JP2008287449A - Data processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To detect abnormality of an instruction while reading and executing the instruction. <P>SOLUTION: This data processor (1) is provided with: a CPU (2) for reading and executing an instruction. The CPU is provided with an instruction register (5) for fetching an instruction; an instruction decoder (6) for decoding the fetched instruction; an integrated arithmetic circuit (7); a first register (8); and a control circuit (9) for controlling them based on the decoded instruction. The integrated arithmetic circuit starts an arithmetic operation to acquire the sum value of instruction to be executed in sections A to C of an instruction flow according to a control signal c1. The CPU executes an instruction to add adjustment values A to C to the sum value of each of sections A to C. The control circuit decides whether or not a value obtained by adding the adjustment value to the sum value is matched with a preliminarily set expected value, and when the both values are not matched, the control circuit makes the CPU stop the execution of the instructions on and after that. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a data processor, and more particularly, to a technique effective when applied to a data processor which is a microcomputer for an IC card having a security function.

  As a security function of an IC card microcomputer, for example, a function for encrypting secret information using an encryption key is known. However, there is an attack method that estimates this encryption key without physically destroying it, and one of them is a malfunction attack. Malfunction attack means that the IC card microcomputer is connected to the central processing unit (CPU) of the IC card microcomputer by supplying abnormal voltage, clock, data from the outside, or supplying abnormal temperature, electromagnetic waves, etc. It is to make it malfunction. The malfunction attack is repeated hundreds of thousands of times. For example, the encryption key is estimated by verifying the difference in the calculation result by the CPU between the normal operation and the malfunction. Under such circumstances, various devices with improved security functions are known.

  Patent Document 1 discloses a program protection device in which a security chip is incorporated in a game cartridge, paying attention to the fact that the checksum value varies depending on the reading procedure when the program data of the game cartridge is read to the outside. The security chip determines whether or not the program data has been read out in a regular procedure, and responds to the processor request of the game machine only when the program data is in a regular procedure. Thereby, it is possible to prevent the program data from being read and illegally copied to an external device other than the game machine, for example. Patent Document 2 discloses an encryption program generation device that compresses a branch instruction extracted from a game program, a non-branch instruction, and a checksum of the non-branch instruction, encrypts the compressed data, and stores it in a program memory. ing. In this technique, it is possible to determine whether or not the game program has been tampered with by using the checksum, and it is possible to enhance the security function by encrypting the compressed data.

  In Patent Document 3, when an instruction code is read, the first encryption code generated in advance by a certain calculation method is stored in an area different from the area where the instruction code is stored, and the above-mentioned certain code is stored. A data processor is disclosed in which the second encryption code recalculated by the calculation method is compared with the first encryption code, and an instruction is executed if they match. In this technique, it is possible to prevent an illegally tampered program from being executed by comparing the first encryption code and the second encryption code. Patent Document 4 discloses a program execution device having second protection means. The second protection means acquires a first falsification detection value generated based on at least a part when a processing program including the first computer program is generated, and before the processing means executes the first computer program. The second falsification detection value is generated based on at least a part of the processing program. Since the second protection means suppresses the processing means from operating according to the first computer program when the first falsification detection value and the second falsification detection value are different, the first computer program illegally falsified Can be prevented from being executed.

JP 09-282156 A JP 2005-166070 A JP 2004-178250 A Japanese Patent Laid-Open No. 2005-100378

  The inventor confirmed that the IC card microcomputer performs an operation different from the original instruction flow due to the malfunction attack, and considered the cause. As a phenomenon caused by a malfunction attack, the present inventor has found that the value of a memory or register changes, instruction execution is skipped by a branch instruction, an operation result is incorrect, and the value of a program counter (PC) is an unintended value. It was confirmed that it changed to. The inventors have found that the above phenomenon is caused by an illegal change in the instruction read and executed by the CPU of the IC card microcomputer, and recognized the importance of detecting the abnormality of the instruction.

  Patent Document 1 prevents illegal reading by checking the validity of the address of the read access from the processor of the game machine. After the security chip determines that it is a legitimate procedure, If an instruction changes illegally between buses, the abnormality of the instruction cannot be detected. Patent Document 2 can detect that the instruction stored in the program memory has been tampered with, but cannot detect abnormality of the instruction when the instruction is being executed. Since Patent Document 3 assigns a certain type of error detection code to each instruction as an encryption code, it can detect that each instruction has been tampered with, but the value of the PC becomes an unintended value and execution of the instruction is performed. If the order changes, the abnormality cannot be detected. Patent Document 4 can detect whether or not the first computer program has been tampered with before the processing means executes the processing program, but can detect that the instruction has been illegally changed after the processing program is executed. Can not.

  It is also conceivable that the instruction flow is checked by software implementation, but this is based on the premise that there is no abnormality in the instructions constituting the software. For this reason, in order to detect an abnormality in an instruction, a plurality of software measures such as a double check are required, and there is a problem that the performance of the CPU is lowered.

  An object of the present invention is to provide a data processor capable of detecting an abnormality in an instruction while reading and executing the instruction and enhancing a security function.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  A representative one of the inventions disclosed in the present application will be briefly described as follows.

  In other words, the data processor calculates the sum value for the instruction included in the interval for each predetermined interval of the instruction flow, and the sum value obtained by the previous operation and the sum value obtained by the current operation in the same interval are obtained. If they do not match, the instruction execution is stopped or the instruction execution order is forcibly changed. Thereby, while the central processing unit reads and executes the instruction, it is possible to detect an abnormality of the instruction in a predetermined section, and to enhance the security function.

  The effects obtained by the representative ones of the inventions disclosed in the present application will be briefly described as follows.

  That is, it is possible to detect an abnormality in the instruction while reading and executing the instruction, thereby enhancing the security function.

1. Representative Embodiment First, an outline of a typical embodiment of the invention disclosed in the present application will be described. The reference numerals in the drawings referred to with parentheses in the outline description of the representative embodiments merely exemplify what are included in the concept of the components to which the reference numerals are attached.

  [1] The data processor (2A) according to the representative embodiment of the present invention reads and executes an instruction. This data processor calculates the sum value for the instruction included in the section for each predetermined section (A1, B1, C1) of the instruction flow, and the sum value obtained by the previous calculation in the same section If the sum value obtained by the calculation does not match, the execution of the instructions is stopped or the execution order of the instructions is forcibly changed.

  From the above, every time the data processor repeatedly executes an instruction included in a predetermined section of the instruction flow, the sum value is calculated. Therefore, the sum value indicates that the instruction in the same section has illegally changed while reading and executing the instruction. It can be detected by mismatch. The data processor that detects that the instruction has been illegally changed stops the execution of the instruction and resets the data processor, for example, or changes the execution order of the subsequent instructions. Therefore, the encryption key is estimated by a malfunction attack. Security functions can be enhanced.

  As a specific form, the section is defined by an address set in the register (20, 21), and the address is an instruction address of an instruction for starting and ending the operation. From the above, even if the instruction that is read and executed by the data processor is stored in ROM etc., and the instruction that defines the section cannot be written, the section where the operation is performed can be easily specified by specifying the instruction address it can.

  As another form, it further has a cache memory (30) including a cache table (31) in which the address (31a) and a sum value (31b) with the address as a tag are stored. The cache memory accesses the cache table in response to a read access request, compares the address given by the read access request with the address stored in the cache table, and if they match, the sum value is read out. As described above, the data processor can use the sum value previously stored in the cache memory for the same section as a comparison target.

  As another form, the data processor (2C) starts the operation when the difference value between the address of the instruction executed this time and the address of the instruction executed last time is larger than the instruction word length of one instruction. From the above, since the instruction executed this time can be determined as an instruction executed at each jump destination of a branch instruction, a jump instruction, and a subroutine call instruction, for example, the sum value of the instruction address is changed unless the instruction changes illegally. It can be the start address of a certain interval.

  As yet another form, the section is defined by a first instruction including an operation code instructing the start of the operation and a second instruction including an operation code instructing the end of the operation. From the above, since the number of bits of the instruction that defines the section is smaller than the number of bits of the address that defines the section, the capacity required to define the section can be reduced.

  As yet another form, the first instruction is an instruction executed at each of a branch instruction, a jump instruction, and a subroutine call instruction in the instruction flow, and the second instruction is the branch instruction, Jump instruction, subroutine return instruction. From the above, the interval in which the sum value is constant unless the instruction changes illegally is defined.

  [2] According to another aspect, the data processor (2) that reads and executes an instruction calculates a sum value for the instruction included in the section for each predetermined section (A, B, C) of the instruction flow. Then, an instruction for instructing addition of a predetermined value to the sum value obtained by the calculation in the interval is executed. If the value obtained by adding the predetermined value to the sum value obtained by the calculation in the interval does not match a preset expected value, the data processor stops the execution of the instruction or executes the instruction Forcibly change the order.

  From the above, every time the data processor repeatedly executes an instruction included in a predetermined section of the instruction flow, it calculates the sum of the sum value and the predetermined value, so the instruction in the same section is illegal while reading and executing the instruction. It can be detected by the mismatch between the above value and the expected value. The data processor makes it difficult for the encryption key to be estimated by a malfunction attack in the same manner as the data processor of [1], and can enhance the security function.

2. Next, the embodiment will be described in more detail.

Embodiment 1
FIG. 1 shows an example of a data processor according to the present invention. The data processor 2 shown in the figure fetches an instruction from the data bus 3 to the instruction register 5 via the buffer register 4, and the instruction decoder 6 decodes the fetched instruction. The control circuit 9 to which the decoding result is given controls instruction execution. As an execution unit for executing an instruction, a register circuit 12, an arithmetic circuit 13, and a program counter 11 which are representatively shown are included. The register circuit 12 includes, for example, general purpose registers R0 to R7. The program counter 11 holds an instruction address to be executed. The data processor 2 includes a subtraction circuit 7 and an accumulator 8 as an arithmetic circuit for detecting an illegal attack. The subtraction circuit 7 subtracts the instruction code held in the instruction register 5 from the value held in the accumulator 8 and returns the subtraction result to the accumulator 8. When the subtraction result becomes zero, the subtraction circuit 7 sets a zero flag ZFLG and supplies it to the control circuit 9. When the control circuit 9 detects the set zero flag ZFLG in a predetermined instruction execution section, the control circuit 9 stops the instruction execution or enters a specific infinite loop to stop the original program execution. In a predetermined instruction execution section, the operations of the subtraction circuit 7 and the accumulator 8 are performed in parallel with the execution of the instruction fetched into the instruction register 5.

  The start point of a predetermined instruction execution section is a specific instruction ADDSUM. Step B is executed. The specific instruction ADDSUM. B is inserted, for example, immediately before a subroutine start point, a branch instruction, and a branch destination instruction. The specific instruction ADDSUM. B presets an adjustment value in the accumulator 8 and designates an operation in which subtraction using the subtraction circuit 7 is performed once for each subsequent instruction execution. The adjustment value is the specific instruction ADDSUM. A value (sum value) is obtained by adding the instruction codes of each instruction from the instruction next to B to the instruction at the end point of the predetermined instruction execution section. Therefore, if the instruction is executed according to the normal instruction execution flow, the value of the subtraction circuit becomes zero at the end point of the predetermined instruction execution section, and the zero flag is set. The end points of the predetermined instruction execution section are a step of executing a conditional branch instruction, a step of executing a return instruction, and an execution step of an instruction immediately before the branch destination instruction by the branch instruction. An extension code is added to the instruction immediately before the branch instruction, the return instruction, and the branch destination instruction. The instruction decoder 6 decodes the extension code to cause the control circuit 9 to determine the zero flag ZFLG. If it is in the set state, it stops the subsequent original instruction execution, and if it is in the reset state, it subtracts the circuit 7 and the accumulator 8. The operation by is stopped. Note that the location where the specific instruction is inserted into the source program and the extension code is added is determined at the compilation stage.

  FIG. 2 illustrates an instruction execution flow by the data processor 2 of FIG. FIG. 2 illustrates one subroutine. The steps corresponding to the process specified by the source program are S2, S3, S5, S6, S7, S9, and S10. Here, each of A, B, and C is the predetermined instruction execution section, and a specific instruction ADDSUM. B has an adjustment value unique to each section. For example, the adjustment value A is preset in the accumulator 8 at step S1, and the respective instruction codes are sequentially subtracted from the accumulator 8 at S2 and S3. If it is detected in S3 that the zero flag ZFLG is in a set state in response to the result of decoding the extension code, the original instruction execution is stopped thereafter. Otherwise, instruction execution continues to step S4. It functions similarly in the sections B and C.

  In this way, the data processor 2 can detect an abnormality in an instruction while reading and executing the instruction included in the instruction flow sections A to C. Further, when the data processor 2 detects an abnormality in the instruction, the execution of the subsequent instructions is stopped. Therefore, it is difficult to estimate the encryption key due to a malfunction attack or the like, and the security function can be enhanced.

<< Embodiment 2 >>
FIG. 3 illustrates a schematic configuration of a data processor according to the second embodiment of the present invention. The difference from FIG. 1 is that the instruction execution section for performing the control is to be defined by the section of the instruction address without inserting a special instruction or extension code in the control for stopping the instruction execution for the malfunction attack. It is. In order to define the interval, a start address register 20 and an end address register 21 are provided, and their values are sequentially compared with the value of the program counter (PC) 11 by the address comparator (CMP) 22. Initial value settings for the start address register 20 and the end address register 21 are performed by, for example, internal transfer from a nonvolatile memory (not shown) at the time of power-on reset of the data processor 2A. The address section is a section that does not include a branch instruction and a branch destination instruction. The control circuit 9 has a control flag CFLG, and the control flag CFLG is initialized to a reset state after releasing the reset of the data processor 2A. When the address comparator 22 detects that the instruction execution address output from the PC 11 matches the start address of the start address register 20, the address comparator 22 provides a coincidence detection signal φS to the control circuit 9A, and the instruction execution address output from the PC 11 ends. When a match with the end address of the address register 21 is detected, a match detection signal φE is supplied to the control circuit 9A. In response to the coincidence detection signal φS, the control circuit 9A uses the adder / subtractor circuit 7A and the accumulator 8 for each execution instruction to cause the instruction code held by the IR 5 to be cumulatively added. This cumulative addition operation is terminated when the coincidence detection signal φE is set to the coincidence level. At this time, if the control flag is in the reset state, the cumulative addition value (sum value) obtained thereby is stored in the expected value register 23. Then, the control flag is inverted to the set state, and the series of cumulative addition calculation processing is completed. On the other hand, when the coincidence detection signal φE is set to the coincidence level, if the control flag CFLG is in the set state, the accumulated addition value held in the expected value register 23 is subtracted from the accumulated addition value (sum value) obtained thereby. . Whether or not the subtraction result is zero is given to the control circuit 9A by the zero flag ZFLG. If the zero flag is zero, the control circuit allows the subsequent instruction, and if it is not zero, the control circuit stops executing the subsequent original instruction.

  Therefore, the data processor 2A can define the instruction execution section for performing the control by the section of the instruction address without inserting a special instruction or an extension code in the control for stopping the instruction execution for the malfunction attack. Even when there is no vacancy in the instruction code, security against illegal attacks can be increased.

  When a plurality of start address and end address pairs are set, the comparison circuit 22, the expected value register 23, and the control flag CFLG may be provided for each pair.

<< Embodiment 3 >>
FIG. 4 illustrates a schematic configuration of a data processor according to the third embodiment of the present invention. The data processor 2B shown in the figure has a cache memory (CACHE) 30 instead of the expected value register 23 and the control flag CFLG shown in FIG. The address buffer outputs the instruction address to the address bus 33 when fetching an instruction according to the value of the program counter 11. When the instruction address matches the instruction address of the end address register 21 and the signal φE becomes active, the control unit 9B supplies the instruction address from the address buffer 31 to the cache memory 30. As a result, the cache memory 30 performs an index operation using the instruction address, determines whether or not there is a cache hit with reference to the indexed tag address, and gives the result to the control unit 9B. In the case of a cache miss, the control unit 9B fills the cache entry with the address of the accumulated sum value of the accumulator 8 and the cache tag related to the cache miss. Thereafter, when an instruction from the start address to the end address is executed again, the cache memory 30 is regarded as a cache hit in response to the enable of the coincidence signal φE. In the case of a cache hit, the control circuit 9B subtracts the sum value related to the cache hit read from the cache memory from the sum value held by the accumulator 8, and determines whether or not the result is zero with reference to the zero flag ZFLG. . If it is zero, the subsequent regular instruction execution is continued, and if it is not zero, the regular program execution is stopped. FIG. 5 illustrates a cache entry of the cache memory. The cache entries CE0 to CEi have an address tag field TAG, a data field DAT, and a management field VLD. The address tag field TAG stores the end address of a predetermined instruction execution section, the data field stores the sum value of the instruction code corresponding to the instruction execution section, and the management field indicates whether the cache entry is valid or invalid. Is stored.

  As described above, in the data processor 2B, the sum value previously stored in the cache memory 30 in the same section can be used as a comparison target, and the sum value obtained by the first calculation and the second and subsequent times while executing the instruction. It can be distinguished from the sum value obtained by the operation.

  When a plurality of pairs of start address and end address are set, the comparison circuit 22 is provided for each pair, and the cache memory 30 only needs to have as many cache entries as the number of the pairs.

<< Embodiment 4 >>
FIG. 6 illustrates a schematic configuration of a data processor according to the fourth embodiment of the present invention. The data processor 2C employs a register (PC-1) 34 that holds an instruction address held by the program counter 11 before one instruction execution cycle in place of the address registers 20 and 21. The comparison circuit (CMP) 35 determines whether there is a difference between the instruction address held by the register 34 and the instruction address held by the program counter 11 larger than the maximum word length of the instruction. For example, assuming that the maximum instruction word length is 4 bytes and the address is a byte address, the detection signal φD is asserted when there is a difference of 5 or more in the lower 3 bits. As a result, the enable flag EFLG of the control unit 9C is set, and the control unit 9C performs cumulative addition of the sum value every instruction execution cycle until the enable flag EFLG is reset. Thereafter, when the detection signal φD is asserted again, the control unit 9C resets the enable flag EFLG, finishes the cumulative addition of the sum value, and controls the index operation of the cache memory 30 and the like, as in FIG. Control the operation. The output signal φD is asserted at the start and end points of the section in which the instruction execution order is changed, such as when executing a conditional branch, subroutine branch, or return instruction, as is clear from the condition. Signal φD is asserted. This interval is set as a predetermined instruction execution interval. Similarly to the above, the sum value is acquired by executing the instruction of the interval first, and the sum value acquired after the second time is the first acquired sum value. When the values match, the regular program execution is continued. Once the values do not match, the regular program execution is stopped.

<< Embodiment 5 >>
FIG. 7 illustrates a schematic configuration of a data processor according to the fifth embodiment of the present invention. The data processor 2D does not use the start address register and the end address register to define the interval for performing the sum addition operation of the sum value with respect to FIG. 4, but starts the accumulation addition operation instructing the start of the sum addition operation of the sum value. An instruction and a cumulative addition operation stop instruction are used. These instructions are added to the beginning and end of a subroutine section or an instruction execution section by branching when compiling the source program. The control operation when the cumulative addition calculation start instruction is decoded by the instruction decoder 6A is the same as when the execution instruction address by the PC 11 described in FIG. 4 matches the address of the start address register, and the cumulative addition calculation stop instruction is decoded. The control operation at this time is the same as when the execution instruction address by the PC 11 described in FIG. 4 matches the address of the end address register. Since other configurations are the same as those in FIG. 4, a detailed description thereof will be omitted. According to this embodiment, although an empty instruction code is required for the cumulative addition calculation start instruction and the cumulative addition calculation stop instruction, hardware such as an address register and a comparison circuit can be reduced.

  As mentioned above, although the invention made by this inventor was concretely demonstrated based on embodiment, it cannot be overemphasized that this invention is not limited to it and can be variously changed in the range which does not deviate from the summary.

  The form of regular instruction execution stop is not limited to the case where instruction execution itself is completely stopped. You may enter into the program flow which performs the command execution which comprises a meaningless infinite loop, or the NOP command continuously. Alternatively, the reset processing routine may be forcibly entered. In any case, it is sufficient that the regular program execution is suppressed.

  Furthermore, since the above process detects an abnormality of the instruction while reading and executing the instruction, even if another check method is adopted in terms of software, the deterioration of the performance of the data processor is suppressed, and the security against the malfunction attack. Function can be enhanced.

It is a figure which illustrates schematic structure of the data processor which concerns on Embodiment 1 of this invention. 2 is a flowchart illustrating an instruction flow executed by the data processor shown in FIG. 1. It is a figure which illustrates schematic structure of the data processor which concerns on Embodiment 2 of this invention. It is a figure which illustrates schematic structure of the data processor which concerns on Embodiment 3 of this invention. It is explanatory drawing which illustrates the cache table contained in a cache memory. It is a figure which illustrates schematic structure of the data processor which concerns on Embodiment 4 of this invention. It is a figure which illustrates schematic structure of the data processor which concerns on Embodiment 5 of this invention.

Explanation of symbols

2, 2A to 2C Data processor 3 Data bus 4 Data buffer register 5 Instruction register 6, 6A Instruction decoder 7 Subtraction circuit 7A Addition / subtraction circuit 8 Accumulator 9, 9A, 9B, 9C, 9D Control circuit 10 Internal bus 11 Program counter 12 General purpose register Circuit 20 Start address register 21 End address register 22 Comparator 23 Expected value register 25 Address bus 30 Cache memory 34 Register 35 Comparator

Claims (8)

A data processor that reads and executes instructions,
For each predetermined section of the instruction flow, calculate a sum value for the instruction included in the section,
If the sum value obtained by the previous operation does not match the sum value obtained by the current operation in the same section, the execution of the instructions is stopped or the execution order of the instructions is forcibly changed. Data processor. The section is defined by the address set in the register,
The data processor according to claim 1, wherein the address is an instruction address of an instruction that starts and ends the operation. A cache memory including a cache table in which the address and a sum value with the address as a tag are stored;
The cache memory accesses the cache table in response to a read access request, compares the address given by the read access request with the address stored in the cache table, and if they match, the sum value is The data processor according to claim 2, wherein the data processor reads the data processor.   2. The data processor according to claim 1, wherein the operation is started when a difference value between an address of an instruction executed this time and an address of an instruction executed last time is larger than an instruction word length of one instruction.   2. The data processor according to claim 1, wherein the section is defined by a first instruction including an operation code instructing the start of the operation and a second instruction including an operation code instructing the end of the operation. The first instruction is an instruction that is executed at each jump destination of a branch instruction, a jump instruction, and a subroutine call instruction in the instruction flow;
6. The microcomputer according to claim 5, wherein the second instruction is the branch instruction, the jump instruction, or a subroutine return instruction. A data processor that reads and executes instructions,
For each predetermined section of the instruction flow, calculate a sum value for the instruction included in the section,
A command for instructing addition of a predetermined value to the sum value obtained by the operation in the interval is executed, and a value obtained by adding the predetermined value to the sum value obtained by the operation in the interval is set in advance. A data processor that stops execution of the instructions or forcibly changes the execution order of the instructions if they do not match the expected value.   The data processor according to claim 7, wherein the preset expected value is zero.

Images