CN119004555B - Security processor based on label technology - Google Patents
Security processor based on label technology Download PDFInfo
- Publication number
- CN119004555B CN119004555B CN202411114110.0A CN202411114110A CN119004555B CN 119004555 B CN119004555 B CN 119004555B CN 202411114110 A CN202411114110 A CN 202411114110A CN 119004555 B CN119004555 B CN 119004555B
- Authority
- CN
- China
- Prior art keywords
- tag
- security
- domain
- instruction
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a security processor based on a label technology, and relates to the technical field of processors. The method comprises the steps of label transmission and management, namely, distributing labels for each data unit during data storage or transmission, managing label information by utilizing a label transmission and updating mechanism, and label checking and deciding, namely, a security processor checks the label information of data during executing instructions of the label information, and decides whether to enable the security mechanism according to a predefined security policy. The invention can obviously improve the execution efficiency of the safety processor and provide a solid safety foundation for various application scenes.
Description
Technical Field
The invention relates to the technical field of processors, in particular to a security processor based on a label technology.
Background
In the field of processors, security tag technology is an innovative hardware security method aimed at improving the overall security of the system. With the development and popularity of information technology, processors are increasingly important in modern computing devices. However, this also makes the processor the target of an attacker, and therefore the security of the processor becomes critical. Security tag technology is a solution proposed to address this challenge.
Security tag technology achieves security protection of data and instructions by introducing tags (tags) at the hardware level of the processor. These tags are metadata that can be attached to each data unit or instruction to identify its security attributes or rights information. For example, a data unit may be marked as "sensitive" or "insensitive," and the processor, when executing instructions, will determine whether to allow access or perform the corresponding operation based on the tags.
With the increasing demand for security, security tag technology will play an increasingly important role in the processor arts. Future developments may include more intelligent label management strategies, deep fusion with software security mechanisms, and application exploration in emerging computing platforms (e.g., quantum computing). In a word, the security tag technology is used as a security guarantee means of a hardware level, so that the security of a processor and the performance of the security processor can be remarkably improved, and a solid security foundation is provided for various application scenes.
Side channel attacks are a way to infer encryption keys or sensitive data by analyzing physical parameters such as power consumption, electromagnetic radiation, etc. To combat this attack, secure processors employ a variety of technical measures. For example, the ARC SEM security processor of Synopsys can design a plurality of isolated execution environments in the system by adopting SecureShield technology, so as to ensure the isolation and the reliability of codes. This technology combines hardware and software functions, allowing designers to create safer system-on-chip for internet of things and mobile applications. By performing cryptographic functions in a secure software environment, rather than in dedicated hardware, silicon area is reduced, memory protection units are enhanced, and development of a SecureShield runtime library trusted execution environment is simplified. In addition, the anti-interference stable inhibitor in the SEM system can detect the failure of the system and resist failure attack.
For side channel attacks, the ARC SEM processor adopts a large number of security technologies, such as confusion of unified instruction timing and energy consumption randomization, so that a hacker cannot leak details of the encryption device through time consumption, power consumption, electromagnetic radiation, and the like. These measures have a certain influence on the execution efficiency while improving the safety of the processor. However, by optimization and design considerations, this effect is minimized so that the processor can maintain high execution efficiency while protecting against side channel attacks.
In general, while the design of a secure processor requires a trade-off between security and execution efficiency, by employing specific technical measures, such as SecureShield technology and power randomization, the problem of reduced execution efficiency can be solved to some extent, ensuring that the processor is resistant to side channel attacks while still providing acceptable performance.
Therefore, a security processor based on a tag technology is proposed to solve the difficulties existing in the prior art, which is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention provides a security processor based on the tag technology, which is used to solve the technical problem existing in the prior art, namely, the performance problem of the non-tag security processor.
In order to achieve the above object, the present invention provides the following technical solutions:
a security processor based on tag technology, comprising:
label transmission and management, namely, during data storage or transmission, distributing labels for each data unit, and managing label information by using a label transmission and updating mechanism;
Tag checking and decision-making the security processor, when executing the instruction of the tag information, checks the tag information of the data and decides whether to enable the security mechanism according to a predefined security policy.
Optionally, the secure processor expands the memory tag in the original TIMBER-V architecture to the kernel for the expansion of TIMBER-V architecture, and builds a fine-grained trusted execution environment by adding the tag to the storage unit and the components in the kernel.
Optionally, a TIMBER-V architecture adds a 2-bit tag for each 32-bit memory unit, and the 2-bit tag is utilized to perform horizontal security domain division on the basis of the original vertical privilege level of RISC-V, so as to realize the security domain with the minimum granularity of 32-bits.
Optionally, each 32-bit memory word in the TIMBER-V architecture carries a 2-bit tag that indicates 4 security domains.
Optionally, the 4 security domains are a general domain N-Tag, a trusted user domain TU-Tag, a trusted supervisor domain TS-Tag and a trusted invokable domain TC-Tag.
Optionally, the security processor includes a security tagged processor core and a security tagged main memory.
Optionally, in the processor core, a general purpose register visible to the instruction and a program counter PC invisible to the instruction are respectively added with a 2-bit hardware tag, and the security fields where the corresponding memory word and the instruction are located are respectively indicated.
Optionally, a 2-bit hardware tag is added to each 32-bit memory location in the main memory, indicating the security domain in which the corresponding memory word is located.
Optionally, in the main memory, a 2-bit hardware tag is added to each 32-bit memory unit, and the specific content of the security domain where the corresponding memory word is located is indicated as follows:
a value of 2' b00, 0 in decimal, representing the general domain N-Tag;
A value of 2' b01, 1 in decimal, representing a trusted callable field TC-Tag;
a value of 2' b10, 2 in decimal, representing a trusted user domain TU-Tag;
The value 2' b11, 3 in decimal, represents the trusted supervisor domain TS-Tag.
Compared with the prior art, the invention discloses a security processor based on a label technology, which has the beneficial effects that:
1. The method can ensure the safety of program execution under the trusted security domain, namely, can resist specific side channel attack modes when 'high sensitivity' operation is executed.
2. When the general domain program is executed (i.e. the 'low sensitivity' operation is executed), the execution efficiency is improved by about 80% compared with the traditional safety processor.
3. The security tag technology is used as a security guarantee means of a hardware level, can obviously improve the execution efficiency of a security processor, and provides a solid security foundation for various application scenes.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a security processor based on a tag technology provided by the invention;
FIG. 2 is a TIMBER-V architecture diagram provided by the present invention;
FIG. 3 is a logic block diagram of a security processor provided by the present invention;
FIG. 4 is a diagram of a processor core architecture for security tag expansion provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, the invention discloses a security processor based on a label technology, which comprises:
label transmission and management, namely, during data storage or transmission, distributing labels for each data unit, and managing label information by using a label transmission and updating mechanism;
Tag checking and decision-making the security processor, when executing the instruction of the tag information, checks the tag information of the data and decides whether to enable the security mechanism according to a predefined security policy.
In particular, these tags may represent attributes of the rights level, confidentiality, etc. of the data. Managing these tags requires an efficient tag propagation and update mechanism that ensures that the tag information remains consistent and valid throughout the data lifecycle.
If an instruction attempts to access data marked as "sensitive" and the current processing mode or rights are insufficient to access the data, the secure processor may block the operation and issue a security alert.
In order to achieve efficient tag management and inspection, modern processors need to provide support at the hardware level. This typically includes adding specialized tag registers in the processor architecture, modifying the Memory Management Unit (MMU) to support storage and transmission of tag information, and optimizing the instruction set to efficiently handle tag operations.
