Search

CN-122027247-A - Out-of-band vulnerability-based simulated attack method, device, equipment, medium and product

CN122027247ACN 122027247 ACN122027247 ACN 122027247ACN-122027247-A

Abstract

The application relates to a simulated attack method, device, equipment, medium and product based on out-of-band vulnerability. The method comprises the steps of determining target hardware of a system to be attacked, enabling the target hardware to be the hardware which is outside the control authority of the system to be attacked and accessed through hardware instructions, applying disturbance to the target hardware, determining data decoding logic based on state deviation corresponding to the target hardware, and carrying out simulated attack on the system to be attacked based on the target hardware and the data decoding logic. The application provides a systematic and universal analysis framework and a simulation method, and improves the feasibility of out-of-band vulnerability attack by constructing a communication channel by means of a hardware carrier outside an operating system control authority, forming an attack decoding logic matched with target hardware based on a formal analysis framework 'attack disturbance-state space-leakage channel' for describing the out-of-band vulnerability mechanism, and simulating the attack to a system to be attacked by the communication channel and the attack decoding logic.

Inventors

  • ZHANG FAN
  • ZHANG YUNAN
  • XIN ZIHAO
  • JIANG YIXIN
  • XU WENQIAN
  • Huang kaitian
  • LIANG ZHIHONG
  • YANG DAIWEI
  • HONG CHAO
  • BI LEYU

Assignees

  • 南方电网科学研究院有限责任公司
  • 浙江大学

Dates

Publication Date
20260512
Application Date
20260126

Claims (10)

  1. 1. A simulated attack method based on out-of-band vulnerability, the method comprising: determining target hardware of a system to be attacked, wherein the target hardware is the hardware which is outside the control authority of the system to be attacked and is accessed through a hardware instruction; Applying disturbance to the target hardware, and determining data decoding logic based on state deviation corresponding to the target hardware; And carrying out simulation attack on the system to be attacked based on the target hardware and the data decoding logic.
  2. 2. The method of claim 1, wherein the applying a perturbation to the target hardware, determining data decoding logic based on a state deviation corresponding to the target hardware, comprises: disturbance is applied to the target hardware, and an attack vector corresponding to the target hardware is determined; Determining state deviation corresponding to the target hardware based on the attack vector and normal evolution logic of the target hardware; and constructing a target effect function based on the state deviation, performing integral decoding processing on the target effect function, and determining data decoding logic, wherein the target effect function is used for representing the total quantity of observable physical effects caused by attack in an observation period.
  3. 3. The method of claim 2, wherein the target hardware is a digital random number generator, the state bias is an instantaneous probability that the target hardware is in a target state after the disturbance is applied, and the data decoding logic comprises: If the integral value of the target effect function in the target duration is greater than a preset threshold value, decoding to obtain first data; and if the integral value of the target effect function in the target duration is smaller than or equal to a preset threshold value, decoding to obtain second data.
  4. 4. The method of claim 3, wherein the performing a simulated attack on the system under attack based on the target hardware and the data decoding logic comprises: implanting a transmitting-end Trojan program and a receiving-end eavesdropping program into the system to be attacked; Acquiring a target data frame of the system to be attacked through the transmitting-end Trojan program, executing a preset hardware instruction of the target hardware according to the target data frame, and controlling the target hardware to be in a target state; recording the duration of the target hardware in the target state through the receiving end eavesdropping program, and decoding to obtain the target data frame according to the relationship between the duration and the target duration.
  5. 5. The method of claim 4, wherein a state machine is built into the receiver-side eavesdropping program, the state machine comprising a plurality of operating states, the method further comprising: monitoring the state of the target hardware through the receiving end eavesdropping program; And adjusting the working state of the state machine according to the state of the target hardware so as to realize communication synchronization with the sender wooden horse program.
  6. 6. The method of claim 5, wherein the plurality of operating states includes a listening state, a connected state, a receiving state, and a completed state, and wherein the recording the duration of the target hardware in the target state includes: And under the condition that the current working state of the state machine is the receiving state, recording the duration of the target hardware in the target state.
  7. 7. An out-of-band vulnerability-based simulated attack apparatus, the apparatus comprising: the hardware determining module is used for determining target hardware of the system to be attacked, wherein the target hardware is the hardware which is outside the control authority of the system to be attacked and is accessed through a hardware instruction; the decoding determining module is used for applying disturbance to the target hardware and determining data decoding logic based on state deviation corresponding to the target hardware; and the simulation attack module is used for performing simulation attack on the system to be attacked based on the target hardware and the data decoding logic.
  8. 8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
  9. 9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
  10. 10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.

Description

Out-of-band vulnerability-based simulated attack method, device, equipment, medium and product Technical Field The application relates to the technical field of information security, in particular to a simulated attack method, device, equipment, medium and product based on out-of-band vulnerability. Background With the progress of semiconductor technology, intelligent System design is becoming complex, packaging size is becoming small, modern processors integrate highly complex System on Chip (SoC), and traditional software vulnerabilities or hardware defects, i.e. in-band vulnerabilities, are no longer the only security threat. The novel attack surface is introduced by the deep coupling of the virtual space and the physical space, wherein the out-of-band vulnerability is a novel security defect, and malicious instruction transmission or sensitive data leakage crossing the security domain can be realized by bypassing the operating system layer through forms of physical bypass, signal overrun or preset darkpath and the like. However, because such attacks are extremely hidden, traditional logic testing, side channel analysis, or firewall auditing approaches are difficult to detect effectively. Moreover, since the existing vulnerability mechanism analysis model mostly depends on specific attack scenes and lacks universality, a systematic and general out-of-band vulnerability utilization scheme is needed to simulate out-of-band vulnerability attacks so as to reproduce and reveal the attack mechanism, and further provide basis for constructing corresponding defense systems. Disclosure of Invention Based on the foregoing, it is necessary to provide a systematic and general out-of-band vulnerability simulation scheme, which can simulate any type of out-of-band vulnerability attack, reproduce and reveal the attack mechanism thereof, and further provide a method, a device, a computer readable storage medium and a computer program product for constructing a corresponding defense system based on the out-of-band vulnerability. In a first aspect, the present application provides a method for simulating an attack based on out-of-band vulnerability, including: The target hardware of the system to be attacked is determined, wherein the target hardware is the hardware which is outside the control authority of the system to be attacked and is accessed through a hardware instruction; disturbance is applied to target hardware, and data decoding logic is determined based on state deviation corresponding to the target hardware; Based on the target hardware and the data decoding logic, the system to be attacked is subjected to simulation attack. In one embodiment, applying a perturbation to the target hardware, determining data decoding logic based on a state deviation corresponding to the target hardware, includes: disturbance is applied to the target hardware, and an attack vector corresponding to the target hardware is determined; Determining state deviation corresponding to the target hardware based on the attack vector and normal evolution logic of the target hardware; And constructing a target effect function based on the state deviation, performing integral decoding processing on the target effect function, and determining data decoding logic, wherein the target effect function is used for representing the total quantity of observable physical effects caused by attack in an observation period. In one embodiment, the target hardware is a digital random number generator, the state bias is an instantaneous probability that the target hardware is in a target state after the disturbance is applied, and the data decoding logic comprises: If the integral value of the target effect function in the target duration is greater than a preset threshold value, decoding to obtain first data; and if the integral value of the target effect function in the target duration is smaller than or equal to a preset threshold value, decoding to obtain second data. In one embodiment, performing a simulated attack on a system to be attacked based on target hardware and data decoding logic, includes: Implanting a transmitting-end Trojan program and a receiving-end eavesdropping program into a system to be attacked; acquiring a target data frame of a system to be attacked through a transmitting end Trojan program, executing a preset hardware instruction of target hardware according to the target data frame, and controlling the target hardware to be in a target state; Recording the duration of the target hardware in the target state through the receiving end eavesdropping program, and decoding to obtain a target data frame according to the size relation between the duration and the target duration. In one embodiment, a state machine is built in the eavesdropping program at the receiving end, the state machine comprises a plurality of working states, and the method further comprises: monitoring the state of target hardware through a receiving end eavesdr