| CPC H04L 9/3234 (2013.01) [H04L 9/065 (2013.01)] | 11 Claims |
|
1. A method for executing a computer program with an electronic apparatus comprising a microprocessor, an unencrypted memory, an encrypted memory, and a hardware security module, wherein, during the execution of the computer program, lines of code are transferred between the unencrypted memory and the encrypted memory in whole blocks of a plurality of encrypted and authenticated lines of code, said method comprising:
storing, in the encrypted memory, a block of the encrypted and authenticated lines of code, which contain a line of code to be accessed using a pointer, said block of the encrypted and authenticated lines of code containing: a cryptogram of all of the lines of code of said block, said cryptogram having to be decrypted in its entirety to obtain a block of cleartext lines of code, an authentication code computed from the block of cleartext lines of codes or from the cryptogram of the block of cleartext lines of code, and metadata,
obtaining, with the microprocessor, the pointer, which contains an address at which the line of code to be accessed is stored,
loading the block containing the line of code to be accessed from the encrypted memory into the microprocessor,
decrypting the cryptogram contained in the loaded block to obtain the block of cleartext lines of code, and storing the obtained block of cleartext lines of code in the unencrypted memory and storing the metadata of the loaded block,
verifying, with the hardware security module and using the authentication code contained in the loaded block, an integrity of the block of cleartext lines of code obtained from the cryptogram contained in the loaded block, or of the cryptogram contained in the loaded block, and
when said verification fails, inhibiting processing, by the microprocessor, of the lines of code of said loaded block and, when said verification succeeds, permitting processing, by the microprocessor, of the lines of code of said loaded block, wherein:
the storing step comprises incorporating, into the metadata of the block containing the line of code to be accessed, a first pointer identifier associated with the line of code to be accessed, said first pointer identifier alone allowing one pointer to be uniquely identified among a set containing a plurality of different pointers employed in a same execution of the computer program by the microprocessor,
the obtaining step comprises obtaining the pointer, which includes a first range of bits containing the address of the line of code to be accessed, and a different second range of bits containing a second pointer identifier, and
the method further comprises verifying, with the hardware security module, that the second pointer identifier contained in the obtained pointer corresponds to the first pointer identifier associated with the line of code to be accessed and contained in the metadata of the loaded block, and when the first and second pointer identifiers do not correspond, the security module triggers signalling of an execution fault and, in a contrary case, the security module inhibits triggering of signalling of an execution fault and the microprocessor processes the line of code to be accessed.
|