CN114969740B - Defensive mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering - Google Patents
Defensive mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggeringInfo
- Publication number
- CN114969740B CN114969740B CN202210632974.6A CN202210632974A CN114969740B CN 114969740 B CN114969740 B CN 114969740B CN 202210632974 A CN202210632974 A CN 202210632974A CN 114969740 B CN114969740 B CN 114969740B
- Authority
- CN
- China
- Prior art keywords
- instruction
- stage
- confusion
- processor
- newly added
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开一种避免指令序列触发型硬件木马触发的防御机制,应用于处理器硬件安全领域,针对现有的通过软件层面进行指令混淆的机制易被攻击者绕过的问题与现有的通过硬件层面进行指令混淆的机制存在的不足之处;本发明在处理器程序运行期间,由指令缓存输入给IF的既定指令流先经过指令细粒度加密模块进行加密;加密的既定指令再由IF输入给新增流水IO时,先进行解密操作;然后根据新增流水IO给出控制信息1驱动动态随机模块产生控制信息2随机地从由自定义OPCode指令组成的混淆指令库中选择若干条自定义OPCode指令插入在处理器既定指令之间;最后将混淆指令流输入给ID,实现处理器避免指令序列触发型硬件木马的触发。
The present invention discloses a defense mechanism for preventing instruction sequence triggered hardware Trojans from being triggered. The mechanism is applied to the field of processor hardware security and addresses the problem that existing mechanisms for performing instruction obfuscation at the software level are easily bypassed by attackers and the shortcomings of existing mechanisms for performing instruction obfuscation at the hardware level. During the execution of a processor program, the present invention first encrypts a predetermined instruction stream input from an instruction cache to an Intermediate Function (IF) through an instruction fine-grained encryption module. When the encrypted predetermined instruction is input from the IF to a newly added pipeline I/O, a decryption operation is first performed. Then, control information 1 is given according to the newly added pipeline I/O to drive a dynamic random module to generate control information 2, which randomly selects a plurality of customized OPCode instructions from an obfuscated instruction library composed of customized OPCode instructions and inserts them between the predetermined instructions of the processor. Finally, the obfuscated instruction stream is input to an ID, thereby preventing the processor from being triggered by instruction sequence triggered hardware Trojans.
Description
Technical Field
The invention belongs to the field of processor hardware security and large-scale digital integrated circuits, and particularly relates to a hardware Trojan horse triggering defending technology.
Background
Instruction sequence triggering type hardware Trojan refers to that a special module and a circuit in hardware design are intentionally implanted in a processor by a third party, or malicious modules and circuits are intentionally left by a designer, and an attacker can complete the activation of the hardware Trojan through the instruction sequence of the processor. The inserted instruction sequence triggering type hardware Trojan horse may cause the key information of the processor to be leaked and the key component content to be tampered, so that the operation result and the purpose of the processor are changed. The implantation of this type of hardware Trojan typically occurs in the process design and manufacturing of untrusted links, such as untrusted EDA tools, untrusted third party IP providers, untrusted design companies and untrusted streaming factories, etc. In a processor, an attacker generally selects an instruction sequence of the processor as a trigger condition thereof in order to realize concealment and controllability of an implanted hardware Trojan.
The defense technology of the instruction sequence triggering type hardware Trojan horse implanted in the processor mainly comprises the steps of (1) detecting the hardware Trojan horse by collecting bypass physical information (power consumption, time sequence and electromagnetism) of the processor chip, (2) obtaining a gate-level netlist of the processor chip by reverse engineering, and realizing the detection of the hardware Trojan horse by analyzing the gate-level netlist, and (3) reducing the triggering probability of the hardware Trojan horse implanted in the processor from the triggering mode of the hardware Trojan horse.
The technology (1) is nondestructive testing on the processor chip, and has the main defects that (1) the process deviation has serious influence on bypass physical information of the processor chip, and can cause deviation in the detection of hardware Trojan, and (2) the method has larger detection deviation for the hardware Trojan with extremely small area consumption implanted in the processor chip.
The technology (2) is a damage detection of the processor chip, and has the main disadvantage of causing the processor chip to be damaged and not reused once reverse engineering is performed.
The technology (3) is a defending means starting from a hardware Trojan trigger condition, and the existing technology mainly starts from a software and hardware level and breaks up the established instruction sequence of a processor compiler stage through an instruction confusion method. The method has the main defects that (1) a mechanism for carrying out instruction confusion through a software layer is easy to bypass by an attacker, (2) a means for carrying out instruction confusion through a hardware layer usually carries out the confusion between instruction fetching stages and decoding stages of a processor, so that the problem of safety of instruction sequence triggering type hardware Trojan is solved, and (3) when a mixed instruction or an equivalent instruction used by the prior art replaces a given instruction of the processor, most instructions do not carry out instruction Operation Code (OPCode) replacement, so that the hardware Trojan with an instruction OPCode sequence as a triggering condition cannot be effectively treated, 4) the prior art only can reduce the triggering probability of the instruction sequence triggering type hardware Trojan and cannot completely avoid the triggering of the type hardware Trojan, and (5) the prior art can lead the given instruction of the processor and the mixed instruction or the equivalent instruction to have a fixed mapping relation, so that the attacker can easily analyze the mapping relation according to large-batch test data.
Disclosure of Invention
In order to solve the technical problems, the invention provides a defense mechanism for avoiding the triggering of the instruction sequence triggering type hardware Trojan horse, and the mechanism provided by the invention is ensured not to be bypassed by an attacker through the realization mode of pure hardware.
The technical scheme adopted by the invention is that the defense mechanism for avoiding the triggering of the hardware Trojan horse by the instruction sequence comprises an instruction fine granularity encryption module, an instruction fine granularity decryption module, a dynamic random module, a confusion instruction library formed by custom OPCode instructions and a newly added pipeline instruction confusion (Instruction Obfuscate, IO) stage;
the instruction fine granularity encryption module encrypts a set instruction stream output to the value-taking stage by the instruction cache, and the encrypted set instruction stream output to the value-taking stage by the instruction cache is output to the newly added pipeline IO after being decrypted by the instruction fine granularity decryption module;
according to the newly added pipeline IO stage, the control information 1 is given to drive the dynamic random module to generate control information 2, and a plurality of custom OPCode instructions are randomly selected from a mixed instruction library consisting of custom OPCode instructions and are inserted between the established instructions of the processor;
the processor inputs the obfuscated instruction stream obtained in the newly added pipeline IO stage to the decode stage.
The invention has the advantages that:
(1) The invention ensures that the mechanism proposed by the invention is not bypassed by an attacker through the realization mode of pure hardware;
(2) According to the invention, through the instruction fine granularity encryption/decryption module in the mechanism provided by the invention, the triggering of a hardware Trojan horse triggered by an instruction sequence which possibly exists in an IF stage is avoided;
(3) The mechanism provided by the invention has certain randomness when confusing the set instructions of the processor through the dynamic random module, so that an attacker cannot analyze the mapping rule of the set instructions of the processor and the confusing instructions;
(4) According to the invention, by the mixed instruction library formed by the custom OPCode instructions and the newly added serial IO in the mechanism provided by the invention, the mixed instructions inserted after the effective established instructions of the processor are ensured to be unique compared with legal instructions of the compiling tool chain, so that the mechanism provided by the invention can completely avoid the triggering of the instruction sequence triggering type hardware Trojan horse implanted in the processor, and simultaneously, due to the existence of the custom OPCode, the triggering of the hardware Trojan horse taking OPCode sequence as a triggering condition can also be completely avoided;
(5) The invention is simple and efficient, does not need to occupy too much hardware resources, only needs to carry out minor modification on the processor core and can be easily deployed in the processor.
Drawings
Fig. 1 is a functional block diagram of a mechanism proposed by the present invention.
Fig. 2 is a schematic structural diagram of a dynamic random module in the proposed mechanism of the present invention.
Fig. 3 is a schematic diagram of the structure of a self-feedback RO chain used by a true random number generator in the proposed mechanism of the present invention.
FIG. 4 is a command sequence triggered hardware Trojan designed to verify the validity of the proposed mechanism of the present invention;
FIG. 5 is a test result of implanting the hardware Trojan horse shown in FIG. 4 in a RISC-V processor without deploying the mechanism proposed by the present invention and executing test code containing a trigger sequence.
FIG. 6 is a test result of implanting the hardware Trojan horse shown in FIG. 4 in a RISC-V processor with the mechanism proposed by the present invention deployed and executing test code containing a trigger sequence.
Detailed Description
The present invention will be further explained below with reference to the drawings in order to facilitate understanding of technical contents of the present invention to those skilled in the art.
Example 1
The working principle of the present invention is described in this embodiment with reference to fig. 1:
As shown in FIG. 1, the invention aims at realizing the technical scheme that the defense mechanism for avoiding the triggering of the hardware Trojan horse triggered by the instruction sequence comprises an instruction fine granularity encryption module, an instruction fine granularity decryption module, a dynamic random module, a confusion instruction library formed by custom OPCode instructions and a newly added pipeline IO. During the running of a processor program, a given instruction stream output to a value (Instruction Fetch, IF) stage by an instruction cache is required to be encrypted by an instruction fine-granularity encryption module, so that a possible instruction sequence triggering type hardware Trojan in the IF stage is ensured not to be triggered, fine-granularity encrypted given instructions are required to be subjected to fine-granularity decryption operation when output to a newly added pipeline IO (Instruction Obfuscate, IO) stage by the IF stage, then a dynamic random module is driven to generate control information (2) according to the newly added pipeline IO, a plurality of custom OPCode instructions are randomly selected from a mixed instruction library formed by custom OPCode instructions according to the control information (1) given by the newly added pipeline IO and are inserted into the given instruction stream of the newly added pipeline IO after the fine-granularity decryption operation is performed, so that the sequence of the given instruction stream of the processor is completely disturbed, and finally the mixed instruction stream obtained in the newly added pipeline IO stage is output to a decoding stage (Instruction Decode, ID), so that the processor avoids the triggering of the instruction sequence triggering type hardware Trojan and the safety and reliability of the processor on the hardware level are ensured.
Example 2
The command fine granularity encryption/decryption module performs exclusive-or processing on the command according to the key provided by the dynamic random module.
Example 3
The working process of the dynamic random module is described in this embodiment with reference to fig. 2-3:
As shown in fig. 2, the dynamic random module is composed of a true random number generator (True Random Number Generator, TRNG) and a pseudo random number generator (Pseudo Random Number Generator, PRNG), and can be implemented to give a random number with higher entropy per bit per clock cycle. The working steps are as follows:
First, the Seek control logic is driven to generate a TRNG enable signal trng_en upon processor reset, driving TRNG to generate an initial random seed Seek required for PRNG, a key required for instructing the fine granularity encryption/decryption module, and a 6bit true random number.
Secondly, the Seek control logic acquires a Seek value from the TRNG, temporarily stores the Seek value by using a register Seek_R, and simultaneously generates an effective signal valid of the value;
Then, the PRNG acquires random seed values Seek_R and valid from a Seek control logic module to start running, so that a random number with higher entropy per bit is given out in each clock period;
Finally, the Seek control logic module generates a TRNG enable signal trng_en according to the PRNG cycle near-end indication signal generated by the PRNG, and drives the TRNG to regenerate the random seed Seek and the 6bit true random number required by the PRNG. The Seek value of the PRNG and the characteristic feedback polynomial are guaranteed to be updated by the true random number generator every 127 cycles.
As shown in FIG. 2, the pseudo-random number generator is comprised of a 7bit fibonacci Linear Feedback shift register (Linear Feedback SHIFT REGISTER, LFSR) and is characterized by a Feedback polynomial ofWherein g (m) is equal to 1 or 0, the 6bit true random number given by the true random number generator is determined, the seek value of the pseudo random number is given by the true random number generator, and the seek value and g (m) are updated by the true random number generator every 127 periods.
As shown in fig. 3, the core part of the True Random Number Generator (TRNG) shown in fig. 2 is composed of a chain of a self-feedback Ring Oscillator (RO) composed of an inverting latch and a shift register. The working principle of the anti-phase latch is that the anti-phase latch resets and sets zero when a reset signal is enabled_i=1 'b0, when the enable_i=1' b1, the enable_i is input into the n-bit shift register, and the anti-phase latch is started independently in sequence, so that RO starts to oscillate, and TRNG starts to work.
Example 4
The instructions in the confusion instruction library composed of the custom OPCode instructions are all combined with single-cycle type instructions of an operable target register according to custom OPCode (Operation Code, OPCode), and the implementation process is as follows:
The method comprises the steps of selecting a single-cycle instruction with an operable target register in an instruction code of a processor, setting the target register (rd) to x0 all the time, enabling a manufactured confusion instruction to perform actual operation by using processor operation resources and reading the value of a general register, wherein the target register x0 is 0 all the time and cannot influence the normal operation of the processor, simultaneously replacing an instruction operation code OPCode of the confusion instruction with a custom OPCode (OPCode [1:0] = 2' b 10), and modifying logic of a decoding stage of the processor to enable the processor decoder to correctly identify the custom OPCode. Thus, the instructions in the confusing instruction library are guaranteed to be different from legal instructions of the compiling tool chain, and are special and unique.
Example 5
The newly added pipeline IO mainly realizes that a plurality of custom OPCode instructions which are randomly taken out from a mixed instruction library are inserted after each effective established instruction, and the specific logic is as follows:
detecting whether an instruction output to an IO stage by an IF stage is a valid instruction or not, IF yes, acquiring a 2bit random number from a dynamic random module by an IO stage logic while transmitting the instruction of the newly added flow IO stage to an ID stage, randomly reading x custom OPCode instructions (x= [1,3 ]) from a mixed instruction library, selecting one custom OPCode instruction in the mixed instruction library by a 5bit random number, simultaneously pulling down an IO stage up handshake signal io_ready, suspending flow of the processor IF stage, reading x custom OPCode instructions from the mixed library according to the 5bit random number, simultaneously pulling up an IO stage down handshake signal io_valid, transmitting the mixed instruction flow to the ID stage by the processor, and transmitting the IO stage up handshake signal io_ready to resume flow of the IF stage of the processor to the ID stage after the execution of the inserted custom OPCode instruction is completed. Otherwise, the mechanism provided by the invention does not carry out instruction confusion work, and only needs to output the signal of the processor IF stage to the newly added pipeline IO stage for latching.
Example 6
The control information 1 is an effective signal of a given instruction input to the newly added pipeline IO stage by the IF stage.
Example 7
The control information 2 is a 7-bit random number obtained from the dynamic random module by the newly-added serial IO stage logic, wherein the high 2bit control newly-added serial water reads x instructions from the confusion instruction library, and the low 5bit control newly-added serial water randomly selects one instruction from the confusion instruction library.
Example 8
The technical effects of the present invention will be described with reference to fig. 4 to 6:
The invention takes the open source RISC-V processor PULPino as a verification experiment platform and analyzes the safety of the mechanism proposed by the invention from the angle of attack examples, thereby proving the safety and effectiveness of the mechanism proposed by the invention.
The invention designs a hardware Trojan triggered by an instruction sequence, as shown in fig. 5, wherein the instruction sequence for triggering the hardware Trojan is addi, jarl, nop, lw, and the function of the hardware Trojan triggered by the instruction sequence is to modify the address space of a processor to realize hijacking of the control flow of the processor.
The hardware Trojan horse is implanted in the RISC-V processor which is not deployed with the mechanism provided by the invention, and the test code containing a trigger sequence is executed, the running result is shown in figure 5, namely, after the hardware Trojan horse is triggered, the data address 0x00107fec of the lw instruction access DTCM is modified to 0x1a105018, the lw instruction is enabled to read the value 0x434 of the ht_pc_addr_reg in turn, the replacement of the return address 0x500 for executing the jump of the completion func1 to 0x434 (the entry address of the function func 2) is realized, thereby the hijacking of the control flow of the processor is completed, and the content of the function func2 is executed.
The hardware Trojan horse shown in the figure is implanted in the RISC-V processor deployed with the mechanism provided by the invention, and the test code containing the trigger sequence is executed, the running result is shown in figure 6, namely a plurality of confusion instructions are inserted between the established instructions addi, jarl, nop, lw of the processor, so that the instruction sequence type hardware Trojan horse is not triggered.
In summary, the invention provides a defense mechanism for avoiding the triggering of the instruction sequence triggering type hardware Trojan horse. The invention ensures that the mechanism proposed by the invention can not be bypassed by an attacker through a pure hardware implementation mode, avoids the triggering of a possible instruction sequence triggering type hardware Trojan in an IF stage through an instruction fine granularity encryption/decryption module in the mechanism proposed by the invention, ensures that the mechanism proposed by the invention has certain randomness when the given instructions of a processor are mixed through a dynamic random module, so that the attacker can not analyze the mapping rule of the given instructions of the processor and the mixed instructions, ensures that the mixed instructions formed by custom OPCode instructions in the mechanism proposed by the invention are unique compared with legal instructions of a compiling tool chain, ensures that the mixed instructions inserted into the effective given instructions of the processor can completely avoid the triggering of the instruction sequence triggering type hardware Trojan implanted in the processor, simultaneously completely avoids the triggering of the hardware Trojan taking the OPCode sequence as a triggering condition due to the existence of the custom OPCode, and is simple and efficient without occupying too much hardware resources, and only needs to modify the processor core and can be easily deployed in the processor.
Those of ordinary skill in the art will recognize that the embodiments described herein are for the purpose of aiding the reader in understanding the principles of the present invention and should be understood that the scope of the invention is not limited to such specific statements and embodiments. Various modifications and variations of the present invention will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.
Claims (8)
1. The defense mechanism for avoiding the triggering of the instruction sequence triggering type hardware Trojan is characterized by comprising an instruction fine granularity encryption module, an instruction fine granularity decryption module, a dynamic random module, a confusion instruction library formed by custom OPCode instructions and a newly added pipeline instruction confusion stage;
the instruction fine granularity encryption module encrypts a given instruction stream output to the value-taking stage by the instruction cache, and the encrypted given instruction stream output to the value-taking stage by the instruction cache is output to the newly added stream confusion stage after being decrypted by the instruction fine granularity decryption module;
the newly added pipeline instruction confusion stage inserts a plurality of custom OPCode instructions which are randomly taken out from a confusion instruction library after each effective established instruction;
The processor outputs the mixed instruction stream obtained in the newly added stream instruction mixing stage to the decoding stage.
2. The defence mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering according to claim 1, wherein the instruction fine granularity encryption/decryption module performs exclusive or processing on the instruction according to a key provided by the dynamic random module.
3. The defense mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering according to claim 1, wherein the implementation process of the confusion instruction library composed of custom OPCode instructions is as follows:
The method comprises the steps of selecting a single-cycle instruction with an operable target register in the instruction code of the processor, setting the target register to x0 all the time, simultaneously replacing the custom OPCode with the instruction operation code OPCode of the confusing instruction, and modifying logic of a decoding stage of the processor to enable a decoder of the processor to correctly identify the custom OPCode.
4. The defense mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering according to claim 1, wherein the control information 1 is given according to a newly added pipeline IO to drive a dynamic random module to generate control information 2, a plurality of custom OPCode instructions are randomly selected from a mixed instruction library composed of custom OPCode instructions to be inserted into a predetermined instruction stream which is output to the newly added pipeline IO after fine-grained decryption operation.
5. The defence mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering according to claim 1, wherein a plurality of custom OPCode instructions are randomly selected from a mixed instruction library composed of custom OPCode instructions to be inserted between given instruction streams input into newly added stream IO after fine-granularity decryption operation is performed, and the implementation process is as follows:
If the instruction input to the confusion stage by the instruction fetching stage is a valid instruction, the processor transmits the instruction of the newly added stream instruction confusion stage to the decoding stage, at the same time, the instruction confusion stage logic acquires 2bit random numbers from the dynamic random module, randomly reads x custom OPCode instructions from the confusion instruction library, and selects one custom OPCode instruction in the confusion instruction library by the 5bit random numbers, simultaneously pulls down an instruction confusion stage up handshake signal io_ready, pauses stream of the instruction fetching stage of the processor, reads x custom OPCode instructions from the confusion instruction library according to the 5bit random numbers, simultaneously pulls up an instruction confusion stage down handshake signal io_valid, the processor transmits the mixed instruction stream to the decoding stage for execution, and after the execution of the inserted custom OPCode instruction is finished, the instruction confusion stage up handshake signal io_ready pulls up to resume the stream of the instruction fetching stage of the processor to transmit the instruction of the instruction fetching stage to the instruction stage, and then transmits the instruction confusion stage to the decoding stage by the instruction confusion stage.
6. The mechanism of claim 5, wherein if the instruction input to the instruction confusion stage by the instruction fetch stage is an invalid instruction, the instruction fetch stage is latched with a signal output to the newly added pipeline instruction confusion stage.
7. The defence mechanism of claim 4, wherein the control information 1 is a valid signal of a given instruction input to the instruction confusion stage of the newly added pipeline by the instruction fetch stage.
8. The defence mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering according to claim 4, wherein the control information 2 is a 7-bit random number obtained from a dynamic random module by a logic of a confusion stage of the newly added pipeline instructions, wherein the high 2 bits control the newly added pipeline to read x instructions from a confusion instruction library, and the low 5 bits control the newly added pipeline to randomly select one instruction from the confusion instruction library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210632974.6A CN114969740B (en) | 2022-06-07 | 2022-06-07 | Defensive mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210632974.6A CN114969740B (en) | 2022-06-07 | 2022-06-07 | Defensive mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114969740A CN114969740A (en) | 2022-08-30 |
| CN114969740B true CN114969740B (en) | 2025-08-01 |
Family
ID=82959243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210632974.6A Active CN114969740B (en) | 2022-06-07 | 2022-06-07 | Defensive mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114969740B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119557884B (en) * | 2025-01-27 | 2025-05-23 | 暨南大学 | Hardware Trojan detection and recovery system based on lightweight neural network |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001097010A2 (en) * | 2000-06-12 | 2001-12-20 | Koninklijke Philips Electronics N.V. | Data processing method and device for protected execution of instructions |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8139764B2 (en) * | 2008-05-06 | 2012-03-20 | Harris Corporation | Closed galois field cryptographic system |
| US8402541B2 (en) * | 2009-03-12 | 2013-03-19 | Microsoft Corporation | Proactive exploit detection |
| US10210323B2 (en) * | 2016-05-06 | 2019-02-19 | The Boeing Company | Information assurance system for secure program execution |
| CN106096338B (en) * | 2016-06-07 | 2018-11-23 | 西北大学 | A kind of virtualization software guard method obscured with data flow |
-
2022
- 2022-06-07 CN CN202210632974.6A patent/CN114969740B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001097010A2 (en) * | 2000-06-12 | 2001-12-20 | Koninklijke Philips Electronics N.V. | Data processing method and device for protected execution of instructions |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114969740A (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11163857B2 (en) | Securing microprocessors against information leakage and physical tampering | |
| KR20200051694A (en) | Call path dependent authentication | |
| Xu et al. | A security design for the detecting of buffer overflow attacks in IoT device | |
| JP2004038966A (en) | Secure and opaque type library for providing secure variable data protection | |
| US20050268163A1 (en) | Microprocessor comprising signature means for detecting an attack by error injection | |
| Hoffmann et al. | ARMORY: fully automated and exhaustive fault simulation on ARM-M binaries | |
| Cyr et al. | Low-cost and secure firmware obfuscation method for protecting electronic systems from cloning | |
| Yavarzadeh et al. | Pathfinder: High-resolution control-flow attacks exploiting the conditional branch predictor | |
| De et al. | Hardware assisted buffer protection mechanisms for embedded RISC-V | |
| CN113673002A (en) | A Memory Overflow Defense Method Based on Pointer Encryption Mechanism and RISC-V Coprocessor | |
| Feng et al. | Fastcfi: Real-time control-flow integrity using fpga without code instrumentation | |
| Hossain et al. | Hexon: Protecting firmware using hardware-assisted execution-level obfuscation | |
| Chakraborty et al. | GPU obfuscation: attack and defense strategies | |
| Alshaer et al. | Variable-length instruction set: Feature or bug? | |
| CN114969740B (en) | Defensive mechanism for avoiding instruction sequence triggering type hardware Trojan horse triggering | |
| US10095847B2 (en) | Method, system and device for protection against reverse engineering and/or tampering with programs | |
| Patel et al. | Shield: A software hardware design methodology for security and reliability of mpsocs | |
| Marcelli et al. | Defeating hardware trojan in microprocessor cores through software obfuscation | |
| Kayaalp et al. | Signature-based protection from code reuse attacks | |
| Péneau et al. | NOP-Oriented Programming: Should we Care? | |
| Albartus et al. | On the design and misuse of microcoded (embedded) processors—a cautionary note | |
| CN112948863B (en) | Sensitive data reading method and device, electronic equipment and storage medium | |
| Reimann et al. | Exploiting the lock: leveraging MiG-V's logic locking for secret-data extraction | |
| KR20230137423A (en) | Enhanced encoding message inspection for RSA signature verification | |
| Zhang et al. | RAGuard: An efficient and user-transparent hardware mechanism against ROP attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |