Securing microprocessors against information leakage and physical tampering

US 9,940,445 B2
Filed: 06/25/2015
Issued: 04/10/2018
Est. Priority Date: 11/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

performing a compilation process on a computer program, the compilation process comprising;

generating a security control instruction comprising information about how a block of instructions is to be decoded; and

encoding the block of instructions based on the information in the security control instruction to produce a first encoded block of instructions, the first encoded block of instructions being part of a binary executable for the computer program, the first encoded block of instructions defining a secure zone by having a coding that is different from a coding of a second encoded block of instructions in the binary executable, the first encoded block of instructions comprising a branch instruction having a target address defined in the second encoded block of instructions, the second encoded block of instructions preceding the first encoded block of instructions in the binary executable; and

executing the binary executable on a processor, wherein executing the binary executable comprises using the security control instruction to enable decoding of the first encoded block of instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor system comprising: performing a compilation process on a computer program; encoding an instruction with a selected encoding; encoding the security mutation information in an instruction set architecture of a processor; and executing a compiled computer program in the processor using an added mutation instruction, wherein executing comprises executing a mutation instruction to enable decoding another instruction. A processor system with a random instruction encoding and randomized execution, providing effective defense against offline and runtime security attacks including software and hardware reverse engineering, invasive microprobing, fault injection, and high-order differential and electromagnetic power analysis.

Citations

24 Claims

1. A method comprising:
- performing a compilation process on a computer program, the compilation process comprising;
  
  generating a security control instruction comprising information about how a block of instructions is to be decoded; and
  
  encoding the block of instructions based on the information in the security control instruction to produce a first encoded block of instructions, the first encoded block of instructions being part of a binary executable for the computer program, the first encoded block of instructions defining a secure zone by having a coding that is different from a coding of a second encoded block of instructions in the binary executable, the first encoded block of instructions comprising a branch instruction having a target address defined in the second encoded block of instructions, the second encoded block of instructions preceding the first encoded block of instructions in the binary executable; and
  
  executing the binary executable on a processor, wherein executing the binary executable comprises using the security control instruction to enable decoding of the first encoded block of instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein a type of coding associated with the first encoded block of instructions is generated randomly.
  - 3. The method of claim 1, wherein the binary executable comprises multiple secure zones, each secure zone comprising an encoded block of instructions having a unique coding.
  - 4. The method of claim 1, wherein at least one block of instructions is encoded at runtime and is processor-specific.
  - 5. The method of claim 1, wherein the block of instructions is encoded based on parameter variation on a die of the processor.
  - 6. The method of claim 1, wherein the block of instructions is encoded based on content of a persistent memory.
  - 7. The method of claim 1, wherein the block of instructions is encoded based on a hardware state in the processor.
  - 8. The method of claim 1, wherein the block of instructions is encoded based on an input/output event of the processor.
  - 9. The method of claim 1, further comprising:
    - replacing, during execution of the binary executable, one or more operations with software interrupts in order to mask power consumption of the one or more operations.
  - 10. The method of claim 1, wherein compiling the computer program comprises obtaining static information about the computer program, the security control instruction being based on the static information.
  - 11. The method of claim 1, wherein the security control instruction is coded.
  - 12. The method of claim 1, further comprising:
    - activating one or components of the processor during execution of the binary executable when the one or more components are not used to execute an instruction in the binary executable.

13. A processor comprising:
- machine storage storing a compiler that is executable to compile a computer program by performing operations comprising;
  
  generating a security control instruction comprising information about how a block of instructions is to be decoded; and
  
  encoding the block of instructions based on the information in the security control instruction to produce a first encoded block of instructions, the first encoded block of instructions being part of a binary executable for the computer program, the first encoded block of instructions defining a secure zone by having a coding that is different from a coding of a second encoded block of instructions in the binary executable, the first encoded block of instructions comprising a branch instruction having a target address defined in the second encoded block of instructions, the second encoded block of instructions preceding the first encoded block of instructions in the binary executable; and
  
  at least one processing core to execute the binary executable, wherein executing the binary executable comprises using the security control instruction to enable decoding of the first encoded block of instructions.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The processor of claim 13, wherein a type of coding associated with the first encoded block of instructions is generated randomly.
  - 15. The processor of claim 13, wherein the binary executable comprises multiple secure zones, each secure zone comprising an encoded block of instructions having a unique coding.
  - 16. The processor of claim 13, wherein at least one block of instructions is encoded at runtime and is processor-specific.
  - 17. The processor of claim 13, wherein the block of instructions is encoded based on parameter variation on a die of the processor.
  - 18. The processor of claim 13, wherein the block of instructions is encoded based on content of a persistent memory.
  - 19. The processor of claim 13, wherein the block of instructions is encoded based on a hardware state in the processor.
  - 20. The processor of claim 13, wherein the block of instructions is encoded based on an input/output event of the processor.
  - 21. The processor of claim 13, wherein the at least one processing core is configured to perform operations comprising:
    - activating one or components of the processor during execution of the binary executable when the one or more components are not used to execute an instruction in the binary executable.
  - 22. The processor of claim 13, wherein the at least one processing core is configured to perform operations comprising:
    - replacing, during execution of the binary executable, one or more operations with software interrupts in order to mask power consumption of the one or more operations.
  - 23. The processor of claim 13, wherein the compilation process comprises obtaining static information about the computer program, the security control instruction being based on the static information.
  - 24. The processor of claim 13, wherein the security control instruction is coded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BlueRISC Inc.
Original Assignee
BlueRISC Inc.
Inventors
Moritz, Csaba Andras, Chheda, Saurabh, Carver, Kristopher
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US14/750,194
Publication Number

US 20160012212A1
Time in Patent Office

1,020 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/12   Protecting executable software

G06F 21/55   Detecting local intrusion o...

G06F 21/755   with measures against power...

G06F 2221/033   Test or assess software

G06F 8/41   Compilation

G06F 9/30003   Arrangements for executing ...

G06F 9/30145   Instruction analysis, e.g. ...

G06F 9/3017   Runtime instruction transla...

G06F 9/3846   using static prediction, e....

G06F 9/3879   for non-native instruction ...

Securing microprocessors against information leakage and physical tampering

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Securing microprocessors against information leakage and physical tampering

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links