Search

EP-4433930-B1 - CONTROL FLOW INTEGRITY MEASUREMENTS TO VALIDATE FLOW OF CONTROL IN COMPUTING SYSTEMS

EP4433930B1EP 4433930 B1EP4433930 B1EP 4433930B1EP-4433930-B1

Inventors

  • YOUNG DE LA SOTA, MIGUEL CRISTIAN
  • OSORIO LOZANO, MIGUEL ANGEL

Dates

Publication Date
20260506
Application Date
20220325

Claims (14)

  1. A computer-implemented method comprising: generating a measurement value for a control flow of a check signature function, the check signature function configured to verify a digital signature; generating, during a scope of the check signature function, an expression return value indicative of a successful digital signature verification; updating, during the scope and responsive to generating the expression return value, the measurement value according to a computed value, the computed value based on the measurement value and the expression return value; and validating the control flow of the check signature function by comparing the measurement value to a predetermined value.
  2. The computer-implemented method as recited in claim 1, wherein the expression return value is a second expression return value, the computer-implemented method further comprising: generating, prior to generating the second expression return value, a first expression return value indicative of a successful digital signature acquisition.
  3. The computer-implemented method as recited in claim 2, wherein updating the measurement value updates the measurement value for each of the first expression return value and the second expression return value.
  4. The computer-implemented method as recited in any preceding claim, wherein updating the measurement value includes: setting the measurement value equal to the computed value.
  5. The computer-implemented method as recited in any preceding claim, further comprising: returning, responsive to validating the control flow of the check signature function, a scope return value.
  6. The computer-implemented method as recited in claim 5, wherein the scope return value includes at least one error code, the at least one error code indicative of a successful validation of the control flow of the check signature function or an unsuccessful validation of the control flow of the check signature function.
  7. The computer-implemented method as recited in claim 5 or 6, wherein the expression return value includes at least one error code, the at least one error code indicative of a successful digital signature verification or an unsuccessful digital signature verification.
  8. The computer-implemented method as recited in claim 7, further comprising: determining, based on one or more conditional branch instructions, that the expression return value indicates the unsuccessful digital signature verification; ceasing, responsive to determining that the expression return value indicates the unsuccessful digital signature verification, further execution of the scope of the check signature function; and returning the scope return value indicative of the unsuccessful validation of the control flow of the check signature function.
  9. The computer-implemented method as recited in any preceding claim, further comprising: generating the computed value using a hashing function.
  10. The computer-implemented method as recited in claim 9, wherein: the hashing function includes a non-cryptographic, composite fingerprinting algorithm; and generating the computed value includes: combining two inputs together using at least one of: a noncommutative function including concatenation; or an injective function including serialization; and mapping the combined inputs to a fixed-size digest value.
  11. The computer-implemented method as recited in any preceding claim, wherein updating the measurement value according to the computed value includes: manipulating the measurement value through one or more mathematical operations or bitwise operations.
  12. The computer-implemented method as recited in any preceding claim, wherein the predetermined value is calculated prior to maintaining the measurement value and is based on a number of monadic error return decisions within the scope.
  13. The computer-implemented method as recited in claim 12, wherein the predetermined value is stored in security-hardened memory.
  14. A system comprising: an integrated circuit including: at least one processor; and at least one computer-readable storage medium coupled to the at least one processor and comprising instructions that, when executed by the at least one processor, cause the processor to perform the method of any preceding claim.

Description

BACKGROUND As a result of the developing computerization of society, the world is increasingly susceptible to a variety of costly cyberattacks. These cyberattacks can vary in severity, not only potentially affecting a user's informational security (e.g., digital currency transactions), but also threatening the user's physical safety (e.g., autonomous driving). To thwart such cyberattacks, numerous security measures are implemented on computing devices to prevent unauthorized access to, and manipulation of, device data and communications. Although these security measures have already proven to withstand exhaustive cyberattacks, these computing devices are continually tested against state-of-the-art techniques simulating potential cyberattacks with the goal of identifying hardware or software vulnerabilities. The field of study dedicated to finding weaknesses in and breaching such security systems is referred to as cryptanalysis. Recent cryptanalysis assessments have identified potentially security-threatening techniques involving fault injection. A fault injection attack may involve an attacker physically injecting, as opposed to a software injection, a fault into a computing system, thereby intentionally altering the behavior of an electronic component. As a result, fault injection attacks can circumvent many system security features, alter a computing system behavior to accomplish malicious intents, and/or extract confidential information. A physical fault injection attack may involve voltage glitching, clock glitching, laser injection, electromagnetic injection, and so forth. In some instances, these cyberattacks can introduce as few as four fault injections in well-defined locations to break system security. ARNAUTOV SERGEI ET AL in "ControlFreak: Signature Chaining to Counter Control Flow Attacks",2015 IEEE 34TH SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS (SRDS), IEEE, 28 September 2015 (2015-09-28), disclose a hardware watchdog mechanism that uses signatures and signature chaining to detect and prevent control flow attacks. SUMMARY This document describes techniques and apparatuses directed at implementing control flow integrity measurements to validate control flow in computing systems. In aspects, a method is disclosed that includes maintaining a measurement value for a control flow during a scope. The method further includes generating, during the scope, an expression return value for a computation of an expression, the expression return value indicative of a successful computation of the expression or an unsuccessful computation of the expression. The method also includes altering, during the scope and responsive to generating the expression return value, the measurement value according to a computed value, the computed value based on the measurement value and the expression return value. The method additionally includes comparing the measurement value to a predetermined value to validate the control flow during the scope. In aspects, a system is also disclosed that includes an integrated circuit having at least one processor and at least one computer-readable storage medium coupled to the at least one processor. The computer-readable storage medium includes instructions that, when executed by the at least one processor, cause the processor to perform the method described above. This Summary is provided to introduce simplified concepts for implementing control flow integrity measurements to validate control flow in computing systems, which is further described below in the Detailed Description and is illustrated in the Drawings. This Summary is not intended to identify essential features of the claimed subject matter, nor is it intended for use in determining the scope of the claimed subject matter. BRIEF DESCRIPTION OF DRAWINGS The details of one or more aspects for control flow integrity measurements to validate flow of control in computing systems are described in this document with reference to the following Drawings, in which the use of same numbers in different instances may indicate similar features or components: FIG. 1 illustrates an example operating environment that includes an example computing device, which is capable of implementing control flow integrity measurements;FIG. 2 illustrates an integrated circuit component implemented as a security-oriented integrated circuit;FIG. 3 illustrates an example implementation of a source code configured to implement control flow integrity measurements to validate flow of control in computing systems;FIG. 4 illustrates a fault-detection manager configured to create a measurement value to measure a control flow during a scope;FIG. 5 illustrates the fault-detection manager configured to generate an expression return value and alter the measurement value;FIG. 6 illustrates the fault-detection manager configured to compare the measurement value to a predetermined value to validate the control flow during the execution of instructions within the scope;F