信息网络安全 ›› 2022, Vol. 22 ›› Issue (6): 26-37.doi: 10.3969/j.issn.1671-1122.2022.06.003

• 技术研究 • 上一篇    下一篇

处理器微架构存储体系侧信道协同安全技术研究

洪晟1,2(), 李雷3, 原义栋3, 高欣妍4   

  1. 1.北京航空航天大学网络空间安全学院,北京 100191
    2.南昌大学信息工程学院,南昌 330031
    3.北京智芯微电子科技有限公司,北京 100192
    4.北京航空航天大学高等理工学院,北京 100191
  • 收稿日期:2022-01-13 出版日期:2022-06-10 发布日期:2022-06-30
  • 通讯作者: 洪晟 E-mail:shenghong@buaa.edu.cn
  • 作者简介:洪晟(1981—),男,江西,副教授,博士,主要研究方向为信息网络安全、集成电路安全性、复杂系统安全性和软件安全|李雷(1982—),男,河北,工程师,硕士,主要研究方向为CPU内核微架构、存储子系统功能安全和信息安全防护技术|原义栋(1980—),男,河北,工程师,硕士,主要研究方向为电力通信技术|高欣妍(2002—),女,安徽,本科,主要研究方向为网络空间安全和信息系统安全
  • 基金资助:
    国家重点研发计划(2019YFB1706001)

Research on Cooperative Security Technology of Side Channel in Processor Microarchitecture Storage System

HONG Sheng1,2(), LI Lei3, YUAN Yidong3, GAO Xinyan4   

  1. 1. School of Cyber Science and Technology, Beihang University, Beijing 100191, China
    2. School of Information Engineering, Nanchang University, Nanchang 330031, China
    3. Beijing Smart Chip Microelectronics Technology Co., Ltd., Beijing 100192, China
    4. College of SHENYUAN Honors, Beihang University, Beijing 100191, China
  • Received:2022-01-13 Online:2022-06-10 Published:2022-06-30
  • Contact: HONG Sheng E-mail:shenghong@buaa.edu.cn

摘要:

侧信道攻击是一种利用设备运行过程中侧信道的信息泄露展开的攻击,其可绕开加密算法,这对用户隐私安全产生了严重威胁。在处理器微架构存储体系中,频繁的内存访问和程序执行的快慢差别为侧信道攻击的产生创造了条件。微架构侧信道攻击不需要物理接触,只要攻击者与受害者处于同一环境即可进行攻击,其危害性较传统侧信道攻击更大。文章首先从攻击对象出发,分别从Cache、MMU和TLB三方面总结侧信道攻击技术和防御技术,提出协同安全模型框架;然后以检测进程风险、增加攻击难度和隔离安全区域为安全架构中心思想总结侧信道安全措施,提出处理器微架构存储体系侧信道协同安全模型,以指导新型架构设计;最后展望未来技术发展趋势,为研究侧信道防御技术提供参考。

关键词: 处理器微架构, 侧信道防御, 侧信道攻击, 协同安全模型

Abstract:

Side-channel attack is a kind of attack that launched through the leakage of side-channel information during device running. Side-channel attack can bypass encryption algorithms and seriously threaten user’s privacy. Frequent memory access and program execution speed differences in processor microarchitecture storage systems provide natural side channels. Microarchitecture side channel attack can be carried out as long as the attacker and victim are in the same environment without physical contact, which is more harmful than traditional side channel attack. Firstly, based on the target, this research summarized side channel attacks and defensed technologies respectively from the Cache, MMU and TLB, put forward a cooperative security model framework. Secondly, this research built the cooperative security model of micro processor architecture side channel storage system refering to security-architecture center thoughts of detecting process risk, increasing difficulty of attacks and isolating secure area in order to guide the design of new architecture. Finally, the thesis prospected the future trend of technology to provide a reference for the development direction of side channel defense technology.

Key words: processor microarchitecture, side channel defense, side channel attack, cooperative security model

中图分类号: