Securing microprocessors against information leakage and physical tampering
Abstract
A processor system comprising: performing a compilation process on a computer program; encoding an instruction with a selected encoding; encoding the security mutation information in an instruction set architecture of a processor; and executing a compiled computer program in the processor using an added mutation instruction, wherein executing comprises executing a mutation instruction to enable decoding another instruction. A processor system with a random instruction encoding and randomized execution, providing effective defense against offline and runtime security attacks including software and hardware reverse engineering, invasive microprobing, fault injection, and high-order differential and electromagnetic power analysis.
Claims
exact text as granted — not AI-modified1 . A method for use with a compiler architecture framework, the method comprising:
performing a compilation process on a computer program; encoding an instruction with a selected encoding; encoding the security mutation information in an instruction set architecture of a processor; and executing a compiled computer program in the processor using an added mutation instruction, wherein executing comprises executing a mutation instruction to enable decoding another instruction.
2 . The method of claim 1 , wherein instruction encodings are randomly selected.
3 . The method of claim 2 , wherein the compiled program consists of safe zones and each safe zone has independent instruction encoding.
4 . The method of claim 1 , wherein a mutation is modified at runtime making an instruction encoding chip unique.
5 . The method of claim 1 , wherein an instruction encoding depends on device parameter variation on the die.
6 . The method of claim 1 , wherein an instruction encoding depends on a content of a persistent memory.
7 . The method of claim 1 , wherein an instruction encoding depends on a hardware state in the processor.
8 . The method of claim 1 , wherein an instruction encoding depends on an input output event.
9 . A processing framework comprising:
machine storage for storing a compiler that is configured to compile a computer program, the compiler being configured to extract static information about the computer program during compilation, the static information being used to add a mutation instruction in the computer program to help decoding another instruction at runtime; executing, wherein executing comprises storing of the mutation information encoded in a mutation instruction in the processor such that a subsequent instruction can be decoded by using that mutation.
10 . The processing device of claim 9 , wherein the encoding of an instruction is randomly selected;
11 . The processing device of claim 9 , wherein an AES module's power profile is protected against information leakage by feeding its input through the processing device.
12 . The processing device of claim 9 , wherein a hardware logic is protected by controlling a configuration related to its operation through the processing device.
13 . An instruction encoding of claim 9 , wherein the mutation information is in a register.
14 . An instruction encoding of claim 9 , wherein the mutation information is in an immediate.
15 . An instruction encoding of claim 9 , wherein the mutation information is from an IO device.
16 . The system of claim 9 comprising of
the processing framework of claim 9 ; a second processor executing instructions from a computer program wherein at least one of the instructions executes on the processor framework of claim 9 .
17 . The processing device of claim 9 , wherein execution time is randomized in time across processor reset cycles with random stall insertion.
18 . The processing device of claim 9 , wherein instructions encode control for functional units.
19 . The processing device of claim 9 , wherein an operation is replaced with SWIs.
20 . The processing device of claim 9 , wherein random stall insertion is controlled by a security mutation instruction.
21 . The processing device of claim 9 , wherein an instruction executing is encrypted.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.