Page 145 - 《软件学报》2020年第10期

P. 145

张倩颖等:抗电路板级物理攻击的操作系统防御技术研究 3121

4 (State Key Laboratory of Computer Architecture (Institute of Computing Technology, Chinese Academy of Sciences), Beijing 100190,
China)
5 (Beijing Engineering Research Center of High Reliable Embedded System (Capital Normal University), Beijing 100048, China)
Abstract: Computing devices are processing and storing more and more sensitive information, such as passwords and personal fingerprints, so
higher security requirements are required for them. With the development of physical attacks, a new kind of attack called board level physical
attacks is developed, and this kind of attack can obtain secrets in the operating system by attacking hardware components at the printed circuit
board (PCB) level. This newly proposed attack only uses simple tools, its cost is inexpensive, and it can be streamlined simply, so it can be
leveraged by attackers to form new underground industry easily. Therefore it is a new security threat and challenge for operating systems. A
common defense against this kind of attack is to extend a specialized memory encryption engine to the CPU, but most current computing devices
are not equipped with such hardware security mechanisms. Thus, the academic fields and industrial fields propose software-based techniques to
defend board level physical attacks, and these techniques have been becoming a research hotspot in recent years. This paper deeply analyzes the
development of these techniques, summarizes their advantages and disadvantages, and discusses their development trends. First, the paper
introduces the definition, threat model and some real-world attack cases of the board level physical attacks. Second, the paper describes the
building blocks relied by the software-based techniques to defense the board level physical attacks. Third, the paper makes a survey of and
categorizes the related work on the software-based defense technology according to their protection domains. At last, the paper analyzes the
advantages and disadvantages of the technology, gives suggestions on how to implement it in practice, and discusses some development trends of
this technology.
Key words: memory protcetion; physical attack; memory encryption; memory integrity

随着信息技术的发展,移动互联网、云计算、工业 4.0 等应用场景不断出现,以实现消费者、企业以及工业
等领域的信息化目标.与此同时,越来越多的安全敏感业务也迁移到智能终端和服务器平台等各种计算设备上:
智能终端等个人终端设备提供身份认证、电子钱包、企业办公等安全敏感功能;企业数据中心和智能工厂等服
务器平台存储并处理企业数据以及工业数据,这些数据涉及企业的核心机密以及工厂的隐私信息,一旦泄露后
果极为严重.
计算设备中信息价值的提高吸引了越来越多的攻击者甚至黑色产业者的注意,并开始设计各种先进的攻击
方法.除了传统的软件攻击,最新出现了一种低成本的物理攻击:电路板级物理攻击(以下简称为板级物理攻击).这
类攻击典型的案例包括冷启动攻击 [1−5] 、总线窃听攻击 [6−10] 和 DMA 攻击 [11−14] .板级物理攻击与传统的物理攻击相
比(譬如侵入式攻击 [15] 和半侵入式攻击 [16] ),所需攻击工具成本低,攻击流程简单,具有成本低、易复制、可流程化
等特点,容易被攻击者利用形成窃取个人机密信息的黑色产业,已经成为目前计算机系统严重的安全威胁之一.
冷启动攻击等板级物理攻击出现之后,处理器体系结构领域的研究人员提出通过保护片外 RAM 来抵抗该
攻击的方法,其主要思路是在处理器芯片与片外 RAM 之间的传输路径上部署硬件加密和完整性保护引擎 [17−39]
来保护片外 RAM 的机密性和完整性.这种基于硬件的方法将片外 RAM 的安全性规约为处理器芯片的安全性,
从而彻底杜绝只能实施在处理器芯片外部的硬件组件的板级物理攻击.加拿大滑铁卢大学的 Elbaz 等人和美国
达特茅斯学院的 Henson 等人分别就当前学术界硬件方式的内存完整性保护方案 [40] 和内存加密方案 [41] 进行了
调研,总结了各种方案的优缺点以及所能达到的安全保护能力.学术界的先进方法也促进了产业界的技术发展,
以 XOM [17] 和 AEGIS [18] 为代表的学术界技术思路被产业界所采纳 , 形成了 Intel SGX(software guard
extensions) [42,43] 和 AMD SME(secure memory encryption) [44] 等产业界内存保护方案.
但是实际上,只有部分 Intel 和 AMD 的服务器处理器配备了 SGX 和 SME 等内存保护机制,智能终端、绝
大多数个人电脑以及部分服务器都不具备抵抗板级物理攻击的能力.而板级物理攻击是这些设备所部署的应
用场景的一个严重威胁,因此这些设备同样需要具备抗板级物理攻击的安全能力.针对该问题,学术界提出了基
于软件方式的抗板级物理攻击的操作系统防御技术,这类技术的思路是在操作系统等系统软件上扩展安全增
强机制,将这些安全机制运行在设备上通用的安全存储资源中并提供对片外 RAM 的安全保护.中科院信工所
的林璟锵等人调研了利用缓存和寄存器这两类通用安全存储资源构建的内存保护方案 [45] ,分析了各种方案的
优点和局限性以指导硬件辅助安全性方面的研究.软件方式的防护技术无需修改处理器硬件就能为安全关键
程序、通用应用程序乃至整个系统提供较强的物理防护能力,对已经出厂但没有配备硬件内存保护引擎的设备

140 141 142 143 144 145 146 147 148 149 150