A loop statement execution method and device for side channel security protection
A security protection, loop statement technology, applied in machine execution devices, register devices, instruments, etc., can solve the problems of reduced program execution efficiency, sacrificed performance improvement, and huge overhead, so as to eliminate huge performance losses and reduce the amount of modification. , the effect of resisting branch prediction attacks
Active Publication Date: 2022-07-05
NAT UNIV OF DEFENSE TECH
View PDF8 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
This type of defensive measure is equivalent to suspending the pipeline after the processor executes a branch instruction, and then executes it after the branch instruction is determined. In this way, the processor is equivalent to not using branch prediction technology, which leads to a great decrease in program execution efficiency and sacrifices the branch Huge performance gains from predictive techniques come at great cost
The program contains a lot of loop statements, which is also a necessary condition for attackers to use to construct "ghost" attacks. Existing measures ensure processor security by completely disabling branch prediction, but when executing branch instructions, especially branch instructions in loops can incur huge overhead when
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0041] In order to make the technical solutions of the present disclosure clearer, the following takes the RISC-V instruction set architecture as an example to further describe the loop statement execution method and apparatus for defending against speculative execution attacks in the present invention. Undoubtedly, the loop statement execution method and apparatus for defending against speculative execution attacks in the present invention are not only applicable to the RISC-V instruction set architecture, but can be widely applied to all instruction set architectures that can perform instruction extension.
[0042] like figure 1 As shown, the loop statement execution method for side channel security protection in this embodiment includes:
[0043] 1) Pre-identify the source code of the target program or the loop body in the target code, insert an extended loop instruction based on the scalable instruction set architecture coding specification before each loop body, and obtai...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a loop statement execution method and device for side channel security protection. The loop statement execution method for side channel security protection of the present invention includes pre-identifying the source code of the target program or the loop body in the target code, which is for each segment Insert an extended loop instruction based on the extensible instruction set architecture coding specification before the loop body to obtain the target program using the extended loop instruction; when executing the target program using the extended loop instruction, if an extended loop instruction is encountered, the extended loop instruction will be executed based on the extended loop instruction. The instruction executes the loop body after the extended loop instruction deterministically. The invention can resist branch prediction attack, not only guarantees security, but also eliminates the huge performance loss brought by the existing defense measures to the loop, and also controls the increase of the code amount to only one per loop compared with loop unrolling, There are few modifications to existing programs.
Description
technical field [0001] The invention belongs to the field of processor architecture security, and in particular relates to a loop statement execution method and device for side channel security protection. Background technique [0002] Branch prediction technology is a key technology used by modern processors to improve program execution efficiency. It greatly reduces the pipeline delay caused by branch instructions. High-accuracy branch prediction can greatly improve processor performance. However, in recent years, the Spectre series of vulnerabilities have been exposed, showing that there are serious security problems in the design of typical modern processor architectures, posing a great security threat to processor users. Spectre exploits misleading training on branch prediction techniques, allowing processors to speculatively execute code sequences crafted by attackers, unauthorized access to data protected by various processor and operating system security mechanisms, ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F8/30G06F8/41G06F9/30
CPCG06F8/37G06F8/447G06F9/30047G06F9/30065G06F9/30098
Inventor 黄立波童敢郭辉郑重邓全倪晓强郭维雷国庆王俊辉隋兵才孙彩霞王永文
Owner NAT UNIV OF DEFENSE TECH