DSCDynamic Security Check
VulnerabilityDSC technology can monitor CPU behavior in runtime, analyze the collected underlying hardware information based on known vulnerability attack characteristics, generate judgments, issue alarms and save on-site data.
Hardware TrojanDSC technology can discover potential hardware Trojan attacks through real-time analysis and judgment of unexpected CPU state transition in CPU behavior fragments, and unexpected changes in memory and external device interface data.
Hardware FrontdoorDSC technology implements the verification of secure boot and microcode update based on reconfigurable chips, that realized the access management and control of the ME management engine subsystem.
Hardware BackdoorDSC technology manages all visible CPU external interfaces and monitors, analyzes and judges unexpected changes in memory and external device interface data in runtime to discover hidden accesses to CPU or memory from possible hardware backdoors.
In 2016, the team of Shaojun Wei from Tsinghua University proposed the CPU dynamic security check technology (DSC technology) based on a highly secure and highly flexible reconfigurable chip architecture. This technology monitors and analyzes the behavior of the CPU in runtime to quickly discover potential hardware security threats, including CPU hardware vulnerability attacks like Spectre and Meltdown, hardware Trojans, illegal CPU behaviors caused by hardware backdoors, and malicious use of hardware frontdoors. In addition, DSC can block the attack path as needed. DSC technology can implement secure boot based on reconfigurable chips and supports the management and control of some hardware frontdoors, thus archive the controlled update of microcode and access management and control of ME management engine subsystems.
DSC Schematic Diagram
DSC technology logically divides the CPU into two parts: CPU calculation engine, and the monitoring and control circuit.
- The calculation engine implements the usual calculation tasks.
- Without affecting the normal operation of the calculation engine, the monitoring and control circuit uses reconfigurable calculation logic to determine whether the CPU performs unexpected operations by comparing the actual behavior of CPU hardware and the instruction set when the CPU is running, and consequently find out whether there is a hardware security threat.
Based on DSC technology and related chips, the first server CPU with hardware security management and control capabilities was designed. At present, many server companies have completed the development of high-performance commercial servers based on this technology, and some products have been put on the market.