Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for verifying integrity of security critical data of program in process of running

A technology for integrity verification and key data, which is applied in the field of computer security, can solve the problems of high cost of constructing tree structures, excessive virtual address space, and difficulty in practical use, and achieves small integrity calculations, high security performance, and saving on-chip and the effect of off-chip memory space

Active Publication Date: 2013-02-13
NAT UNIV OF DEFENSE TECH
View PDF5 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The protection mechanism based on the physical address cannot prevent the attack carried out by the attacker by modifying the virtual and real address mapping and replacing the tampered data block with the untampered data block for integrity verification
The protection mechanism based on virtual address, because the virtual address space of the program is too large, it is very expensive to construct a tree structure and it is difficult to be practical

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for verifying integrity of security critical data of program in process of running
  • Method and device for verifying integrity of security critical data of program in process of running
  • Method and device for verifying integrity of security critical data of program in process of running

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] Such as figure 2 As shown, the implementation steps of the method for verifying the integrity of program safety-critical data during runtime in this embodiment are as follows:

[0062] 1) Indicate the safety-critical variables to be protected in the program, generate the corresponding safety-critical data sets for the safety-critical variables when compiling the program, divide the virtual address space of the program into protected areas and non-protected areas when loading the program, and divide the safety The key data set is loaded into the protection area, an integrity verification tree is constructed for each virtual page in the protection area of ​​the program, and the root verification value of the integrity verification tree is saved in the processor;

[0063] 2) When the processor issues a read and write operation to write program data to the memory, update the root verification value stored in the processor; when the read and write operation of the processor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for verifying the integrity of security critical data of a program in the process of running. The method comprises the following steps: 1) indicating a security critical variable in the program, generating a security critical data set in the process of compiling, dividing a virtual address space of the program into a protected area and a non-protected area in the process of loading the program, loading the security critical data set to the protected area, and constructing an integrity verification tree for a virtual page of the protected area of the program; and 2) in the process of writing program data into a memory, updating a root verification value; and in the process of reading program data from the memory, generating a new root verification value, comparing the new root verification value with the original root verification value, if the two are equal, determining that the security critical data set is not tampered, otherwise, determining that the security critical data set is tampered. The device comprises a data integrity verification circuit, a root verification value storage module and a comparator. The method and the device disclosed by the invention have the advantages of high safety performance, strong attack prevention performance, small calculated amount, and less occupied storage space.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method and device for verifying the integrity of program security key data during runtime. Background technique [0002] In a computer system, it can be assumed that the processor chip can defend against various physical attacks and is safe and reliable. But memory and off-chip buses located outside the processor are subject to physical attack. An attacker can corrupt data in memory as well as data in transit on the bus. For example, other master devices that are connected to the off-chip bus and can directly read and write memory can become attackers. Such as figure 1 As shown, the memory and off-chip bus located outside the processor may suffer from three types of physical attacks: spoofing attack (a), transposition attack (b) and replay attack (c). Spoofing attack refers to the attacker replacing a memory data block with a forged data block (tampered data); transposition...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/10
Inventor 王蕾邓宇王永文窦强李姗姗孙彩霞张承义高军黄立波倪晓强隋兵才陈微赵天磊
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com