number, saved storage hardware resource on processor piece, passes through hard-wired on piece calculation of characteristic parameters school
Module is tested, can quickly and accurately find the exception in embedded code.After detecting code by abnormal aggression, this method
Threshold value can be adjusted by preset fast quick-recovery granularity to control recovery process, take varigrained fast quick-recovery plan
Slightly, reduce embedded system and resume speed is accelerated to the access times of flash memory outside piece, while can also realize that system is standby
The dynamic update of part, recovery nodes, can be effectively estimated instantaneous recovery time.
(1) detection method of the Embedded System Code attack of hardware auxiliary is optimized, is used program generation
Code is divided into program basic block, and the method that verification is compared using the basic block code lightweight Hash Value of program significantly subtracts
Code integrity detection number is lacked, has improved detection speed, saved nervous embedded system hardware resource;
(2) program code is applied in the fast quick-recovery of program code exception by the thought that program basic block divides, it is right
Abnormal in newfound program basic block, high-speed random access memory is carried out using program basic block as the quick of granularity outside piece
To restore, flash memory loading system outside the piece slower without multiple reading speed substantially accelerates the reparation speed of abnormal program code,
Realize the fast quick-recovery of program code exception;
(3) program backup, the update of the dynamic of recovery nodes are realized by the quick recovery method of granularity of program basic block,
The backup of program basic block and recovery nodes can be moved forward with the correct operation of program, and user can be to abnormality processing and extensive
Complex velocity is effectively estimated;
Detailed description of the invention
Fig. 1 is the operational flowchart of the method for the invention.
Fig. 2 is embodiment hardware block diagram of the present invention.
Fig. 3 is embodiment software flow pattern of the present invention.
Code name in Fig. 2, Fig. 3 is described as follows:
Flash is the outer flash memory of piece, and carry is on embedded system bus, its main feature is that storage content power down is non-volatile, is read
Write access speed is slower;RAM is the outer random access memory of piece, and carry is on embedded system bus, its main feature is that storage
It is lost after content power down, read and write access fast speed;Custom Processor is the processor after custom-modification, is supported
The functions such as the storage of preextraction characteristic parameter, the calculating of characteristic parameter hardware dynamic, characteristic parameter verification (are separately applied inside processor
Patent).
Specific embodiment
The present invention is described in detail with reference to the accompanying drawing, but not as a limitation of the invention.
A kind of quick recovery method for Embedded System Code attack of the present invention, as shown in Figure 1, this method includes tool
Body implementation steps are as follows:
Step 1, user's source program code is generated into object code by compiling, link, in order to reduce program basic block fortune
The backup of running memory, recovery time during row, need link script in fixed code section, data segment and stack segment ground
Location, and strictly limit the length of each program segment;
Step 2, using the jump instruction in object code as boundary, object code is divided into several program basic blocks;
Step 3, compression calculating is carried out to the object code in each program basic block using lightweight hash algorithm, obtained
The compression hashed value of each program basic block, as the characteristic parameter in program operation process;
Step 4, the feature inside characteristic parameter write-in processor during user program operation preextraction come out
Parameter storage unit;
Step 5, embedded system reset is initialized, flash memory runs Bootloader bootstrap outside piece, will
Random access memory outside user program code copies to piece, and jump to user program initial address (first program is basic
Block initial address) at run;
Step 6, it records present procedure basic block initial address message (IAM) and resets present procedure basic block frequency of abnormity;
Step 7, present procedure basic block program code is executed;
Step 8, basic using the calculation of characteristic parameters unit dynamic calculating present procedure inside the processor specially developed
The characteristic parameter of block code, and with the present procedure basic block characteristic parameter that is prestored in processor internal feature parameter storage unit
Verification is compared.The dynamic of the program basic block code characteristic parameter, which calculates, to be needed to use and program described in step 3
Basic block code compaction calculates identical realization algorithm, and passes through the characteristic parameter correction verification module realization in processor interior design
The fast hardware of algorithm calculates, and then completes the comparison school of the characteristic parameter of preextraction and the characteristic parameter of hardware dynamic calculating
It tests.The compression of program basic block object code calculates real using the lightweight hash algorithm for being easy to Hardware in step 3 and step 8
It is existing;
Step 9, if comparison result is consistent, the data in each register value of current processor and running memory space are standby
Part jumps to next program basic block initial address into archive memory space, then executes step 6;If comparison is inconsistent,
Then follow the steps 10;
It step 10, will if the recovery granularity that the frequency of abnormity of present procedure basic block is less than user preset adjusts threshold value
Data in archive memory space are restored in each register value of processor and running memory space, and current frequency of abnormity adds 1, and
Again present procedure basic block initial address is jumped to, step 7 is then executed;If current frequency of abnormity is not less than user preset
Restore granularity and adjust threshold value, 5 is thened follow the steps, until user program operation finishes.Described " restore granularity and adjust threshold value " is
For adjusting restoring embedded system starting point, block code basic for emerging program is abnormal, attempts with program basic block
Fast quick-recovery is carried out for granularity, if by the way that repeatedly program still can not be restored to by the fast quick-recovery of granularity of program basic block
Expecting state, then flash memory can be assert random access memory mistake outside user program code copies to piece in step 5 outside piece
User program code receives exception and distorts in journey, merely from the code degree of cannot achieve outside piece in random access memory to embedding
The recovery of embedded system, needing to be implemented step 5, flash memory loads user program code outside piece again.
By above step, a kind of quick recovery method for Embedded System Code attack provided by the invention can be with
It realizes the effective detection attacked Embedded System Code, the quick of embedded system can be realized to the code intrusion detected
Restore.
Fig. 2 and Fig. 3 is the hardware block diagram and software flow pattern of a kind of embodiment of the invention respectively, below with
For OpenRisc processor platform, in conjunction with Fig. 2 and Fig. 3 enumerate it is of the invention attack for Embedded System Code it is quick extensive
A kind of embodiment of compound method.In the embodiment for Embedded System Code attack quick recovery method include:
Step 1, using the compatible compiler of OpenRisc processor instruction set and linker to user's source program code into
Row compiling, link, generate binary object code file, run in program basic block operational process to reduce in subsequent step
The time of Memory Backup and recovery needs the address of in link script fixed code section, data segment and stack segment, and strictly limits
Make the length of each program segment;
Step 2, OpenRisc processor instruction set is inquired, using the jump instruction in instruction set as boundary, by object code
It is divided into several program basic blocks;
Step 3, the object code in each program basic block is carried out using the lightweight hash algorithm for being easy to Hardware
Compression calculates, and the compression hashed value of each program basic block is obtained, as the characteristic parameter in program operation process;
Step 4, the embedded system hardware platform based on OpenRisc processor is built, and by the user of offline preextraction
The characteristic parameter storage unit inside characteristic parameter write-in processor in program operation process, as shown in Figure 2.In the present embodiment
Hardware minimum system include OpenRisc processor after custom-modification, compatible OpenRisc processor interface Wishbone
The outer Flash of standard system bus, the piece and outer RAM of piece." the OpenRisc processor after custom-modification " includes processor
Assembly line, processor state controller, program backup, recovery controller, characteristic parameter storage unit and characteristic parameter calibration mode
Block;
Step 5, reset initialization is carried out to the OpenRisc processor platform of the present embodiment, is run from Flash
Bootloader bootstrap by user program code copies RAM, and jumps to the user program initial address in RAM (
One program basic block initial address) at bring into operation software program as shown in Figure 3;
Step 6, it records present procedure basic block initial address message (IAM) and resets present procedure basic block frequency of abnormity;
Step 7, present procedure basic block program code is executed;
Step 8, it is calculated using the characteristic parameter correction verification module dynamic inside the OpenRisc processor of custom-modification current
The characteristic parameter of the basic block code of program, and it is basic with the present procedure of preextraction in processor internal feature parameter storage unit
Verification is compared in block feature parameter.
Step 9, if comparison result is consistent, the data in each register value of current processor and running memory space are standby
Part jumps to next program basic block initial address into archive memory space, then executes step 6;If comparison is inconsistent,
Then follow the steps 10;
It step 10, will if the recovery granularity that the frequency of abnormity of present procedure basic block is less than user preset adjusts threshold value
Data in archive memory space are restored in each register value of processor and running memory space, and current frequency of abnormity adds 1, and
Again present procedure basic block initial address is jumped to, step 7 is then executed;If current frequency of abnormity is not less than user preset
Restore granularity and adjust threshold value, 5 is thened follow the steps, until user program operation finishes.
The invention may also have other embodiments, without deviating from the spirit and substance of the present invention, is familiar with this
The technical staff in field can make various corresponding changes and modifications according to the present invention, but these corresponding changes and modifications all belong to
In the protection scope of the appended claims of the present invention.
Claims (4)
1. a kind of quick recovery method for Embedded System Code attack, it is characterised in that: method includes the following steps:
Step 1, the compiling of user's source program, link generate object code;
Step 2, using the jump instruction in object code as boundary, object code is divided into program basic block;
Step 3, compression calculating is carried out to the object code in each program basic block, the compression for obtaining each program basic block dissipates
Train value, as the characteristic parameter during the user program operation of preextraction;
Step 4, by preextraction to user program operation during characteristic parameter write-in processor inside characteristic parameter deposit
Storage unit;
Step 5, it resets embedded system to be initialized, system flash memory outside piece runs Bootloader bootstrap, will use
Program code flash memory outside piece in family is copied to random access memory outside piece, and jumps to user program initial address i.e. first
It is run at program basic block initial address;
Step 6, it records present procedure basic block initial address message (IAM) and is reset from by present procedure basic block frequency of abnormity;
Step 7, the basic block code of present procedure is executed;
Step 8, joined using the feature that the calculation of characteristic parameters unit dynamic inside processor calculates the basic block code of present procedure
Number, and school is compared with the present procedure basic block characteristic parameter of preextraction in processor internal feature parameter storage unit
It tests;
Step 9, if comparison result is consistent, extremely by the data backup in each register value of current processor and running memory space
In archive memory space, and next program basic block initial address is jumped to, then executes step 6;If comparison is inconsistent, hold
Row step 10;
It step 10, will be in archive memory space if the recovery granularity that current frequency of abnormity is less than user preset adjusts threshold value
Data are restored in each register of processor and running memory space, and present procedure basic block frequency of abnormity adds 1, and jumps again
To present procedure basic block initial address, step 7 is then executed;If current frequency of abnormity is not less than the recovery granularity of user preset
Threshold value is adjusted, 5 are thened follow the steps, until user program operation finishes.
2. a kind of quick recovery method for Embedded System Code attack according to claim 1, it is characterised in that:
In step 3 during described " carrying out compression calculating to the object code in each program basic block ", it is contemplated that each
The basic block code middle finger of program enables quantity different, uses with random length sequence as input, is the unidirectional of output with regular length
Hash function realizes that the compression to program basic block object code calculates.
3. a kind of quick recovery method for Embedded System Code attack according to claim 1, it is characterised in that:
" characteristic parameter that dynamic calculates the basic block code of present procedure " in step 8, needs to use and generation described in step 3
The compression of coded program basic block calculates identical realization algorithm, and real by the characteristic parameter correction verification module in processor interior design
The fast hardware of existing algorithm calculates, and then completes the characteristic parameter of preextraction and the Inspection of the characteristic parameter dynamically calculated;
To reduce realization price of hardware, accelerate hardware process speed, the compressometer of program basic block object code in step 3 and step 8
It calculates using the lightweight hash algorithm for being easy to Hardware.
4. a kind of quick recovery method for Embedded System Code attack according to claim 1, it is characterised in that:
Described " restore granularity and adjust threshold value " in step 10, is for adjusting restoring embedded system starting point, for newly occurring
The basic block code of program it is abnormal, attempt using program basic block to be that granularity carries out fast quick-recovery, if passed through several times with program base
This block is that the fast quick-recovery of granularity still can not be restored to the expecting state of program, then assert that flash memory will be used outside piece in step 5
Family program code be copied to user program code during the outer random access memory of piece receive it is abnormal distort, merely outside piece
Recovery of the code degree of cannot achieve to embedded system in random access memory, needs to be implemented step 5 and dodges outside piece again
Deposit load user program code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610705866.1A CN106372505B (en) | 2016-08-23 | 2016-08-23 | A kind of quick recovery method for Embedded System Code attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610705866.1A CN106372505B (en) | 2016-08-23 | 2016-08-23 | A kind of quick recovery method for Embedded System Code attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106372505A CN106372505A (en) | 2017-02-01 |
| CN106372505B true CN106372505B (en) | 2018-12-28 |
Family
ID=57878513
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610705866.1A Active CN106372505B (en) | 2016-08-23 | 2016-08-23 | A kind of quick recovery method for Embedded System Code attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106372505B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108572920B (en) * | 2017-03-09 | 2022-04-12 | 上海宝存信息科技有限公司 | Data moving method for avoiding read disturbance and device using same |
| DE112018008092B4 (en) * | 2018-11-28 | 2022-10-13 | Mitsubishi Electric Corporation | ATTACK CANCELATION FACILITIES, ATTACK CANCELATION METHOD AND ATTACK CANCELATION PROGRAM |
| CN114647841A (en) * | 2020-12-17 | 2022-06-21 | 网神信息技术(北京)股份有限公司 | Hardware attack detection method, device, computer system and readable storage medium |
| CN113158184B (en) * | 2021-03-03 | 2023-05-19 | 中国人民解放军战略支援部队信息工程大学 | Attack script generation method and related device based on finite state automata |
| CN113835926A (en) * | 2021-09-15 | 2021-12-24 | 深圳壹账通智能科技有限公司 | Method, device and equipment for processing abnormal event and storage medium |
| CN117909956B (en) * | 2024-03-20 | 2024-06-14 | 山东科技大学 | Hardware-assisted embedded system program control flow security authentication method |
| CN117931532B (en) * | 2024-03-25 | 2024-05-31 | 山东科技大学 | Multi-granularity recovery method for embedded system program supported by on-chip hardware |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101599039A (en) * | 2008-06-03 | 2009-12-09 | 华为技术有限公司 | Abnormality eliminating method and device under the embedded type C language environment |
| CN101777103A (en) * | 2003-09-18 | 2010-07-14 | 苹果公司 | The method of authenticating computer program, the method that computer program is provided and device thereof |
| CN104866767A (en) * | 2015-05-11 | 2015-08-26 | 北京航空航天大学 | Embedded module of novel security mechanism |
| US20160098555A1 (en) * | 2014-10-02 | 2016-04-07 | Arm Limited | Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method |
-
2016
- 2016-08-23 CN CN201610705866.1A patent/CN106372505B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101777103A (en) * | 2003-09-18 | 2010-07-14 | 苹果公司 | The method of authenticating computer program, the method that computer program is provided and device thereof |
| CN101599039A (en) * | 2008-06-03 | 2009-12-09 | 华为技术有限公司 | Abnormality eliminating method and device under the embedded type C language environment |
| US20160098555A1 (en) * | 2014-10-02 | 2016-04-07 | Arm Limited | Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method |
| CN104866767A (en) * | 2015-05-11 | 2015-08-26 | 北京航空航天大学 | Embedded module of novel security mechanism |
Non-Patent Citations (1)
| Title |
|---|
| 基于二进制代码混淆的软件保护研究;吴适;《中国优秀硕士学位论文全文数据库 信息科技辑》;20140115;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106372505A (en) | 2017-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106372505B (en) | A kind of quick recovery method for Embedded System Code attack | |
| JP7250178B2 (en) | Methods and Contract Rewriting Framework Systems for Supporting Smart Contracts in Blockchain Networks | |
| US11507669B1 (en) | Characterizing, detecting and healing vulnerabilities in computer code | |
| US8281229B2 (en) | Firmware verification using system memory error check logic | |
| CN100489805C (en) | Autonomous memory checker for runtime security assurance and method therefore | |
| CN108573144A (en) | The execution context data of safety | |
| CN111630513B (en) | Authenticating the authenticity of stored codes and code updates | |
| US20220075873A1 (en) | Firmware security verification method and device | |
| US20160098555A1 (en) | Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method | |
| US11238151B2 (en) | Method and apparatus for patching binary having vulnerability | |
| CN102473223A (en) | Information processing device and information processing method | |
| US8683450B2 (en) | Systems, methods, and media for testing software patches | |
| CN108197476B (en) | A kind of vulnerability detection method and device for intelligent terminal equipment | |
| CN110516447B (en) | Method and device for identifying terminal emulator | |
| Wang et al. | Detecting and fixing precision-specific operations for measuring floating-point errors | |
| Sidiroglou et al. | Using rescue points to navigate software recovery | |
| JP4754635B2 (en) | Control flow protection mechanism | |
| CN112269996A (en) | Dynamic measurement method of block chain main node-oriented active immune trusted computing platform | |
| CN112115477B (en) | Kernel repairing method and device, electronic equipment and storage medium | |
| Yao et al. | A low-cost function call protection mechanism against instruction skip fault attacks | |
| CN111310162B (en) | Trusted computing-based equipment access control method, device, product and medium | |
| CN112149800A (en) | A kind of feedback neural network trusted execution method and device | |
| US11475170B2 (en) | System and method for correction of memory errors | |
| CN117909956B (en) | Hardware-assisted embedded system program control flow security authentication method | |
| EP3387535B1 (en) | Apparatus and method for software self test |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |