220 likes | 279 Views
A Discussion on Assemblers. Mnemonic instructions , such as LOAD 104 , are easy for humans to write and understand. Also labels can be used to identify particular memory locations. They are impossible for computers to understand.
E N D
A Discussion on Assemblers • Mnemonic instructions, such as LOAD 104, are easy for humans to write and understand. Also labels can be used to identify particular memory locations. • They are impossible for computers to understand. • Assemblers translate instructions that are comprehensible to humans into the machine language that is comprehensible to computers • We note the distinction between an assembler and a compiler: In assembly language, there is a one-to-one correspondence between a mnemonic instruction and its machine code. With compilers, this is not usually the case. • Assemblers create an object program file from mnemonic source code (assembly program) in two passes. • During the first pass, the assembler assembles as much of the program as it can, while it builds a symbol tablethat contains memory references for all symbols in the program. • During the second pass, the instructions are completed using the values from the symbol table. Lecture
A Discussion on Assemblers • Consider our example program at the right. • Note that we have included two directives HEX and DEC that specify the radix of the constants. • The first pass, creates a symbol table and the partially-assembled instructions as shown (ie. doesn’t know X is located at address 104). • Also after the first pass, the translated instructions are incomplete Mnemonic instructions or alphanumeric name Label or Memory location name Lecture
A Discussion on Assemblers • After the second pass, the assembler uses the symbol table to fill in the addresses and create the corresponding machine language instructions • After the second pass, it knows X is located at address 104 and that is totally translated to machine code Lecture
Extending Our Instruction Set • So far, all of the MARIE instructions that we have discussed use a direct addressing mode. • This means that the address of the operand is explicitly stated in the instruction. • It is often useful to employ a indirect addressing, where the address of the address of the operand is given in the instruction • If you have ever used pointers in a program, you are already familiar with indirect addressing. Lecture
Extending Our Instruction Set • We have included three indirect addressing mode instructions in the MARIE instruction set. • The first two are LOADI X and STOREI X, where X specifies the address of the operand to be loaded or stored. • In RTL : • It would be the same conceptually for AddI, SubI, JumpI and JnS MAR X MBR M[MAR] MAR MBR MBR M[MAR] AC MBR MAR X MBR M[MAR] MAR MBR MBR AC M[MAR] MBR LOADI X STOREI X Lecture
Extending Our Instruction Set • Our first new instruction is the CLEAR instruction. • All it does is set the contents of the accumulator to all zeroes. • This is the RTL for CLEAR: AC 0 Lecture
A Discussion on Decoding • As mentioned earlier, the control unit causes the CPU to execute a sequence of steps correctly • There are control signals asserted on various components in making the components active • A computer’s control unit keeps things synchronized, making sure that bits flow to the correct components as the components are needed. • There are two general ways in which a control unit can be implemented: hardwired controlandmicroprogrammed control. • With microprogrammed control, a small program is placed into read-only memory in the microcontroller. • Hardwired controllers implement this program using digital logic components. There is a direct connection between the control lines and the machine instructions. Lecture
A Discussion on Decoding • Your text provides a complete list of the register transfer language (or RTN) for each of MARIE’s instructions. • The RTL or RTN actually defines the microoperations of the control unit. • Each microoperation consists of a distinctive signal pattern that is interpreted by the control unit and results in the execution of an instruction. • The signals are fed to combinational circuits within the control unit that carry out the logical operations for the instruction • Recall, the RTL for the Add instruction is: MAR X MBR M[MAR] AC AC + MBR Lecture
A Discussion on Decoding • Each of MARIE’s registers and main memory have a unique address along the datapath (0 through 7). • The addresses take the form of signals issued by the control unit. • Let us define two sets of three signals. • One set, P2, P1, P0, controls reading from memory or a register, • and the other set consisting of P5, P4, P3, controls writing to memory or a register. • Let’s examine MARIE’s MBR (with address 3) • Keep in mind from Ch 2 how registers are configure using flip-flops Lecture
A Discussion on Decoding - MBR The MBR register is enabled for reading when P0 and P1 are high The MBR register is enabled for writing when P3 and P4 are high Lecture
A Discussion on Decoding • We note that the signal pattern just described is the same whether our machine used hardwired or microprogrammed control. • In hardwired control, the bit pattern of machine instruction in the IR is decoded by combinational logic. • The decoder output works with the control signals of the current system state to produce a new set of control signals. Unique output signal corresponding to the opcode in the IR Produce the series of signals that result in the execution of the microoperations Produces the timing signal for each tick of the clock (sequential logic used here because the series of timing signals is repeated) – for tick, a different group of logic can be activated Lecture
A Discussion on Decoding - ADD Bit pattern for the Add = 0011 instruction in the IR. Timing signal added with instruction bits produce required behavior Result Here Control lines and bits controlling the register functions and the ALU Lecture
A Discussion on Decoding • The hardwired approach is FAST, however, the control logic are tied together via circuits and complex to modify • In microprogrammed control, the control can be easier modified • In microprogrammed control, instruction microcode produces control signal changes. • Machine instructions are the input for a microprogram that converts the 1s and 0s of an instruction into control signals. • The microprogram is stored in firmware, which is also called the control store. • A microcode instruction is retrieved during each clock cycle. Lecture
A Discussion on Decoding • All machine instructions are input into the microprogram. The microprogram’s job is to convert the machine instructions into control signals. • The hardwired approach, timing signals from the clock are ANDed using combinational logic circuits to invoke signals • In the microprogram approach, the instruction microcode produces changes in the data-path signals Lecture
Hardware security You only need to know Hardware Security at the level it is covered in the slidesThe slides will not be available for the exam though
Hardware security What is Roots of Trust (RoT) ? • RoT is a set of functions in the trusted computing module that is always trusted by the computer’s operating system (OS). • RoTs serves as a separate computer engine controlling cryptographic processor on a PC • Typically, RoTs are implemented in hardware rather than software because of its immutability (unchangeable object), smaller attack surface, and reliable behavior.
Reverse engineering (RE) oFmachine code for malware analysis • Disassembly allows us to analyze malware or viruses without the source code • RE will figure out the program’s flow in understanding program behavior • RE will find out virus and malware signatures used in antivirus programs (Anti-virus program determines a signature of a program and compares that signature to a list of known bad signatures) • Obfuscation code (code intentionally made hard for humans to understand) is hard to reverse engineer
Intel chipsec • CHIPSEC is a framework developed by Intel for analyzing security of PC platforms including hardware, system firmware (BIOS) and the configuration of platform components. • It allows you the ability to create security test suites, security assessment tools for various low level components and interfaces as well as forensic capabilities for firmware.
Hardware/Firmware worms What is firmware? • Firmware is a piece of software stored in read-on-memory (ROM) or flash memory that comes with hardware. Chi worm • CIH is a computer virus developed by a Taiwanese college student in 1998 (Chen Ing-hau). This virus erases the first megabyte of a hard drive and PC BIOS firmware. It causes machines to hang or cue the blue screen death. Zero out the first megabyte of a hard drive by deleting partition tables and master boot record (MBR), which causes the computers not to boot. • It hides itself in a Portable Executable (PE) file under Windows 95, 98, and ME. It does not spread via Windows NT-based operating systems such Windows XP, 7, 8, and 10.
Hardware/Firmware worms Thunderstrike 2 worm • The Thunderstrike 2 is a firmware type of worms created by Xeno Kovah et al. to prove that MACs may be attacked via an Apple Thurderbolt Ethernet adapter. • The worm hides in the Option ROM (consist of firmware called by the system BIOS) of the Thurderbolt Ethernet adapter, which is loaded and infected when the MAC’s firmware is connected to the network. • An attacker could compromise the boot firmware on MacBooks via a phishing email or malicious web site. The compromised MacBook will spread the worm by being connected to any other device. When the infected devices are inserted to other computers, they will load the optional ROM, which triggers flashing their boot firmware with the worm.
Why ARE firmware VIRUSES hard to DETECT and remove ? • Most the anti-virus software does not have the privilege to scan the firmware simply because its operations rely on the firmware. • Moreover, the firmware may disguise itself by reporting normal responses for any requests made by upper level applications. This makes it difficult to detect. • Also, the firmware is basically part of the hardware. Unless you explicitly flash (clean) and re-store the firmware, re-installing OS will not remove the worm sitting in firmware.
Latest hardware attack development • Analog malicious hardware – exploiting the analog properties of circuits (ie. Replace digital gates with analog components and then take away charge from a target wire every time it toggles and store that charge in a capacitor – the capacitor’s voltage exceed some threshold, it deploys a payload) - U of Michigan doing extensive research • These “fabrication-time” attacker can leverage analog circuits to create a hardware attack that is small (i.e., requires as little as one gate) and stealthy (i.e., requires an unlikely trigger sequence before effecting a chip’s functionality) – third party companies are typically the culprits Countermeasures: • Fingerprinting – fabrication causes microscopic variations in chips that are unpredictable • On-chip sensors – sensors can be used for monitoring • Eliminate unused space – minimize to eliminate space for hackers to place malicious code in firmware