Securing microprocessors against information leakage and physical tampering
First Claim
1. A method that is performed on a processing device, comprising:
- encoding blocks of instructions for a computer program differently to produce coded blocks of instructions that are part of a binary executable, the binary executable being based on the computer program, the blocks of instructions being encoded based on mutation instructions stored in memory, at least one of the mutation instructions to perform encoding based on a processing variation of a die containing the processing device;
associating, with each coded block of instructions, control information to decode a corresponding coded block of instructions; and
executing the binary executable on the processing device, wherein executing the binary executable comprises using the control information to decode the coded blocks of instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
A processor system comprising: performing a compilation process on a computer program; encoding an instruction with a selected encoding; encoding the security mutation information in an instruction set architecture of a processor; and executing a compiled computer program in the processor using an added mutation instruction, wherein executing comprises executing a mutation instruction to enable decoding another instruction. A processor system with a random instruction encoding and randomized execution, providing effective defense against offline and runtime security attacks including software and hardware reverse engineering, invasive microprobing, fault injection, and high-order differential and electromagnetic power analysis.
-
Citations
34 Claims
-
1. A method that is performed on a processing device, comprising:
-
encoding blocks of instructions for a computer program differently to produce coded blocks of instructions that are part of a binary executable, the binary executable being based on the computer program, the blocks of instructions being encoded based on mutation instructions stored in memory, at least one of the mutation instructions to perform encoding based on a processing variation of a die containing the processing device; associating, with each coded block of instructions, control information to decode a corresponding coded block of instructions; and executing the binary executable on the processing device, wherein executing the binary executable comprises using the control information to decode the coded blocks of instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
machine storage storing a compiler that is executable to perform operations comprising; encoding blocks of instructions for a computer program differently to produce coded blocks of instructions that are part of a binary executable, the binary executable being based on the computer program, the blocks of instructions being encoded based on mutation instructions stored in memory, at least one of the mutation instructions to perform encoding based on a processing variation of a die containing the processing device; and associating, with each coded block of instructions, control information to decode a corresponding coded block of instructions; and hardware to execute the binary executable, wherein executing the binary executable comprises using the control information to decode the coded blocks of instructions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A processing device comprising:
-
machine storage storing a compiler that is executable to perform operations comprising; encoding instructions for a computer program in a way that is unique to the processing device to produce coded instructions that are part of a binary executable, the binary executable being based on the computer program, the instructions being encoded based on a processing variation of a die containing the processing device or based on a randomly-generated number stored in memory on the processing device at power-on; associating, with the coded instructions, corresponding control information to decode the coded instructions; and microarchitecture to execute the binary executable on the processing device, wherein executing the binary executable comprises using the control information to decode the coded instructions. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A method performed by a processing device, comprising:
-
encoding instructions for a computer program in a way that is unique to the processing device to produce coded instructions that are part of a binary executable, the binary executable being based on the computer program, the instructions being encoded based on a processing variation of a die containing the processing device or based on a randomly-generated number stored in memory on the processing device at power-on; associating, with the coded instructions, corresponding control information to decode the coded instructions; and executing the binary executable on microarchitecture of the processing device, wherein executing the binary executable comprises using the control information to decode the coded instructions. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification