Cache security defense method and system based on risc-v

Abstract

The application discloses a cache security defense method and system based on RISC-V, and the method comprises the following steps: when a target data loading instruction of a target request component is executed by a RISC-V processor, a target physical address in the target data loading instruction is extracted; the target physical address is encrypted by a physical address encryption module to obtain a target encrypted address; a secure data cache in a secure cache module is accessed according to the target encrypted address, if a target cache line corresponding to the target encrypted address exists in the secure data cache, the target cache line is output to the target request component, so that the target request component executes a target data operation on the target cache line. The application can effectively resist cache side channel attacks, improve the performance of the cache in the RISC-V processor, improve the information security guarantee level, reduce the potential information leakage risk, and can be widely applied to the technical field of data security.

Description

Technical Field

[0001] This application relates to the field of data security technology, and in particular to a RISC-V-based cache security defense method and system. Background Technology

[0002] Currently, the design goal of RISC-V is to provide a flexible, scalable, high-performance, and low-power processor architecture that can be used in various fields, such as embedded systems, servers, and high-performance computing. Microarchitecture side-channel attacks are a type of attack that exploits the microarchitecture state of a processor. Cache-based side-channel attacks are a type of microarchitecture side-channel attack that utilizes the widespread cache structure within the processor to obtain sensitive information from the target system. In this type of attack, attackers infer the execution status of the target program by observing its cache access patterns and times, thereby obtaining sensitive information. This poses a significant threat to system security and also to user privacy.

[0003] In summary, the technical problems existing in the relevant technologies need to be improved. Summary of the Invention

[0004] The embodiments of this application aim to at least partially address one of the technical problems in the related art. Therefore, the main objective of the embodiments of this application is to propose a RISC-V-based cache security defense method and system, which can effectively resist cache side-channel attacks, improve the performance of caches in RISC-V processors, and simultaneously enhance information security and reduce the potential risk of information leakage.

[0005] To achieve the above objectives, one aspect of this application proposes a RISC-V-based cache security defense method, applied to a secure cache module in a RISC-V processor. The secure cache module includes a physical address encryption module. The method comprises the following steps:

[0006] When the RISC-V processor executes the target data loading instruction of the target request component, the target physical address in the target data loading instruction is extracted;

[0007] The target physical address is encrypted using the physical address encryption module to obtain the target encrypted address;

[0008] Access the security data cache in the security cache module according to the target encrypted address. If there is a target cache line in the security data cache that corresponds to the target encrypted address, then output the target cache line to the target request component so that the target request component performs target data operation on the target cache line.

[0009] In some embodiments, the method further includes:

[0010] Access the secure data cache in the secure cache module according to the target encrypted address. If there is no target cache line corresponding to the target encrypted address in the secure data cache, then extract the target memory line from the memory module in the RISC-V processor according to the target physical address.

[0011] The target memory row is stored in the security data cache of the security cache module.

[0012] In some embodiments, the functional modules in the security caching module further include an encrypted address decryption module, and the method further includes:

[0013] Access the security data cache in the security cache module according to the target encrypted address. If there is no target cache line corresponding to the target encrypted address in the security data cache, and there is a dirty line in the security data cache, then extract the dirty line encrypted address corresponding to the dirty line.

[0014] The encrypted address of the dirty line is decrypted by the encrypted address decryption module to obtain the physical address of the dirty line;

[0015] The dirty line is written into the memory module of the RISC-V processor according to the physical address of the dirty line.

[0016] In some embodiments, the functional modules in the security cache module further include a record table buffer module, the security cache module is provided with a reordering buffer, and the method further includes:

[0017] When the RISC-V processor executes the target data loading instruction of the target request component, if the target data loading instruction modifies the target cache line to obtain a target modified cache line, then the target data loading instruction and the target modified cache line are stored in the record table in the record table buffer module.

[0018] The reordering buffer monitors the instruction status of the target data loading instruction. If the instruction status of the target data loading instruction is in a non-retirement state, the data status of the target modification cache line is updated to an unsafe state to prevent non-target data loading instructions from modifying the target modification cache line.

[0019] If the instruction status of the target data loading instruction is retired, the data status of the target modification cache line is updated to safe, and the target modification cache line is stored in the safe data cache in the safe cache module.

[0020] In some embodiments, the method further includes:

[0021] When the data in the record table occupies a space greater than or equal to the record storage space of the record table, the target data entry in the record table is replaced using a first-in-first-out replacement algorithm.

[0022] In some embodiments, the method further includes:

[0023] Obtain the attack test program;

[0024] The attack test program is stored in the memory module of the RISC-V processor, and the attack test program is executed by the RISC-V processor to obtain simulated test results;

[0025] The defense level of the security caching module is evaluated based on the simulation test results.

[0026] In some embodiments, encrypting the target physical address using the physical address encryption module to obtain the target encrypted address includes:

[0027] The target encrypted address is obtained by encrypting the target physical address using a low-latency block cipher through the physical address encryption module.

[0028] To achieve the above objectives, another aspect of this application proposes a RISC-V-based cache security defense system, applied to a secure cache module in a RISC-V processor. The secure cache module includes a physical address encryption module, and the system comprises the following modules:

[0029] The physical address extraction module is used to extract the target physical address in the target data loading instruction when the RI SC-V processor executes the target data loading instruction of the target request component;

[0030] A physical address encryption module is used to encrypt the target physical address to obtain a target encrypted address;

[0031] An encrypted address access module is used to access the security data cache in the security cache module according to the target encrypted address. If there is a target cache line in the security data cache corresponding to the target encrypted address, the target cache line is output to the target request component so that the target request component performs target data operation on the target cache line.

[0032] To achieve the above objectives, another aspect of this application provides an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the method described above.

[0033] To achieve the above objectives, another aspect of the embodiments of this application proposes a computer-readable storage medium storing a computer program that, when executed by a processor, implements the methods described above.

[0034] The embodiments of this application include at least the following beneficial effects: This application provides a cache security defense method and system based on RI SC-V, applied to a security cache module in an RI SC-V processor. The functional modules in the security cache module include a physical address encryption module. When the RI SC-V processor executes the target data loading instruction of the target request component, the scheme extracts the target physical address from the target data loading instruction; encrypts the target physical address through the physical address encryption module to obtain the target encrypted address; accesses the security data cache in the security cache module according to the target encrypted address; if a target cache line corresponding to the target encrypted address exists in the security data cache, the target cache line is output to the target request component so that the target request component performs target data operations on the target cache line. This application embodiment encrypts the target physical address carried in the target data loading instruction using the physical address encryption module in the security cache module to obtain the target encrypted address. The encryption avalanche effect causes spatially correlated rows in the physical address space to be scattered throughout the encrypted address space, and the encrypted cache address is invisible to attackers, thus protecting the system from malicious attacks and effectively resisting cache side-channel attacks. In other words, this application embodiment can effectively complete the random mapping from memory rows to cache locations by operating the cache in the encrypted address space instead of the physical address space. By randomizing the fixed mapping relationship between memory rows and cache rows, attackers cannot determine the cache set of the target address, thereby protecting the system from malicious attacks, effectively resisting cache side-channel attacks, improving the performance of the cache in the RI SC-V processor, improving the level of information security, and reducing the potential risk of information leakage. Attached Figure Description

[0035] Figure 1 This is a flowchart of the steps of the cache security defense method based on RI SC-V provided in the embodiments of this application;

[0036] Figure 2 This is a schematic diagram of a secure cache design architecture for RI SC-V processors provided in an embodiment of this application;

[0037] Figure 3 This is a schematic diagram of the record table structure of the record table buffer module provided in this application embodiment;

[0038] Figure 4 This is a schematic diagram of the compilation process of the attack simulation program provided in the embodiments of this application;

[0039] Figure 5 This is a flowchart illustrating the cache security defense method based on RI SC-V provided in the embodiments of this application;

[0040] Figure 6 This is a schematic diagram of the structure of the RI SC-V-based cache security defense system provided in the embodiments of this application;

[0041] Figure 7 This is a schematic diagram of the hardware structure of the electronic device provided in the embodiments of this application. Detailed Implementation

[0042] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to limit it. In the following description, when referring to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with those of this application; they are merely examples of systems and methods consistent with some aspects of the embodiments of this application as detailed in the appended claims.

[0043] It is understood that the terms “first,” “second,” etc., used in this application may be used herein to describe various concepts, but unless otherwise stated, these concepts are not limited by these terms. These terms are only used to distinguish one concept from another. For example, without departing from the scope of the embodiments of this application, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the words “if,” “when,” or “in response to a determination” as used herein may be interpreted as “when…” or “when…” or “in response to a determination.”

[0044] As used in this application, the terms "at least one", "multiple", "each", "any", etc., "at least one" includes one, two or more, "multiple" includes two or more, "each" refers to each of the corresponding multiples, and "any" refers to any one of the multiples.

[0045] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of this application only and is not intended to limit this application.

[0046] Currently, in the field of chip instruction set architecture, RISC-V has received widespread attention due to the promotion of open source and the continuous development of the RISC-V ecosystem. RISC-V is an open-source instruction set architecture (ISA) based on Reduced Instruction Set Computing (RISC). RISC-V is designed to provide a flexible, scalable, high-performance, and low-power processor architecture suitable for various applications such as embedded systems, servers, and high-performance computing. However, RISC-V may be vulnerable to microarchitecture side-channel attacks. Microarchitecture side-channel attacks exploit the processor's microarchitecture state to launch side-channel attacks, breaking the isolation mechanisms provided by the operating system and other software layers, seriously threatening user information security. Unlike other traditional side-channel attacks, microarchitecture side-channel attacks do not require physical contact between the attacker and the target, nor do they require complex analysis equipment; the attacker only needs to be able to execute code in the same environment as the target to complete the attack. One type of microarchitectural side-channel attack is cache-based attack, which leverages the widespread cache structure in processors to obtain sensitive information from the target system. In this attack, attackers infer the target program's execution status by observing its cache access patterns and timings, thereby acquiring sensitive information. As an example, processor caches have three characteristics: first, most processors currently have a cache structure; second, caches can possess fine-grained data access and instruction execution status information; and third, while the program's execution result may be the same regardless of the cache state, external characteristics such as runtime can vary significantly. However, attackers can use these characteristics to construct side-channel attacks. Cache-based side-channel attacks can be used to obtain encryption keys for algorithms such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), and RSA (Rivest-Shamir-Adleman), and can also be used to steal users' private information, posing a significant threat to system security. In related technologies, most current research on microarchitecture side-channel attacks focuses on Intel or ARM (Advanced RISC Machines) processor architectures, while research on microarchitecture side-channel attacks on RISC-V architectures is relatively limited.

[0047] In view of this, this application provides a RISC-V-based cache security defense method and system, applied to a secure cache module in a RISC-V processor. The functional modules in the secure cache module include a physical address encryption module. When the RISC-V processor executes the target data loading instruction of the target request component, the scheme extracts the target physical address from the target data loading instruction; encrypts the target physical address through the physical address encryption module to obtain the target encrypted address; accesses the secure data cache in the secure cache module according to the target encrypted address; if a target cache line corresponding to the target encrypted address exists in the secure data cache, the target cache line is output to the target request component so that the target request component performs target data operations on the target cache line. This application embodiment encrypts the target physical address carried in the target data loading instruction through the physical address encryption module in the security cache module to obtain the target encrypted address. The encryption avalanche effect will cause spatially correlated rows in the physical address space to be scattered throughout the encrypted address space, and the encrypted cache address is invisible to attackers, which can protect the system from malicious attacks and effectively resist cache side-channel attacks. That is, this application embodiment can effectively complete the random mapping from memory rows to cache locations by operating the cache in the encrypted address space instead of the physical address space. By randomizing the fixed mapping relationship between memory rows and cache rows, attackers cannot determine the cache set of the target address, thereby protecting the system from malicious attacks, effectively resisting cache side-channel attacks, improving the performance of the cache in the RISC-V processor, improving the level of information security, and reducing the potential risk of information leakage.

[0048] The RISC-V-based cache security defense method provided in this application relates to the field of data security technology. This RISC-V-based cache security defense method can be applied to terminals, servers, or software running on either terminal or server. In some embodiments, the terminal can be a smartphone, tablet, laptop, desktop computer, smart speaker, smartwatch, or in-vehicle terminal, but is not limited to these. The server can be configured as an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network), and big data and artificial intelligence platforms. The server can also be a node server in a blockchain network. The software can be an application implementing the RISC-V-based cache security defense method, but is not limited to the above forms.

