Components such as caches and branch predictors in modern processor architectures tend to include hard-to-detect covert channels, which provide a foot-holder for attackers to perform malicious activities. However, existing methods are inefficient in detecting hardware-specific covert channels. As a consequence, these security holes expose only after significant damages are inflicted. In this paper, a secure architecture based on the execution lease mechanism is built in order to tightly bound the effects of untrusted execution contexts and enforce the strict isolation of execution contexts. Further, the information flow model of the hardware architecture is constructed by using the gate level information flow analysis method, which allows the precise measurement of all digital flows in the underlying hardware and the detection of security vulnerabilities by capturing harmful flows of information. In addition, hardware/software security co-verification can be achieved with the aid of information flow measurement capability provided by the information flow model of the instruction set architecture.%现代处理器架构中的缓存器、分支预测器等部件通常都包含难以检测的隐通道,成为攻击者入侵系统的切入点。现有方法难以有效地检测硬件相关的隐通道,从而使得这些安全漏洞往往在攻击造成严重损失后才暴露出来。该文构建了一种基于执行租赁机制的安全体系架构,以严格控制不可信执行环境的影响边界,保证不同执行环境之间的严格隔离,并采用门级抽象层次上的信息流分析方法,建立硬件架构的信息流模型,实现对硬件中全部逻辑信息流的精确度量,通过捕捉有害信息流动来检测硬件架构中潜在的安全漏洞,进而通过指令集架构的信息流模型向上层提供信息流度量能力,以实现软硬件联合安全验证。
展开▼
