US 12,236,000 B2
Reverse engineering detection by counting consecutive incremental branch instructions in an instruction register of a processor
Diana Moisuc, Saint Egreve (FR); and Christophe Eichwald, Sassenage (FR)
Assigned to STMicroelectronics (Alps) SAS, Grenoble (FR); and STMicroelectronics (Grenoble 2) SAS, Grenoble (FR)
Filed by STMicroelectronics (Alps) SAS, Grenoble (FR); and STMicroelectronics (Grenoble 2) SAS, Grenoble (FR)
Filed on Dec. 16, 2021, as Appl. No. 17/644,718.
Claims priority of application No. 2013625 (FR), filed on Dec. 18, 2020.
Prior Publication US 2022/0197644 A1, Jun. 23, 2022
Int. Cl. G06F 21/75 (2013.01); G06F 9/32 (2018.01); G06F 21/52 (2013.01)
CPC G06F 21/75 (2013.01) [G06F 9/322 (2013.01); G06F 9/323 (2023.08); G06F 21/52 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A method, comprising:
determining a threshold value having a value greater than a first number of consecutive operation codes detected during a simulation execution of a source code by a processor;
monitoring instructions successively stored in an instruction register of the processor, the monitoring comprising systematic and routine reading and decoding of operation codes of the successively stored instructions during a regular execution of the source code by the processor;
determining a second number of consecutive operation codes corresponding to an encoding of incremental branch instructions during the monitoring, the determining the second number of consecutive operation codes corresponding to the encoding of incremental branch instructions comprising comparing decoded operation codes to a list comprising operation codes corresponding to skip branch instructions;
generating a detection signal in response to determining that the second number of consecutive operation codes is equal to the threshold value, the determining that the second number of consecutive operation codes is equal to the threshold value comprising determining that a counter is equal to zero based on sequentially decrementing the counter after each consecutive operation code is determined to correspond to an encoding of an incremental branch instruction during the regular execution of the source code, the counter initially set to the threshold value;
detecting a linear extraction of information attack on the processor in response to the generating of the detection signal and, in response, resetting a next instruction pointer to a value of an instruction pointer associated with instructions between a beginning of the monitoring and immediately before the detecting the linear extraction of information attack; and
adding skip branch instructions to the source code to interrupt a linearity characteristic of the regular execution of the source code, the number of skip branch instructions to be added to the source code selected to minimize the threshold value while maintaining an execution performance of the source code.