US 11,704,128 B2
Method for executing a machine code formed from blocks having instructions to be protected, each instruction associated with a construction instruction to modify a signature of the block
Damien Courousse, Grenoble (FR); Karine Heydemann, Paris (FR); and Thierno Barry, Grenoble (FR)
Assigned to COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES, Paris (FR); SORBONNE UNIVERSITE, Paris (FR); and CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE, Paris (FR)
Appl. No. 16/603,786
Filed by COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES, Paris (FR); SORBONNE UNIVERSITE, Paris (FR); and CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE, Paris (FR)
PCT Filed Mar. 20, 2018, PCT No. PCT/FR2018/050678
§ 371(c)(1), (2) Date Oct. 8, 2019,
PCT Pub. No. WO2018/189443, PCT Pub. Date Oct. 18, 2018.
Claims priority of application No. 1753175 (FR), filed on Apr. 11, 2017.
Prior Publication US 2020/0257805 A1, Aug. 13, 2020
Int. Cl. G06F 9/30 (2018.01)
CPC G06F 9/3005 (2013.01) 14 Claims
OG exemplary drawing
 
1. A method of execution of a machine code of a secure function by a microprocessor, comprising:
a) supplying the machine code, the machine code being formed by a succession of basic blocks in which:
each basic block starts at a branch address and ends with an instruction to branch to a branch address of another basic block,
each basic block is associated with a signature and includes instructions to be protected, each instruction to be protected being one of immediately preceded and followed by a construction instruction, the construction instruction, when executed by the microprocessor, modifies a current value of the signature associated with the basic block in a predetermined manner to obtain a new constructed value of the signature associated with the basic block,
each subsequent basic block which, during the execution of the machine code, is executed after a preceding basic block furthermore includes a comparison instruction set which
triggers a comparison of a last constructed value of the signature associated with the preceding basic block with an expected value of the signature determined during generation of the machine code and,
only if the last constructed and expected values do not correspond, triggers reporting of a first fault during the execution of the machine code and, otherwise, inhibits the reporting,
each basic block is divided into a succession of words of N bits each, where each of the succession of words includes at least one machine instruction and N is a constant integer, followed by
b) Loading into a queue, only in complete words, one or more instructions of the machine code that are denoted by a current value of a program counter, followed by
c) executing, by way of an arithmetic and logic unit in the microprocessor, instructions loaded into the queue in an order in which the instructions were loaded into the queue,
wherein:
each construction instruction is encoded on strictly less than N bits, and
each word of the machine code which includes at least part of one of said instructions to be protected also includes one of said construction instructions with a result that it is impossible to load into the queue an instruction to be protected without at the same time loading a construction instruction that, when executed, modifies the current value of the signature associated with the basic block.