Systems and Methods for Detecting Design-Level Attacks Against a Digital Circuit

US 20130061322A1
Filed: 02/28/2011
Published: 03/07/2013
Est. Priority Date: 03/01/2010
Status: Active Grant

First Claim

Patent Images

1. A system for detecting design-level attacks against a digital circuit, the digital circuit comprising functional units, the system comprising:

a target unit selected from among the functional units for monitoring;

a predictor unit configured to output predicted event messages based on the events received by the predictor unit;

a reactor unit selected from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit, the reactor unit being configured to output actual event messages based on the events received by the reactor unit; and

a monitor unit arranged to receive the predicted event messages from the predictor unit and the actual event messages from the reactor unit,wherein the monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for detecting design-level attacks against a digital circuit which includes various functional units. A target unit is selected from among the functional units for monitoring and a predictor unit is arranged to receive events before they reach the target unit. A reactor unit is selected from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit. A monitor unit is arranged to receive predicted event messages from the predictor unit and actual event messages from the reactor unit. The monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.

35 Citations

View as Search Results

27 Claims

1. A system for detecting design-level attacks against a digital circuit, the digital circuit comprising functional units, the system comprising:
- a target unit selected from among the functional units for monitoring;
  
  a predictor unit configured to output predicted event messages based on the events received by the predictor unit;
  
  a reactor unit selected from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit, the reactor unit being configured to output actual event messages based on the events received by the reactor unit; and
  
  a monitor unit arranged to receive the predicted event messages from the predictor unit and the actual event messages from the reactor unit,wherein the monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The system of claim 1, wherein the predictor unit is selected from among the functional units of the digital circuit which are arranged to receive events before they reach the target unit.
  - 3. The system of claim 1, wherein the predictor unit is configured to at least partially duplicate the functionality of the target unit.
  - 4. The system of claim 3, wherein the target unit is a translation look-aside buffer and the predictor unit is a checker translation look-aside buffer comprising a content addressable memory, which is shared with the translation look-aside buffer, and a direct-mapped random access memory.
  - 5. The system of claim 1, wherein the target unit is selected based at least in part on a quantity of communication occurring at an interface of the target unit.
  - 6. The system of claim 1, wherein the predictor unit and the reactor unit are each configured to send at least one indicator bit as an event message to the monitor unit each time a event occurs, and the monitor unit is configured to compare the received indicator bits.
  - 7. The system of claim 1, wherein the predictor unit and the reactor unit are each configured to send a plurality of bits as an event message, the event message identifying a particular instruction from among a plurality of instructions.
  - 8. The system of claim 1, wherein the system comprises a plurality of target units, each target unit having a corresponding predictor unit, reactor unit, and monitor unit.
  - 9. The system of claim 1, wherein if the monitor unit does not receive an actual event message corresponding to a received predicted event message or if the monitor unit receives an actual event message for which the monitor unit has not received a corresponding predicted event message, then the monitor unit indicates an alarm.
  - 10. The system of claim 1, wherein the digital circuit is shut down in response to an alarm indication from a monitor unit.
  - 11. The system of claim 1, wherein, in response to an alarm indication from a monitor unit, the last committed instruction is rolled back.
  - 12. The system of claim 1, wherein, in response to an alarm indication from a monitor unit, the last committed instruction is flagged as a cheat code and stored in a log.
  - 13. The system of claim 1, wherein the digital circuit is a heterogeneous processor and a particular core of the processor which is identified as a source of an alarm indication is shut down in response to the alarm indication.
  - 14. The system of claim 1, wherein the predictor unit immediately precedes the target unit in an event flow of the digital circuit.
  - 15. The system of claim 1, wherein the reactor unit immediately follows the target unit in an event flow of the digital circuit.
  - 16. The system of claim 1, wherein the digital circuit is a microprocessor, the target unit comprises an instruction decode unit, the predictor unit comprises an instruction fetch unit, and the reactor unit comprises an execution unit.
  - 17. The system of claim 1, wherein the predictor unit comprises an event buffer for delaying the output of the predicted event messages to the monitor unit, and further comprises message issuance logic to determine when to release the predicted event messages from the buffer.
  - 18. The system of claim 17, wherein the determination of when to release the predicted event messages from the buffer is based at least in part on a number of pipeline steps separating the predictor unit from the reactor unit.
  - 19. The system of claim 17, wherein the determination of when to release the predicted event messages from the buffer is based at least in part on time stamps included in each predicted event message and each actual event message.
  - 20. The system of claim 1, wherein the monitor unit comprises an event buffer for delaying the predicted event messages received from the predictor unit, and further comprises message issuance logic to determine when to release the predicted event messages from the buffer for comparison to the actual event messages received from the reactor unit.
  - 21. The system of claim 1, wherein the attack is triggered by a cheat code received by the digital circuit.
  - 22. The system of claim 1, wherein the attack is triggered by a counter based on a clock of the digital circuit.
  - 23. A microprocessor comprising the system of claim 1.

24. A method of detecting design-level attacks against a digital circuit, the digital circuit comprising functional units, the method comprising:
- selecting a target unit from among the functional units for monitoring;
  
  providing a predictor unit configured to output predicted event messages based on the events received by the predictor unit;
  
  selecting a reactor unit from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit, the reactor unit being configured to output actual event messages based on the events received by the reactor unit; and
  
  providing a monitor unit arranged to receive the predicted event messages from the predictor unit and the actual event messages from the reactor unit,wherein the monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24, wherein the predictor unit is selected from among the functional units of the digital circuit which are arranged to receive events before they reach the target unit.
  - 26. The method of claim 24, wherein the predictor unit is configured to at least partially duplicate the functionality of the target unit.

27. A method of detecting design-level attacks against a digital circuit, the digital circuit comprising functional units, the method comprising:
- receiving an event at a predictor unit selected from among the functional units of the digital circuit;
  
  outputting from the predictor unit a predicted event message based on the event as received by the predictor unit;
  
  receiving the event at a target unit selected from among the functional units for monitoring;
  
  receiving the event at a reactor unit selected from among the functional units of the digital circuit;
  
  outputting from the reactor unit an actual event messages based on the event as received by the reactor unit;
  
  receiving at a monitor unit the predicted event messages from the predictor unit and the actual event messages from the reactor unit; and
  
  determining, in the monitor unit, whether to produce an alarm indication based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Original Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Inventors
Sethumadhavan, Lakshminarasimhan, Waksman, Adam

Granted Patent

US 9,098,700 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 12/14   Protection against unauthor...

G06F 15/16   Combinations of two or more...

G06F 21/00   Security arrangements for p...

G06F 21/554   involving event detection a...

G06F 21/71   to assure secure computing ...

G06F 2221/2101   Auditing as a secondary aspect

G06F 9/30145   Instruction analysis, e.g. ...

G06F 9/3867   using instruction pipelines

Systems and Methods for Detecting Design-Level Attacks Against a Digital Circuit

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Detecting Design-Level Attacks Against a Digital Circuit

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links