DEVICE SUCH AS A CONNECTED OBJECT PROVIDED WITH MEANS FOR CHECKING THE EXECUTION OF A PROGRAM EXECUTED BY THE DEVICE
20200184068 · 2020-06-11
Inventors
- Fabien Blanco (Courbevoie, FR)
- Jean-Yves Pierre BERNARD (Courbevoie, FR)
- Maël Berthier (Courbevoie, FR)
Cpc classification
G06F9/3836
PHYSICS
G06F9/485
PHYSICS
G06F21/52
PHYSICS
G06F21/64
PHYSICS
G06F21/566
PHYSICS
G01R31/31705
PHYSICS
International classification
G06F21/52
PHYSICS
G06F21/56
PHYSICS
Abstract
The present invention relates to a device (1) such as a connected object comprising a first electronic circuit (2) comprising: a first processing unit (6) for executing a program, a first memory (8) for memorizing data during the execution of the program, a debug port (10) dedicated to checking the execution of the program from outside the first circuit, a second electronic circuit (4) connected to the debug port (10), comprising: a second memory (14) memorizing reference data related to the program, a second processing unit (12) for implementing the following steps automatically and autonomously via the debug port (10): checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data.
Claims
1. A device (1) such as a connected object comprising a first electronic circuit (2) comprising: a first processing unit (6) configured to execute a program, a first memory (8) configured to memorize data from the program or manipulated by the program during its execution, a debug port (10) dedicated to checking the execution of the program from outside the first circuit, the device (1) further comprising a second electronic circuit (4) connected to the debug port (10), the second electronic circuit (4) comprising: a second memory (14) memorizing reference data related to the program, a second processing unit (12) configured to implement the following steps automatically and autonomously via the debug port (10): checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data.
2. A device (1) according to claim 1, wherein the steps implemented automatically and autonomously by the second processing unit further comprise a program suspension command, the integrity check and/or compliance step being implemented while the program is suspended.
3. A device (1) according to claim 2, wherein the suspension command comprises the placement of a stop point at a predetermined location in the program, so as to suspend the program at the predetermined location, or the placement of an observation point on a variable of the program, so as to suspend the program when the variable is modified.
4. A device according to claim 3, wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise a step consisting of verifying whether a condition independent of the way in which the program is being executed has been met, such as verifying whether a predetermined period of time has elapsed since a previous start of the program, a previous resumption of the program, or a previous powering-on of the device (1), the suspension command step being implemented when the condition is met.
5. A device (1) according to claim 1, wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise the command for the first processing unit (6) to resume the program when the program or the data manipulated by the program was not revealed to have been compromised during the check step, and/or to permanently shut down the program when the program or the data manipulated by the program was revealed to have been compromised during the check step.
6. A device (1) according to claim 2, wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise the generating of a report indicating whether the program or the data manipulated by the program was revealed to have been compromised during the check step.
7. A device (1) according to claim 6, comprising a communication interface (18) with the world outside the device (1) configured to transmit the generated report to a remote server (3) away from the device (1).
8. A device (1) according to claim 7, wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise a command to transmit the report to the server (3) via the communication interface (18) while the program is suspended.
9. A device (1) according to claim 7 wherein the communication interface (18) is configured to transmit the report to the server (3) without the report going through the first electronic circuit (2).
10. A device (1) according to claim 7, wherein the communication interface (18) is part of the first electronic circuit (2).
11. A device (1) according to claim 10, wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise the commanding, via the debug port (10), that the report be written in an exchange zone allocated in the first memory (8), so that the report can thereafter be relayed to the server (3) via the communication interface (18).
12. A device (1) according to claim 10, wherein the first electronic circuit (2) comprises a second port (20) distinct from the debug port (10), and wherein the steps implemented automatically and autonomously by the second processing unit (12) comprise the commanding that the report be transmitted to the communication interface (18) via the second port (20), so that the error message can thereafter be relayed to the server via the communication interface (18).
13. A device (1) according to claim 1, wherein the reference data indicate a sequence of events that occur in a predetermined order during the reference execution of the program, and wherein the compliance check of the program's execution against a reference execution comprises a comparison between the predetermined order and an order in which the events occur during the execution of the program by the first processing unit (6).
14. A method implemented in a device (1) such as a connected object, the device (1) comprising: a first electronic circuit (2) comprising a first processing unit (6) configured to execute a program, a first memory (8) configured to memorize data from the program or manipulated by the program during its execution, and a debug port (10) dedicated to checking the execution of the program from outside the first circuit, a second electronic circuit (4) connected to the debug port (10) and comprising a second memory (14) memorizing reference data related to the program, the method comprising the following steps implemented by a second processing unit (12) of the second electronic circuit (4), automatically and autonomously via the debug port (10): checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data.
15. A computer program product comprising program code instructions for executing the steps of the method according to claim 14, when that method is executed by a processing unit (12).
Description
DESCRIPTION OF THE FIGURES
[0033] Other characteristics, goals, and advantages of the invention will become clear from the following description, which is purely illustrative and non-limiting, which must be read in the context of the attached drawings.
[0034]
[0035]
[0036] In the set of figures, similar elements are marked with identical references.
DETAILED DESCRIPTION OF THE INVENTION
[0037] With reference to
[0038] The first electronic circuit 2 comprises a first processing unit 6, a first memory 8, and a debug port 10.
[0039] The first processing unit 6 is configured to execute a computer program, which will hereafter be called the target program. The first processing unit 6 typically comprises one or more processors.
[0040] The first memory 8 is configured to memorize data from the target program or manipulated by the target program during its execution. The first memory 8 typically comprises at least one non-volatile memory unit (flash, EEPROM, NVM, etc.) configured to store the target program and data persistently, and at least one volatile memory unit (RAM, registers, etc.), configured to memorize program instructions to be executed or data temporarily manipulated by the program during its execution.
[0041] The debug port 10 is dedicated to checking the execution of the target program from outside the first electronic circuit 2. The debug port 10 constitutes a communication interface between the target program and the world outside of the first electronic circuit 2.
[0042] The debug port 10 is, for instance, a TAP or JTAG port defined by one of the known JTAG specifications (for example IEEE 1149.1 or IEEE 1149.9), or an SWD port.
[0043] The first electronic circuit 2 may be: An FPGA, an ASIC, etc.
[0044] The second electronic circuit 4 comprises a port 16, a second processing unit 12, and a second memory 14.
[0045] The port 16 is connected directly to the debug port 10 of the first electronic circuit 2.
[0046] The second processing unit 12 is configured to execute a program called the check program. A function of the check program is to check the integrity of the data saved in the first memory 8 during the execution of the target program (in particular, portions of the target program itself, data manipulated by the target program during its execution), or execution context data, such as the program counter or registers of the processing unit, and to verify the progress of the program of the second processing unit 6 (via a valid sequence of stop points that are reached).
[0047] The check program comprises in particular (but not exclusively) instructions adapted to implement features found in a traditional debugger, such as the placement of stop points in the target program.
[0048] The second memory 14 is configured to memorize reference data related to the target program (examples of such reference data are given hereafter).
[0049] The second memory 14 typically comprises at least one non-volatile memory unit (flash, EEPROM, NVM, etc.) configured to store the check program and/or the reference data persistently, and at least one volatile memory unit (RAM, registers, etc.), configured to memorize check program instructions to be executed or data temporarily manipulated by the check program during its execution.
[0050] The first electronic circuit 2 may be: An FPGA, an ASIC, etc.
[0051] Preferably, the second electronic circuit 4 is made even more secure against outside attacks than the first electronic circuit 2. In some fields, the term secure element (or SE for short) is used to designate a circuit that has a high level of security, and the term microcontroller (or MCU for short) is used to designate a circuit that has a comparatively low level of security. The first electronic circuit 2 may therefore be considered an SE, and the second electronic circuit 4 may be considered an MCU.
[0052] The device 1 is, for instance, a connected object, or itself an electronic circuit such as a system-on-chip (SoC).
[0053] The device 1 further comprises a communication interface 18 with a remote server 3 typically a wireless radio communication interface (Wi-Fi, NFC, Bluetooth, 3/4/5G, etc.) or a wired one (connected directly, e.g. via Ethernet, or indirectly, by means of an I.sup.2C bus controlling a radio transmitter acting as a relay between the interface 18 and the server 3).
[0054] When the device 1 is a connected object, the remote server 3 is able to communicate with a network of connected objects which the device 1 is meant to join. A particular function of the server 3 is to collect information communicated by the various connected objects such as the object 1.
[0055] As we shall see later on, the second electronic circuit 4 and the server 3 may exchange information via different paths.
[0056] In the first embodiment depicted in
[0057]
[0058] However, the second electronic circuit 4 still needs to communicate with the server 3 located outside the device 1. To that end, the first electronic circuit 2 comprises a port 20 separate from the debug port 10, and the second electronic circuit 4 comprises a port 22 connected to the port 20 by a link independent of the link that connects the port 16 to the debug port 10. The port 20 is connected to the first processing unit 6. The link between the ports 20 and 22 is, for instance, a bus 120.
[0059] In this second embodiment, the program executed on the first processing unit 6 is assured of receiving (or transmitting) data from the first electronic circuit 2 to (or from) the server 3 owing to its ability to communicate with the outside world, provided by the communication interface 18. In the present case, the success of the communication between the second electronic circuit 4 and the server 3 is therefore assured by the cooperation of the program executed on the first electronic circuit 2.
[0060] This configuration may be particularly adapted, but not limited, to cases where the second electronic circuit 4 is providing the first electronic circuit 2 with related functions, in which case the circuit 2 may make requests to the circuit 4, which in such a case behaves as a traditional slave component on an embedded communication bus (as described above, e.g. I.sup.2C).
[0061]
[0062] The device 1 is configured as follows in a preliminary configuration phase.
[0063] The code of the target program is compiled, so as to produce an executable that is meant to be executed on the first electronic circuit 2.
[0064] After compiling, integrity data are calculated on predetermined segments of the target program code.
[0065] A list of addresses of the target program is determined in order to place the stopping points there.
[0066] The code of the target program is loaded in the first memory 8, so that it can then be executed by the first processing unit 6.
[0067] Furthermore, the determined list of addresses and the integrity data are memorized in the second memory 14 as reference data. Each address is associated in the memory with at least one item of integrity data.
[0068] The code of the check program is loaded in the second memory 14, so that it can then be executed by the first processing unit 12.
[0069] The preliminary configuration phase of the device 1 is then completed.
[0070] With reference to
[0071] The second processing unit 12 commands that the target program executed by the first processing unit 6 be suspended (step 100).
[0072] Different target program suspension policies may be implemented, either alone or in combination.
[0073] The second processing unit 12 may, for instance, place stop points defined by the reference data (in the sense that the reference data point to specific locations in the program code, at which the execution of the program will be suspended). This placement of stop points is typically implemented when the first electronic circuit 2 (or more generally, the device 1) is powered on, via an appropriate command issued by the first electronic circuit 2 passing through the debug port 10, before the target program starts or shortly after it is started by the first processing unit 6.
[0074] The execution of the program is suspended whenever the execution pointer reaches one of the addresses where a stop point was placed.
[0075] One advantage of a suspension by means of stop points is being able to deterministically target critical parts of the target program that are most likely to be corrupted by attacks, or target areas that have little impact on operations that must not be interrupted (for better system stability).
[0076] The second processing unit 12 can also command the suspension of placing observation points at the variables of the target program. In such a case, a suspension occurs when the variable is modified.
[0077] Additionally, the circuit 4 can repeatedly verify (based on a fixed or random period, for instance) that the stop or observation points placed are always present.
[0078] The second processing unit 12 may also suspend the target program when a condition independent of the way in which the program is executed has been met.
[0079] The condition is, for instance, a time condition: The second processing unit triggers the suspension once a predetermined period of time has elapsed since the target program started or previously resumed. To that end, the second processing unit 12 has a time counter that is reset whenever the target program is started or resumed.
[0080] Some attacks may cause the execution pointer to no longer go through addresses where stop points were placed, or no longer modify variables where observation points were placed, which is harmful. The advantage of a suspension triggered by meeting a condition independent of the way in which the program is executed is therefore that it can guarantee that there will be a suspension, regardless of the locations in the target program that the execution pointer of the first processing unit 6 goes through and regardless of the variables that the target program modifies. This advantage is particularly attained when using a time condition for triggering the suspension.
[0081] While the target program is suspended, the second processing unit 12 implements an integrity check on the program or on the data manipulated by that program and/or a compliance check of the program's execution by the first processing unit 6 against a reference execution. In order to carry out such checks, the second processing unit 12 accesses the second memory 14 to read it, based on the reference data that is memorized in the second memory 14 (step 102).
[0082] The check step 102 covers any processing that implements consistency checks on the execution and integrity of the program and/or its data so as to detect alterations to that same program or anomalies in execution that could be the consequence of random events, but also could have been generated by an attacker (a buffer overflow, for instance).
[0083] A first type of check that may be implemented during step 102 relates to the integrity of the program, or of data manipulated by that program.
[0084] Typically, when the target program is suspended, the second processing unit 12 verifies whether an item of data to be checked found in the first memory 8 and an item of integrity data that is part of the reference data memorized in the second memory 14 are consistent. The second processing unit 12 may, for instance, compare the integrity data and the data to be checked, in which case both items of data are considered consistent when their values are identical.
[0085] However, verifying consistency between an item of integrity data and an item of data to be checked may be more complex than a simple comparison. One of the items of input data of the consistency verification may, for instance, undergo a transformation, and the result of that transformation may be compared with the other data. Both items of input data of the consistency verification may also undergo respective transformations, and the results of those two transformations may then be compared.
[0086] The consistency verification may be repeated for multiple items of reference data (whenever multiple items of integrity data have been associated with the same address, for instance).
[0087] For instance, an item of data of the first electronic circuit 2 to be checked during the integrity check step is a global variable.
[0088] The integrity check 102 produces two possible results: a positive result, in the event of consistency between the integrity data and the data to be checked, and a negative result otherwise (inconsistency between the data). This negative result reveals that the target program, or data manipulated by the target program, has been compromised.
[0089] A second type of check that may be implemented during the step 102 relates to the question of whether the program is being executed in a manner compliant with a preestablished format.
[0090] In such a case, the reference data gives information about a reference execution of the program. The reference execution of the program is an execution of the program in the event that it has not been modified or altered by an attack that occurred following its installation in the device 1.
[0091] During step 102, the second processing unit 12 uses reference data to determine whether the execution of the program by the first processing unit 6 is compliant with that reference execution.
[0092] This compliance check produces two possible results: A positive result, in the event of compliance between the execution of the program and the reference execution, and a negative result otherwise (inconsistency between the executions). This negative result also reveals that the target program, or data manipulated by the target program, has been compromised.
[0093] One way of implementing such a compliance check is for the reference data to reference a sequence of events that is meant to occur in a certain order, or more generally, an event-oriented graph. For instance, those events are an execution pointer going through different locations in the program in a predefined order. Let us take as an example three code instructions A, B, C of the program. A is a code instruction of the program executed when it starts, B is a code instruction of the program found at the beginning of a function that is meant to be executed after A, and C is a code instruction of the program that is found at the end of that same function. In the event that the program is not modified or altered, the execution pointer of the first processing unit 6 is meant to go through the instructions A, then B, then C. On the other hand, if those three instructions are executed in a different order, such as B, then A, then C, this reveals that the program was altered after its initial installation.
[0094] Additionally, the second processing unit 12 detects the order in which the events referenced in the reference data occur during the execution of the program by the first processing unit 6.
[0095] The second processing unit then compares the predefined order in the reference data (A then B then C, in the example given above), and the order that it detected.
[0096] If both of the compared orders match, the result of the compliance check is positive. Otherwise, that result is negative.
[0097] Naturally, both of the aforementioned types of checks (data integrity/program execution compliance) may be combined in step 102. If they are, the overall result of the check implemented during step 102 is considered positive only if all of the underlying types of checks implemented during that step 102 have positive results.
[0098] The result of the check performed during step 102 is verified (step 104).
[0099] When the result of the check is positive, the second processing unit 12 commands the target program to resume (step 106), by issuing an appropriate command via the debug port 10.
[0100] When the result of the check is negative, the second processing unit 12 may command that the target program stop entirely (step 108), which means, unlike mere suspension, that data allocated in the first memory 8 during the execution of the target program is released.
[0101] Furthermore, the second processing unit 12 generates a report indicating the result of the check 102 that was performed. This result may, for instance, be presented in the form of binary information (OK or error), or in a more detailed form (describing the type of check performed, etc.).
[0102] The generated report is transmitted to the remote server 3 (step 112), via a secure channel established between the communication interface 18 of the device 1 and the server 3.
[0103] The secure channel is typically established following an authentication between the device 1 and the server 3 involving at least one secret key. For instance, this authentication is a mutual authentication between the device 1 in the server 3 and/or uses a public key/private key-based cryptographic mechanism. The keys that are used may be memorized in the memory 14 in a way that is protected from attacks.
[0104] The report that is generated may be transmitted in response to a negative result of the check 102 that is performed. However, it is important to remember that it is also advantageous to transmit that report even in the event that the check 102 that is performed has a positive result.
[0105] Step 112 of transmitting the report to the server 3 may be implemented in different ways.
[0106] In the first embodiment of the device 1 depicted in
[0107] In the embodiments of the device 1 depicted in
[0108] In the second embodiment depicted in
[0109] In the third embodiment of the device 1 depicted in
[0110] The transmission of the report to the server may be implemented in response to the receipt by the second circuit 4 of a message from the server 3 requesting a report.
[0111] For instance, the circuit 2 receives such a message from the server 3 via the communication interface 18. This message is stored either automatically owing to the architecture of the circuit 2 in the memory 8 (for instance, DMA), or via the executed program on the processing unit 6 (without DMA). Once the message has been memorized, the processing unit 6 conducts a series of post-processing operations to extract from it any useful data, and formats the data so that it can be sent to the second circuit 4, and the processing unit 6 will execute a part of its program that controls the communication interface 10 to send that formatted message, either automatically or periodically, or when a request is received at the communication interface 10 sent via the communication interface 16 by the processing unit 12 (request to interrupt the communication interface 10).
[0112] Preferably, the transmission of the report is implemented while the target program is in a suspended state. This has the benefit of keeping the first electronic circuit 2 that is in a corrupted state from attempting to prevent the transmission of that message or alter its content so as to mislead the server 1 into believing that the second electronic circuit 4 had not detected any compromising.
[0113] There are two separate scenarios, which depend on the hardware capabilities of the communication interface 18 when the target program is suspended.
[0114] In a first case, the communication interface 18 is functional even when the target program has been suspended.
[0115] In a second case, the suspension of the target program also causes the communication interface 18 to be suspended; in other words, it becomes necessary to resume the execution of the target program in order for the communication interface 18 to also function. There may be two reasons behind this: [0116] A pure hardware reason, such as when suspension via the debug port 10 causes the communication interface 18 to stop receiving a supply to the clock [0117] A performance reason: going through the debug port 10 to write directly in the communication interface 18 is not effective enough to ensure stable, reliable communication. [0118] In this second case, the following may be provided in a non-limiting embodiment in which the port 20 is a bus I.sup.2C. [0119] The second processing unit 12 suspends the first processing unit 6 via a stop point placed at the moment when the first unit 6 will go to sleep at the end of a cycle: at that moment, the first processing unit 6 has finished its critical operations and its communication with the outside world via the communication interface 18. [0120] The second processing unit 12 formats its messages to be sent to the outside world independently of the first processing unit 6. [0121] The second processing unit 12 saves the content of the configuration registers of an I.sup.2C peripheral of the first processing unit 6, for instance in the second memory 14. [0122] The second processing unit 12 writes in the configuration registers of the device I.sup.2C of the first processing unit 6 in order to prepare the communication to the world outside the device 1. [0123] The second processing unit 12 gradually writes in the register of the transmission buffer I.sup.2C of the device in order to transmit the formatted data to the outside world. [0124] The SE restores the content of the configuration registers of the device I2C of the MCU. [0125] The SE returns control to the MCU, which can then actually enter its sleep period.
[0126] In the second case, it is possible to add code into the first electronic circuit 2 which is dedicated to that manipulation performed by the first processing unit 6. For instance: [0127] A free zone is determined in the first memory 8. [0128] While the target program is suspended, the second processing unit 12 writes into the free zone a wait loop of the infinite loop type, as that loop may potentially assist the communication performed by the second processing unit 12. This loop may read a list of bytes from memory (exchange zone) and automatically send them to the buffer I.sup.2C. The second processing unit 12 forces a program counter change and saves the execution context of the first processing unit 6 so as to jump into the new wait loop. [0129] The second processing unit 12 commands the desired writing in the communication register of the communication interface 18, either via the debug port 10 (empty infinite loop), or via the written wait loop (infinite loop with communication assistance). [0130] Once the communication is complete, the second processing unit 12 restores the context and returns control to the target program.
[0131] Whenever the server 3 receives a report containing an error message, the server 3 may, for instance, order a remote shutdown of the first electronic circuit 2 if such a shutdown has not already been implemented autonomously by the second processing unit 12 during the step 108. Alternatively, or additionally, the server 3 revokes the device 1, meaning that it prevents that device from accessing certain services (e.g. services of a network of connected objects to which the server 3 belongs).
[0132] The preceding steps are repeated whenever the target program is suspended again.
[0133] In the foregoing, embodiments have been presented in which the check of step 102 is implemented while the program is suspended. The benefit of the suspension is that it greatly simplifies the implementation of the check that is performed. However, it should be noted that such a suspension is not mandatory, though it is advantageous. This is because it may be foreseen that the second processing unit 12 injects, via the debug port 10, special code instructions aimed at triggering, during their execution by the first processing unit 6, the sending to the second circuit 4 of data to be checked during the check step 102. The execution of the injected code and the sending of data that is verified may be performed without suspending the program.