[0049] This application can be used in a wide variety of general-purpose or special-purpose computer system environments or configurations. Examples include: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics devices, network PCs, minicomputers, mainframes, and distributed computing environments including any of the above systems or devices. This application can be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform specific tasks or implement specific abstract data types. This application can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.

[0050] Please see Figure 1 , Figure 1 This is an optional flowchart of a RISC-V-based cache security defense method provided in this application embodiment, applied to a secure cache module in a RISC-V processor. The functional modules in the secure cache module include a physical address encryption module. Figure 1 The method may include, but is not limited to, steps S101 to S103.

[0051] Step S101: When the RISC-V processor executes the target data loading instruction of the target request component, the target physical address in the target data loading instruction is extracted;

[0052] RISC-V is an open-source instruction set architecture based on a reduced instruction set architecture. RISC-V is designed to provide a flexible, scalable, high-performance, and low-power processor architecture suitable for various applications, such as embedded systems, servers, and high-performance computing. A RISC-V processor is a processor based on the RISC-V instruction set architecture.

[0053] In this embodiment, the focus is on designing the cache portion of the RISC-V processor, specifically the secure cache module. The secure cache module is a crucial component of the RISC-V processor, used for storing and processing data to improve data access speed. The security cache defense scheme in this embodiment consists of two parts: the first part randomizes address mappings to the cache set, making it impossible for attackers to determine the cache set containing the target address by randomizing the fixed mapping relationship between memory lines and cache lines; the second part temporarily stores cache lines that load instructions need to modify in a record table buffer module until the load instructions retire, at which point the corresponding cache lines are then filled back into the cache, preventing attackers from observing insecure cache lines.

[0054] In this embodiment, the functional modules of the security cache module include not only a physical address encryption module, but also an encrypted address decryption module and a record table buffer module. The physical address encryption module encrypts the physical address corresponding to the data loading instruction to obtain an encrypted address, allowing access to the cache via the encrypted address. The encrypted address decryption module converts the encrypted address of the retrieved row in the cache into the corresponding physical address, enabling write-back execution using the decrypted physical address. The record table buffer module stores the loading instruction and the modified cached rows. The record table in the record table buffer module retains records of affected cached rows, such as records of modified cached rows.

[0055] Please see Figure 2 , Figure 2 This is a schematic diagram of a secure cache design architecture for RISC-V processors provided in an embodiment of this application; as shown... Figure 2As shown, the RISC-V processor core is equipped with a security cache, which includes a physical address encryption module, an encrypted address decryption module, and a record table buffer module. The hardware part includes a SoC (System on Chip) system built based on the RISC-V processor core. The RISC-V processor core is connected to peripherals via an AXI (Advanced eXtensible Interface) bus. The peripherals include a UART (Universal Asynchronous Receiver / Transmitter) serial port and memory. The memory stores the software program (i.e., the attack program used in this embodiment to evaluate the security cache module), and the UART serial port is used to output the program execution results. In a specific implementation, the same attack program can be placed in the original SoC system in the relevant technology and compared with the SoC system that has replaced the security cache designed in the embodiments of this application. Specifically, the attack program is placed in memory. After the RISC-V processor starts running, it reads the program from memory into the RISC-V processor core through the AXI bus for execution. The running result is output through the UART serial port via the AXI bus. After the running is completed, the original SoC system will be successfully attacked by the attack program, while the SoC system that has replaced the security cache designed in the embodiments of this application will fail to be attacked. This can verify the defense function of the security cache designed in the embodiments of this application against attacks.

[0056] The target requesting component can be a hardware component or a software module that issues a data load request (i.e., a target data load instruction) to the RISC-V processor. Each load instruction that attempts to modify the cache is the process of accessing the cache using a physical address.

[0057] Optionally, the target physical address is the memory address specified in the target data load instruction, used to locate the data to be loaded.

[0058] Step S102: Encrypt the target physical address using the physical address encryption module to obtain the target encrypted address;

[0059] In some embodiments, step S102 may include: encrypting the target physical address using a low-latency block cipher via a physical address encryption module to obtain a target encrypted address.

[0060] In this embodiment, Low Latency Block Cipher (LLBC) is used as the address encryption method, and the LLBC is also used for decryption in the subsequent address decryption part. It should be noted that the encryption and decryption methods can also use XOR, and this embodiment does not limit this.

[0061] The target encrypted address is the encrypted address obtained by encrypting the target physical address in the target data load instruction using a low-latency block cipher by the physical address encryption module. This encrypted address is only visible within the cache, while the rest of the memory system operations remain unchanged and continue to execute using the physical address.

[0062] In practical implementation, by operating on the cache in the encrypted address space rather than the physical address space, random mapping from memory lines to cache locations can be effectively achieved. The encrypted avalanche effect causes spatially correlated lines in the physical address space (e.g., lines mapped to the same cache set) to be scattered throughout the encrypted address space. This dispersion occurs in an unpredictable manner and is determined by the encryption key. Since attackers have no direct visibility of the ciphertext, they cannot remember plaintext-ciphertext pairs; that is, the encrypted cache address is invisible to attackers. Therefore, memory-based attacks are unnecessary, thus protecting the system from various malicious attacks and effectively resisting multiple cache side-channel attacks.

[0063] Step S103: Access the security data cache in the security cache module according to the target encrypted address. If there is a target cache line in the security data cache corresponding to the target encrypted address, output the target cache line to the target request component so that the target request component performs target data operation on the target cache line.

[0064] The secure data cache is a storage mechanism within the secure caching module used to store data. Its design aims to protect this data from unauthorized access or disclosure, ensuring data security and privacy. In this embodiment, access to the secure data cache requires the use of an encrypted address; the physical address cannot directly access the secure data cache. By operating on the cache in the encrypted address space instead of the physical address space, a random mapping from memory rows to cache locations can be effectively achieved. The encrypted cache address is invisible to attackers, thus protecting the system from various malicious attacks and effectively resisting multiple cache side-channel attacks.

[0065] In this context, a target cache line refers to a data block in the secure data cache that is located by a specific request (specified by the target physical address corresponding to the target encrypted address). In a concrete implementation, when a component (such as a processor, input / output device, etc.) requests access to data corresponding to a certain address, the secure cache module searches for a line matching that address. If a line exists, it is considered the target cache line, containing the requested data, and can be output to the component that requested the data.

[0066] Optionally, target data operations refer to a series of data processing actions performed on target cache lines retrieved from the security data cache. Target data operations may include, but are not limited to, reading data, writing data, updating data, and deleting data. The specific type of target data operation depends on the actual application requirements of the requesting component and the purpose of the data.

[0067] In some embodiments, the method may further include: accessing the security data cache in the security cache module according to the target encrypted address; if there is no target cache line corresponding to the target encrypted address in the security data cache, retrieving the target memory line from the memory module in the RI SC-V processor according to the target physical address; and storing the target memory line in the security data cache in the security cache module.

[0068] Memory modules are physical devices in a computer system used to store data and programs. In the RI SC-V processor architecture, memory modules are part of the main memory (such as DRAM) and are used to store the data and instructions required by the processor when executing programs.

[0069] In this context, a target memory line refers to a data block within a memory module that is located by a specific request (specified by the target physical address). In the implementation, when the security data cache does not contain a target cache line corresponding to the target encrypted address, the system extracts the corresponding data block from the memory module based on the target physical address corresponding to the target encrypted address. This data block is called the target memory line, which contains the requested data and is subsequently stored in the security data cache for secure access later.

[0070] In practical implementation, when the processor's execution unit executes program instructions, it encounters load instructions that require reading data from memory. These load instructions contain the memory address from which the data to be read. The processor first checks if the corresponding data exists in the cache. If a cache hit occurs (the cache uses the tag portion of the address to determine a hit), the data is read directly from the cache, which is much faster than reading from main memory. If a cache miss occurs, the processor loads the data from main memory and may write the data into the cache for future use.

[0071] In some embodiments, the method may further include: accessing the security data cache in the security cache module according to the target encrypted address; if there is no target cache line corresponding to the target encrypted address in the security data cache, and there is a dirty line in the security data cache, then extracting the dirty line encrypted address corresponding to the dirty line; decrypting the dirty line encrypted address through the encrypted address decryption module to obtain the dirty line physical address; and writing the dirty line into the memory module in the RISC-V processor according to the dirty line physical address.

[0072] In practical implementation, when a cache miss occurs (i.e., the target cache line corresponding to the target encrypted address does not exist in the security data cache), to free up space in the cache to store new data, a cache line needs to be selected for replacement. Specifically, when a dirty cache line exists in the cache, it needs to be written back to main memory first, and then the original cache line corresponding to the dirty cache line in the cache is replaced. Since the data needed is saved to the missed line when a cache miss occurs, the data that originally existed at that line position will be written back. When a cache hit occurs, there is no dirty line in the cache. On the other hand, when a clean cache line exists in the cache, it can be directly replaced without writing the cache line back to main memory. A clean cache line is one where the data in the cache line is consistent with the data in main memory, has not been modified, or any modifications have been written back to main memory.

[0073] Optionally, the secure cache module also includes an encrypted address decryption module. This module uses the same cipher as the physical address encryption module, both employing Low-Latency Block Cipher (LLBC) for encryption and decryption. The cipher can also be selected using an XOR method. The encrypted address decryption module converts the encrypted address of a retrieved row in the cache into its corresponding physical address, allowing the decrypted physical address to be used for write-back. For example, when a dirty row needs to be evicted from the secure data cache, it is first retrieved. Since the tag information in the secure data cache is based on encrypted addresses, the encrypted address decryption module must first decrypt the encrypted address of the dirty row into its original physical address. Then, this original physical address is used to perform a write-back, i.e., writing the dirty row back to memory.

[0074] A "dirty line" refers to a line of data in the secure data cache that has been modified but not yet written back to main memory (the storage module). In implementation, after data is loaded into the secure data cache, the processor may modify it. If the modified data has not yet been written back to main memory, this modified line is marked as "dirty," indicating that its content differs from the original data in main memory. When the cache is replaced, this modified line of data, originally stored in the cache, must be written back to main memory to ensure data consistency in main memory.

[0075] The encrypted address of the dirty line is the encrypted address corresponding to the dirty line in the secure data cache. The physical address of the dirty line is the original address corresponding to the dirty line. The physical address of the dirty line can be obtained by encrypting it through the physical address encryption module. The encrypted address of the dirty line can be obtained by decrypting it through the encryption address decryption module.

[0076] In practical implementation, Low-Latency Block Cipher (LLBC) can be used to convert physical addresses into encrypted addresses, and this encrypted address is used to access the cache. If the cache line corresponding to the accessed encrypted address (i.e., the cache line corresponding to the physical address) exists in the cache, the cache indicates a hit and provides data to the component that issued the load instruction request. If the cache line corresponding to the accessed encrypted address (i.e., the cache line corresponding to the physical address) is not in the cache (i.e., a miss), the cache may evict a dirty line. That is, if a dirty line exists in the cache, it must be written back to memory. Since the tag information in the cache is based on encrypted addresses, the encrypted address of the retrieved line (such as the encrypted address of a dirty line) must first be converted to the original physical address. Since the evicted line now has the original physical address, it can be written back to memory based on the original physical address. The encrypted address is only visible within the cache, while memory does not need to obtain the encrypted address. That is, the rest of the memory system operations remain unchanged and continue to use physical addresses for execution. It's worth noting that the cache organization and hit / miss detection remain unchanged; the only difference is that the cache now receives accesses to encrypted addresses (which may be mapped to different sets Y) instead of physical addresses (which may be mapped to a set X).

[0077] In this embodiment, by operating the cache on the encrypted address space instead of the physical address space, the random mapping of memory lines to cache locations can be effectively achieved. The encrypted avalanche effect will cause spatially related lines in the physical address space (e.g., lines mapped to the same set of caches) to be scattered throughout the encrypted address space. This dispersion will occur in an unpredictable manner and is determined by the encryption key. Since the attacker has no direct visibility of the ciphertext, the attacker cannot remember the plaintext-ciphertext pair. The encrypted cache address is invisible to the attacker, so there is no need for memory-based attacks. This can protect the system from various malicious attacks, effectively resist various cache side-channel attacks, and thus ensure the privacy and security of user data, thereby improving the security of the system.

