作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2019, Vol. 45 ›› Issue (12): 134-140,146. doi: 10.19678/j.issn.1000-3428.0053415

• 安全技术 • 上一篇    下一篇

面向RISC处理器的控制流认证方案

李扬, 戴紫彬, 李军伟   

  1. 信息工程大学, 郑州 450001
  • 收稿日期:2018-12-17 修回日期:2019-01-18 发布日期:2019-01-23
  • 作者简介:李扬(1996-),男,硕士,主研方向为安全芯片设计;戴紫彬,教授、博士;李军伟,讲师。
  • 基金资助:
    国家高技术研究发展计划。

Control Flow Authentication Scheme for RISC Processor

LI Yang, DAI Zibin, LI Junwei   

  1. Information Engineering University, Zhengzhou 450001, China
  • Received:2018-12-17 Revised:2019-01-18 Published:2019-01-23

摘要: 为使RISC处理器平台具备检测代码重用攻击的能力,将控制流完整性机制与可信计算中的动态远程证明协议相结合,提出面向RISC处理器的硬件辅助控制流认证方案。以开源RISC处理器为基础,扩展与处理器紧耦合的硬件监控单元,同时给出控制流认证方案的证明协议,设计用于跟踪执行路径的硬件编码方法以实现信息压缩。实验结果表明,与C-FLAT方案相比,该方案传输延时小且资源消耗少,能够保证RISC处理器控制流的可信安全。

关键词: 代码重用攻击, 控制流完整性机制, 远程证明, 硬件, 安全处理器

Abstract: To enable RISC processor platforms to detect code reuse attacks,this paper proposes a hardware-assisted control flow authentication scheme for RISC processors,integrating Control Flow Integrity(CFI) mechanism with dynamic remote attestation protocols in trusted computing.Based on open-source RISC processors,the scheme extends hardware monitoring units that are tightly coupled with processors,and gives an attestation protocol of the control flow authentication scheme.It also designs a hardware encoding method for execution path tracking to compress information.Experimental results show that compared with the C-FLAT scheme,the proposed scheme can reduce transmission delay and resource consumption,and can ensure trusted security of control flows in RISC processors.

Key words: code reuse attack, Control Flow Integrity(CFI) mechanism, remote attestation, hardware, security processor

中图分类号: