[go: up one dir, main page]

CN201364577Y - Program execution safety enhancement module based on hardware embedded system - Google Patents

Program execution safety enhancement module based on hardware embedded system Download PDF

Info

Publication number
CN201364577Y
CN201364577Y CN 200920105085 CN200920105085U CN201364577Y CN 201364577 Y CN201364577 Y CN 201364577Y CN 200920105085 CN200920105085 CN 200920105085 CN 200920105085 U CN200920105085 U CN 200920105085U CN 201364577 Y CN201364577 Y CN 201364577Y
Authority
CN
China
Prior art keywords
information
logic circuit
module
comparison logic
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200920105085
Other languages
Chinese (zh)
Inventor
王翔
雷伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN 200920105085 priority Critical patent/CN201364577Y/en
Application granted granted Critical
Publication of CN201364577Y publication Critical patent/CN201364577Y/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

一种基于硬件的嵌入式系统程序执行安全增强模块,它由一个存储器组和一个信息分析比较逻辑电路组成。所述存储器组是由3个静态随机存储器构成,其主要功能是存储监控模型和堆栈映射存储;所述信息分析比较逻辑电路是模块的主控制部分,它接收外部的处理器输出的程序计数器信号,调用存储器组的信息,对嵌入式处理器的实时运行控制流行为的合法性进行判定;它由信息调用、监控比较、堆栈映射3个功能电路组成。存储器组与信息分析比较逻辑电路之间的数据信号端口、地址信号端口及读写控制信号端口进行互连。该模块通过对处理器执行路径信息的分析,判定其执行行为的合法性,由此可以阻止任何被判定为非法的执行行为。它增强了系统程序的安全性。

Figure 200920105085

A hardware-based embedded system program execution safety enhancement module is composed of a memory group and an information analysis and comparison logic circuit. The memory group is composed of 3 static random access memories, and its main function is to store the monitoring model and stack mapping storage; the information analysis and comparison logic circuit is the main control part of the module, which receives the program counter signal output by the external processor , calls the information of the memory group, and judges the legitimacy of the real-time operation control flow behavior of the embedded processor; it is composed of three functional circuits: information calling, monitoring comparison, and stack mapping. The data signal port, the address signal port and the read-write control signal port between the memory group and the information analysis and comparison logic circuit are interconnected. This module judges the legitimacy of its execution behavior by analyzing the processor execution path information, thereby preventing any execution behavior that is judged to be illegal. It enhances the security of system programs.

Figure 200920105085

Description

一种基于硬件的嵌入式系统程序执行安全增强模块 A Hardware-Based Embedded System Program Execution Security Enhancement Module

(一)技术领域(1) Technical field

本实用新型涉及一种增强程序执行安全的模块,尤其涉及一种基于硬件的嵌入式系统程序执行安全增强模块,它利用硬件辅助模式来进行程序执行监控,防止软件攻击带来的恶意执行行为的发生,阻止恶意代码的执行。属于嵌入式系统安全技术领域。The utility model relates to a module for enhancing program execution safety, in particular to a hardware-based embedded system program execution safety enhancement module, which utilizes a hardware-assisted mode to monitor program execution and prevent malicious execution behaviors caused by software attacks occurs, preventing the execution of malicious code. The invention belongs to the technical field of embedded system security.

(二)背景技术(2) Background technology

嵌入式系统在当今社会中扮演了越来越重要的角色,从消费电子产品到航空航天、军事产品,嵌入式系统和我们的关系越来越紧密了。然而在应用更为广泛的同时,嵌入式系统的运行安全问题也变得更加的重要。但是其资源受限特性使得相关的安全保护设计更加困难。Embedded systems are playing an increasingly important role in today's society. From consumer electronics products to aerospace and military products, embedded systems are getting closer and closer to us. However, while the application is more extensive, the operational safety of embedded systems has become more important. But its resource-constrained nature makes the related security protection design more difficult.

通常的软件攻击都是利用程序漏洞,为了增强嵌入式系统程序执行的安全性,通常有3种技术可以采用,它们是:基于软件的静态分析技术、基于软件的实时保护技术以及基于硬件的实时保护技术。第一种技术利用离线代码分析进行相关程序漏洞检测修复,避免攻击者在程序执行时利用这些漏洞进行攻击;第二种技术则通过软件方式在程序中加入监测代码的方式对程序实时执行加以监控,防止攻击导致的错误的程序执行行为;最后一种就是从硬件的角度来保障程序的执行行为的正确性,通过堆栈保护、安全协处理器等方式对程序的执行过程进行保护。本实用新型属于最后一种技术,利用一个与处理器并行运行的监控硬件模块来实现对处理器执行过程的实时监控,增强其安全性。The usual software attacks use program vulnerabilities. In order to enhance the security of embedded system program execution, there are usually three kinds of technologies that can be used. They are: software-based static analysis technology, software-based real-time protection technology and hardware-based real-time protection technology. protection technology. The first technology uses offline code analysis to detect and repair related program vulnerabilities to prevent attackers from exploiting these vulnerabilities during program execution; the second technology monitors the real-time execution of the program by adding monitoring code to the program through software , to prevent wrong program execution behavior caused by attacks; the last one is to ensure the correctness of program execution behavior from the perspective of hardware, and protect the program execution process through stack protection and security coprocessors. The utility model belongs to the last technology, and uses a monitoring hardware module running in parallel with the processor to realize real-time monitoring of the execution process of the processor and enhance its safety.

(三)发明内容(3) Contents of the invention

1、目的:本实用新型的目的是提供一种基于硬件的嵌入式系统程序执行安全增强模块,它是一种针对处理器执行状态的实时监控模块。该模块涉及一个用于监控的硬件,它与处理器并行运行,通过对处理器执行路径信息的分析,判定其执行行为的合法性,由此可以阻止任何被判定为非法的执行行为。1. Purpose: The purpose of this utility model is to provide a hardware-based embedded system program execution security enhancement module, which is a real-time monitoring module for the execution state of the processor. This module involves a hardware for monitoring, which runs in parallel with the processor, and determines the legality of its execution behavior by analyzing the processor execution path information, thereby preventing any execution behavior that is judged to be illegal.

2、技术方案:一种基于硬件的嵌入式系统程序执行安全增强模块,该模块由一个存储器组和一个信息分析比较逻辑电路组成。2. Technical solution: a hardware-based embedded system program execution safety enhancement module, which is composed of a memory group and an information analysis and comparison logic circuit.

所述存储器组是由3个静态随机存储器SRAM1,SRAM2和SRAM3(采用现有器件)构成,其主要功能是存储监控模型和堆栈映射存储。其中监控模型描述了程序的合法控制流行为的范围,是通过离线的程序分析得到的,包括函数信息与基本块信息。3个静态随机存储器中,SRAM1用于存储监控模型中的函数信息,SRAM2用于存储监控模型中的基本块信息,SRAM3则用于存储堆栈映射信息。利用该存储器组中的信息,可以得到一个确定的程序合法控制流行为描述。The memory group is composed of three SRAMs SRAM1, SRAM2 and SRAM3 (using existing devices), and its main function is to store monitoring models and stack map storage. The monitoring model describes the scope of the legal control flow behavior of the program, which is obtained through offline program analysis, including function information and basic block information. Among the three SRAMs, SRAM1 is used to store function information in the monitor model, SRAM2 is used to store basic block information in the monitor model, and SRAM3 is used to store stack mapping information. Using the information in the memory group, a definite description of the legal control flow behavior of the program can be obtained.

所述信息分析比较逻辑电路是模块的主控制部分,它接收外部的处理器输出的程序计数器信号,调用存储器组的信息,对嵌入式处理器的实时运行控制流行为的合法性进行判定,如果发现了非法的控制流行为,该电路发出中断控制信号输入到处理器相关的中断接口触发相应的中断应急响应。该部分主要由3个功能电路组成,分别是:1,信息调用;2,监控比较;3,堆栈映射。所述信息调用,完成对存储器的数据读出,每次发生控制流转换后,将开始计算下一次的控制流跳转可能目标所对应的SRAM中的信息地址。所述监控比较,是通过对存储器输出的数据信息(包括函数信息和基本块信息)进行分析计算,计算出下一次程序控制流跳转的可能的目标地址,即合法的执行路径,并且通过处理器的执行控制流信息(程序计数器PC)进行控制流转换的判定。所述堆栈映射,将模拟处理器中堆栈的运行过程,实时保存了函数调用的返回地址,并在函数返回时可以对该返回地址进行校验。The information analysis and comparison logic circuit is the main control part of the module, it receives the program counter signal output by the external processor, calls the information of the memory group, and judges the legality of the real-time operation control flow behavior of the embedded processor, if When an illegal control flow behavior is found, the circuit sends an interrupt control signal to the processor-related interrupt interface to trigger the corresponding interrupt emergency response. This part is mainly composed of 3 functional circuits, which are: 1, information call; 2, monitoring comparison; 3, stack mapping. The information call completes the data reading from the memory, and after each control flow conversion occurs, it will start to calculate the information address in the SRAM corresponding to the possible target of the next control flow jump. The monitoring comparison is to calculate the possible target address of the next program control flow jump by analyzing and calculating the data information (including function information and basic block information) output by the memory, that is, the legal execution path, and through processing The execution control flow information (program counter PC) of the device is used to determine the control flow transition. The stack map simulates the running process of the stack in the processor, saves the return address of the function call in real time, and can verify the return address when the function returns.

