Execution port time channel safety protection system and method based on conflict detection

Abstract

The invention provides an execution port time channel safety protection system based on conflict detection. The execution port time channel safety protection system comprises a port conflict matrix and a strategy modifier, when the scheduler schedules the ready micro-operation, port conflicts are recognized and recorded in a port conflict matrix, the port conflicts caused by double threads are judged according to records, and port conflict vectors are correspondingly sent; the strategy modifier outputs a strategy type, a priority vector and a strategy enable signal; when the distribution module receives the port segmentation strategy and the strategy port enable vector, the port segmentation algorithm is changed; when a scheduler receives a port time-sharing strategy, a strategy port enabling vector and a priority vector, an algorithm based on the priority vector is changed. The invention further provides a corresponding safety protection method. According to the system and the method provided by the invention, the attack of constructing the time channel by continuously using the execution port conflict instruction in the SMT environment is effectively prevented.

Description

technical field [0001] The invention belongs to the technical field of system security, and relates to a security protection system and method for an execution port time channel based on conflict detection. Background technique [0002] In superscalar processor micro-architecture design, the macro-instructions described in the instruction set architecture will form corresponding micro-operations through the process of fetching and decoding. Before the micro-operation executes the instruction, it will complete the binding of the corresponding execution port through the instruction analysis. When simultaneous multi-threading (Simultaneous Multi-Threading, SMT) technology is turned off, there is only one thread inside the processor pipeline, and micro-operations that use the allocation module to complete port binding will enter the execution unit through the corresponding port; when SMT technology is turned on, In this case, during the interaction between the processor decodin...

AI Technical Summary

Problems solved by technology

The former is protected by adding noise to all time information related to the process to reduce the bandwidth of the timing channel. By modifying the RDTSC or RDTSCP instruction, adding noise to the return value of the instruction execution can reduce the attacker’s The purpose of obtaining the accuracy of time information, but this method will also directly affect the functional accuracy of the corresponding modified instructions and affect the use of normal programs; the latter is relatively simple to disable SMT through software or hardware to prevent such problems , which can completely solve the time side channel problem caused by the dual-thread sharing of the execution port, but this method loses the benefits brought by the SMT technology itself and will cause corresponding performance loss. Other protection methods are closed or dynamically closed SMT technology to solve this problem, there is no way to protect the execution port time channel problem through the micro-architecture

Images