Method and device for verifying integrity of security critical data of program in process of running

Abstract

The invention discloses a method and a device for verifying the integrity of security critical data of a program in the process of running. The method comprises the following steps: 1) indicating a security critical variable in the program, generating a security critical data set in the process of compiling, dividing a virtual address space of the program into a protected area and a non-protected area in the process of loading the program, loading the security critical data set to the protected area, and constructing an integrity verification tree for a virtual page of the protected area of the program; and 2) in the process of writing program data into a memory, updating a root verification value; and in the process of reading program data from the memory, generating a new root verification value, comparing the new root verification value with the original root verification value, if the two are equal, determining that the security critical data set is not tampered, otherwise, determining that the security critical data set is tampered. The device comprises a data integrity verification circuit, a root verification value storage module and a comparator. The method and the device disclosed by the invention have the advantages of high safety performance, strong attack prevention performance, small calculated amount, and less occupied storage space.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a method and device for verifying the integrity of program security key data during runtime. Background technique [0002] In a computer system, it can be assumed that the processor chip can defend against various physical attacks and is safe and reliable. But memory and off-chip buses located outside the processor are subject to physical attack. An attacker can corrupt data in memory as well as data in transit on the bus. For example, other master devices that are connected to the off-chip bus and can directly read and write memory can become attackers. Such as figure 1 As shown, the memory and off-chip bus located outside the processor may suffer from three types of physical attacks: spoofing attack (a), transposition attack (b) and replay attack (c). Spoofing attack refers to the attacker replacing a memory data block with a forged data block (tampered data); transposition...

AI Technical Summary

Problems solved by technology

The protection mechanism based on the physical address cannot prevent the attack carried out by the attacker by modifying the virtual and real address mapping and replacing the tampered data block with the untampered data block for integrity verification

The protection mechanism based on virtual address, because the virtual address space of the program is too large, it is very expensive to construct a tree structure and it is difficult to be practical

Images