存储器组与信息分析比较逻辑电路之间的数据信号端口、地址信号端口及读写控制信号端口进行互连。信息分析比较逻辑电路通过输出读写控制信号及地址信号到存储器组,以对存储器组的相应地址进行读写控制。数据信号则是一个双向信号,对于存储器组和信息分析比较逻辑电路而言,它可以是输入信号也可能是输出信号,这都取决于读写操作的类型。The data signal port, the address signal port and the read-write control signal port between the memory group and the information analysis and comparison logic circuit are interconnected. The information analysis and comparison logic circuit outputs the read-write control signal and the address signal to the memory group to control the corresponding address of the memory group for reading and writing. The data signal is a bidirectional signal. For memory banks and information analysis and comparison logic circuits, it can be an input signal or an output signal, which depends on the type of read and write operations.

本实用新型可以检测出任何违背合法定义的程序执行行为。这种实时监控模块主要具备以下几个优点:The utility model can detect any program execution behavior that violates the legal definition. This real-time monitoring module mainly has the following advantages:

(1)本实用新型所涉及的硬件监控模块因为采用了基于程序控制流的设计,对任何种类的攻击都有很好的监控效果。(1) Because the hardware monitoring module involved in the utility model adopts the design based on program control flow, it has a good monitoring effect on any kind of attack.

(2)本实用新型所涉及的硬件监控模块,通过硬件优化,能够实现在一个时钟周期内的实时检测,大大提高了检测效率。(2) The hardware monitoring module involved in the utility model can realize real-time detection within one clock cycle through hardware optimization, which greatly improves the detection efficiency.

(3)本实用新型所涉及的硬件监控模块具有独立性,监控模块本身具备软件攻击的不敏感性。(3) The hardware monitoring module involved in the utility model is independent, and the monitoring module itself has insensitivity to software attacks.

(4)本实用新型所涉及的监控模块对硬件资源的占用少,在提高了可靠性的同时降低了监测成本。(4) The monitoring module involved in the utility model occupies less hardware resources, and reduces monitoring cost while improving reliability.

(5)本实用新型所涉及的硬件监控模块不需要改变原有嵌入式系统的开发程序,只需对程序进行离线分析,将分析得到的监控模型存入监控硬件的存储器中,不需修改硬件逻辑。(5) The hardware monitoring module involved in the utility model does not need to change the development program of the original embedded system, only needs to analyze the program offline, and store the monitoring model obtained by the analysis into the memory of the monitoring hardware without modifying the hardware logic.

(6)本实用新型所涉及的硬件监控模块具有很好的可扩展性,能适应不同种类的嵌入式系统。(6) The hardware monitoring module involved in the utility model has good scalability and can adapt to different types of embedded systems.

(四)附图说明(4) Description of drawings

图1是本实用新型模块与传统嵌入式系统的关系示意图Fig. 1 is a schematic diagram of the relationship between the utility model module and the traditional embedded system

图2是本实用新型模块结构示意图Fig. 2 is a schematic diagram of the module structure of the present invention

图3是具备本实用新型模块的系统的应用开发流程示意图Fig. 3 is a schematic diagram of the application development process of the system possessing the module of the present invention

图中符号说明如下:The symbols in the figure are explained as follows:

SRAM1静态存储器1;SRAM2静态存储器2;SRAM3静态存储器3。SRAM1 static memory 1; SRAM2 static memory 2; SRAM3 static memory 3.

(五)具体实施方式(5) Specific implementation methods

见图1、图2、图3所示,其具体实施方式如下:See Fig. 1, Fig. 2, shown in Fig. 3, its specific implementation is as follows:

如图2所示为一种基于硬件的嵌入式系统程序执行安全增强模块的结构示意图,由图中可以看出该模块由一个存储器组(右部分方框所示)和一个信息分析比较逻辑电路(左部分方框所示)组成。所述模块接收控制流信息,输出中断控制信号。该模块需要完成程序执行的实时状态监控及相应监控反馈信号的生成。As shown in Figure 2, it is a schematic structural diagram of a hardware-based embedded system program execution security enhancement module. It can be seen from the figure that the module consists of a memory bank (shown in the right part of the box) and an information analysis and comparison logic circuit (shown in the box on the left part). The module receives control flow information and outputs interrupt control signals. This module needs to complete the real-time status monitoring of program execution and the generation of corresponding monitoring feedback signals.

所述存储器组是包括3个静态随机存储器:SRAM1,SRAM2和SRAM3,当然也可以用其它类型存储器(如动态存储器DRAM等)来代替。这3个存储器中的SRAM1和SRAM2的被用于存储监控模型中的函数信息和基本块信息。所述监控模型是通过软件进行的离线的程序控制流分析而得到的,包括函数信息和基本块信息。监控模型的功能则是对程序运行的合法控制流执行路径进行描述,其中函数信息包括函数的首地址和对应基本块的索引;基本块信息包括基本块类型、首地址、目标索引和对应函数索引。利用SRAM1和SRAM2中存储的函数信息及基本块信息,可以对静态分析的程序合法控制流执行路径进行描述。SRAM3被用于存储堆栈映射信息,该部分信息是实时动态跟新的,它模拟了一个处理器堆栈存储功能,利用这个堆栈映射信息可以推断出函数返回地址,从而保证对整个程序的合法控制流路径进行完整描述。3个静态随机存储器没有互连的接口。The memory group includes three SRAMs: SRAM1, SRAM2 and SRAM3, and of course other types of memories (such as dynamic memory DRAM, etc.) can also be used instead. SRAM1 and SRAM2 in the three memories are used to store function information and basic block information in the supervisory model. The monitoring model is obtained through off-line program control flow analysis by software, including function information and basic block information. The function of the monitoring model is to describe the legal control flow execution path of program operation, where the function information includes the first address of the function and the index of the corresponding basic block; the basic block information includes the basic block type, the first address, the target index and the corresponding function index . Using the function information and basic block information stored in SRAM1 and SRAM2, the legal control flow execution path of the statically analyzed program can be described. SRAM3 is used to store stack mapping information, which is dynamically updated in real time. It simulates a processor stack storage function. Using this stack mapping information, the function return address can be deduced, thereby ensuring the legal control flow of the entire program. The path is fully described. The three SRAMs have no interconnection interface.

所述信息分析比较逻辑电路接收外部的嵌入式处理器输出的程序计数器信号,调用存储器组的信息,对嵌入式处理器的实时运行控制流行为的合法性进行监控。所述电路主要由3个功能部分组成,分别是:信息调用、监控比较和堆栈映射控制。信息调用完成对存储器的数据读出,每次发生控制流转换后,将开始计算下一次的控制流跳转可能目标所对应的SRAM中的信息地址。监控比较是通过对存储器输出的数据信息(包括函数信息和基本块信息)进行分析计算,计算出下一次程序控制流跳转的可能的目标地址,即合法的执行路径,并且通过处理器的执行控制流信息(程序计数器PC)进行控制流转换的判定,如果发生转换,则将实际跳转地址和之前计算出的地址进行比较,如果不一致则生成一个反馈控制信号中断处理器的运行,并让其执行相应的安全响应机制。堆栈映射将模拟处理器中堆栈的运行过程,当程序执行过程中发生了函数调用,则将当前的函数信息索引和基本块信息索引压入栈中,即将堆栈值存储在SRAM中之后,再将SRAM地址加一。如果当前的基本块跳转类型为函数返回,则将堆栈映射SRAM2中当前地址的数据推出,并将地址减一。这样就保存了函数的返回地址,并在函数返回时可以对该返回地址进行校验,如果程序时由于堆栈溢出攻击而导致返回地址破坏,则该模块可以很好的将其检测。The information analysis and comparison logic circuit receives the program counter signal output by the external embedded processor, calls the information of the memory group, and monitors the validity of the real-time operation control flow behavior of the embedded processor. The circuit is mainly composed of three functional parts, namely: information calling, monitoring comparison and stack mapping control. The information call completes the data reading of the memory, and after each control flow conversion, it will start to calculate the information address in the SRAM corresponding to the possible target of the next control flow jump. Monitoring comparison is to calculate the possible target address of the next program control flow jump by analyzing and calculating the data information (including function information and basic block information) output by the memory, that is, the legal execution path, and through the execution of the processor The control flow information (program counter PC) determines the control flow conversion. If a conversion occurs, the actual jump address is compared with the previously calculated address. If they are inconsistent, a feedback control signal is generated to interrupt the operation of the processor and let It executes the corresponding security response mechanism. The stack map will simulate the running process of the stack in the processor. When a function call occurs during program execution, the current function information index and basic block information index will be pushed into the stack, that is, after the stack value is stored in SRAM, then the SRAM address plus one. If the current basic block jump type is a function return, the data of the current address in the stack mapping SRAM2 is pushed out, and the address is decremented by one. In this way, the return address of the function is saved, and the return address can be verified when the function returns. If the return address is damaged due to a stack overflow attack during the program, the module can detect it well.

存储器组和信息分析比较逻辑电路的连接信号包括有数据信号,地址信号与读写控制信号。其中数据信号是一个双向信号,当进行存储器写操作时,数据信号走向由信息分析比较逻辑电路至存储器,当进行存储器读操作时,其信号走向则刚好相反。另外地址信号和读写控制信号的信号走向都是由信息分析比较逻辑电路至存储器。The connection signals of the memory group and the information analysis and comparison logic circuit include data signals, address signals and read-write control signals. The data signal is a bidirectional signal. When the memory write operation is performed, the data signal direction is from the information analysis and comparison logic circuit to the memory. When the memory read operation is performed, the signal direction is just opposite. In addition, the signal directions of the address signal and the read/write control signal are sent from the information analysis and comparison logic circuit to the memory.

实际应用中,该模块需要与嵌入式处理器相连接,如图1所示,传统的嵌入式处理器与安全增强模块之间通过硬线连接,交互执行流信息和中断控制信息,两者之间在实时运行时并行运行。对于采用了该模块的嵌入式系统,其相应的开发流程如图3所示:左上方的部分与一般的嵌入式系统软件开发流程一致,而差别仅仅在右上方部分,需要对目标代码及二进制代码进行程序分析,提取信息并生成描述程序合法控制流行为的监控模型,再将监控模型存储于相应的监控存储器中。当二进制代码程序和监控模型都已存好,就可以运行系统,处理器与监控硬件将并行运行,监控硬件接收处理器的执行信息并对其控制流进行验证。从整个开发流程可以看出,该系统开发流程并不改变处理器相关的传统开发流程,而只是增加了一些额外的与监控有关的流程,这对于其应用是有很大的好处的,因为其意味着它对以往的软件是有继承性的,即原有的软件要移植到这个系统中不用改变原来的设计。In practical application, the module needs to be connected with the embedded processor. As shown in Figure 1, the traditional embedded processor and the security enhancement module are connected by hard wires, and the execution flow information and interrupt control information are exchanged. run in parallel during real-time runtime. For the embedded system using this module, its corresponding development process is shown in Figure 3: the upper left part is consistent with the general embedded system software development process, and the difference is only in the upper right part, which requires the target code and binary The code performs program analysis, extracts information and generates a monitoring model describing the legal control flow behavior of the program, and then stores the monitoring model in the corresponding monitoring memory. When the binary code program and the monitoring model have been saved, the system can be run. The processor and the monitoring hardware will run in parallel. The monitoring hardware receives the execution information of the processor and verifies its control flow. It can be seen from the entire development process that the system development process does not change the traditional development process related to the processor, but only adds some additional processes related to monitoring, which is of great benefit to its application, because its It means that it is inherited to the previous software, that is, the original software needs to be transplanted into this system without changing the original design.

Claims (1)

1、一种基于硬件的嵌入式系统程序执行安全增强模块,其特征在于:该模块由一个存储器组和一个信息分析比较逻辑电路组成;1. A hardware-based embedded system program execution security enhancement module is characterized in that: the module is composed of a memory bank and an information analysis and comparison logic circuit; 所述存储器组是由3个静态随机存储器SRAM1,SRAM2和SRAM3构成,SRAM1存储监控模型中的函数信息,SRAM2存储监控模型中的基本块信息,SRAM3存储堆栈映射信息;3个静态存储器没有互连的接口;Described memory bank is made up of 3 SRAMs SRAM1, SRAM2 and SRAM3, and SRAM1 stores the function information in the monitoring model, SRAM2 stores the basic block information in the monitoring model, and SRAM3 stores stack mapping information; 3 static memories are not interconnected Interface; 所述信息分析比较逻辑电路是模块的主控制部分,它接收外部的处理器输出的程序计数器信号,它由信息调用、监控比较和堆栈映射3个功能电路组成;The information analysis and comparison logic circuit is the main control part of the module, it receives the program counter signal output by the external processor, and it is composed of three functional circuits: information call, monitoring comparison and stack mapping; 存储器组与信息分析比较逻辑电路之间的数据信号端口、地址信号端口及读写控制信号端口进行互连,信息分析比较逻辑电路通过输出读写控制信号及地址信号到存储器组,以对存储器组的相应地址进行读写控制;数据信号则是一个双向信号,对于存储器组和信息分析比较逻辑电路而言,它可以是输入信号也可能是输出信号。The data signal port, address signal port and read-write control signal port between the memory group and the information analysis and comparison logic circuit are interconnected, and the information analysis and comparison logic circuit outputs the read-write control signal and address signal to the memory group to control the memory group The corresponding address is used for read and write control; the data signal is a bidirectional signal, which can be an input signal or an output signal for the memory bank and information analysis and comparison logic circuit.
CN 200920105085 2009-01-15 2009-01-15 Program execution safety enhancement module based on hardware embedded system Expired - Fee Related CN201364577Y (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200920105085 CN201364577Y (en) 2009-01-15 2009-01-15 Program execution safety enhancement module based on hardware embedded system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200920105085 CN201364577Y (en) 2009-01-15 2009-01-15 Program execution safety enhancement module based on hardware embedded system

Publications (1)

Publication Number Publication Date
CN201364577Y true CN201364577Y (en) 2009-12-16

Family

ID=41475247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200920105085 Expired - Fee Related CN201364577Y (en) 2009-01-15 2009-01-15 Program execution safety enhancement module based on hardware embedded system

Country Status (1)

Country Link
CN (1) CN201364577Y (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10223117B2 (en) 2014-09-11 2019-03-05 Nxp B.V. Execution flow protection in microcontrollers

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10223117B2 (en) 2014-09-11 2019-03-05 Nxp B.V. Execution flow protection in microcontrollers

Similar Documents

Publication Publication Date Title
Biondi et al. A safe, secure, and predictable software architecture for deep learning in safety-critical systems
CN101477605B (en) Embedded system program execution safety enhancing module based on hardware
JP2005050329A (en) Dependable microcontroller, method for detecting fault in microcontroller, method for designing fault permission system for dependable microcontroller, and computer program product therefor
WO2011156021A2 (en) Systems and methods for detecting design-level attacks against a digital circuit
CN104636275A (en) Information protecting method and device of MCU chip
Zalewski et al. Threat modeling for security assessment in cyberphysical systems
CN103617120A (en) Unit testing method and device
CN116032553B (en) False data injection attack detection method, detection terminal and storage medium
Shi et al. ORIENTAIS: Formal verified OSEK/VDX real-time operating system
US9767270B2 (en) Method for dynamic generation and modification of an electronic entity architecture
CN102439567A (en) Distributed virtual machine access exception processing method and virtual machine monitor
CN106650434A (en) IO sequence-based virtual machine abnormal behavior detection method and system
Ruchkin et al. Eliminating inter-domain vulnerabilities in cyber-physical systems: An analysis contracts approach
CN107807812A (en) A kind of hardware vulnerability assessment method based on HDL code
CN201364577Y (en) Program execution safety enhancement module based on hardware embedded system
CN112287357A (en) A control flow verification method and system for embedded bare metal system
Manino et al. NeuroCodeBench: a plain C neural network benchmark for software verification
CN201203868Y (en) A Trusted Platform Module
CN119538246B (en) A method for detecting and analyzing malicious transactions in smart contracts based on dynamic data storage
KR20200116311A (en) Apparatus for verifying kernel integrity and method therefor
CN114090499A (en) Memory access unit verification system, device and storage medium
CN112231165A (en) Memory fault simulation method based on link library injection and memory mapping mode
Schwarz Software-based side-channel attacks and defenses in restricted environments
WO2018010794A1 (en) Device and method for preventing memory data leakage
Bramley et al. On the measurement of safe fault failure rates in high-performance compute processors

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091216

Termination date: 20110115