System, method and computer-accessible medium for security verification of third party intellectual property cores
US-2016098558-A1 · Apr 7, 2016 · US
Method, checking device, and system for determining security of a processor
US10423795B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10423795-B2 |
| Application number | US-201715804188-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 6, 2017 |
| Priority date | Feb 20, 2017 |
| Publication date | Sep 24, 2019 |
| Grant date | Sep 24, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure provides a method, a checking device and a system for determining security of a processor. The method comprises: setting an initial running state of the checking device according to initial running state information of the processor during the target running process, and taking input information of the processor during the target running process as input information of the checking device; causing the checking device to execute a task of the target running process in a manner conforming to predefined behavior to obtain at least one of output information and final running state information of the checking device, wherein the predefined behavior is a standard of hardware behavior of the processor; and determining whether the processor is secure during the target running process according to at least one of the output information and the final running state information of the checking device when the checking device completes the task of the target running process.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for determining security of a processor, comprising: acquiring an initial running state of the processor during a target running process through at least one of software and an interface of hardware at a beginning of the target running process, to obtain initial running state information of the processor during the target running process, wherein, the target running process is a sub-process of a real-time running process of the processor; recording data read by the processor from a memory and at least one of a peripheral, an analog circuit inside the processor and a non-deterministic digital circuit inside the processor, to obtain input information of the processor during the target running process; setting an initial running state of a checking device according to initial running state information of the processor during the target running process, and taking input information of the processor during the target running process as input information of the checking device; causing the checking device to execute a task of the target running process in a manner conforming to predefined behavior to obtain at least one of output information and final running state information of the checking device, wherein the predefined behavior is a standard of hardware behavior of the processor; determining whether the processor is secure during the target running process according to at least one of the output information and the final running state information of the checking device, when the checking device completes the task of the target running process. 2. The method of claim 1 , wherein before determining whether the processor is secure during the target running process according to at least one of the output information and the final running state information of the checking device, the method further comprises: at least one of the followings: recording data wrote to at least one of the peripheral and the memory by the processor, to obtain the output information of the processor during the target running process: and acquiring a final running state of the processor during the target running process through at least one of the software and the interface of the hardware at a termination of the target running process, to obtain the final running state information of the processor during the target running process: the determining whether the processor is secure during the target running process according to at least one of the output information and the final running state information of the checking device further comprises: at least one of the followings: comparing the output information of the checking device with the output information of the processor during the target running process to obtain a first comparison result, and comparing the final running state information of the checking device with the final running state information of the processor during the target running process to obtain a second comparison result; determining whether the processor is secure during the target running process according to at least one of the first comparison result and the second comparison result. 3. The method of claim 2 , wherein determining whether the processor is secure during the target running process according to at least one of the first comparison result and the second comparison result further comprises: if determining whether the processor is secure during the target running process according to the first comparison result and the second comparison result: determining that the processor is secure during the target running process, when the first comparison result indicates that the output information of the checking device is consistent with the output information of the processor during the target running process and the second comparison result indicates that the final running state information of the checking device is consistent with the final running state information of the processor during the target running process; determining that the processor is not secure during the target running process, when the first comparison result indicates that the output information of the checking device is not consistent with the output information of the processor during the target running process or the second comparison result indicates that the final running state information of the checking device is not consistent with the final running state information of the processor during the target running process. 4. The method of claim 2 , wherein the output information of the processor during the target running process and the output information of the checking device respectively comprise at least one of output data and output time; and wherein comparing the output information of the checking device with the output information of the processor during the target running process to obtain the first comparison result further comprising: comparing the output information of the checking device with the output information of the processor during the target running process to obtain the first comparison result, according to at least one of an order of the output data and contents of the output data. 5. The method of claim 1 , wherein before determining whether the processor is secure during the target running process according to at least one of the output information and the final running state information of the checking device, the method further comprises: determining whether at least one of the initial running state and the final running state of the processor during the target running process is legal, according to the predefined behavior. 6. The method of claim 1 , wherein: the initial running state information of the processor during the target running process is data stored in a memory corresponding to a set of feature states at the beginning of the target running process; the final running state information of the processor during the target running process is data stored in a memory corresponding to a set of feature states at the termination of the target running process; wherein the output information and a next running state of the processor during the target running process can be determined based on a current running state, the input information, and the set of feature states of the processor during the target running process. 7. The method of claim 6 , wherein the memory comprises at least one of a registers and a cache. 8. The method of claim 6 , wherein the processor is an instruction set processor, and the set of feature states is determined according to an instruction set of the processor. 9. The method of claim 1 , wherein when causing the checking device to execute the task of the target running process in a manner conforming to the predefined behavior, the method further comprises: stopping, by the checking device, executing the task and determining that the processor is not secure during the target running process, when the checking device fails to execute the task. 10. A checking device for determining security of a processor, comprising: a tracing unit configured to acquire an initial running state of the processor during a target running process through at least one of software and an interface of hardware at a beginning of the target running process, to obtain initial running state information of the processor during the target running process, wherein, the target running process is a sub-process of a real-time running process of the processor; and record data read by the processor from a memory and at least one of a peripheral, an analog circuit inside the processor and a non-deterministic digital circuit inside the processor, to obtain the input information of the pro
Assignees
Inventors
Classifications
in cryptographic circuits · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Secure boot · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10423795B2 cover?
- The disclosure provides a method, a checking device and a system for determining security of a processor. The method comprises: setting an initial running state of the checking device according to initial running state information of the processor during the target running process, and taking input information of the processor during the target running process as input information of the checki…
- Who is the assignee on this patent?
- Univ Tsinghua
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 24 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).