Leibo Liu: Escort for hardware security of CPU chips
How to ensure the hardware security of CPU is an international problem that academic and industrial circles have been facing but have not yet solved. Tsinghua University's hardware security and cryptographic chip laboratory team proposed the CPU hardware security dynamic checking and control (hereinafter DSC) Technology" based on a highly secure and highly flexible reconfigurable chip architecture, which can effectively respond to the threat of CPU hardware vulnerabilities, realize the first solution of on-chip third-party silicon monitoring CPU hardware security, and greatly improves the hardware security of the CPU chip.
The CPU chip is the core component of the computing system. Attacks on the CPU hardware security may have catastrophic consequences. For example, almost no mainstream high-performance processors spared the "Meltdown" and "Spectre" CPU hardware vulnerabilities that were exposed last year. Hundreds of millions of servers, desktops, and mobile phones have the risk of information leakage, triggering a major earthquake in the security field.
In fact, with the development of computer and semiconductor technology, CPU chips have become highly complex chips. The process of design, manufacturing, packaging and testing involves global industrial division of labor, and it is almost impossible to implement effective supervision on all phases.
It is also an impossible task to find malicious hardware that can be composed of dozens of transistors among the billions to tens of billions of transistors that make up the CPU. And hardware vulnerabilities caused by human negligence or technical limitations are even more difficult to trace and cannot be prevented.
The traditional method of finding malicious hardware and hardware vulnerabilities by checking the design source code, netlist, layout, and die of the CPU chip is just like finding a needle in a haystack. In addition to hardware vulnerabilities, it also includes backdoors, such as the CPU embedded subsystem PSP, which can be controlled remotely; frontdoors, such as CPU microcode (uCode, that is, CPU hardware patch), which can be maliciously used to change instruction behavior; and other possible existing malicious hardware, such as a hardware Trojan.
This new technology developed by Tsinghua University can discover "illegal behavior" through dynamic and real-time monitoring of "legal behavior" in the process of CPU operation, which fundamentally overcomes the traditional difficulties of monitoring and discovering CPU security risks and technical vulnerabilities. Hardware Trojans, hardware vulnerabilities (such as "Meltdown" and "Spectre"), hardware backdoors, and malicious use of hardware frontdoors can all be quickly discovered and managed, by the technology, as needed.
DSC technology makes full use of the characteristics of the reconfigurable dynamic monitoring and control chip, which can quickly detect the unexpected behavior of the CPU caused by malicious hardware attacks or due to hardware vulnerabilities, front doors, and back doors being illegally used during CPU operation. On this basis, the CPU chip is technically controlled according to user's needs. For example, once detected an unexpected behavior, it can immediately suspend the work of the CPU, or alarm and continue to collect attack data, and then suspend the work of the CPU; it can also cut off signal path of malicious hardware attacks, etc.
This technology logically divides the CPU into two parts: one part is the CPU calculation engine, and the other part is the CPU monitoring and control circuit. Among them, the calculation engine is used to complete the usual calculation tasks, and the monitoring and control circuit uses reconfigurable calculation logic to determine, without affecting the normal operation of the calculation engine, whether the CPU has unexpected operations in real time by comparing the difference of the actual behavior of the hardware in runtime and expected behavior defined by instruction set. And then, the monitoring and control circuit determines whether there is a hardware security threat.
Based on this technology and related chips, the first server CPU chip with hardware security management and control capabilities was designed. At present, many server companies have completed the development of high-performance commercial servers based on this technology, and some products have been listed for sale.