Configurable protection levels for side-channel analysis of processing units

The method addresses the challenge of varying side-channel leaks by managing side-channel emissions in processing units using protection and urgency parameters, ensuring legal compliance and energy efficiency through delayed or obscured emissions.

JP2026519773APending Publication Date: 2026-06-18TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
Filing Date
2023-06-15
Publication Date
2026-06-18

AI Technical Summary

Technical Problem

Software developers lack the knowledge and tools to effectively protect their applications from side-channel leaks, which vary across different hardware, and existing solutions do not address the urgency of protection requirements or conversion between protection parameters and noise levels.

Method used

A method for managing side-channel emissions in processing units by using protection and urgency parameters, allowing software modules to be executed on processing units that generate sufficient side-channel noise or transferring them to units with higher protection levels, or activating mitigation noise if urgent, based on compliance criteria derived from standards like FIPS 140-3 and TVLA.

Benefits of technology

Enables software developers to ensure hardware compliance with legal requirements and save energy by delaying or obscuring side-channel emissions, thus enhancing security and efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026519773000001_ABST
    Figure 2026519773000001_ABST
Patent Text Reader

Abstract

Various embodiments of this disclosure provide methods for managing side-channel emissions of processing units based on varying protection levels. A software module, or set of instructions to be executed, may be accompanied by protection and urgency parameters indicating the level of privacy or protection to be used with the software module, as well as a notification of how urgent the software module is. If the processing unit executing the software module does not emit sufficient side-channel noise and the software module is not urgent, the processing unit may wait to execute the software module until the protection level is met. Alternatively, the processing unit may transfer the software module. Alternatively, if no other processing units are present and the software module is urgent, mitigating side-channel noise may be activated to obscure the side-channel emissions of the software module.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to a method for managing side-channel emissions of a processing unit based on various protection levels in a computing system.

Background Art

[0002] Side-channel analysis (SCA) Side-channel leakage / radiation is defined as an unintended information channel from a device. Side-channels can consist of, for example, power consumption, electromagnetic (EM) radiation, timing, thermal signatures, sound, and optical radiation. An attacker can utilize these leakages to extract confidential information from a device, for example, to extract keys used to encrypt information, or to extract the weights of deep learning models executed on a device and clone them, or to infer information about (possibly secret) training data used to train them. The former is a current serious problem, while the latter could become a future problem as AI algorithms become a natural part of many systems.

[0003] Side-channel attacks work because there can be a correlation between physical measurements (such as power consumption, EM radiation, timing, etc.) taken at different points during an operation and the internal state of the processing device. For example, power consumption can correlate with the Hamming weight (number of binary "1"s) of the current state, or the Hamming distance between the current and previous states of the device. By finding this correlation, side-channel attacks can estimate the internal state and extract related confidential information, such as the secret key of a cryptographic algorithm.

[0004] Side-channel attacks are orders of magnitude more effective at extracting secrets than traditional mathematical cryptography and are more practical to implement. They do not require expensive equipment like invasive physical attacks. Furthermore, with advances in machine learning, more powerful side-channel attacks are emerging. Machine learning techniques can find correlations in raw data, allowing adversaries to bypass many existing countermeasures and break some protected implementations.

[0005] Over the past few years, many types of side channels have been successfully used to break the physical implementations of numerous cryptographic systems. Examples include implementations of cryptographic algorithms such as the Advanced Encryption Standard (AES) and Saber & Kyber, a candidate for Post-Quantum Cryptography (PQC). There have also been reports of side-channel attacks being used to steal intellectual property and reverse-engineer neural networks.

[0006] Today, software developers often find themselves protecting their software from side-channel leaks. Many modern solutions are either suitable only for specific processes or require software developers to proactively know how to implement the software in a way that protects against side-channel leaks.

[0007] Software developers may not have the knowledge to protect against leaks, but they likely know which parts of the code handle sensitive data. Hardware designers may have more knowledge about how to prevent leaks, but currently, they don't know when protection will be needed.

[0008] Several early attempts have been made to simplify this for software developers. For example, instead of requiring software developers to implement this protection, it has been suggested that they simply mark sensitive sections in the code and leave it to the hardware designers to consider how the protection should be implemented. CPU and other processing units

[0009] The first central processing units (CPUs) were so-called scalar processors, capable of executing a maximum of one single instruction at a time. To improve performance, concepts such as pipelining and so-called superscalar processors emerged commercially in the late 1980s. These introduced parallelism in different ways, and modern CPUs typically incorporate both techniques. At a high level of abstraction, they divide instruction execution into several discrete steps: • Fetch (retrieve instructions from the instruction queue) • Decode (convert an instruction into an operation to be executed by one or more processing elements) • Execution (Executes an operation in the processing element) • Completed / Write Back (Stores the result of the operation performed by the processing element)

[0010] Each instruction goes through these steps, and a pipelining approach means that each step is occupied by a separate instruction.

[0011] Modern processors are far more complex, involving both additional steps, parallelism within each step, and different processing elements, namely execution units (such as the Arithmetic Logic Unit (ALU), Advanced Vector Extensions (AVX), Address Generation Unit (AGU), Load / Store Unit, and Floating-Point Unit (FPU)), but the concepts of fetch, decode, execute, and complete are still very much alive in modern CPUs.

[0012] Since all steps are now parallelized, several instructions can be decoded at once by parallel decoders. An instruction can contain several substeps, and therefore an instruction can be decoded into several operations, sometimes called micro-operations. Each of these defines a specific operation to be performed in a particular type of processing element. Another improvement is so-called out-of-order execution, where an instruction can "interrupt," for example, if the previous instruction is waiting for data necessary to continue.

[0013] The execution order is determined by a scheduler, which, depending on the architecture used, can be one centralized component (sometimes called an integrated scheduler), several semi-centralized components, each controlling several groups of processing elements, or a distributed system where each group of processing elements has its own scheduler. Test Vector Leakage Assessment (TVLA)

[0014] Traditional security assurance testing against side-channel attacks is based on evaluating resilience to a wide range of attacks, but in the last decade, so-called conformance testing, particularly the TVLA methodology, has become popular. The idea behind TVLA is to perform leak detection and find dependencies in the measurement trace. This does not automatically mean that correlations are readily available, but rather indicates that information may be leaked. The tests are run with different sample sizes, and the largest sample size for which no correlations are found can be used as an indicator of the security level of the implementation.

[0015] At a high level, traces of two sets are measured for device under attack (DUT) and compared using several statistical methods of statistical hypothesis testing, typically Welch's t-test as proposed in the original TVLA, which aims to determine whether the two sets appear to be from the same distribution. Traces can be evaluated in a non-specific or specific way. Non-specific means that the evaluation is independent of any intermediate values ​​of the power model assumptions. Specific means that leakage at a specific intermediate point in the algorithm is considered (e.g., the first bit from the first SBox of the first round of AES). Tests are also classified according to how the input data is created, typical examples being fixed vs. random, semi-fixed vs. random, etc.

[0016] Regarding processing units, non-specific testing is most relevant to testing that specific data processed by the processing unit cannot be detected by side-channel leakage. The vendor / manufacturer of the processing unit can further test, for example, how many and what appropriate additional processing elements are needed in the processing unit to generate sufficient noise to pass TVLA tests for 1,000, 10,000, 1,000,000, and 1,000,000 traces. Federal Information Processing Standards (FIPS) 104-3 and FIPS 104-2

[0017] The FIPS 140 series specifies requirements for cryptographic modules in computer systems used by non-military government agencies and contractors in the United States.

[0018] The latest revision (FIPS 140-3) aligns the requirements with two ISO / IEC standards, ISO / IEC 19790:2012 and ISO / IEC 24759:2017. Both of these standards specify the testing methods for cryptographic modules under FIPS 140-3. In the context of ISO / IEC 19790 and ISO / IEC 24759, SCA is designated as a “non-invasive attack,” providing documentation requirements for non-invasive mitigation techniques and provisions for evidence of their effectiveness at all security levels. Levels 3 and 4 require modules to be tested using TVLAs. The difference between the two levels is primarily the resources that an attacker is assumed to have available for the attack. Level 3 testing is performed using 10,000 traces, while Level 4 uses 100,000 traces.

[0019] Similarly, as explained for TLVA, the vendor / manufacturer of the processing unit can test how many additional processing elements are required in the processing unit to pass the Level 3 or Level 4 requirements. Common standards

[0020] Common Criteria (CC) is an international framework for evaluating computer systems against a set of security requirements. CC certification is recognized by states that have signed the Common Criteria Recognition Arrangement (CCRA). The CC framework does not directly provide a list of product security requirements to which a product must conform. Instead, CC provides a certification framework that ensures claims regarding the security attributes of the evaluated product have been independently verified. CC maintains a catalog of standard security requirements that can be used as product evaluation criteria.

[0021] A protection profile (PP) is an implementation-independent specification of the security requirements for a certain class of devices. A PP is typically created by a user (e.g., a nation state) or a "user community" (e.g., an industry consortium).

[0022] The evaluation assurance level describes how rigorously security claims should be tested in the evaluation of the evaluated object. CC defines seven different evaluation assurance levels (EALs) that increase in rigor (and cost) ranging from functional testing (EAL1) to formal verification (EAL7). SCA testing is required to some extent from EAL4 onwards.

[0023] The vendor / manufacturer of the processing unit is required to generate sufficient noise to pass the assurance tests for different EALs and different PPs, and to be able to test how many and which additional processing elements are in an appropriate processing unit. Related

[0024] International Application No. PCT / IB2022 / 056860 describes a side-channel monitoring method for device under monitoring (DuM) in which an external monitor can determine the state of DuM by observing side-channel emissions.

[0025] Separate from normal "payload side-channel emissions", the disclosed technique adds deterministic noise to generate "combined side-channel emissions". The purpose is that an authorized monitor knows the deterministic noise and can thereby extract the payload side-channel emissions, while an unauthorized monitor cannot. Furthermore, the deterministic noise should not be repeated between sessions, as this could enable an unauthorized monitor to determine how to filter it.

[0026] The monitor can actively check the state of the DuM by observing the combined side-channel emissions. The DuM sets up the generation of session-specific deterministic noise using a seed and a shared secret. The seed is shared with the monitor at the startup of the DuM. Knowing the seed and the secret, the filtering module removes the deterministic noise before the state module uses the payload side-channel emissions to determine the state of the DuM.

[0027] U.S. Provisional Application Serial No. 63 / 416,197 describes a solution that simplifies the process of creating side-channel protection software for software developers without modifying the actual software. This is done by incorporating hardware-assisted concealment of side-channel leakage. The software developer only needs to mark which areas are sensitive to side-channel leakage (e.g., cryptographic operations). By marking sections as "activated" and "deactivated", the supported side-channel protection is available without the need for in-field expertise.

[0028] U.S. Provisional Application Serial No. 63 / 416,197 also proposes adding physical countermeasure components to processing units such as CPUs for the purpose of making it very difficult for an attacker to extract the data being processed.

[0029] The goal of the countermeasure component is to reduce the signal-to-noise ratio (SNR) when executing a leakage instruction. A leakage instruction means that the instruction may expose the data it processes to danger through side-channel leakage. The SNR is reduced by executing several other instructions in the processing unit simultaneously. Extracting real data by using realistic-looking instructions that operate on the generated data and thereby distort the side-channel information becomes a more difficult task for an attacker.

[0030] U.S. Patent No. 11449642 describes a method and apparatus for an electronic circuit comprising multiple processing elements, a register bank, and a control circuit. The processing elements consume power by processing multiple operands and producing multiple result values. The register bank has multiple registers.

[0031] The objective is to use processing elements to protect against side-channel leakage by using these additional unused processing elements to provide noise for the "actual processing" performed on the electronic circuit.

[0032] To achieve this, the processor selects from incoming operands and instructions and combines them for execution in unused processing elements. The results from this quasi-random combination of instructions and operands are discarded after execution.

[0033] Currently, software developers have limited ability to protect their software from side-channel leaks without possessing the knowledge to protect their software from the emission of side-channel information. Furthermore, leaks differ across different hardware, making it even more difficult for software developers to properly protect their software binaries.

[0034] Side-channel protection, performance, and energy efficiency are often contradictory goals for software processing, ideally all of which should be met.

[0035] U.S. Provisional Application Serial Number 63 / 416,197 addresses this problem by allowing software developers to add instructions that activate additional elements on the CPU. This allows software developers to protect specific parts of their software by adding noise. However, this solution does not address the following: • How urgent it is for orders requiring protection to be carried out. • Conversion between protection parameters that potentially comply with legal requirements and the noise level of the processing unit. • Selection between different countermeasure components.

[0036] U.S. Patent No. 11449642B2 can be considered a different solution to the problem addressed by U.S. Provisional Application Serial No. 63 / 416,197 and does not disclose any solutions to any of the shortcomings and problems listed above. Furthermore, it is unclear how the prior techniques handle situations where there is no appropriate inbound instruction to activate an inactive processing element. [Overview of the Initiative]

[0037] Various embodiments of this disclosure provide methods for managing side-channel radiation of processing units based on varying protection levels. A software module, or set of instructions to be executed, may be accompanied by protection and urgency parameters indicating the level of privacy or protection to be used with the software module, as well as a notification of how urgent the software module is. If a processing unit scheduled to execute a software module does not emit enough side-channel noise to satisfy the protection parameters indicating the level of protection, and the software module is not urgent, the processing unit may wait to execute the software module until the level of protection is satisfied. Alternatively, the processing unit may indicate to a device that the level of protection is not satisfied, allowing the software module to be transferred to another processing unit that can satisfy the required level of protection. Alternatively, if there are no other processing units and the software module is urgent, countermeasure side-channel noise may be activated to obscure the side-channel radiation of the executed software module. The term side-channel noise is used to refer to any side-channel radiation that can help obfuscate information in side-channel radiation from another processing. It includes radiation from other scheduled operations and does not imply that the processing that generates the noise is necessarily a dummy processing performed for its sole purpose.

[0038] In one embodiment, the method is performed by a device to manage side-channel radiation from one or more devices, and the method includes receiving notification of protection parameters associated with a software module, the protection parameters being associated with a level of side-channel protection for the software module. Based on the protection parameters, the method may include determining a conformance criterion related to the level of side-channel noise that should be generated by the device when the software module is run to conform to the level of side-channel protection. The method may include continuing to run the software module in response to side-channel noise generated by the device that meets at least the conformance criterion.

[0039] In one embodiment, the method may include selecting one or more processing units to execute a software module, the one or more processing units collectively generating at least side-channel noise thresholds.

[0040] In one embodiment, each processing unit of one or more processing units comprises at least one processing element, and selecting one or more processing units further comprises selecting at least one processing element of one or more processing units.

[0041] In one embodiment, the method may include selecting another processing unit from among one or more processing units in response to the maximum level of the side-channel noise capacitance capability of one or more selected processing units being less than a compliance criterion.

[0042] In one embodiment, the method may include providing an instruction to initiate a dedicated mitigation processing element to generate side-channel noise during the execution of a software module in response to the selected processing unit being unable to generate side-channel noise that meets the compliance criteria.

[0043] In one embodiment, the method may include providing a dedicated mitigation processing element with an instruction to stop generating side-channel noise in response to the cessation of execution of a software module.

[0044] In one embodiment, the method may include receiving an urgency parameter indicating whether the urgency associated with at least one instruction of a software module exceeds a predetermined urgency level.

[0045] In one embodiment, in response to the urgency associated with a software module instruction that does not exceed a predetermined urgency level and the generated side-channel noise that does not meet the compliance criteria, the method may include delaying the execution of at least one instruction of the software module until the side-channel noise generated by the processing unit matches at least the compliance criteria.

[0046] In one embodiment, delaying the execution of at least one instruction of the software module continues until at least one of the following conditions occurs: timer expiration or interrupt triggering; and in response to at least one of the conditions that occur, the method may include increasing the urgency level in the parameter indicating the urgency associated with the at least one instruction of the software module.

[0047] In one embodiment, in response to the urgency associated with a software module exceeding a predetermined urgency level and the side-channel noise generated by the processing unit not meeting compliance criteria, the method may include generating mitigation side-channel noise by one or more previously inactive processing elements that perform a set of mitigation procedures.

[0048] In one embodiment, the countermeasure procedure is generated to run on one or more processing elements during the execution time of the protected operation, the input data to the countermeasure procedure is predefined or deterministically derived from the data of the protected instruction, and the output data of the countermeasure procedure is not committed to memory or is stored in a dedicated memory area.

[0049] In one embodiment, instructions and data related to the countermeasure procedure are selected based on at least one of the type of instructions in the software module and the level of side-channel protection of the software module.

[0050] In one embodiment, the method may include providing an instruction to stop generating countermeasure side-channel noise in response to receiving a new protection parameter related to a lower level of side-channel protection for a software module. In one embodiment, the method may include determining whether the side-channel noise generated by the processing unit matches a conformance criterion at least at predetermined intervals.

[0051] In one embodiment, the predetermined interval is one of a predetermined period of time or a predetermined number of instructions to be executed or instructions to be executed.

[0052] In one embodiment, determining the compliance criteria is at least partially based on the type of processing element of the processing unit, the number of active processing elements, the type of instructions associated with the software module, and the instruction queues associated with the processing unit and other active processing units.

[0053] In one embodiment, the level of side-channel protection is based at least partially on computer security standards.

[0054] In one embodiment, the association between compliance criteria and the level of side-channel protection is defined by characterizing the side-channel characteristics of processing units, processing elements, and dedicated countermeasure processing elements for the device.

[0055] In one embodiment, the method may include receiving protection parameters before the execution of the software module.

[0056] In one embodiment, the method may include receiving at least one protection parameter during the execution of a software module.

[0057] In another embodiment, the device may include a processing circuit configured to manage side-channel radiation from one or more devices, the processing circuit being configured to receive notifications of protection parameters associated with a software module, the protection parameters being associated with a level of side-channel protection for the software module. The processing circuit may also determine, based on the protection parameters, a compliance criterion related to the level of side-channel noise that should be generated by the devices when the software module is executed to conform to the level of side-channel protection. The processing circuit may also execute the software module in response to side-channel noise generated by devices that at least meet the compliance criterion.

[0058] In one embodiment, a computer program, when executed on at least one processor, may include instructions that cause the processor to perform one of the methods described above.

[0059] In another embodiment, the carrier may include a computer program, and the carrier may be one of the following: an electronic signal, an optical signal, a radio signal, or a computer-readable storage medium.

[0060] Some of the benefits of this disclosure are that it enables software developers to identify requirements for software components and ensure that the protections deployed on the hardware on which they run comply with legal requirements. By allowing software developers to identify urgency parameters, devices can wait to run until the most appropriate processing unit is freed or when sufficient noise is generated by the device. This allows devices to save energy by not performing noise processing that does not contribute any value. [Brief explanation of the drawing]

[0061] The accompanying drawings incorporated herein and forming part of this specification illustrate several aspects of this disclosure and, together with the description, are useful in illustrating the principles of this disclosure.

[0062] [Figure 1] Figure 1 is a schematic block diagram of a device for managing side-channel radiation of a processing unit, according to some embodiments of the present disclosure.

[0063] [Figure 2] Figure 2 is a flowchart of a method for controlling side-channel radiation of a processing unit according to some embodiments of the present disclosure.

[0064] [Figure 3] Figure 3 is a flowchart of alternative methods for managing side-channel radiation of a processing unit, according to some embodiments of the present disclosure.

[0065] [Figure 4] Figure 4 is another flowchart of a method for protecting side-channel radiation of a processing unit according to some embodiments of the present disclosure. Figure 5 is a flowchart of a conventional procedure for a data consumer NF to acquire data from a data source NF in a 5G network via DCCF.

[0066] [Figure 5] Figure 5 is a schematic block diagram of a device according to some embodiments of the present disclosure.

[0067] [Figure 6] Figure 6 is a schematic block diagram of devices in a server according to some other embodiments of the present disclosure. [Modes for carrying out the invention]

[0068] The embodiments described below provide information to enable those skilled in the art to carry out the embodiments and represent the best mode of carrying out the embodiments. By reading the following description in reference to the accompanying drawings, those skilled in the art will understand the concepts of this disclosure and recognize the applications of these concepts not specifically addressed herein. It should be understood that these concepts and applications are within the scope of this disclosure.

[0069] Various embodiments of this disclosure provide methods for managing side-channel radiation of a processing unit based on a changing level of protection. A software module, or a set of instructions to be executed, may be accompanied by protection parameters and urgency parameters indicating the level of privacy or protection to be used with the software module, and a notification of how urgent the software module is. If the processing unit executing the software module is not emitting sufficient side-channel noise to satisfy the protection parameters indicating the level of protection, and the software module is not urgent, the processing unit may wait to execute the software module until the level of protection is satisfied. Alternatively, the processing unit may indicate to a device that the level of protection is not satisfied, which can then transfer the software module to another processing unit that can satisfy the required level of protection. Alternatively, if there are no other processing units and the software module is urgent, mitigating side-channel noise may be activated to obscure the side-channel radiation of the executed software module.

[0070] With the increase in compute offload / cloud computing and the growing regulations for software protection, new methods are needed to ensure adequate side-channel protection for sensitive components. Disclosed herein are methods that enable software developers to require a certain level of protection against side-channel leakage on devices.

[0071] When a software component is executed on a processing unit within the device, the software may include instructions that specify side-channel protection level (SCPL) requirements for a set of instructions, such as function calls. This set of instructions is referred to in this disclosure as a “software module.” The SCPL may be based on a side-channel protection standard, such as Federal Information Processing Standards (FIPS) 140-3 or Test Vector Leakage Assessment (TVLA). The device translates the protection parameters into compliance criteria, which may include, for example: • A specific processing unit with a higher side-channel protection level should be used; In addition to the processing elements used for the software module, at least X additional processing elements within one or more processing units that are activated.

[0072] The SCPL requirements further include an urgent parameter indicating whether a software instruction is not urgent and can wait until the compliance requirements are met. If it is not urgent, the software instruction is held until the compliance requirements are met or until a second point in time is reached in which the software module can no longer wait to execute.

[0073] To meet compliance requirements, the device can move the processing to a processing unit with a higher level of protection, or it can indicate to the mitigation component that X additional processing elements must be activated, causing the mitigation component to create instructions and data for the processing elements.

[0074] Once the compliance requirements are met, the instructions in the software module are executed.

[0075] The software module may optionally include a preamble indicating the required level of protection during execution. If the requirement is higher than what the device / system can achieve, the software processing is aborted, an instruction is recorded and / or communicated to the user that the maximum available level of protection and the desired level do not match.

[0076] Some of the benefits of this disclosure enable software developers to identify requirements for software components and ensure that the protections deployed on the hardware on which they run comply with legal requirements. By allowing software developers to identify urgency parameters, devices can wait to run until the most appropriate processing unit is freed or when sufficient noise is generated by the device. This allows devices to save energy by not performing noise processing that does not contribute any value.

[0077] This disclosure provides a device or system comprising at least one processing unit, a protection level determination component (PLDC), and a mitigation component. The processing unit executes a software component comprising at least one software module. The software component further comprises at least one protection level requirement instruction for the software module. The method includes translating a possibly standardized SCPL instruction from the software component into a hardware setup that provides appropriate side-channel protection for the execution of the software component. The PLDC may be configured to receive SCPL requirements from the processing unit. The SCPL requirement command may include protection parameters and urgency parameters. The protection parameters are translated into conformance criteria. The protection parameters may be based on at least one official standard, such as TVLA, FIPS 140-3, or Common Criteria.

[0078] The conformance criteria may include at least one of the following: • Specific processing units on which the software module must be executed The level of noise that must be generated by the device when the protection profile is activated. The level of noise may be determined by having a predetermined number of processing elements that execute instructions simultaneously with the instructions of the software module.

[0079] The PLDC may be further configured to allow the processing unit (PU) to determine whether the currently generated noise meets the compliance criteria. If the PU is determined to meet the compliance criteria, the instructions of the software module will be permitted to be executed. If the SCPL is determined not to meet the compliance criteria, the urgency parameter received will be used to determine whether corrective actions are necessary. • Unless it is an emergency, software instructions and operations will be suspended until compliance criteria are met or until a second point in time.

[0080] The mitigation component may also be configured to receive an increased noise level command from the PU. The mitigation component may be configured to generate an instruction for at least one of the idle processing elements, the number of idle processing elements to activate is defined in the increased noise level command.

[0081] Figure 1 is a schematic block diagram of a device for managing side-channel radiation of a processing unit, according to some embodiments of the present disclosure.

[0082] Device 100 may include one or more processing units 102-1 and 102-2 (individually or together referred to as “processing unit 102”) that can execute instructions (e.g., software modules) for performing various operations. Each processing unit 102 may include an instruction cache and fetch buffer 110 for storing unprocessed operations for a scheduler and unprocessed opcodes (instruction encodings) for a decoder 108. A processing unit 102 may also include a decoder 108 for translating opcodes into at least one operation to be performed by the processing unit 102. If the opcode is an SCPL request instruction, the processing unit (PU) sends an external signal to the PLDC 104. A scheduler 112 is also included for scheduling operations to be performed on the processing elements 114. In some embodiments, the scheduler is located outside the processing units 102 and can control several different processing units 102. In other embodiments, several schedulers 112 may reside on the same PU and be responsible for different sets of processing elements 114. Processing elements 114-1, 114-2, 114-3 (etc.) can perform at least one type of operation, such as arithmetic operations, floating-point operations, hash or cryptographic operations, or write / read operations from storage.

[0083] PU102 may also include a mitigation component 106 responsible for generating noise by generating instructions and / or data to be used by an inactive processing element, thereby reducing the signal-to-noise ratio (SNR) for an adversary observing side-channel leakage. The mitigation component 106 can select data or instructions, or create dummy data and instructions for the inactive processing element 114 to generate, or for a dedicated mitigation processing element 126 to generate, to obscure or conceal side-channel radiation associated with the execution of the software module during the protection phase. The mitigation component may be a standalone component or part of another component, such as a decoder (108) or a scheduler (112).

[0084] PU102 may also include a criteria evaluation engine 118 that evaluates whether the compliance criteria are met for at least the next X clock cycles of PU102.

[0085] PLDC104 is also provided on each PU102, which is responsible for determining whether SCPL is met by evaluating the current setup for software execution and the state of the processing unit 102 of device 100. PLDC104 may include a requirements translation engine 116 that translates SCPL into conformance criteria which are determined to provide a desired level of protection against side-channel leakage.

[0086] The processor selector 124 in the PLDC104 can also determine whether to generate and use a dedicated mitigation processing element 126, an inactive processing element 114, or an active processing element 114 that is executing supplementary instructions or dummy data / instructions in order to generate mitigation side-channel radiation.

[0087] This disclosure discloses a method that can generally be divided into two phases: an evaluation phase (related flowcharts shown in Figures 2 and 3) and a protection phase (related flowchart shown in Figure 4). The evaluation phase further includes an optional pre-evaluation phase. In some embodiments, the pre-evaluation phase is performed instead before the processing unit receives the software components, for example, in a cloud environment, where a tenant ensures during the rental process that the rented hardware has means to protect against side-channel analysis according to specified criteria. In Figures 2 to 4, the steps in the flowcharts shown with dashed lines are optional.

[0088] Figure 2 is a flowchart of a method for managing side-channel radiation of a processing unit during the evaluation phase, according to some embodiments of the present disclosure.

[0089] In step 202, the OS 128 operating system scheduler 130 optionally detects a preamble containing information about side-channel protection level (SCPL) requirements present in the software components loaded from program 132. SCPL requirements may be based on the type of instructions associated with the software component or on the data being processed by the software component, and may be specified by one or more regulatory or standards bodies (e.g., FIPS 140-3, TVLA, etc.).

[0090] In step 204, the OS scheduler 130 optionally sends a preamble to the PLDC 104.

[0091] In step 206, PLDC104 determines whether the maximum required SCPL in the preamble is less than or equal to the available SCPLs that PU102-1 can generate. If so, PLDC104 may optionally move the execution of the software component to a PU (e.g., PU102-2) that has a higher SCPL than the first PU in step 206. If the maximum required SCPL cannot be satisfied by any of the PU102, PLDC104 may instruct a dedicated mitigation processing element 126 in step 208 to execute simultaneously to increase the level of side-channel protection. Alternatively, PLDC104 may instruct the first PU102-1 to abort execution in step 210 and notify the user that the hardware cannot meet the software requirements.

[0092] If the PLDC determines that the maximum requested SCPL is less than or equal to the available SCPL, the PU selector 124 of the PLDC 104 may, in step 212, select either PU 102-1 or 102-2 from among the PU 102s that can satisfy the requested SCPL and can be used to execute the software module. Furthermore, the PU selector 124 may select which of the processing elements 114-1, 114-2, or 114-3 (etc.) may be used for the selected PU 102 to execute the software module. In step 214, after the PLDC 104 has selected a PU 102 or processing element 114 to execute the software, the OS 128 may instruct the PU 102 (e.g., 102-1 or 102-2) to load the software module from program 132. The software module may be one or more instructions executed together, and the software modules of the software component may be executed sequentially, in parallel, in a predetermined order, or in one of various orders.

[0093] In step 216, PU102 begins executing instructions belonging to a software module within the software component, and in step 218, PU102 detects an SCPL request instruction relating to the software module.

[0094] If an SCPL requirement is detected, PU102-1 stops further execution of the software module in step 220 and sends either the entire SCPL requirement instruction or the decoded requirement field to PLDC104. The SCPL request instruction may include both the requesting SCPL and the urgency associated with the software module. The urgency of the software module may relate to how long the execution of the software module may be delayed compared to other software modules before the software module is executed.

[0095] In step 222, the PLDC 104 uses the requirements conversion engine 116 to convert the requirements into compliance criteria. The compliance criteria may include one or more steps that the device 100 can take to meet the SCPL requirements and may include criteria such as a specific processing unit that the software module should perform, and the level of noise that the device needs to generate to mask the side-channel radiation of the processing element 114 that performs the instructions.

[0096] In step 224, PLDC104 measures whether the current setup and / or state of the instruction queue of PU102-1 has an appropriate maximum SCPL that can meet the conformance criteria for executing the software module. This step may be omitted if all available PU102s have the same SCPL, or if optional steps 202 to 206 have been performed.

[0097] If PU102-1 does not have the required maximum SCPL to meet the compliance criteria, but another PU exists that has a suitable maximum SCPL, PLDC104 can begin moving the software module to the second PU102-2 and proceed to step 204. In step 210, PLDC104 instructs the OS to load the software module into the second PU102-2 and terminate the execution of the software module in the first PU102-1. Processing then continues, but using the second PU102-2 instead of the first PU102-1.

[0098] If the required protection is less than the protection available for the first PU102-1, in step 226, the PLDC104 uses the requirements translation engine 116 in step 222 to translate the requirements into compliance criteria, and in step 226, supplies these to the first PU102-1. The compliance criteria identify combinations of processing elements and / or instructions that should be active / executed in conjunction with instructions belonging to the software module. Step 228 links Figure 2 with Figure 4, and the flow continues in Figure 4, for example.

[0099] In some embodiments, PLDC104 may pre-configure PU102-1 with different conformance criteria for different SCPL requirement instructions, meaning that steps 224 and 226 and processing may jump directly from step 220 to the protection phase detailed in Figure 4.

[0100] Figure 3 provides an alternative embodiment of the evaluation phase. However, in Figure 3, it is assumed that the entire software module has the same SCPL, so the first PU does not need to detect the SCPL instruction during execution (steps 218 to 220 in Figure 2). Steps 302, 304, and 306 largely reflect steps 202, 204, and 306 from Figure 2, and based on the SCPL requirements detected in the preamble and sent to the PLDC104 by the OS130, the PLDC104 can determine in step 306 whether the required side-channel noise protection is less than what is available. If not, the PLDC104 can instruct a dedicated mitigation processing element to start executing mitigation operations and data to generate additional side-channel noise in step 308, or in step 310, stop the execution.

[0101] However, if the PLDC determines that the maximum requested SCPL is less than or equal to the available SCPL, the PU selector 124 of the PLDC 104 may, in step 312, select either PU 102-1 or 102-2 from among the PU 102 that can satisfy the requested SCPL and be used to execute the software module. Furthermore, the PU selector 124 may select which of the processing elements 114-1, 114-2, or 114-3 (etc.) may be used for the selected PU 102 to execute the software module.

[0102] In step 314, after PLDC104 selects PU102 or processing element 114 to execute the software, PLDC can supply conformance criteria to the selected PU (e.g., 102-1). Then, in step 316, OS130 or PLDC104 can instruct PU102-1 to enable protection based on the conformance criteria, and in step 318, the flow continues in Figure 4, for example.

[0103] Figure 4 is a flowchart of another method for protecting side-channel radiation of a processing unit during a protection phase, according to some embodiments of the present disclosure.

[0104] In step 402, PU102-1 (for example, by decoder 108) decodes the instructions from the software module into a set of operations, such as microopers, and in step 404, PU102-1 configures the reference evaluation engine 118 with the conformance criteria.

[0105] In step 406, the criteria evaluation engine 118 can determine whether the current setup and / or state of the PU's instruction queue meets the requirements defined in the conformance criteria.

[0106] If the conformance criteria are met, the process jumps to step 418, and PU102-1 continues executing the software module's operations. If more SCPL request instructions are found in the software component, the process returns to step 218 of the evaluation phase.

[0107] On the other hand, if the conformance criteria are not met, in step 410, a determination may be made as to whether the operation is urgent based on the urgent parameter in the SCPL requirements for the software. If the operation is not urgent, PU102-1 may, in step 422, suspend the execution of instructions belonging to the software until a second time point. The second time point may be determined by a timer or interrupt. After the timer or interrupt period has ended, the determination as to whether the conformance criteria are met in step 406 may be performed again, and in step 408, the urgency level may be optionally incremented from non-urgent to urgent.

[0108] In step 410, if the operation is urgent, the process may proceed to step 412, where PU 102-1 instructs the mitigation component 106 to select at least one inactive processing element 114 according to the identified compliance criteria. In step 412, the mitigation component 106 may select at least one inactive processing element on at least one PU. For example, the mitigation component 106 may select an inactive processing element on PU 102-1 (e.g., processing element 114-2 or 114-3), or it may select another inactive processing element on a different PU, such as PU 102-2. Furthermore, the mitigation component 106 may instruct a dedicated mitigation processing element 126, which is not necessarily associated with the current PU or another PU, to execute a mitigation instruction or data.

[0109] In step 414, once the mitigation component 106 has selected an inactive processing element in step 312, the mitigation component 106 may also in step 416 create / select instructions and data for the processing element and start executing dummy processing to generate mitigation side-channel radiation that can hide or obscure the side-channel radiation generated in response to the execution of the software module.

[0110] In step 418, PU102-1 or 102-2 continues executing the software module.

[0111] When PU102-1 or 102-2 terminates execution of the software module, or when a lower SCPL requirement is received from PU102-1 or 102-2, PLDC104 may instruct the countermeasure component 106 to stop in step 420.

[0112] When PLDC104 receives the SCPL requirement level from PU102, PLDC104 can convert this requirement into hardware-specific, device-specific, or processing unit-specific compliance criteria using the requirement conversion engine 116. The requirement may be represented by a binary field where different bit positions have standardized meanings: xx01 = TVLA maximum 1000 traces, xx10 = TVLA maximum 10,000 traces xx11 = TVLA maximum 100,000 traces, 01xx = FIPS140-3, Level 2, 10xx = FIPS140-3, Level 3, 11xx = FIPS140-3, Level 4

[0113] In one embodiment, the requirements translation engine is a lookup table, and hardware requirements are identified using fixed table entries. For example, the SCPL requirements for TVLA100000 trace may state that, in addition to the processing element to be protected, at least 10 additional processing elements should be active.

[0114] As another example, the SCPL requirement for Level 3 in FIPS 140-3 states that a software module must run on a specific PU, and all processing elements must always be active on said PU.

[0115] In another embodiment, the requirements translation engine 116 further receives information about the software module, for example, what processing elements it uses during its execution. This allows the compliance criteria to be specific to the software module. For example, if the software module performs AES encryption, the requirements translation engine 116 can impose requirements on specific processing elements that are active to satisfy the compliance criteria. If the processing unit has specialized AES instructions, the compliance criteria may require that both one or more processing elements of the same type must be activated (and implicitly that a second AES-enabled processing element should perform something with a different key).

[0116] In yet another embodiment, the requirements transformation engine 116 may still receive information about a specific task performed by a software module and require that a portion of the data processed by the software module be used by a processing element that performs noise. For example, encrypting the same data with two different keys.

[0117] When PLDC104 determines hardware-specific compliance criteria, the criteria evaluation engine 118 must evaluate whether the criteria are met before the execution of instructions in the software module may be permitted.

[0118] The reference evaluation engine 118 takes information as input from at least a defined number of processing elements 114 of PU102-1. In some embodiments, the reference evaluation engine 118 further receives the type of processing element and / or the status of the instruction queue, provided by the scheduler 112.

[0119] In one embodiment, the compliance criterion may specify the number of processing elements 114 to be activated, separate from those used by the software module. The compliance criterion is evaluated based on whether a sufficient number of processing elements 114 are active during the next X clock cycle for PU102-1.

[0120] In another embodiment, the compliance criterion may have a specific precise processing element 114 that is required to be active, in which case the compliance criterion is evaluated based on whether it is active for the next X clock cycle for the PU.

[0121] In some embodiments, the reference evaluation engine 118 may be implemented using a neural network, which may be trained on an instruction queue and processing element 114 labeled with the necessary countermeasures. Training may also be performed using a generative adversarial approach, in which a generator is trained to generate combinations of instructions such that a discriminator consisting of a trained side-channel analysis network has only a random chance of finding correlations between the processing and known secrets. Data representing the noise of the processing element 114 may be predetermined as a minimum level for that element, or may be represented using a training set of side-channel traces of typical instructions executed in the processing element. A neural network trained for this purpose has high performance requirements and may be optimized for specific hardware requirements.

[0122] The countermeasure component 106 in PU102 is responsible for reducing the signal-to-noise ratio (SNR) for potential adversaries and can be implemented as a hardware component, a reconfigurable hardware (FPGA) block, or a software process controlled by PLDC104.

[0123] In one embodiment, the countermeasure component 106 may be implemented as a hardware component and may inject instructions into the fetch buffer of the processing unit, or alternatively, may directly indicate to a component of the PU, such as a decoder or scheduler, that additional instructions should be generated.

[0124] The countermeasure component 106 is tasked by the PU 102 based on conformance criteria supplied by the PLDC 104 and activates a specific processing element by generating instructions and data that can be executed by the processing element.

[0125] There are various alternatives to implementing software that communicates SCPL requirements to PLDC104.

[0126] In one embodiment, the SCPL requirement is an instruction having a specific opcode that is received by the decoder. The level in the SCPL requirement may be given as an operand for such instruction, for example {Opcode:0x1234, Operand:0x0001}, where the opcode indicates "SCPL requirement" and the operand indicates the desired level.

[0127] In some embodiments, such instructions may also include a second operand indicating how many instructions of the SCPL requirement are valid, for example, {Opcode:0x1234,1st Operand:0x0001,2nd:0x00ff} indicates that subsequent instructions with 0xff=255 should be protected.

[0128] In some embodiments, the SCPL request instruction is complemented by specific instructions that activate / deactivate the SCPL.

[0129] In some embodiments, the SCPL request instruction may be supplemented with a flag, for example, a binary flag indicating the instruction to be protected. The software can first identify the SCPL and then explicitly indicate which instruction should be protected.

[0130] In some embodiments, no specific SPCL requirement instruction exists, and in these embodiments, each instruction may have a "side-channel protection twin," i.e., both "ADD" and "SCPL-ADD" instructions exist. This can be implemented as a separate opcode or an additional operand indicating the level of the SCPL.

[0131] In yet another embodiment, there are no SCPL instructions at all, but the software may belong to PLDC104, or instead write a value to a specific memory address that is continuously monitored by PLDC104. The write may indicate which PU102 made the write, if several PU102s are available. Upon detecting an update in memory, PLDC104 configures its criteria evaluation engine with compliance requirements and notifies the relevant PU to suspend instructions in the software module until the compliance criteria are met.

[0132] In one embodiment, the PLDC104 also evaluates the arithmetic instructions sent to the connected GPU. The GPU typically has its own instruction set, and therefore protection against the GPU can be implemented in the same manner as described above. However, the GPU may not have a specific decoder and may have a more general command processor that handles the activation of SCPL.

[0133] Neural networks implemented in software may include layers of varying sensitivities, depending on whether they originate from transferred, publicly available network architectures or are the result of complete or fine-tuned training on proprietary data. For sensitive layers, the PLDC104 can instruct the GPU to add dummy operations for each parallel execution to ensure that GPU power consumption remains independent of the activity of each layer, thereby obfuscating the real number of operations required for each layer.

[0134] In one embodiment, the criteria evaluation engine 118 continuously evaluates the conformance criteria not only when an SCPL request instruction is received, but also until an instruction indicating a lower SCPL is received. In such an embodiment, the software module may be stopped during execution if the conformance criteria are no longer met.

[0135] Continuous evaluation requires more resources than a single evaluation, but in return, it provides finer-grained control over protection, allowing for protection levels with the precision to be determined on a per-clock cycle basis.

[0136] In another embodiment, the re-evaluation is performed after X instructions have been executed or after Y clock cycles have elapsed. This allows for a stepwise evaluation of larger software modules, for example, the evaluation may be performed after each round of AES encryption processing.

[0137] In one embodiment, device 100 has a dedicated countermeasure processing element 126 for generating noise and lowering the attacker's SNR. This processing element 126 may be controlled by OS 128 as a standalone component.

[0138] In some embodiments, a dedicated countermeasure processing element 126 may be present within the PU102 and may be used by the countermeasure component 106 in the PU102.

[0139] The techniques disclosed herein are suitable for cloud implementations, and the processing units used may be distributed across several different devices. In such embodiments, the PLDC 104 may be located on each server that provides at least one processing unit to the user, or alternatively, on a central PLDC that receives information from each PU via a network connection. In other embodiments, the servers may include multiple devices (see Figure 5).

[0140] Figure 5 is a schematic block diagram of device 100 according to some embodiments of the present disclosure. Device 100 in Figure 1 may include a network interface 506 and memory 504 in addition to a PU 102 (e.g., a processor). The processor / PU 102 may be a central processing unit (CPU), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), etc., and the memory 504 may store software components and software modules before they are loaded into the PU 102. The network interface 506 can facilitate communication with other devices. One or more processors 102 are also referred to herein as processing circuits.

[0141] Figure 6 is a schematic block diagram of device 100 in server 600 according to some other embodiments of the present disclosure. The server may include multiple devices (e.g., device 100, 100-2, etc.).

[0142] Any suitable step, method, feature, function, or benefit disclosed herein may be performed through one or more functional units or modules of one or more virtual devices. Each virtual device may comprise several of these functional units. These functional units may be implemented via processing circuits, which may include one or more microprocessors or microcontrollers, or via other digital hardware, which may include digital signal processors (DSPs), dedicated digital logic, etc. The processing circuits may include one or more types of memory, such as read-only memory (ROM), random access memory (RAM), cache memory, flash memory devices, and optical storage devices, and may be configured to execute program code stored in memory. The program code stored in memory may include program instructions for executing one or more telecommunications and / or data communication protocols, and instructions for executing one or more of the techniques described herein. In some implementations, the processing circuits may be used to cause each functional unit to perform the corresponding function according to one or more embodiments of this disclosure.

[0143] The processes shown in the figures may represent a specific sequence of operations performed by some embodiments of this disclosure, but it should be understood that such sequences are illustrative (for example, alternative embodiments may perform operations in a different order, combine some operations, and overlap some operations).

[0144] Those skilled in the art will recognize improvements and modifications to embodiments of the present disclosure. All such improvements and modifications are considered to fall within the scope of the concepts disclosed herein.

Claims

1. A method performed by a device (100) to manage the side channel radiation of one or more devices (100), Receiving notification of protection parameters related to a software module (204, 220), wherein the protection parameters relate to the level of side-channel protection for the software module, When executing the software module to conform to the level of side channel protection based on the protection parameters, the following conformity criteria (222) are determined for the level of side channel noise to be generated by the device (100): A method comprising continuing the execution of the software module (418) in response that the side channel noise generated by the device (100) satisfies at least the compliance criterion (406).

2. The method according to claim 1, further comprising selecting one or more processing units (102) (212, 312) for executing the software module, wherein the one or more processing units generate at least side-channel noise thresholds collectively.

3. The method according to claim 2, wherein each processing unit (102) of the one or more processing units comprises at least one processing element (114), and selecting the one or more processing units (102) further comprises selecting at least one of the processing elements (114) of the one or more processing units (102).

4. The method according to any one of claims 2 to 3, further comprising selecting (212) another processing unit (102) from the one or more processing units (102) in response that the maximum level of the side channel noise capacitance capability of the selected one or more processing units (102) is less than the conformance criterion.

5. The method according to claim 2, further comprising providing an instruction (208, 308) during the execution of the software module to start a dedicated countermeasure processing element (126) for generating side channel noise in response to the selected processing unit (102) being unable to generate side channel noise that satisfies the compliance criteria.

6. The method according to claim 5, further comprising providing (420) a command to the dedicated countermeasure processing element (126) to stop generating side channel noise in response to the cessation of execution of the software module.

7. The method according to claim 1, further comprising receiving an urgency parameter (220) indicating whether the urgency associated with at least one instruction of a software module exceeds a predetermined urgency level.

8. In response that the urgency related to the instruction of the software module does not exceed the predetermined urgency level and the generated side-channel noise does not meet the compliance criteria, the method The method according to claim 7, further comprising delaying the execution of at least one instruction of the software module until the side channel noise generated by the processing unit (102) matches at least the conformance criterion (422).

9. Delaying the execution of the at least one instruction of the software module is: The timer expires, or, It continues until at least one of the following conditions occurs: an interrupt is triggered. The method of claim 8, wherein in response to at least one of the conditions that occur, the urgency level of the parameter indicating the urgency associated with the at least one instruction of the software module is increased (408).

10. In response to the urgency related to the software module exceeding the predetermined urgency level and the side-channel noise generated by the processing unit (102) failing to meet the compliance criteria, The method according to claim 7, further comprising generating mitigated side-channel noise (412, 414, 416) by one or more previously inactive processing elements (114) that perform a set of mitigation steps.

11. The method according to claim 10, wherein the countermeasure procedure is generated to be executed on one or more processing elements during the execution time of the protected operation, the input data to the countermeasure procedure is predefined or deterministically derived from the data of the protection command, and the output data of the countermeasure procedure is not committed to memory or is stored in a dedicated memory area.

12. The method according to any one of claims 10 to 11, wherein the instructions and data related to the countermeasure procedure are selected based on at least one of the type of instructions of the software module and the level of side-channel protection of the software module.

13. The method according to any one of claims 10 to 12, further comprising providing an instruction to stop generating the countermeasured side-channel noise in response to receiving a new protection parameter relating to a lower level of side-channel protection for the software module (420).

14. The method according to any one of claims 1 to 13, further comprising determining (224) whether the side channel noise generated by the processing unit (102) matches the conformance criterion at a predetermined interval.

15. The method according to claim 14, wherein the predetermined interval is one of a predetermined period of time, or an instruction to be executed, or a predetermined number of instructions to be executed.

16. The method according to any one of claims 1 to 15, wherein determining the conformity criteria is based at least in part on the type of processing elements (114) of the processing unit (102), the number of active processing elements (114), the type of instructions associated with the software module, and the instruction queues associated with the processing unit (102) and other active processing units (102).

17. The method according to any one of claims 1 to 16, wherein the level of side-channel protection is at least partially based on computer security standards.

18. The method according to any one of claims 1 to 17, wherein the association between compliance criteria and levels of side channel protection is defined by characterizing the characteristics of the side channels of the processing unit (102), processing element (114), and dedicated countermeasure processing element (126) of the device (100).

19. The method according to any one of claims 1 to 18, further comprising receiving the protection parameters (204) before the execution of the software module.

20. The method according to any one of claims 1 to 19, further comprising receiving at least one protection parameter (220) during the execution of the software module.

21. A device (100) comprising a processing circuit configured to manage side-channel radiation of one or more devices (100), wherein the processing circuit is Receiving notification of protection parameters related to a software module (204, 220), wherein the protection parameters relate to the level of side-channel protection for the software module. When executing the software module to conform to the level of side channel protection based on the protection parameters, a conformity criterion related to the level of side channel noise to be generated by the device (100) is determined (222), The device (100) is configured to execute the software module (418) in response to the side channel noise generated by the device (100) meeting at least the compliance criteria (406).

22. The aforementioned processing circuit The device (100) according to claim 21, comprising selecting one or more processing units (102) for executing the software module (212, 312), wherein the one or more processing units are further configured to generate at least side-channel noise thresholds together.

23. The device (100) according to claim 22, wherein each processing unit (102) of the one or more processing units comprises at least one processing element (114), and selecting the one or more processing units (102) further comprises selecting at least one of the processing elements (114) of the one or more processing units (102).

24. The aforementioned processing circuit The device (100) according to any one of claims 22 to 23, further configured to select another processing unit (102) from the one or more processing units (102) in response to the maximum level of the side channel noise capacitance capability of the selected one or more processing units (102) being less than the conformance criterion (212).

25. The aforementioned processing circuit The device (100) according to claim 22, further configured to provide an instruction (208, 308) during the execution of the software module to start a dedicated countermeasure processing element (126) for generating side channel noise in response to the selected processing unit (102) being unable to generate side channel noise that meets the compliance criteria.

26. The aforementioned processing circuit The device (100) according to claim 25, further configured to provide a command (420) to the dedicated countermeasure processing element (126) to stop generating side-channel noise in response to the cessation of execution of the software module.

27. The aforementioned processing circuit The device (100) according to claim 21 is further configured to receive an urgency parameter (220) indicating whether the urgency associated with at least one instruction of a software module exceeds a predetermined urgency level.

28. In response to the urgency of the instruction of the software module not exceeding the predetermined urgency level and the generated side-channel noise not meeting the compliance criteria, the processing circuit: The device (100) according to claim 27, further configured to delay the execution of at least one instruction of the software module until the side-channel noise generated by the processing unit (102) matches at least the conformance criterion (422).

29. Delaying the execution of the at least one instruction of the software module is: The timer expires, or, It continues until at least one of the following conditions occurs: an interrupt is triggered. The device (100) according to claim 28, further configured to increase the urgency level of the parameter indicating the urgency associated with the at least one instruction of the software module in response to at least one of the conditions that occur (408).

30. In response to the urgency related to the software module exceeding the predetermined urgency level and the side-channel noise generated by the processing unit (102) failing to meet the compliance criteria, the processing circuit: The device (100) according to claim 27, further configured to generate countermeasure side-channel noise (412, 414, 416) by one or more previously inactive processing elements (114) that perform a set of countermeasure steps.

31. The device (100) according to claim 30, wherein the countermeasure procedure is generated to be executed on one or more processing elements during the execution time of the protected operation, the input data to the countermeasure procedure is predefined or deterministically derived from the data of the protection command, and the output data of the countermeasure procedure is not committed to memory or is stored in a dedicated memory area.

32. The device (100) according to any one of claims 30 to 31, wherein the operations and data related to the countermeasure procedure are selected based on at least one of the type of instructions of the software module and the level of side-channel protection of the software module.

33. The aforementioned processing circuit The device (100) according to any one of claims 30 to 32, further configured to provide an instruction to stop generating the countermeasured side-channel noise in response to receiving a new protection parameter related to a lower level of side-channel protection for the software module (420).

34. The aforementioned processing circuit The device (100) according to any one of claims 21 to 33, further configured to determine (224) whether the side channel noise generated by the processing unit (102) matches the conformance criterion at predetermined intervals.

35. The device (100) according to claim 34, wherein the predetermined interval is one of a predetermined period of time or a predetermined number of instructions to be executed.

36. Determining the conformity criteria is based at least in part on the type of processing elements (114) of the processing unit (102), the number of active processing elements (114), the type of instructions associated with the software module, and the instruction queues associated with the processing unit (102) and other active processing units (102), according to any one of claims 21 to 35.

37. The device (100) according to any one of claims 21 to 36, wherein the level of side-channel protection is at least partially based on computer security standards.

38. The association between the compliance criteria and the level of side channel protection is defined by characterizing the characteristics of the side channels of the device (100) of the processing unit (102), processing element (114), and dedicated countermeasure processing element (126), according to any one of claims 21 to 37.

39. The aforementioned processing circuit The device (100) according to any one of claims 21 to 38, further configured to receive the protection parameters (204) before the execution of the software module.

40. The aforementioned processing circuit The device (100) according to any one of claims 21 to 39, further configured to receive at least one protection parameter (220) during the execution of the software module.

41. A computer program that, when executed on at least one processor, includes instructions causing the processor to perform the method according to any one of claims 1 to 20.

42. A carrier comprising the computer program described in claim 41, wherein the carrier is one of an electronic signal, an optical signal, a wireless signal, or a computer-readable storage medium.