[0078] In some embodiments, the method may further include: when the RI SC-V processor executes a target data loading instruction of a target request component, if the target data loading instruction modifies the target cache line to obtain a target modified cache line, then the target data loading instruction and the target modified cache line are stored in a record table in a record table buffer module; the instruction status of the target data loading instruction is monitored through a reordering buffer; if the instruction status of the target data loading instruction is in a non-retired state, the data status of the target modified cache line is updated to a non-safe state to prevent non-target data loading instructions from modifying the target modified cache line; if the instruction status of the target data loading instruction is in a retired state, the data status of the target modified cache line is updated to a safe state, and the target modified cache line is stored in a safe data cache in a safe cache module.

[0079] In some embodiments, the method may further include: when the data space occupied in the record table is greater than or equal to the record storage space of the record table, replacing the target data entry in the record table with a first-in-first-out replacement algorithm.

[0080] The security cache module includes a reorder buffer, or ROB (Re-order Buffer).

[0081] For a target modified cache line, it is the data line obtained by modifying the target cache line corresponding to the load instruction by the load instruction, that is, the cache line affected by the load instruction.

[0082] The instruction status of the target data loading instruction can be divided into a non-retired state and a retired state. When the instruction status of the target data loading instruction is in the non-retired state, the data status of the target modified cache line is considered to be in a non-safe state; when the instruction status of the target data loading instruction is in the retired state, the corresponding line of this target data loading instruction stored in the record table is stored in the corresponding line in the cache, and the data status of the target modified cache line is changed to a safe state.

[0083] The data space occupied refers to the space used by the record table in the record table buffer module; the record storage space refers to the maximum storage space of the record table in the record table buffer module.

[0084] Optionally, the security cache module also includes a record table buffer module. For any load instruction, it will be recorded in the record table buffer module, which contains a record table. (See [link to relevant documentation]). Figure 3 , Figure 3 This is a schematic diagram of the record table structure of the record table buffer module provided in this application embodiment, as shown below. Figure 3 As shown, the specific record table structure and its execution flow are as follows: The record table contains n items, each item has an IID field and an index field ( Figure 3The address field in the table contains the IID of the load instruction, which is used to compare with the IID of the ROB unit; the index field records the address of the cache line affected by the load instruction. To minimize the latency caused by querying the record table, this embodiment uses a multi-channel comparator. The multi-channel comparator circuit can complete within one clock cycle, allowing the IID of the ROB unit to be compared with the IID of every item in the record table simultaneously. If the requested memory address matches the record table (i.e., the ROB unit and an item in the record table have the same IID), the address information of the cache line corresponding to this same IID is output from the record table.

[0085] In the specific implementation, once a load instruction modifies the corresponding cache line, both the load instruction and the modified cache line are saved to the record table of the record table buffer module. At this point, the modified cache line becomes invisible and is no longer accessed by subsequent instructions. Specifically, when a load instruction enters the execution phase, its safety state is still unknown. However, when the load instruction retires, by monitoring the ROB header, if the load instruction is recorded in the record table buffer module, the corresponding modified cache line is updated to a safe state. At this point, the modified cache line becomes visible and can be accessed by subsequent instructions.

[0086] It's easy to understand that after a load instruction reaches the ROB header, its status changes to a safe instruction. Therefore, a crucial indicator of a safe instruction transition is its arrival at the ROB header. Specifically, instruction arrival at the ROB header is a processor mechanism; instruction commit means that the instruction is now within the retirement window of the ROB header, and all instructions preceding it have already retired or are in the process of retirement. In other words, instruction commit implies that the instruction is safe (and will definitely be executed). Instruction retirement, on the other hand, is the process of removing an instruction from the ROB after execution, once its impact on the processor can be determined. However, malicious instructions used in attacks cannot reach the ROB header; once an instruction reaches the ROB header, it will retire. Therefore, monitoring the ROB header to determine instruction retirement is a vital method for checking instruction security.

[0087] The execution phase refers to the stage where the processor actually executes instructions, such as performing calculations, memory reads, and writes. In this phase, the effect of the instruction execution has occurred, but its state (such as security) is not yet fully determined. This is especially true for load instructions; although they acquire data during the execution phase, this data may have been loaded under incorrect branch prediction paths or potential misjudgments, thus its state remains unknown. Specifically, in the initial execution phase: when an instruction is issued to an execution unit (e.g., the ALU (Arithmetic Logic Unit), or the load / store unit), the instruction execution phase begins. During this phase, load instructions may fetch data from the cache or memory, while arithmetic instructions perform calculations. In the execution termination phase: the execution phase ends after the instruction completes its operation and generates a result, which is usually written back to the register file or cache. At this point, although the load instruction has completed the calculation or data fetch, it has not yet completely exited the processor pipeline and is still waiting for retirement in the instruction reordering buffer (ROB).

[0088] In practical applications, cache side-channel attacks may exploit all non-retired load instructions. Therefore, if a load instruction is executed but not retired, it is considered unsafe and should be prohibited from modifying the cache. If a load instruction is executed and retired, it can be considered safe, and the cache line status can be updated to safe. All modifications can then be queried by subsequent instructions.

[0089] In this implementation, the load instruction replaces the oldest entry in the record table using a First-In-First-Out (FIFO) replacement algorithm. In practice, since the number of records may exceed the maximum capacity of the record table, some entries need to be discarded once the table is full. Therefore, in this embodiment, the record table replaces the oldest entry using the FIFO replacement algorithm. It's worth noting that some instructions in the record table may be discarded without updating. Because the record table is large enough, load instructions cannot remain in a non-retired state for an extended period unless they are unsafe instructions, until the record table evicts them. Therefore, the record table retains records of affected cache lines and prevents subsequent instructions from accessing these records. After the load instruction corresponding to the affected cache line retires, the affected cache line is released and returns to a visible state, allowing subsequent instructions to query or access all modifications.

[0090] In some embodiments, the method may further include: acquiring an attack test program; storing the attack test program in the memory module of the RISC-V processor; executing the attack test program through the RISC-V processor to obtain simulation test results; and evaluating the defense level of the security cache module based on the simulation test results.

[0091] The attack test program is used to test the defense level of the security caching module designed in the embodiments of this application. In a specific implementation, the software program (such as the attack test program) is compiled into an executable file by a compilation toolchain. The executable file is then converted into a binary file by the toolchain and stored in memory. The binary file contains a piece of software attack code, which is placed in the memory of the SoC system and executed upon power-up. The toolchain used in the embodiments of this application is the standard toolchain of the RISC-V architecture. Please refer to... Figure 4 , Figure 4 This is a schematic diagram of the compilation process of the attack simulation program provided in the embodiments of this application; as shown Figure 4 As shown, the standard toolchain structure based on the RISC-V architecture typically includes a compiler, assembler, linker, etc., all of which work together to translate C / C++ source code into an executable file. Figure 4 As shown, the compilation process of the attack simulation program is as follows: The source code is input into the preprocessor. When the input source code does not conform to the C / C++ language standard or the GNU Extended Syntax Specification (the language standard selected in the compilation file is -std=gnu89 or -std=gnu++99), the compiler will generate corresponding diagnostic information to prompt the program developer that the corresponding source code file contains syntax or semantic errors. The compiler's final task is to generate assembly code for a specific target machine. Then, the assembler assembles the assembly code generated by the compiler into object code. Next, the linker links multiple object files and several static libraries and dynamic shared libraries into a complete executable file. For the structure and compilation process of the standard toolchain based on the RI SC-V architecture, please refer to the specific implementation principles in related technologies; this application's embodiments will not elaborate further.

[0092] In a specific implementation, a simulated attack is performed on the security cache designed for high-performance RI SC-V processors in the embodiments of this application, and the defense effect is observed, which can verify the correctness of the system built in the embodiments of this application.

[0093] Specifically, the same attack program can be compared between the original SoC system in the relevant technology and the SoC system that has replaced the security cache designed in the embodiments of this application. Specifically, the attack program is placed in memory. After the RI SC-V processor starts running, it reads the program from memory into the RI SC-V processor core through the AXI bus for execution. The running result is output through the UART serial port via the AXI bus. After the execution is completed, the original SoC system will be successfully attacked by the attack program, while the SoC system that has replaced the security cache designed in the embodiments of this application will fail to be attacked. This can verify the defense function of the security cache designed in the embodiments of this application against attacks.

[0094] In the embodiments of this application, steps S101 to S103 involve the following steps: when the RI SC-V processor executes the target data loading instruction of the target request component, the target physical address in the target data loading instruction is extracted; the target physical address is encrypted by the physical address encryption module to obtain the target encrypted address; the secure data cache in the secure cache module is accessed according to the target encrypted address; if a target cache line corresponding to the target encrypted address exists in the secure data cache, the target cache line is output to the target request component so that the target request component performs target data operation on the target cache line. This application embodiment encrypts the target physical address carried in the target data loading instruction using the physical address encryption module in the security cache module to obtain the target encrypted address. The encryption avalanche effect causes spatially correlated rows in the physical address space to be scattered throughout the encrypted address space, and the encrypted cache address is invisible to attackers, thus protecting the system from malicious attacks and effectively resisting cache side-channel attacks. In other words, this application embodiment can effectively complete the random mapping from memory rows to cache locations by operating the cache in the encrypted address space instead of the physical address space. By randomizing the fixed mapping relationship between memory rows and cache rows, attackers cannot determine the cache set of the target address, thereby protecting the system from malicious attacks, effectively resisting cache side-channel attacks, improving the performance of the cache in the RI SC-V processor, improving the level of information security, and reducing the potential risk of information leakage.

[0095] To explain in detail the principle of the technical solution of the present invention, the overall process of the present invention will be described below with reference to some specific embodiments. It is easy to understand that the following is an explanation of the technical principle of the present invention and should not be regarded as a limitation of the present invention.

[0096] In this embodiment, by integrating the randomization scheme and the record table scheme, a secure cache design can be constructed. The randomization scheme can be effectively implemented by using encrypted address access to the cache. Specifically, the physical address receiving cache access is encrypted or decrypted using Low Latency Block Cipher (LLBC), i.e., by randomly mapping addresses to the cache set, and by randomizing the fixed mapping relationship between memory lines and cache lines, attackers cannot determine the cache set of the target address. The record table scheme's defense method involves temporarily storing cache lines that need to be modified by the load instruction in the record table buffer module until the load instruction retires, at which point the corresponding modified cache lines are filled into the secure data cache, making it impossible for attackers to observe insecure cache lines.

[0097] Please see Figure 5 , Figure 5 This is a flowchart illustrating the RISC-V-based cache security defense method provided in this application embodiment; as follows: Figure 5 As shown, the process of the RISC-V-based cache security defense method is as follows: For each load instruction that attempts to modify the cache (i.e., accessing the cache using a physical address), firstly, the physical address corresponding to the load instruction is encrypted using a low-latency block cipher (LLBC) by the physical address encryption module to obtain the encrypted address; then, the cache is accessed using the encrypted address. Figure 5 The system first sets the DCache in the cache to 0, and sets the flag S in the cache line corresponding to the encrypted address to 0 (meaning that any subsequent access to this cache line will be a miss). At the same time, it records the encrypted address and the ID (IID: Instruction ID) of the load instruction in the record table buffer module. Then, if the cache line corresponding to the accessed encrypted address (i.e., the cache line corresponding to the physical address) exists in the cache, the cache indicates a hit and provides data to the component that issued the load instruction. If the cache line corresponding to the accessed encrypted address (i.e., the cache line corresponding to the physical address) does not exist in the cache, i.e., a miss, the cache may evict a dirty line, and this dirty line must be written back to memory. Furthermore, when a line in the cache needs to be written back to memory, the encrypted address decryption module uses Low Latency Block Cipher (LLBC) to decrypt the line to be written back (such as a dirty line), that is, the encrypted address of the retrieved line is converted into a physical address, and finally the physical address is used to perform the memory write-back operation. The Low Latency Block Cipher (LLBC) uses the same key for encryption and decryption operations. Furthermore, during the randomization mapping process, when a load instruction retires, the header of the ROB can be monitored. If the load instruction is recorded in the record table buffer module (i.e., the ID in the ROB is the same as the ID stored in the record table), the modified cache line at the corresponding encrypted address of the load instruction will be updated to a secure state (S is set to 1), allowing subsequent instructions to access the modified cache line.

[0098] It should be noted that this embodiment is only a brief illustrative description of the general process of the RISC-V-based cache security defense method. Detailed descriptions of each step can be found in the relevant content of the foregoing embodiments, and will not be repeated here. It is understood that the present invention does not limit this.

[0099] This application provides a RISC-V-based cache security defense method and system, applied to a secure cache module in a RISC-V processor. The secure cache module includes a physical address encryption module. When the RISC-V processor executes a target data loading instruction from a target request component, the scheme extracts the target physical address from the instruction; encrypts the target physical address using the physical address encryption module to obtain an encrypted target address; accesses the secure data cache in the secure cache module based on the encrypted target address; if a target cache line corresponding to the encrypted target address exists in the secure data cache, the target cache line is output to the target request component, enabling the target request component to perform target data operations on the target cache line. This application embodiment encrypts the target physical address carried in the target data loading instruction through the physical address encryption module in the security cache module to obtain the target encrypted address. The encryption avalanche effect will cause spatially correlated rows in the physical address space to be scattered throughout the encrypted address space, and the encrypted cache address is invisible to attackers, which can protect the system from malicious attacks and effectively resist cache side-channel attacks. That is, this application embodiment can effectively complete the random mapping from memory rows to cache locations by operating the cache in the encrypted address space instead of the physical address space. By randomizing the fixed mapping relationship between memory rows and cache rows, attackers cannot determine the cache set of the target address, thereby protecting the system from malicious attacks, effectively resisting cache side-channel attacks, improving the performance of the cache in the RISC-V processor, improving the level of information security, and reducing the potential risk of information leakage.

[0100] In summary, to address the shortcomings of traditional caches in providing sufficient security and vulnerability to malicious attacks, this application provides a secure cache design for high-performance RISC-V processors. This design not only offers the functionality and performance of traditional caches but also protects the system from various malicious attacks, effectively resisting multiple cache side-channel attacks. It is not only effective against specific attack methods but also possesses broader applicability and defensive capabilities. This secure cache design for high-performance RISC-V processors not only provides a highly customizable hardware platform but also offers users a secure and reliable computing environment.

[0101] Please see Figure 6This application also provides a RISC-V-based cache security defense system 600, applied to a secure cache module in a RISC-V processor. The secure cache module includes a physical address encryption module, which can implement the aforementioned RISC-V-based cache security defense method. The system includes the following modules:

[0102] The physical address extraction module 601 is used to extract the target physical address in the target data loading instruction when the RISC-V processor executes the target data loading instruction of the target request component;

[0103] The physical address encryption module 602 is used to encrypt the target physical address to obtain the target encrypted address;

[0104] The encrypted address access module 603 is used to access the security data cache in the security cache module according to the target encrypted address. If there is a target cache line in the security data cache corresponding to the target encrypted address, the target cache line is output to the target request component so that the target request component performs target data operation on the target cache line.

[0105] It is understood that the content of the above method embodiments is applicable to this system embodiment. The specific functions implemented in this system embodiment are the same as those in the above method embodiments, and the beneficial effects achieved are also the same as those achieved in the above method embodiments.

[0106] This application also provides an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the aforementioned RISC-V-based cache security defense method. This electronic device can be any smart terminal, including tablet computers, in-vehicle computers, etc.

[0107] It is understood that the content of the above method embodiments is applicable to this device embodiment. The specific functions implemented by this device embodiment are the same as those of the above method embodiments, and the beneficial effects achieved are also the same as those achieved by the above method embodiments.

[0108] Please see Figure 7 , Figure 7 The hardware structure of an electronic device according to another embodiment is illustrated. The electronic device includes:

[0109] The processor 701 can be implemented using a general-purpose CPU (Central Processing Unit), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits, and is used to execute relevant programs to implement the technical solutions provided in the embodiments of this application.

[0110] The memory 702 can be implemented as a read-only memory (ROM), static storage device, dynamic storage device, or random access memory (RAM). The memory 702 can store the operating system and other application programs. When the technical solutions provided in the embodiments of this specification are implemented through software or firmware, the relevant program code is stored in the memory 702 and is called and executed by the processor 701 to implement the RISC-V-based cache security defense method of this application embodiment.

[0111] The input / output interface 703 is used to implement information input and output;

[0112] The communication interface 704 is used to enable communication and interaction between this device and other devices. Communication can be achieved through wired means (such as USB, Ethernet cable, etc.) or wireless means (such as mobile network, WIFI, Bluetooth, etc.).

[0113] Bus 705 transmits information between various components of the device (e.g., processor 701, memory 702, input / output interface 703, and communication interface 704);

[0114] The processor 701, memory 702, input / output interface 703, and communication interface 704 are connected to each other within the device via bus 705.

[0115] This application also provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the aforementioned RISC-V-based cache security defense method.

[0116] It is understood that the content of the above method embodiments is applicable to this storage medium embodiment. The specific functions implemented in this storage medium embodiment are the same as those in the above method embodiments, and the beneficial effects achieved are also the same as those achieved in the above method embodiments.

[0117] Memory, as a non-transitory computer-readable storage medium, can be used to store non-transitory software programs and non-transitory computer-executable programs. Furthermore, memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory may optionally include memory remotely located relative to the processor, and these remote memories can be connected to the processor via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

[0118] The RISC-V-based cache security defense method and system provided in this application extract the target physical address from the target physical address when the RISC-V processor executes the target data loading instruction of the target request unit; encrypts the target physical address through the physical address encryption module to obtain the target encrypted address; accesses the security data cache in the security cache module according to the target encrypted address; if there is a target cache line in the security data cache corresponding to the target encrypted address, the target cache line is output to the target request unit so that the target request unit performs target data operation on the target cache line. This application embodiment encrypts the target physical address carried in the target data loading instruction using the physical address encryption module in the security cache module to obtain the target encrypted address. The encryption avalanche effect causes spatially correlated rows in the physical address space to be scattered throughout the encrypted address space, and the encrypted cache address is invisible to attackers, thus protecting the system from malicious attacks and effectively resisting cache side-channel attacks. In other words, this application embodiment can effectively complete the random mapping from memory rows to cache locations by operating the cache in the encrypted address space instead of the physical address space. By randomizing the fixed mapping relationship between memory rows and cache rows, attackers cannot determine the cache set of the target address, thereby protecting the system from malicious attacks, effectively resisting cache side-channel attacks, improving the performance of the cache in the RI SC-V processor, improving the level of information security, and reducing the potential risk of information leakage.

[0119] The embodiments described in this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided by the embodiments of this application. As those skilled in the art will know, with the evolution of technology and the emergence of new application scenarios, the technical solutions provided by the embodiments of this application are also applicable to similar technical problems.

[0120] Those skilled in the art will understand that the technical solutions shown in the figures do not constitute a limitation on the embodiments of this application, and may include more or fewer steps than shown, or combine certain steps, or different steps.

[0121] The system embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs.

[0122] Those skilled in the art will understand that all or some of the steps in the methods disclosed above, as well as the functional modules / units in the systems and devices, can be implemented as software, firmware, hardware, or suitable combinations thereof.

[0123] The terms “first,” “second,” “third,” “fourth,” etc. (if present) in the specification and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms “comprising” and “having,” and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0124] It should be understood that in this application, "at least one (item)" means one or more, and "more than" means two or more. "And / or" is used to describe the relationship between related objects, indicating that three relationships can exist. For example, "A and / or B" can represent three cases: only A exists, only B exists, and both A and B exist simultaneously, where A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one (item) of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one (item) of a, b, or c can represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", where a, b, and c can be single or multiple.

[0125] In the embodiments provided in this application, it should be understood that the disclosed systems and methods can be implemented in other ways. For example, the system embodiments described above are merely illustrative; for instance, the division of the units described above is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between systems or units may be electrical, mechanical, or other forms.

[0126] The units described above as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0127] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0128] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes multiple instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned storage medium includes various media capable of storing programs, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0129] The preferred embodiments of the present application have been described above with reference to the accompanying drawings, but this does not limit the scope of the claims of the present application. Any modifications, equivalent substitutions, and improvements made by those skilled in the art without departing from the scope and substance of the embodiments of the present application shall be within the scope of the claims of the present application.

Claims

1. A RISC-V-based cache security defense method, characterized in that, A secure cache module for use in RISC-V processors, wherein the functional modules of the secure cache module include a physical address encryption module, the method comprising the following steps: When the RISC-V processor executes the target data loading instruction of the target request component, the target physical address in the target data loading instruction is extracted; The target physical address is encrypted using the physical address encryption module to obtain the target encrypted address; wherein, the caching operation is performed in the encrypted address space; Access the security data cache in the security cache module according to the target encrypted address. If there is a target cache line in the security data cache that corresponds to the target encrypted address, then output the target cache line to the target request component so that the target request component performs target data operation on the target cache line. The functional modules in the security cache module further include a record table buffer module, and the security cache module is equipped with a reordering buffer. The method further includes: When the RISC-V processor executes the target data loading instruction of the target request component, if the target data loading instruction modifies the target cache line to obtain a target modified cache line, then the target data loading instruction and the target modified cache line are stored in the record table in the record table buffer module. The reordering buffer monitors the instruction status of the target data loading instruction. If the instruction status of the target data loading instruction is in a non-retirement state, the data status of the target modification cache line is updated to an unsafe state to prevent non-target data loading instructions from modifying the target modification cache line. If the instruction status of the target data loading instruction is retired, the data status of the target modified cache line is updated to a secure state, and the target modified cache line is stored in the secure data cache in the secure cache module, so that attackers cannot observe insecure cache lines.

2. The method according to claim 1, characterized in that, The method further includes: Access the secure data cache in the secure cache module according to the target encrypted address. If the target cache line corresponding to the target encrypted address does not exist in the secure data cache, then extract the target memory line from the memory module in the RISC-V processor according to the target physical address. The target memory row is stored in the security data cache of the security cache module.

3. The method according to claim 1, characterized in that, The functional modules in the secure caching module further include an encrypted address decryption module, and the method further includes: Access the security data cache in the security cache module according to the target encrypted address. If there is no target cache line corresponding to the target encrypted address in the security data cache, and there is a dirty line in the security data cache, then extract the dirty line encrypted address corresponding to the dirty line. The encrypted address of the dirty line is decrypted by the encrypted address decryption module to obtain the physical address of the dirty line; The dirty line is written into the memory module of the RISC-V processor according to the physical address of the dirty line.

4. The method according to claim 1, characterized in that, The method further includes: When the data in the record table occupies a space greater than or equal to the record storage space of the record table, the target data entry in the record table is replaced using a first-in-first-out replacement algorithm.

5. The method according to claim 1, characterized in that, The method further includes: Obtain the attack test program; The attack test program is stored in the memory module of the RISC-V processor, and the attack test program is executed by the RISC-V processor to obtain simulated test results; The defense level of the security caching module is evaluated based on the simulation test results.

6. The method according to claim 1, characterized in that, The step of encrypting the target physical address using the physical address encryption module to obtain the target encrypted address includes: The target encrypted address is obtained by encrypting the target physical address using a low-latency block cipher through the physical address encryption module.

7. A RISC-V-based cache security defense system, characterized in that, A secure cache module for use in RISC-V processors, wherein the functional modules of the secure cache module include a physical address encryption module, and the system includes the following modules: The physical address extraction module is used to extract the target physical address in the target data loading instruction when the RISC-V processor executes the target data loading instruction of the target request component; A physical address encryption module is used to encrypt the target physical address to obtain a target encrypted address; wherein, the caching operation is performed on the encrypted address space; An encrypted address access module is used to access the security data cache in the security cache module according to the target encrypted address. If there is a target cache line in the security data cache corresponding to the target encrypted address, the target cache line is output to the target request component so that the target request component performs target data operation on the target cache line. The functional modules in the security cache module further include a record table buffer module, the security cache module is equipped with a reordering buffer, and the system is also used for: When the RISC-V processor executes the target data loading instruction of the target request component, if the target data loading instruction modifies the target cache line to obtain a target modified cache line, then the target data loading instruction and the target modified cache line are stored in the record table in the record table buffer module. The reordering buffer monitors the instruction status of the target data loading instruction. If the instruction status of the target data loading instruction is in a non-retirement state, the data status of the target modification cache line is updated to an unsafe state to prevent non-target data loading instructions from modifying the target modification cache line. If the instruction status of the target data loading instruction is retired, the data status of the target modified cache line is updated to a secure state, and the target modified cache line is stored in the secure data cache in the secure cache module, so that attackers cannot observe insecure cache lines.

8. An electronic device, characterized in that, The electronic device includes a memory and a processor, the memory storing a computer program, and the processor executing the computer program to implement the method according to any one of claims 1 to 6.

9. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by a processor, it implements the method of any one of claims 1 to 6.

Images