Further, referring to fig. 2, the secure processor is an expansion of TIMBER-V architecture, expands the tag of the memory in the original TIMBER-V architecture to the kernel, and constructs a fine-grained trusted execution environment by adding the tag to the storage unit and the components in the kernel.
Furthermore, a TIMBER-V architecture adds a 2-bit tag for each 32-bit memory unit, and the 2-bit tag is utilized to divide the horizontal security domain on the basis of the original vertical privilege level of RISC-V, so that the security domain with the minimum granularity of 32-bit is realized.
Specifically, the fine-grained trusted execution environment or the fine-grained security domain is helpful to solve the common memory fragmentation problem in the embedded system, optimize the data layout to effectively improve the actual utilization rate of storage resources, further facilitate the trusted program segments and the untrusted program segments to share the same process (meanwhile, share the stack of the process), and optimize the program layout to further improve the actual utilization rate of storage resources.
Further, each 32-bit memory word in the TIMBER-V architecture carries a 2-bit tag that indicates 4 security domains.
Further, the 4 security domains are a general domain N-Tag, a trusted user domain TU-Tag, a trusted supervisor domain TS-Tag and a trusted invokable domain TC-Tag.
Specifically, these security domains indicate the security level to which the corresponding word (data or instruction) belongs. In short, the general domain N-Tag has the lowest security level, the trusted user domain TU-Tag has the medium security level, and the trusted supervisor domain TS-Tag has the highest security level. From an execution point of view, the trusted invoker domain TU-Tag, which is an entry point of the trusted user domain TU-Tag or the trusted supervisor domain TS-Tag, has the same security level as the trusted user domain TU-Tag (when the trusted invoker domain TC-Tag is an entry point of the trusted user domain TU-Tag) or the trusted supervisor domain TS-Tag (when the trusted invoker domain TC-Tag is an entry point of the trusted supervisor domain TS-Tag). Because of the specificity of the Trusted invokable Domain TC-Tag as an entry point for the general Domain N-Tag to the Trusted Domain (T-Domain), the Trusted invokable Domain TC-Tag is included in the Trusted invokable Domain TU-Tag and the Trusted supervisor Domain TS-Tag together (unless specifically indicated as Trusted invokable Domain TC-Tag). Thus, the general domain N-Tag, i.e. the untrusted domain, comprises the U-mode and the S-mode of the N-Tag, and the trusted domain comprises the trusted user domain TU-Tag and the trusted supervisor domain TS-Tag.
Further, referring to FIG. 3, the security processor includes a security tagged processor core and a security tagged main memory.
In particular, between the processor core and main memory, whenever and wherever data flows, the corresponding security tag physically follows it all the time, as if the data had one security domain attribute on a temporal and spatial scale.
Further, in the processor core, a general purpose register visible to the instruction and a program counter PC invisible to the instruction are respectively added with 2-bit hardware labels to respectively indicate the corresponding storage words and the security domain where the instruction is located.
Specifically, in the processor core, the tag is mainly used to implement opening and closing of the security mechanism. When the values in the register file (REGISTERFILE, RF) and the PC registers are sent to general logic for computation and control, the security tags corresponding to these values are sent to tag logic for propagation and checking, triggering a certain security mechanism. Indeed, the general logic is typically composed of computational logic and control logic, which are functional abstractions of the general purpose processor core, responsible for the processor's RF state maintenance updates and PC state maintenance updates, respectively. Specifically, the computation logic is responsible for instruction computation work of the processor core, such as computing ADD operations, and the control logic is responsible for instruction control work of the processor core, such as obtaining the next PC value. Likewise, tag logic consists of tag propagation logic and tag inspection logic, which are abstractions of security extensions. In short, the tag propagation logic is responsible for calculating tag output using tag input, while the tag checking logic is responsible for checking security using tag input.
Further, in the main memory, a 2-bit hardware tag is added to each 32-bit memory unit to indicate the security domain in which the corresponding memory word is located.
Specifically, the method definition of the tag isolation memory proposed by TIMBER-V is used to realize the isolation of memory access, namely, the isolation between different security domains is completed through the cooperative work of the tag and the tag management logic, and the isolation between different processes in the same security domain is completed through the memory management logic. In particular to the hardware functions of the main memory related structure, the storage management logic and the tag management logic respectively maintain the data and the corresponding security tag in the main memory, including respectively sending the data and the corresponding security tag to the respective storage location, retrieving the data and the corresponding security tag from the respective storage location, and the like. Essentially, the tag management logic is a functional abstraction of TIMBER-V tag management that can actively communicate with the storage management logic to achieve security isolation in main memory. In addition, the trusted software (e.g., tagRoot in the trusted supervisor domain TS-tag, etc.) and firmware (e.g., M-mode interrupt exception delegation code, etc.) provided by TIMBER-V may work in conjunction with the tag and tag management logic to implement typical storage security protection—enclave.
Further, in the main memory, a 2-bit hardware tag is added to each 32-bit memory unit, and the specific content of the security domain where the corresponding memory word is located is indicated as follows:
a value of 2' b00, 0 in decimal, representing the general domain N-Tag;
A value of 2' b01, 1 in decimal, representing a trusted callable field TC-Tag;
a value of 2' b10, 2 in decimal, representing a trusted user domain TU-Tag;
The value 2' b11, 3 in decimal, represents the trusted supervisor domain TS-Tag.
Specifically, for the electromagnetic-based side channel attack surface, a defense mechanism of inserting random pseudo instructions is adopted, and random number of pseudo instructions are inserted in the process of executing by the CPU, and the pseudo instructions do not execute any specific operation but occupy the actual execution period of the CPU. The number of pseudo instructions inserted is a parameter that is not known to an attacker, often generated by an internal hardware module. The more pseudo instructions are inserted, the more difficult an attacker can analyze and acquire the specific executed operation and data, but the running period of the CPU is correspondingly increased, and the execution efficiency of the program is reduced. It is critical that the above-mentioned defense mechanism is not always turned on, but depends on the Tag value attached by the executed instruction, specifically, the defense mechanism is turned off for the non-sensitive program instructions of the general domain N-Tag (2 'b 00) and the trusted invokable domain TC-Tag (2' b 01) to save the overhead of the CPU, and the defense mechanism is turned on for the sensitive program instructions of the trusted user domain TU-Tag (2 'b 10) and the trusted supervisor domain TS-Tag (2' b 11) to ensure the security thereof.
An instruction obfuscation unit as shown in fig. 4 is added. The instruction confusion unit is positioned between the prefetch Buffer and the instruction fetching module, and has the function of regenerating an instruction queue according to the instruction label value obtained from the prefetch module. Specifically, when the acquired tag value is 2'b00 or 2' b01 (the instruction is a sensitive operation), the original instruction sequence is kept, and when the acquired tag value is 2'b10 or 2' b11 (the instruction is a non-sensitive operation), random 0-3 NOP instructions are inserted at the back of the instruction sequence, and the generated new instruction queue is sent to the instruction fetching module in sequence. The NOP instructions generated by the module are essentially different from NOP instructions that may be present in the program segments, and do not belong to any code segment in the original program, and the value of the program counter PC will remain unchanged when the processor executes these instructions.
In one embodiment, to meet the requirement that a compiler or programmer legally modify the security tag during program operation, a custom instruction SDT is designed to be able to actively update the security tag value in the code, and details of the SDT instruction are listed in table 1.
Table 1 custom instruction SDT
As shown in table 1, although the SDT can promote the security level of data, it is limited by security tag checking rules that make the security level to be set no higher than that of the instruction itself.
A scene that security tags need to be modified is listed, wherein N-Tag data is endowed to a TU-Tag function through legal parameter transmission when a U-mode program runs, the N-Tag data can be modified into TU-Tag data for calculation if the TU-Tag function considers that the legal open parameter transmission interface cannot cause information leakage, and the TU-Tag data can be modified into N-Tag data for return if the TU-Tag program considers that the TU-Tag data returned to the N-Tag program cannot cause information leakage, so that free space is provided for programming to a certain extent.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A security processor based on tag technology, comprising:
label transmission and management, namely, during data storage or transmission, distributing labels for each data unit, and managing label information by using a label transmission and updating mechanism;
The security processor checks the tag information of the data when executing the instruction of the tag information, and decides whether to start a security mechanism according to a predefined security policy;
the security processor comprises a processor core with a security tag and a main memory with the security tag;
in the processor kernel, the security mechanism is opened and closed by using the tag, and when the values in the register file and the PC register are sent to general logic for calculation and control, the security tag corresponding to the values is sent to tag logic for propagation and inspection, so that the security mechanism is triggered;
For the electromagnetic-based side channel attack surface, a defending mechanism of inserting random pseudo instructions is adopted, the defending mechanism is not always started, but depends on the Tag value added by the executed instructions, specifically, the defending mechanism is closed for the non-sensitive program instructions of the general domain N-Tag2'b00 and the trusted callable domain TC-Tag2' b01 to save the CPU overhead, and the defending mechanism is started for the sensitive program instructions of the trusted user domain TU-Tag2'b10 and the trusted supervisor domain TS-Tag2' b11 to ensure the security;
An instruction confusion unit is added between the pre-fetch module and the instruction fetching module and is used for regenerating an instruction queue according to the instruction label value obtained from the pre-fetch module, specifically, when the obtained label value is 2'b00 or 2' b01, the instruction is sensitive operation, the original instruction queue is kept, when the obtained label value is 2'b10 or 2' b11, the instruction is non-sensitive operation, 0-3 NOP random instructions are inserted behind the original instruction queue, the generated new instruction queue is sequentially sent to the instruction fetching module, the NOP instructions generated by the module are different from NOP instructions existing in program sections and do not belong to any code section in the original program, and the value of a program counter PC is kept unchanged when the processor executes the instructions.
2. The secure processor based on the tag technology according to claim 1, wherein the secure processor is an extension of TIMBER-V architecture, the tag of the memory in the original TIMBER-V architecture is extended to the kernel, and a fine-grained trusted execution environment is constructed by adding the tag to the storage unit and the components in the kernel.
3. The security processor based on the tag technology according to claim 2, wherein a TIMBER-V architecture adds 2-bit tags for every 32-bit memory unit, and the 2-bit tags are used to perform horizontal security domain division based on RISC-V original vertical privilege level layering, so as to realize a security domain with a minimum granularity of 32-bits.
4. A security processor based on tag technology as claimed in claim 2, wherein each 32-bit memory word in TIMBER-V architecture carries a 2-bit tag for indicating 4 security domains.
5. The security processor of claim 4, wherein the 4 security domains are a general domain N-Tag, a trusted user domain TU-Tag, a trusted supervisor domain TS-Tag, and a trusted recall domain TC-Tag.
6. The security processor according to claim 1, wherein the general purpose registers visible to the instruction and the program counter PC invisible to the instruction are respectively tagged with a 2-bit hardware tag indicating the security domain in which the corresponding memory word and instruction are located in the processor core.
7. A security processor based on tag technology as claimed in claim 1, wherein a 2-bit hardware tag is added to each 32-bit memory location in main memory, indicating the security domain in which the corresponding memory word is located.
8. The security processor of claim 7, wherein a 2-bit hardware tag is added to each 32-bit memory location in the main memory, indicating the security domain in which the corresponding memory word is located is:
a value of 2' b00, 0 in decimal, representing the general domain N-Tag;
A value of 2' b01, 1 in decimal, representing a trusted callable field TC-Tag;
a value of 2' b10, 2 in decimal, representing a trusted user domain TU-Tag;
The value 2' b11, 3 in decimal, represents the trusted supervisor domain TS-Tag.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411114110.0A CN119004555B (en) | 2024-08-14 | 2024-08-14 | Security processor based on label technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411114110.0A CN119004555B (en) | 2024-08-14 | 2024-08-14 | Security processor based on label technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119004555A CN119004555A (en) | 2024-11-22 |
| CN119004555B true CN119004555B (en) | 2025-04-01 |
Family
ID=93493812
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411114110.0A Active CN119004555B (en) | 2024-08-14 | 2024-08-14 | Security processor based on label technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119004555B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579477A (en) * | 2022-01-29 | 2022-06-03 | 清华大学 | Structure of Dynamic Information Flow Tracking Processor Based on Hardware Security Label |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1447230A (en) * | 2003-03-28 | 2003-10-08 | 杭州中天微系统有限公司 | Analytical method designed in CPU for preventing linearity and differentiate power consumption |
| US8914616B2 (en) * | 2011-12-02 | 2014-12-16 | Arm Limited | Exchanging physical to logical register mapping for obfuscation purpose when instruction of no operational impact is executed |
| US11741196B2 (en) * | 2018-11-15 | 2023-08-29 | The Research Foundation For The State University Of New York | Detecting and preventing exploits of software vulnerability using instruction tags |
| CN112906015B (en) * | 2021-01-26 | 2023-11-28 | 浙江大学 | Memory sensitive data encryption protection system based on hardware tag |
-
2024
- 2024-08-14 CN CN202411114110.0A patent/CN119004555B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579477A (en) * | 2022-01-29 | 2022-06-03 | 清华大学 | Structure of Dynamic Information Flow Tracking Processor Based on Hardware Security Label |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119004555A (en) | 2024-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fei et al. | Security vulnerabilities of SGX and countermeasures: A survey | |
| Fustos et al. | Spectreguard: An efficient data-centric defense mechanism against spectre attacks | |
| Li et al. | Conditional speculation: An effective approach to safeguard out-of-order execution against spectre attacks | |
| Yu et al. | Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution | |
| US10078763B2 (en) | Programmable unit for metadata processing | |
| US8090934B2 (en) | Systems and methods for providing security for computer systems | |
| KR20210097021A (en) | Defense Against Speculative Side-Channel Analysis of Computer Systems | |
| Zhao et al. | Speculation invariance (invarspec): Faster safe execution through program analysis | |
| Schwarz et al. | How trusted execution environments fuel research on microarchitectural attacks | |
| JP2021089727A (en) | Dynamic designation of instructions as sensitive | |
| Hroub et al. | SecSoC: A secure system on chip architecture for IoT devices | |
| Taram et al. | Mobilizing the micro-ops: Exploiting context sensitive decoding for security and energy efficiency | |
| Breuer et al. | A practical encrypted microprocessor | |
| Schlüter et al. | Fetchbench: Systematic identification and characterization of proprietary prefetchers | |
| CN114579477A (en) | Structure of Dynamic Information Flow Tracking Processor Based on Hardware Security Label | |
| Schrammel et al. | Spear-v: Secure and practical enclave architecture for risc-v | |
| Brumley | Cache storage attacks | |
| Guo et al. | Exposing cache timing side-channel leaks through out-of-order symbolic execution | |
| CN119004555B (en) | Security processor based on label technology | |
| Gaudin et al. | Work in progress: thwarting timing attacks in microcontrollers using fine-grained hardware protections | |
| Wang | Information leakage due to cache and processor architectures | |
| Bao et al. | Reducing timing side-channel information leakage using 3D integration | |
| Feng et al. | Constant-Time Loading: Modifying CPU Pipeline to Defeat Cache Side-Channel Attacks | |
| Platte et al. | A combined hardware and software architecture for secure computing | |
| Yu et al. | Creating foundations for secure microarchitectures with data-oblivious ISA extensions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |