CN114547651B - Operating system interrupt context protection method based on chained encryption - Google Patents
Operating system interrupt context protection method based on chained encryption Download PDFInfo
- Publication number
- CN114547651B CN114547651B CN202210153268.3A CN202210153268A CN114547651B CN 114547651 B CN114547651 B CN 114547651B CN 202210153268 A CN202210153268 A CN 202210153268A CN 114547651 B CN114547651 B CN 114547651B
- Authority
- CN
- China
- Prior art keywords
- register
- thread
- key
- value
- interrupt context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000008859 change Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an operating system interrupt context protection method based on chained encryption, which comprises the steps of selecting a plurality of registers as key registers in a processor, setting a master key register when a system is started, generating a thread key when a thread is newly established, loading the thread key into the thread key register, encrypting and storing the thread key into a memory by utilizing the master key, reading the thread key of the thread to be operated from the memory when the thread is switched, decrypting by utilizing the master key, loading the thread key into the thread key register and the like; for confidentiality protection of interrupt context, the invention designs chained encryption and decryption, and uses the plaintext of the previous register as tweak in the adjustable block cipher to encrypt (decrypt) the latter register. For the integrity protection of the interrupt context, the invention verifies the integrity of all the registers in the interrupt context with low performance and storage overhead by additionally encrypting and decrypting a zero at the last of chained encryption and decryption.
Description
Technical Field
The present invention relates to kernel data protection of an operating system, and in particular, to a method for protecting confidentiality and integrity of an interrupt context of an operating system based on chained encryption.
Background
The operating system kernel is the basic stone of modern software and software. But memory security is a serious threat to kernel security. In order to prevent critical data in kernel memory from being leaked or tampered, computer security researchers have proposed methods for protecting confidentiality of randomized data memory representations and for protecting integrity using message authentication codes. These methods tend to only protect the data in memory and not the data in registers. When an interrupt occurs, the kernel will directly store the current register value into memory, giving an attacker the opportunity to leak or tamper with the data. In fact, projectZero researchers have successfully bypassed the protection of the code pointer by the iOS pointer authentication mechanism by modifying the registers stored in the interrupt context. Thus, a sophisticated kernel data protection method must also protect the confidentiality and integrity of interrupt contexts.
For the protection of interrupt context, the conventional data protection method is not suitable for direct application: encrypting only each register in the interrupt context does not protect integrity; calculating the message authentication code separately for each register incurs a significant amount of storage overhead and memory access overhead. Therefore, there is a need for a protection method for interrupt contexts that protects the confidentiality and integrity of interrupt contexts with less storage and performance overhead.
Disclosure of Invention
The invention aims to improve the defects of the prior art, provides an operating system interrupt context protection method based on chained encryption, and realizes that the operating system interrupt context provides confidentiality and integrity protection.
The invention is realized by the following technical scheme:
The invention discloses a method for protecting interrupt context of an operating system based on chained encryption, which comprises the following steps:
Step one: selecting a plurality of registers as key registers in a processor, setting a master key register when a system is started, generating a thread key when a thread is newly built, loading the thread key into the thread key register, encrypting and storing the thread key into a memory by using the master key, reading the thread key of the thread to be operated from the memory when the thread is switched, decrypting by using the master key, and loading the thread key into the thread key register; a thread key is allocated to each thread, and is used for ensuring that each thread encrypts an interrupt context by using different keys, preventing an attacker from bypassing the integrity check by replacing the encrypted interrupt context of different threads, and in addition, the thread key in the memory is encrypted and protected by a master key, so that the thread key is prevented from being leaked;
Step two: in interrupt processing, before the operating system stores the register of the current thread into the memory, the value of the register is encrypted in a chained mode by using the adjustable block cipher and the thread key, and finally, a zero is encrypted in an additional chained mode;
Step three: in interrupt processing, after the operating system loads the current thread register from memory, the value of the register is chained decrypted with the thread key using the adjustable block cipher and the integrity is verified by the last decrypted zero.
As a further improvement, the second step of the invention specifically comprises: after encrypting the first register, encrypt the ith register (i > 1) with the plaintext of the (i-1) th register as tweak of the adjustable block cipher until the last register, and in addition, encrypt zero with the plaintext of the last register as tweak, and finally store all the above encrypted values into the memory. For two adjacent registers, the plaintext of the former register is taken as the encrypted tweak of the latter register, which ensures that the value of the latter register will be the decrypted value of the former register when decrypting; furthermore, the last extra encrypted zero is used for integrity checking at decryption.
As a further improvement, the third step of the invention is specifically: after decrypting the first register, decrypting the ith register (i > 1) with the decrypted value of the ith-1 st register as tweak of the adjustable block cipher until the encrypted value of zero in step two is decrypted with the decrypted value of the last register as tweak, and checking the integrity of the interrupt context by comparing whether the last decrypted value is zero; if the last decrypted value is not zero, the interrupt context is tampered, and the kernel crashes. For two adjacent registers, the decryption value of the former register is taken as tweak of the decryption of the latter register, and the chained decryption ensures that as long as the value of one register is modified to cause the decryption value to be different from the original value, the decryption values of all the subsequent registers are different from the original value, and finally the decryption value of the ending zero is a non-zero value and cannot pass the integrity check.
The beneficial effects of the invention are as follows:
Aiming at the problem of interrupt context protection of an operating system, the invention designs an operating system interrupt context protection method based on chained encryption based on an adjustable block cipher, and has lower storage and performance cost. For confidentiality protection of interrupt context, the invention designs chained encryption and decryption, and uses the plaintext of the previous register as tweak in the adjustable block cipher to encrypt (decrypt) the latter register. On the one hand, chained encryption ensures that the encrypted value of a register depends on the values of all registers preceding it, so that in different interrupt contexts, even if the value of one register is unchanged, its encrypted value will change as the values of the other registers change; chained decryption, on the other hand, ensures that if the value of a certain register is tampered with, then the values of all registers following it will also be erroneously decrypted.
For the integrity protection of the interrupt context, the invention verifies the integrity of all the registers in the interrupt context with low performance and storage overhead by additionally encrypting and decrypting a zero at the last of chained encryption and decryption. Chained decryption ensures that if a certain register value in the interrupt context is tampered with, this last zero is decrypted incorrectly, i.e. to a non-zero value, so that the integrity of all interrupt context registers can be checked by only checking if the last decrypted value is zero.
Finally, the invention distributes thread keys for each thread, further diversifies the encryption of interrupt contexts of different threads, and prevents an attacker from implementing interrupt context reuse attack among threads; meanwhile, the invention solves the problem of thread key protection by introducing the master key which is unreadable by the kernel. When the thread key is not available, an attacker can completely replace the encrypted value of the interrupt context of one thread with the encrypted value of the interrupt context of another thread, thereby bypassing the integrity check; however, by introducing the thread key, the keys of different thread interrupt contexts are different, and even if an attacker implements the reuse attack, the attack is detected because the encrypted and decrypted keys are different. The invention fills the gap of the prior kernel data protection method of the operating system, can be combined with various data protection methods, prolongs the protection period of key kernel data, and improves the capability of the system for resisting memory safety problems.
Drawings
FIG. 1 is a flow chart of operating system interrupt context protection.
Detailed Description
In the following, the overall architecture of the present invention is described with reference to the accompanying drawings, and fig. 1 is a flowchart of the interrupt context protection of the operating system, and a visual description is made of the encryption and decryption process of the interrupt context. As shown in fig. 1, the present invention includes the following steps:
step one: and selecting a plurality of registers in the processor as key registers for storing keys for subsequent encryption. At system start-up, the master key register is set to a random value by the firmware. When a thread is newly built, a random thread key is generated and loaded into a thread key register, and the thread key is stored in a memory in an encrypted manner by utilizing a master key (tweak with a storage address as an adjustable block password). When the thread is switched, the thread key of the thread to be operated is read from the memory, decrypted by the master key and then loaded into the thread key register. In addition, in order to prevent an attacker from leaking the value of the key register, it is necessary to reasonably set the authority of the key register: the user state program can not read and write all key registers; the operating system kernel can only write the thread key register, but cannot read the thread key register or read and write the master key register.
Step two: before the operation system stores the register of the current thread into the memory in the earlier stage of interrupt processing, the adjustable block cipher is utilized to carry out chained encryption on the value of the register by using the thread key, which is specifically as follows: after encrypting the first register, encrypt the i-1 (i > 1) with the plaintext of the i-1 (i-1) as tweak until the last register is encrypted; in addition, the zero is encrypted with the plaintext of the last register additionally taken as tweak; and finally, storing all the encrypted values into a memory. In addition, the encryption mode may be further diversified by selecting a different tweak encryption first register. For example, the current stack pointer may be selected as tweak, which may cause interrupt context encryption patterns on different addresses to be different, preventing an attacker from bypassing the defense by exchanging interrupt contexts on different addresses. Even if an attacker completely replaces an interrupt context encryption value with an interrupt context encryption value at another address, the last zero will be decrypted to be non-zero at decryption due to their first encrypted tweak being different, resulting in the attack being detected.
Step three: in the later stage of interrupt processing, after the current thread register is loaded from the memory by the operating system, the value of the register is decrypted in a chained manner by using the thread key by utilizing the adjustable block cipher, specifically: after decrypting the first register, the i-1 th register (i > 1) is decrypted with the decrypted value of the i-1 st register as tweak, until the encrypted value of zero in step two is decrypted with the decrypted value of the last register as tweak, and the integrity of the interrupt context is checked by comparing whether the last decrypted value is zero. If the last decrypted value is not zero, the interrupt context is tampered, and the kernel crashes.
It will be appreciated by persons skilled in the art that the foregoing description is only a single example of the invention and is not intended to limit the invention, and that although the invention has been described in detail with reference to the foregoing examples, it will be apparent to those skilled in the art that modifications may be made to the technical solutions described in the foregoing examples, or that equivalents may be substituted for part of the technical features thereof. Modifications, equivalents, and alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (3)
1. The operating system interrupt context protection method based on chained encryption is characterized by comprising the following steps:
Step one: selecting a plurality of registers as key registers in a processor, setting a master key register when a system is started, generating a thread key when a thread is newly built, loading the thread key into the thread key register, encrypting and storing the thread key into a memory by using the master key, reading the thread key of the thread to be operated from the memory when the thread is switched, decrypting by using the master key, and loading the thread key into the thread key register;
Step two: in interrupt processing, before the operating system stores the register of the current thread into the memory, the value of the register is encrypted in a chained mode by using the adjustable block cipher and the thread key, and finally, a zero is encrypted in an additional chained mode;
Step three: in interrupt processing, after the operating system loads the current thread register from memory, the value of the register is chained decrypted with the thread key using the adjustable block cipher and the integrity is verified by the last decrypted zero.
2. The method for protecting the interrupt context of the operating system based on chained encryption according to claim 1, wherein the step two is specifically: after encrypting the first register, encrypt the ith register (i > 1) with the plaintext of the (i-1) th register as tweak of the adjustable block cipher until the last register, and in addition, encrypt zero with the plaintext of the last register as tweak, and finally store all the above encrypted values into the memory.
3. The method for protecting the interrupt context of the operating system based on chained encryption according to claim 2, wherein the third step is specifically: after decrypting the first register, decrypting the ith register (i > 1) with the decrypted value of the ith-1 st register as tweak of the adjustable block cipher until the encrypted value of zero in step two is decrypted with the decrypted value of the last register as tweak, and checking the integrity of the interrupt context by comparing whether the last decrypted value is zero; if the last decrypted value is not zero, the interrupt context is tampered and the kernel crashes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210153268.3A CN114547651B (en) | 2022-02-18 | 2022-02-18 | Operating system interrupt context protection method based on chained encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210153268.3A CN114547651B (en) | 2022-02-18 | 2022-02-18 | Operating system interrupt context protection method based on chained encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114547651A CN114547651A (en) | 2022-05-27 |
| CN114547651B true CN114547651B (en) | 2024-06-07 |
Family
ID=81676057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210153268.3A Active CN114547651B (en) | 2022-02-18 | 2022-02-18 | Operating system interrupt context protection method based on chained encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114547651B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017070861A1 (en) * | 2015-10-28 | 2017-05-04 | 华为技术有限公司 | Interrupt response method, apparatus and base station |
| CN108573144A (en) * | 2017-03-08 | 2018-09-25 | 智能Ic卡公司 | The execution context data of safety |
| CN109558211A (en) * | 2018-11-27 | 2019-04-02 | 上海瓶钵信息科技有限公司 | The method for protecting the interaction integrality and confidentiality of trusted application and common application |
| CN112287333A (en) * | 2020-11-19 | 2021-01-29 | 衡阳师范学院 | Lightweight adjustable block cipher implementation method, system, electronic device and readable storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7634638B1 (en) * | 2002-10-22 | 2009-12-15 | Mips Technologies, Inc. | Instruction encoding for system register bit set and clear |
| US11032067B2 (en) * | 2017-07-03 | 2021-06-08 | Stmicroelectronics S.R.L. | Hardware secure module, related processing system, integrated circuit, device and method |
-
2022
- 2022-02-18 CN CN202210153268.3A patent/CN114547651B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017070861A1 (en) * | 2015-10-28 | 2017-05-04 | 华为技术有限公司 | Interrupt response method, apparatus and base station |
| CN108573144A (en) * | 2017-03-08 | 2018-09-25 | 智能Ic卡公司 | The execution context data of safety |
| CN109558211A (en) * | 2018-11-27 | 2019-04-02 | 上海瓶钵信息科技有限公司 | The method for protecting the interaction integrality and confidentiality of trusted application and common application |
| CN112287333A (en) * | 2020-11-19 | 2021-01-29 | 衡阳师范学院 | Lightweight adjustable block cipher implementation method, system, electronic device and readable storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 一种结合私用密钥体制和公开密钥体制进行加密的、应用层上的IPv6数据包安全传输方案;李力;肖庆;郑超美;微计算机信息;20061030;-(30);全文 * |
| 基于内存取证的内核完整性度量方法;陈志锋;李清宝;张平;王炜;;软件学报;20160915(09);全文 * |
| 增强存储保护的可信计算架构设计;姜徐;蒋志祥;;计算机工程与设计;20130916(09);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114547651A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111052115B (en) | Data processing apparatus and method of authentication depending on call path | |
| US5224166A (en) | System for seamless processing of encrypted and non-encrypted data and instructions | |
| JP2710754B2 (en) | Device to protect chip card keys | |
| US8200961B2 (en) | Securing a flash memory block in a secure device system and method | |
| KR100692348B1 (en) | Sleep protection | |
| US8332652B2 (en) | Computing device that securely runs authorized software | |
| US7886162B2 (en) | Cryptographic secure program overlays | |
| US7721114B2 (en) | Method for using shared library in tamper resistant microprocessor | |
| US8347114B2 (en) | Method and apparatus for enforcing a predetermined memory mapping | |
| US8332635B2 (en) | Updateable secure kernel extensions | |
| KR101216995B1 (en) | A code encryption and decryption device against reverse engineering based on indexed table and the method thereof | |
| US8433927B2 (en) | Cryptographically-enabled privileged mode execution | |
| US8422674B2 (en) | Application-specific secret generation | |
| KR20160145014A (en) | Hardware-based stack control information protection | |
| US11232194B2 (en) | Method for executing a binary code of a secure function with a microprocessor | |
| US20170046280A1 (en) | Data processing device and method for protecting a data processing device against attacks | |
| CN107563226B (en) | Memory controller, processor module and key updating method | |
| US20240078323A1 (en) | Counter tree | |
| US11281434B2 (en) | Apparatus and method for maintaining a counter value | |
| CN114547651B (en) | Operating system interrupt context protection method based on chained encryption | |
| EP1811460B1 (en) | Secure software system and method for a printer | |
| EP0962850A2 (en) | A method for protecting embedded system software and embedded system | |
| WO2008059480A1 (en) | Systems and methiods for protection of data integrity of updatable data against unauthorized modification | |
| CN114237492A (en) | Nonvolatile memory protection method and device | |
| US20240080193A1 (en) | Counter integrity tree |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |