Securing microprocessors against information leakage and physical tampering
First Claim
1. A method comprising:
- performing a compilation process on a computer program, the compilation process comprising;
generating a security control instruction comprising information about how a block of instructions is to be decoded; and
encoding the block of instructions based on the information in the security control instruction to produce a first encoded block of instructions, the first encoded block of instructions being part of a binary executable for the computer program, the first encoded block of instructions defining a secure zone by having a coding that is different from a coding of a second encoded block of instructions in the binary executable, the first encoded block of instructions comprising a branch instruction having a target address defined in the second encoded block of instructions, the second encoded block of instructions preceding the first encoded block of instructions in the binary executable; and
executing the binary executable on a processor, wherein executing the binary executable comprises using the security control instruction to enable decoding of the first encoded block of instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
A processor system comprising: performing a compilation process on a computer program; encoding an instruction with a selected encoding; encoding the security mutation information in an instruction set architecture of a processor; and executing a compiled computer program in the processor using an added mutation instruction, wherein executing comprises executing a mutation instruction to enable decoding another instruction. A processor system with a random instruction encoding and randomized execution, providing effective defense against offline and runtime security attacks including software and hardware reverse engineering, invasive microprobing, fault injection, and high-order differential and electromagnetic power analysis.
-
Citations
24 Claims
-
1. A method comprising:
-
performing a compilation process on a computer program, the compilation process comprising; generating a security control instruction comprising information about how a block of instructions is to be decoded; and encoding the block of instructions based on the information in the security control instruction to produce a first encoded block of instructions, the first encoded block of instructions being part of a binary executable for the computer program, the first encoded block of instructions defining a secure zone by having a coding that is different from a coding of a second encoded block of instructions in the binary executable, the first encoded block of instructions comprising a branch instruction having a target address defined in the second encoded block of instructions, the second encoded block of instructions preceding the first encoded block of instructions in the binary executable; and executing the binary executable on a processor, wherein executing the binary executable comprises using the security control instruction to enable decoding of the first encoded block of instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A processor comprising:
-
machine storage storing a compiler that is executable to compile a computer program by performing operations comprising; generating a security control instruction comprising information about how a block of instructions is to be decoded; and encoding the block of instructions based on the information in the security control instruction to produce a first encoded block of instructions, the first encoded block of instructions being part of a binary executable for the computer program, the first encoded block of instructions defining a secure zone by having a coding that is different from a coding of a second encoded block of instructions in the binary executable, the first encoded block of instructions comprising a branch instruction having a target address defined in the second encoded block of instructions, the second encoded block of instructions preceding the first encoded block of instructions in the binary executable; and at least one processing core to execute the binary executable, wherein executing the binary executable comprises using the security control instruction to enable decoding of the first encoded block of instructions. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification