[go: up one dir, main page]

CN114547685A - A fine-grained randomization protection method for sensitive data at runtime - Google Patents

A fine-grained randomization protection method for sensitive data at runtime Download PDF

Info

Publication number
CN114547685A
CN114547685A CN202210153212.8A CN202210153212A CN114547685A CN 114547685 A CN114547685 A CN 114547685A CN 202210153212 A CN202210153212 A CN 202210153212A CN 114547685 A CN114547685 A CN 114547685A
Authority
CN
China
Prior art keywords
sensitive data
protection
randomization
grained
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210153212.8A
Other languages
Chinese (zh)
Inventor
周亚金
徐金焱
苑子琦
林浩然
申文博
常瑞
吴磊
任奎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202210153212.8A priority Critical patent/CN114547685A/en
Publication of CN114547685A publication Critical patent/CN114547685A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for randomizing and protecting sensitive data during fine-grained operation, which adds a sensitive data confidentiality and integrity cryptology protection expansion instruction on an instruction layer by expanding an instruction set to provide a fine-grained cryptology operation primitive for protecting the confidentiality and the integrity of the sensitive data. The program protected by the extended instruction set provided by the invention can resist software attacks related to various memories; the method can flexibly provide integrity and confidentiality protection according to different input place selection ranges, and flexibly provide time or space memory security protection.

Description

一种细粒度的运行时敏感数据随机化保护方法A fine-grained randomization protection method for sensitive data at runtime

技术领域technical field

本发明涉及计算机应用运行时安全领域,尤其涉及一种细粒度的运行时敏感数据随机化保护方法。The invention relates to the field of computer application runtime security, in particular to a fine-grained randomization protection method for runtime sensitive data.

背景技术Background technique

内存是计算机体系结构中重要的组成部分,任何程序的运行代码、处理数据都会存储在内存中。谷歌工程师曾对旗下浏览器中2015年以来的高危漏洞进行过统计,结果显示其中约70%都是内存相关的漏洞。Memory is an important part of computer architecture. The running code and processing data of any program will be stored in memory. Google engineers have counted the high-risk vulnerabilities in its browsers since 2015, and the results show that about 70% of them are memory-related vulnerabilities.

程序在运行时会在内存中生成不同类型的各类数据,这其中包含返回地址、状态变量以及密码学算法密钥等敏感信息,直接使用软件的方法进行保护往往会带来较大的性能开销。主流的处理器厂商尽管提供了例如Intel AES-NI等常见的密码学算法加密引擎,但并不适用于频繁的加解密操作,目前的计算机体系结构中仍然缺少针对细粒度的运行时敏感数据保护原语。When the program is running, different types of data will be generated in memory, including sensitive information such as return addresses, state variables, and cryptographic algorithm keys. Direct use of software for protection often brings a large performance overhead. . Although mainstream processor manufacturers provide common cryptographic algorithm encryption engines such as Intel AES-NI, they are not suitable for frequent encryption and decryption operations. The current computer architecture still lacks fine-grained runtime sensitive data protection. primitives.

发明内容SUMMARY OF THE INVENTION

针对现有技术的不足,本发明提供一种细粒度的运行时敏感数据随机化保护方法,具体技术方案如下:In view of the deficiencies of the prior art, the present invention provides a fine-grained randomization protection method for sensitive data at runtime, and the specific technical solutions are as follows:

本发明公开了一种细粒度的运行时敏感数据随机化保护方法,通过扩展指令集的方式在指令层面添加敏感数据机密性和完整性密码学保护扩展指令来提供保护敏感数据机密性和完整性的细粒度密码学操作原语,当操作系统内核或用户态应用程序进程需要对敏感数据进行操作时,需要使用扩展后的密码学操作原语对敏感数据进行加密或解密操作,加密或解密时需要提供额外的密钥和调柄信息,以及数据保护范围的选择信息。The invention discloses a fine-grained randomization protection method for sensitive data at runtime, which provides the protection of confidentiality and integrity of sensitive data by adding extended instructions for confidentiality and integrity cryptography protection of sensitive data at the instruction level by extending the instruction set. The fine-grained cryptographic operation primitives, when the operating system kernel or user-mode application process needs to operate on sensitive data, the extended cryptographic operation primitives need to be used to encrypt or decrypt sensitive data. Additional key and handle information, as well as data protection scope selection information, need to be provided.

作为进一步地改进,当操作系统内核或用户态应用程序进程需要将敏感数据存储到内存中时,使用扩展后的密码学操作指令对敏感数据进行加密实现随机化效果;当操作系统内核或应用程序进程需要使用敏感数据时,使用扩展后的密码学操作指令对敏感数据进行解密实现去随机化效果,本发明的核心保护功能是通过密码学操作来进行加解密完成的。As a further improvement, when the operating system kernel or user-mode application process needs to store sensitive data in memory, the extended cryptographic operation instructions are used to encrypt the sensitive data to achieve randomization; when the operating system kernel or application process needs to store sensitive data in memory When the process needs to use the sensitive data, the sensitive data is decrypted using the extended cryptographic operation instruction to achieve the de-randomization effect.

作为进一步地改进,本发明所述的敏感数据机密性和完整性密码学保护扩展指令包含:对全部内容进行加密的加密指令,对部分内容进行加密并填充完整性校验信息的加密指令,对全部内容进行解密的解密指令,对全部内容进行解密并校验部分内容完整性的解密指令,对全部内容进行解密并检验部分内容完整性后进行符号扩展的解密指令,对全部指令类型进行了介绍,除了单纯加解密的指令(用于保护数据的机密性),还在加解密的基础上增加了完整性校验信息用于保护数据的完整性和机密性。As a further improvement, the sensitive data confidentiality and integrity cryptographic protection extension instructions of the present invention include: an encryption instruction for encrypting the entire content, an encryption instruction for encrypting part of the content and filling the integrity check information, The decryption instruction for decrypting the entire content, the decryption instruction for decrypting the entire content and verifying the integrity of part of the content, the decryption instruction for sign-extending after decrypting the entire content and verifying the integrity of the partial content, and the introduction of all instruction types , in addition to the simple encryption and decryption instructions (used to protect the confidentiality of the data), the integrity check information is added on the basis of encryption and decryption to protect the integrity and confidentiality of the data.

作为进一步地改进,本发明所述的敏感数据机密性和完整性密码学保护扩展指令接收操作内容、密钥、调柄以及选择范围的起始和结束字节五个输入,产生加解密后的结果这一个输出。As a further improvement, the sensitive data confidentiality and integrity cryptographic protection extension instruction of the present invention receives five inputs of operation content, key, adjustment handle, and the start and end bytes of the selection range, and generates an encrypted and decrypted The result is this one output.

作为进一步地改进,本发明所述的密钥应存储在包括内核态在内的更高特权级可访问的隔离的特殊寄存器中,当同时保护操作系统内核和用户态应用程序时应添加额外的随机数偏移,确保跨特权态时没有信息泄露;加解密的过程中需要密钥,这里要求密钥不应被泄露。As a further improvement, the keys described in the present invention should be stored in isolated special registers accessible to higher privilege levels including kernel mode, and additional extras should be added when simultaneously protecting the operating system kernel and user mode applications. The random number offset ensures that there is no information leakage in the cross-privileged state; the key is required in the process of encryption and decryption, and it is required that the key should not be leaked.

作为进一步地改进,本发明所述的敏感数据机密性和完整性密码学保护扩展指令对敏感内容进行加密或解密时选用轻量级对称密码算法,包括:异或运算、轻量级分组密码、轻量级可调分组密码,选用轻量级的密码算法是为了保证不影响性能。As a further improvement, the sensitive data confidentiality and integrity cryptography protection extension instruction of the present invention selects a lightweight symmetric cipher algorithm when encrypting or decrypting sensitive content, including: XOR operation, lightweight block cipher, Lightweight adjustable block cipher, the lightweight cipher algorithm is selected to ensure that the performance is not affected.

作为进一步地改进,本发明所述的敏感数据包括操作系统内核和用户态程序的返回地址、函数指针等控制流数据,敏感操作的中间结果、相关密钥,影响程序分支决策的状态变量等非控制流数据。As a further improvement, the sensitive data described in the present invention includes control flow data such as return addresses and function pointers of operating system kernels and user-mode programs, intermediate results of sensitive operations, related keys, and state variables that affect program branching decisions. Control flow data.

作为进一步地改进,本发明所述的调柄根据使用场景的不同,使用固定常量或随机数、时间戳、变量地址信息,以提供普通随机化保护、结合时间状态的随机化保护、结合空间状态的随机化保护,通过使用调柄,可以抵御替换攻击。As a further improvement, the adjustment handle of the present invention uses fixed constants or random numbers, timestamps, and variable address information according to different usage scenarios to provide general randomization protection, randomization protection combined with time state, combined with space state. The randomization protection of , through the use of the handle, can defend against substitution attacks.

作为进一步地改进,本发明所述的数据保护范围的选择信息根据范围长度的不同实现不同效果的保护,当选择范围小于机器字长时能够提供完整性和机密性保护,等于机器字长时至少能够提供机密性保护,这是机密性保护和完整性保护的开启条件。As a further improvement, the selection information of the data protection range described in the present invention achieves protection with different effects according to the length of the range. When the selection range is smaller than the machine word length, it can provide integrity and confidentiality protection, and when it is equal to the machine word length, at least Confidentiality protection can be provided, which is the turn-on condition of confidentiality protection and integrity protection.

本发明的有益效果如下:The beneficial effects of the present invention are as follows:

本发明公开一种细粒度的运行时敏感数据随机化保护方法能够为操作系统内核和用户态应用程序提供细粒度的运行时数据随机化保护。本发明通过在指令层面引入密码学操作的基本原语,同时结合扩展指令中灵活的保护范围选择功能,可以高效地对任意长度的敏感数据进行密码学操作。由于攻击者无法直接对随机化后的数据进行篡改,因此使用本发明所提出的扩展指令集进行保护的程序能够抵御各类内存相关的软件攻击;其能够根据输入地选择范围的不同,灵活地提供完整性和机密性保护,同时根据提供调柄的不同,灵活地提供时间或空间上的内存安全保护,填补了目前计算机体系结构中针对细粒度的运行时敏感数据保护原语的设计空缺。The invention discloses a fine-grained randomization protection method for sensitive data at run time, which can provide fine-grained randomization protection of run-time data for operating system kernels and user-mode application programs. The present invention can efficiently perform cryptographic operations on sensitive data of arbitrary length by introducing basic primitives of cryptographic operations at the instruction level and combining with the flexible protection range selection function in the extended instruction. Since the attacker cannot directly tamper with the randomized data, the program protected by the extended instruction set proposed by the present invention can resist various memory-related software attacks; It provides integrity and confidentiality protection, and flexibly provides memory security protection in time or space according to different adjustment handles, filling the design gap of fine-grained runtime-sensitive data protection primitives in current computer architectures.

具体实施方式Detailed ways

本发明公开了一种细粒度的运行时敏感数据随机化保护方法,通过扩展指令集的方式在指令层面提供保护敏感数据机密性和完整性的细粒度密码学操作原语,当操作系统内核或用户态应用程序进程需要对敏感数据进行操作时,需要使用扩展后的密码学操作原语对敏感数据进行加密或解密操作,加密或解密时需要提供额外的调柄信息,以及数据保护范围的选择信息。The invention discloses a fine-grained runtime sensitive data randomization protection method, which provides fine-grained cryptographic operation primitives for protecting the confidentiality and integrity of sensitive data at the instruction level by extending the instruction set. When the user-mode application process needs to operate on sensitive data, it needs to use the extended cryptographic operation primitives to encrypt or decrypt the sensitive data. When encrypting or decrypting, it needs to provide additional handle information and the selection of data protection scope. information.

当操作系统内核或用户态应用程序进程需要将敏感数据存储到内存中时,使用扩展后的密码学操作指令对敏感数据进行加密实现随机化效果;当操作系统内核或应用程序进程需要使用敏感数据时,使用扩展后的密码学操作指令对敏感数据进行解密实现去随机化效果。When the operating system kernel or user-mode application process needs to store sensitive data in memory, use the extended cryptographic operation instructions to encrypt the sensitive data to achieve randomization effect; when the operating system kernel or application process needs to use the sensitive data , use the extended cryptographic operation instructions to decrypt the sensitive data to achieve the de-randomization effect.

敏感数据机密性和完整性密码学操作指令扩展包含:对全部内容进行加密的加密指令,对部分内容进行加密并填充完整性校验信息的加密指令,对全部内容进行解密的解密指令,对全部内容进行解密并校验部分内容完整性的解密指令,对全部内容进行解密并检验部分内容完整性后进行符号扩展的解密指令;敏感数据机密性和完整性密码学操作指令扩展接收操作内容、密钥、调柄以及选择范围的起始和结束字节五个输入;密钥应存储在包括内核态在内的更高特权级可访问的隔离的特殊寄存器中,当同时保护操作系统内核和用户态应用程序时应添加额外的随机数偏移,确保跨特权态时没有信息泄露。Sensitive data confidentiality and integrity cryptography operation instruction extensions include: encryption instructions for encrypting the entire content, encryption instructions for encrypting part of the content and filling in the integrity check information, decryption instructions for decrypting the entire content, and encryption instructions for all content. Decryption instruction for decrypting the content and verifying the integrity of part of the content, decryption instruction for sign extension after decrypting the entire content and verifying the integrity of part of the content; Sensitive data confidentiality and integrity cryptography operation instruction extension to receive operation content, encryption The key, the handle, and the start and end bytes of the selection range are five inputs; the key should be stored in an isolated special register accessible by higher privilege levels, including kernel mode, when protecting both the operating system kernel and the user Additional random number offsets should be added when running state applications to ensure that no information is leaked across privileged states.

敏感数据机密性和完整性密码学操作指令扩展对敏感内容进行加密或解密时选用轻量级对称密码算法,包括但不限于:异或运算、轻量级分组密码(PRESENT、LBlock)、轻量级可调分组密码(QARMA、CRAFT、SKINNY、Lilliput)。在符合安全性要求的前提下,应优先选择延时小、易于硬件实现的算法。Confidentiality and Integrity of Sensitive Data Cryptography Operation Instruction Extension Use lightweight symmetric cryptographic algorithms when encrypting or decrypting sensitive content, including but not limited to: XOR operation, lightweight block cipher (PRESENT, LBlock), lightweight Level tunable block ciphers (QARMA, CRAFT, SKINNY, Lilliput). Under the premise of meeting the security requirements, the algorithm with small delay and easy hardware implementation should be preferred.

敏感数据包括操作系统内核和用户态程序的返回地址、函数指针等控制流数据、敏感的中间结果(密码学库运算过程中生成的中间变量)和相关密钥、状态变量(影响分支决策的非控制流数据)。Sensitive data includes the return address of the operating system kernel and user-mode programs, function pointers and other control flow data, sensitive intermediate results (intermediate variables generated during the operation of the cryptographic library), related keys, and state variables (non-deterministic variables that affect branch decisions. control flow data).

调柄根据使用场景的不同,可以使用固定常量或随机数、时间戳、变量地址信息,以提供普通随机化保护、结合时间状态的随机化保护、结合空间状态的随机化保护;另外,保护选择范围根据范围长度的不同可以实现不同效果的保护,当选择范围小于机器字长时能够提供完整性和机密性保护,等于机器字长时至少能够提供机密性保护。According to different usage scenarios, the handle can use fixed constants or random numbers, timestamps, and variable address information to provide general randomization protection, randomization protection combined with time state, and randomization protection combined with space state; in addition, the protection selection The range can achieve different protection effects according to the range length. When the selected range is smaller than the machine word length, it can provide integrity and confidentiality protection, and when it is equal to the machine word length, it can at least provide confidentiality protection.

下面通过具体实施例详细描述本发明,本发明的目的和效果将变得更加明白,应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。The present invention will be described in detail below through specific embodiments, and the purpose and effects of the present invention will become more apparent. It should be understood that the specific embodiments described herein are only used to explain the present invention, and are not intended to limit the present invention.

Figure BDA0003511430720000041
Figure BDA0003511430720000041

上表是RISC-V架构下细粒度的运行时敏感数据随机化指令扩展格式说明,以RISC-V指令集为例来说明如何进行指令集扩展以提供细粒度的数据随机化保护。随机化是通过加密实现的,下文中不对随机化(去随机化)和加密(解密)进行区分。加解密所使用的密码算法应选用轻量级对称密码算法。轻量级密码学算法包括但不限于:异或运算、轻量级分组密码(PRESENT、LBlock)、轻量级可调分组密码(QARMA、CRAFT、SKINNY、Lilliput)。在符合安全性要求的前提下,应优先选择延时小、易于硬件实现的算法。The above table is a description of the fine-grained runtime sensitive data randomization instruction extension format under the RISC-V architecture. The RISC-V instruction set is used as an example to illustrate how to extend the instruction set to provide fine-grained data randomization protection. Randomization is achieved by encryption, and no distinction is made between randomization (de-randomization) and encryption (decryption) below. The cipher algorithm used for encryption and decryption should be a lightweight symmetric cipher algorithm. Lightweight cryptographic algorithms include but are not limited to: XOR operation, lightweight block ciphers (PRESENT, LBlock), and lightweight adjustable block ciphers (QARMA, CRAFT, SKINNY, Lilliput). Under the premise of meeting the security requirements, the algorithm with small delay and easy hardware implementation should be preferred.

整体指令采用R类型格式,该类型拥有两个源输入寄存器,一个目标寄存器。在扩展方案中,使用1号源寄存器存储待随机化(或去随机化)的数据,2号源寄存器存储随机化(或去随机化)所使用的调柄,目的寄存器存储随机化(或去随机化)后的结果。使用funct3区域对随机化过程中所使用的密钥进行编码。funct7用于对操作范围和模式进行编码,其中最低位用于标明该指令是加密操作还是解密操作,第1位到第3位用于选择起始字节start byte,第4位到第6位用于选择结束字节end byte。The overall instruction adopts the R type format, which has two source input registers and one destination register. In the extension scheme, the source register No. 1 is used to store the data to be randomized (or de-randomized), the source register No. 2 is used to store the handle used for randomization (or de-randomization), and the destination register is used to store the randomization (or de-randomization). results after randomization). Use the funct3 region to encode the key used in the randomization process. funct7 is used to encode the operation range and mode, where the lowest bit is used to indicate whether the instruction is an encryption operation or a decryption operation, the 1st to 3rd bits are used to select the start byte start byte, and the 4th to 6th bits Used to select the end byte end byte.

为方便描述,指定加密指令的汇编格式为:cre[x]k rd,rs[e:s],rt,解密指令的汇编格式为:crd[x]k(s)rd,rs,rt,[end:start]。对于加密操作cre[x]k,从start byte到end byte截取rs寄存器中的明文数据并在其两侧填充0补齐至64位,后用密钥x和rt寄存器中的调柄进行加密,并将结果保存至rd寄存器;对于解密操作crd[x]k(s),使用密钥x和rt寄存器中的调柄对rs寄存器中的内容进行解密,解密后检测结果的startbyte到endbyte以外的内容是否是全0,通过检测后将检测结果保存到rd寄存器中(若设置了s位,则对结果进行符号扩展),若未通过检测,处理器则会抛出异常状态。For the convenience of description, the assembly format of the specified encryption instruction is: cre[x]k rd,rs[e:s],rt, and the assembly format of the decryption instruction is: crd[x]k(s)rd,rs,rt,[ end:start]. For the encryption operation cre[x]k, the plaintext data in the rs register is intercepted from the start byte to the end byte and padded with 0 on both sides to 64 bits, and then encrypted with the key x and the handle in the rt register, And save the result to the rd register; for the decryption operation crd[x]k(s), use the key x and the handle in the rt register to decrypt the contents of the rs register, and detect the result from startbyte to endbyte after decryption. Whether the content is all 0, the test result is saved in the rd register after passing the test (if the s bit is set, the result is sign-extended). If the test fails, the processor will throw an exception state.

扩展后的指令是设计中对敏感数据进行保护的基本单位,负责对输入内容进行密码学算法运算,密钥的存储、更新等管理逻辑交由操作系统内核以及可信固件负责。密钥应存储在包括内核态在内的更高特权级可访问的隔离的特殊寄存器中,当同时保护操作系统内核和用户态应用程序时应添加额外的随机数偏移,确保跨特权态时没有信息泄露。The extended instruction is the basic unit to protect sensitive data in the design. It is responsible for performing cryptographic algorithm operations on the input content. The management logic of key storage and update is handed over to the operating system kernel and trusted firmware. Keys should be stored in isolated special registers accessible to higher privilege levels including kernel mode, and additional random number offsets should be added when protecting both the operating system kernel and user mode applications to ensure that No information leaks.

根据使用场景的不同,调柄寄存器可以使用固定常量或随机数、时间戳、变量地址信息,能够提供普通随机化保护、结合时间状态的随机化保护、结合空间状态的随机化保护。Depending on the usage scenario, the handle register can use fixed constants or random numbers, timestamps, and variable address information, and can provide general randomization protection, randomization protection combined with time state, and randomization protection combined with space state.

根据保护范围的不同,当选择范围小于8字节时能够提供完整性和机密性保护,等于8字节时能够提供机密性保护。Depending on the protection range, integrity and confidentiality protection can be provided when the selection range is less than 8 bytes, and confidentiality protection can be provided when it is equal to 8 bytes.

敏感数据包括操作系统内核和用户态应用程序的返回地址、函数指针等控制流数据、敏感的中间结果(密码学库运算过程中生成的中间变量)和相关密钥、状态变量(影响分支决策的非控制流数据)。Sensitive data includes the return address of the operating system kernel and user-mode applications, function pointers and other control flow data, sensitive intermediate results (intermediate variables generated during the operation of the cryptographic library), related keys, and state variables (which affect branch decisions. non-control flow data).

Figure BDA0003511430720000051
Figure BDA0003511430720000051

上面给出了RISC-V架构下不同类型的数据在不同保护范围下使用敏感数据随机化扩展指令进行保护的汇编代码示例,示例中假设使用了39位虚拟地址空间,待操作数据在a0寄存器中,并使用待保护变量在内存中的地址作为调柄,其低32位地址在t1寄存器中,高32位地址在t2寄存器中,同时所有示例均使用密钥a进行操作。The above is an example of assembly code that uses sensitive data randomization extension instructions to protect different types of data under the RISC-V architecture under different protection scopes. In the example, it is assumed that a 39-bit virtual address space is used, and the data to be operated is in the a0 register. , and use the address of the variable to be protected in the memory as the handle, the low 32-bit address is in the t1 register, and the high 32-bit address is in the t2 register, and all examples use the key a to operate.

本领域普通技术人员可以理解,以上所述仅为发明的单个实例而已,并不用于限制发明,尽管参照前述实例对发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实例记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。凡在发明的精神和原则之内,所做的修改、等同替换等均应包含在发明的保护范围之内。Those of ordinary skill in the art can understand that the above is only a single example of the invention, and is not intended to limit the invention. Although the invention has been described in detail with reference to the foregoing examples, those skilled in the art can still Modifications are made to the technical solutions described in the foregoing examples, or equivalent replacements are made to some of the technical features. All modifications and equivalent replacements made within the spirit and principle of the invention shall be included within the protection scope of the invention.

Claims (9)

