基于PowerPC的安全隔离执行架构设计
发布时间:2018-12-30 13:02
【摘要】:随着计算机信息系统的迅猛发展,信息系统安全成为一个举足轻重的问题,其在军事、民用等诸多领域产生着日益重要的影响。然而随着现代计算机系统中底层系统软件层代码数量和复杂度的增加,其中所隐藏的可能被恶意攻击者所利用的漏洞数量也随之增加。仅通过软件来防御恶意攻击的传统方法已经变得越来越困难,使用硬件协助进行安全防护已经成为当前安全防护技术的主流。同时,IBM公司宣布向研究与学术机构免费开放在嵌入式处理器中有着广泛应用的PowerPC架构。因此,本文对应用于Power PC处理器之上的安全技术进行了研究。本文提出并验证了一种适用于Power PC处理器的安全架构,基于隔离执行的思想将PowerPC处理器运行状态划分为安全状态与非安全状态,保证敏感程序及数据运行在安全状态下,免受恶意攻击的侵扰。本文完成了对PowerPC处理器的安全扩展设计,新增一个用于控制处理器安全状态切换的处理器模式,并对寄存器、中断、指令集等进行了相应扩展和修改,同时对诸如存储系统、DMA、Cache、MMU等所有硬件资源进行了安全架构扩展设计,不仅消除了对专用安全处理器内核的需求,同时也节省了芯片面积和功耗。最后,本文使用高层建模的方法在QEMU仿真平台上对上述设计进行建模,并分别对扩展后的指令集,安全访存流程,安全Cache访问流程的正确性和安全性进行了测试,实验结果表明本文提出的安全架构可以对安全环境下运行的应用进行有效的保护。
[Abstract]:With the rapid development of computer information system, information system security has become a pivotal issue, which has become increasingly important in military, civilian and other fields. However, with the increase in the number and complexity of software layer code in modern computer systems, the number of vulnerabilities that may be exploited by malicious attackers increases. It has become more and more difficult to defend against malicious attacks only by software, and the use of hardware to assist in security protection has become the mainstream of current security protection technology. At the same time, IBM announced that the PowerPC architecture, which is widely used in embedded processors, is free to research and academic institutions. Therefore, the security technology applied to Power PC processor is studied in this paper. This paper proposes and verifies a security architecture suitable for Power PC processors. Based on the idea of isolated execution, the running state of PowerPC processor is divided into secure state and non-secure state, which ensures that sensitive programs and data run in safe state. Be protected from malicious attacks. In this paper, the security extension design of PowerPC processor is completed, a new processor mode is added to control the switch of processor security state, and the register, interrupt, instruction set and so on are extended and modified accordingly, at the same time, the storage system is also introduced. All hardware resources such as DMA,Cache,MMU are designed to extend the security architecture, which not only eliminates the need for special security processor kernel, but also saves the chip area and power consumption. Finally, this paper uses the method of high-level modeling to model the above design on the QEMU simulation platform, and tests the correctness and security of the extended instruction set, secure memory access process and secure Cache access process respectively. Experimental results show that the proposed security architecture can effectively protect applications running in a secure environment.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP332;TP309
本文编号:2395615
[Abstract]:With the rapid development of computer information system, information system security has become a pivotal issue, which has become increasingly important in military, civilian and other fields. However, with the increase in the number and complexity of software layer code in modern computer systems, the number of vulnerabilities that may be exploited by malicious attackers increases. It has become more and more difficult to defend against malicious attacks only by software, and the use of hardware to assist in security protection has become the mainstream of current security protection technology. At the same time, IBM announced that the PowerPC architecture, which is widely used in embedded processors, is free to research and academic institutions. Therefore, the security technology applied to Power PC processor is studied in this paper. This paper proposes and verifies a security architecture suitable for Power PC processors. Based on the idea of isolated execution, the running state of PowerPC processor is divided into secure state and non-secure state, which ensures that sensitive programs and data run in safe state. Be protected from malicious attacks. In this paper, the security extension design of PowerPC processor is completed, a new processor mode is added to control the switch of processor security state, and the register, interrupt, instruction set and so on are extended and modified accordingly, at the same time, the storage system is also introduced. All hardware resources such as DMA,Cache,MMU are designed to extend the security architecture, which not only eliminates the need for special security processor kernel, but also saves the chip area and power consumption. Finally, this paper uses the method of high-level modeling to model the above design on the QEMU simulation platform, and tests the correctness and security of the extended instruction set, secure memory access process and secure Cache access process respectively. Experimental results show that the proposed security architecture can effectively protect applications running in a secure environment.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP332;TP309
【参考文献】
相关期刊论文 前2条
1 王高祖;李伟华;徐艳玲;史豪斌;;基于TrustZone技术和μCLinux的安全嵌入式系统设计与实现[J];计算机应用研究;2008年06期
2 邢文峰,姚庆栋,史册,高磊;一种高速灵活的指令仿真器[J];计算机工程;2004年22期
相关硕士学位论文 前1条
1 秦鹏;可重定向动态二进制翻译器中浮点运算单元的设计与实现[D];上海交通大学;2008年
,本文编号:2395615
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2395615.html
