This invention relates to a method of detecting incorrect sequences of code execution, and more particularly, to detecting execution of sequences of program code in a processor in an incorrect order.
As is known, many computer programs have subroutines, or sequences of code, embedded therein, which are not necessarily provided at the point of the program where they are to be executed and which may need to be executed several times over the course of execution of the complete program. Thus, there may well be routines or subroutines, (hereinafter called xe2x80x9ccode sequencesxe2x80x9d) which need to be called to by the code sequence being executed, with, in some cases, subroutines calling other subroutines in a stacked fashion.
When the processor system executing the program is subjected to environmental stress, such as electromagnetic radiation, while it is in operation, the contents of the program counter, or stack pointer, which tracks which subroutines are being called, can become altered. This changes the normal sequence of execution and the behaviour of the system becomes unpredictable. Software errors can have the same result.
If an incorrect sequence of code execution continues after such an alteration or error, without detection, it might allow the system to perform sensitive operations that could compromise the security of the system. This is undesirable in many cases, especially, for example, in smartcards, where the cryptographic keys might be modified unintentionally.
Many methods of detecting such incorrect sequences of code execution are known, but most, if not all, have deficiencies in certain circumstances, or require a large amount of computational resources, which may be unavailable in some applications, for example smartcards.
The present invention therefore seeks to provide a method of detecting incorrect sequences of code execution which overcomes, or at least reduces the above-mentioned problems of the prior art.
Accordingly, the invention provides a method of detecting illegal execution of code sequences, the method comprising the steps of: a) setting an active identifier to a first sequence identifier of a first code sequence; b) executing at least part of the first code sequence; c) calling, from the first code sequence, a second code sequence-having a second sequence identifier; d) providing, to the second code sequence, a caller sequence identifier and a callee sequence identifier; e) checking, in the second code sequence, whether the callee sequence identifier is the same as the second sequence identifier; f) checking, in the second code sequence, whether the caller sequence identifier is the same as the active identifier; and g) generating a signal when either of steps (e) or (f) provide incorrect results.