1. A method for randomizing and protecting sensitive data in fine-grained runtime is characterized in that a sensitive data confidentiality and integrity cryptology protection extended instruction is added on an instruction level in an instruction set extension mode to provide a fine-grained cryptology operation primitive for protecting the confidentiality and the integrity of the sensitive data, when an operating system kernel or a user mode application program process needs to operate the sensitive data, the extended cryptology operation primitive needs to be used for encrypting or decrypting the sensitive data, extra secret keys and scheduling handle information need to be provided during encryption or decryption, and selection information of a data protection range needs to be provided.
2. The fine-grained runtime sensitive data randomization protection method of claim 1, characterized in that, when an operating system kernel or a user-mode application program process needs to store sensitive data in a memory, the sensitive data is encrypted using an expanded cryptographic operation instruction to achieve a randomization effect; and when the kernel of the operating system or the application program process needs to use the sensitive data, decrypting the sensitive data by using the expanded cryptology operation instruction to realize the de-randomization effect.
3. The fine-grained runtime sensitive data randomization protection method of claim 1, wherein the sensitive data confidentiality and integrity cryptographic protection extension instruction comprises: the system comprises an encryption instruction for encrypting all contents, an encryption instruction for encrypting part of contents and filling integrity check information, a decryption instruction for decrypting all contents and checking the integrity of part of contents, and a decryption instruction for performing symbol expansion after decrypting all contents and checking the integrity of part of contents.
4. The fine-grained run-time sensitive data randomization protection method of claim 1, 2 or 3, wherein the sensitive data confidentiality and integrity cryptographic protection extension instruction receives five inputs of operation content, a key handle, and a start byte and an end byte of a selection range, and generates an output of an encrypted and decrypted result.
5. The fine-grained runtime sensitive data randomization protection method of claim 1, wherein the key should be stored in an isolated special register accessible at a higher privilege level, including kernel-mode, and an additional random number offset should be added when protecting both the operating system kernel and the user-mode application, ensuring that no information is leaked across privilege modes.
6. The fine-grained runtime sensitive data randomization protection method of claim 4, wherein the sensitive data confidentiality and integrity cryptography protection extension instruction selects a lightweight symmetric cryptographic algorithm when encrypting or decrypting sensitive content, and comprises: exclusive or operation, lightweight block cipher, lightweight adjustable block cipher.
7. The fine-grained runtime sensitive data randomization protection method according to claim 1, 2, 3, 5, or 6, wherein the sensitive data includes control flow data such as return addresses, function pointers, etc. of operating system kernels and user mode programs, non-control flow data such as intermediate results of sensitive operations, related keys, state variables affecting program branch decisions, etc.
8. The fine-grained run-time sensitive data randomization protection method of claim 1, wherein the handle uses a fixed constant or random number, a timestamp, variable address information to provide normal randomization protection, randomization protection in combination with temporal state, randomization protection in combination with spatial state, depending on usage scenarios.
9. The fine-grained runtime sensitive data randomization protection method of claim 1, wherein the selection information of the data protection range implements protection with different effects according to different range lengths, and can provide integrity and confidentiality protection when the selection range is smaller than the machine word length, and at least can provide confidentiality protection when the selection range is equal to the machine word length.
CN202210153212.8A 2022-02-18 2022-02-18 A fine-grained randomization protection method for sensitive data at runtime Pending CN114547685A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210153212.8A CN114547685A (en) 2022-02-18 2022-02-18 A fine-grained randomization protection method for sensitive data at runtime

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210153212.8A CN114547685A (en) 2022-02-18 2022-02-18 A fine-grained randomization protection method for sensitive data at runtime

Publications (1)

Publication Number Publication Date
CN114547685A true CN114547685A (en) 2022-05-27

Family

ID=81676495

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210153212.8A Pending CN114547685A (en) 2022-02-18 2022-02-18 A fine-grained randomization protection method for sensitive data at runtime

Country Status (1)

Country Link
CN (1) CN114547685A (en)

Similar Documents

Publication Publication Date Title
US11711201B2 (en) Encoded stack pointers
CN111052115B (en) Data processing apparatus and method of authentication depending on call path
Götzfried et al. Cache attacks on Intel SGX
Yan et al. Improving cost, performance, and security of memory encryption and authentication
Li et al. A systematic look at ciphertext side channels on AMD SEV-SNP
Rogers et al. Using address independent seed encryption and bonsai merkle trees to make secure processors os-and performance-friendly
Wang et al. New cache designs for thwarting software cache-based side channel attacks
US10237059B2 (en) Diversified instruction set processing to enhance security
US20170185532A1 (en) Memory integrity with error detection and correction
CN112906015B (en) Memory sensitive data encryption protection system based on hardware tag
CN110825672A (en) High performance autonomous hardware engine for online cryptographic processing
CN106130719A (en) A kind of cryptographic algorithm multinuclear implementation method resisting memory overflow attack and device
CN111814162A (en) A Kernel Sensitive Data Protection Method Based on Custom Hardware Security Attributes
Guan et al. Copker: a cryptographic engine against cold-boot attacks
CN108959129B (en) A Hardware-Based Confidentiality Protection Method for Embedded Systems
US10169251B1 (en) Limted execution of software on a processor
Xu et al. RegVault: hardware assisted selective data randomization for operating system kernels
Rogers et al. Security extensions for integrity and confidentiality in embedded processors
Hossain et al. Hexon: Protecting firmware using hardware-assisted execution-level obfuscation
GB2596585A (en) Integrity tree for memory security
CN118377734A (en) Memory data security enhancement method and system based on physical and memory address conversion
Vaslin et al. A security approach for off-chip memory in embedded microprocessor systems
Whelihan et al. A key-centric processor architecture for secure computing
Domnitser et al. A predictive model for cache-based side channels in multicore and multithreaded microprocessors
CN114547685A (en) A fine-grained randomization protection method for sensitive data at runtime

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination