CN103942503B - Safe state switching system and switching method - Google Patents

Safe state switching system and switching method Download PDF

Info

Publication number
CN103942503B
CN103942503B CN201410174774.6A CN201410174774A CN103942503B CN 103942503 B CN103942503 B CN 103942503B CN 201410174774 A CN201410174774 A CN 201410174774A CN 103942503 B CN103942503 B CN 103942503B
Authority
CN
China
Prior art keywords
unit
processing unit
safe condition
computer system
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410174774.6A
Other languages
Chinese (zh)
Other versions
CN103942503A (en
Inventor
景蔚亮
封松林
陈邦明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Xinchu Integrated Circuit Co Ltd
Original Assignee
Shanghai Xinchu Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Xinchu Integrated Circuit Co Ltd filed Critical Shanghai Xinchu Integrated Circuit Co Ltd
Priority to CN201410174774.6A priority Critical patent/CN103942503B/en
Publication of CN103942503A publication Critical patent/CN103942503A/en
Application granted granted Critical
Publication of CN103942503B publication Critical patent/CN103942503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Hardware Redundancy (AREA)

Abstract

The invention discloses a safe state switching system and switching method, and belongs to the technical field of computer system safety. The system comprises an input unit, a state switching unit, a detecting unit and a safe processing unit, the state switching unit is connected with the input unit, the detecting unit is connected between a storage unit and a processing unit, and is connected with the state switching unit, and the safe processing unit is respectively connected with a communication unit, the storage unit and the state switching unit. The method comprises the steps that a sate instruction is acquired; the safe state of a computer system is set according to the state instruction; whether data sent to the processing unit are normal or not is detected according to the level of the safe state, and then the data judged to be abnormal are intercepted; the safe processing unit is started according to the level of the safe state and replaces the processing unit to work. According to the technical scheme, the system and method have the advantages that the abnormal data in the Internet are intercepted, the safety of the computer system is guaranteed, and normal running of a computer is not influenced.

Description

A kind of safe condition switched system and changing method
Technical field
The present invention relates to computer system security technical field, more particularly, to a kind of safe condition switched system and switching side Method.
Background technology
With the arrival of information age, user in theory can be by any one electricity on internet access network Brain, regardless of whether the physical location being accessed for computer is located at where, therefore in theory, a computer on network, can pass through The Internet obtains the control instruction data of other computers transmission.
At present used in computer processor chips however not excluded that by artificial setting " safe back door " may it is possible to Some special instructions are set in processor chips, and call these special instructions of activation by what the external world instructed, thus destroying The normal course of operation of computer, for example, assign the instruction of " automatic shutdown " etc. to computer system, and these " safe back doors " lead to Often being activated by the control instruction sent by the Internet, thus leading to the data in computer system to be lost, or even making Become computer system thoroughly to paralyse, bring great inconvenience to user.Further, by the problems referred to above expand to one special Time period in, all computer systems with same processor chip in a certain specific region are all because the Internet refers to Order causes to paralyse, and can directly influence normal operation and the daily life of enterprise, or even can affect state apparatus Run well, cause irremediable loss.
On the other hand, if computer system is chronically at security protection state, for example, the instruction of extraneous input, fall are filtered Back door instruction is even long-term and the Internet disconnects to intercept for low processor performance, can have influence on computer system at ordinary times The speed of service and operational performance, be a kind of safety protecting method lost more than gain.
Chinese patent (cn101452514) discloses a kind of user data protection method for safety computer, methods described Comprise the steps: to set up secure memory space, control the access rights of described secure memory space;Store to described safety The instruction encryption of space correlation, and the receiving terminal in instruction is authenticated process and deciphering to instruction, empty by storing to safety Between user data information and the multiple encryption and decryption of instruction sending, credible awarded by providing between the side of sending and receiving of instruction Warrant book carries out legitimacy certification, efficiently avoid hacker and intercepts the sent instruction of software interception, thus ensureing number of users It is believed that the safety of breath.Technique scheme relate generally to using instruction encryption by the way of to computer system in preserve number of users According to the process carrying out safety certification, problems of the prior art can not be solved.
Content of the invention
According to problems of the prior art, now provide a kind of safe condition switched system and changing method, concrete bag Include:
A kind of safe condition switched system is it is adaptable in computer system, described computer system adopts the first operation system System work, and include processing unit and the first memory element;Described processing unit obtains data from described memory element to be carried out Process, and receive and execute the instruction from external network;
Wherein, described safe condition switched system includes:
First detector unit, is connected between described first memory element and described processing unit, for detecting described place Whether the data that reason unit calls from described first memory element is abnormal, and detection sends being derived to described processing unit Whether the instruction of external network is abnormal;
Described first detector unit intercepts and is detected as abnormal data and instruction;
Secure processing units, connect described first memory element, and receive and execute the instruction from external network;
Described secure processing units are used for substituting described processing unit work;
Input block, inputs the status command for handover security state for user;
Status toggle unit, connects described input block, described first detector unit and described secure processing units respectively, For described computer system being arranged according to described status command under the first order safe condition of normal work, or Start under the second level safe condition of the first detector unit, or start under the third level safe condition of secure processing units;
Described first detector unit and described secure processing units may be contained within the north bridge chips of described computer system.
Preferably, this safe condition switched system, wherein, also includes:
Second memory element, connects described secure processing units;
One second operating system is preserved, described secure processing units are pacified in the described third level in described second memory element After being activated under total state, run described second operating system and be operated.,
Preferably, this safe condition switched system, wherein, described status toggle unit is also connected with described processing unit, institute State status toggle unit described computer system to be arranged under described third level safe condition and controls described process single Unit quits work.
Preferably, this safe condition switched system, wherein, is provided with a memory unit, preserves confession in described processing unit Described processing unit calls the multiple default execute instruction of execution;
Corresponding to the multiple described execute instruction being stored in described memory unit that described processing unit will need to shield Storage address information be set as suspicious storage address information.
Preferably, this safe condition switched system, wherein, also includes:
Second detector unit, is connected between described processing unit and described first memory element, sends extremely for detection Whether the corresponding described storage address information of addressing request of described processing unit is matched with described suspicious storage address information, and Intercept the described addressing request being matched with described suspicious storage address information.
A kind of safe condition changing method is it is adaptable in computer system, described computer system adopts the first operation system System work, and include processing unit and the first memory element;Described processing unit obtains data from described memory element to be carried out Process, and receive and execute the instruction from external network;
Wherein, comprising:
First detector unit, is connected between described first memory element and described processing unit;
Secure processing units, connect described first memory element;
Described first detector unit and described secure processing units may be contained within the north bridge chips of described computer system;
Described safe condition changing method specifically includes:
Step s1, obtains the status command of outside input;
Step s2, the safe condition according to residing for described status command arranges described computer system:
When described computer system is under first order safe condition, described computer system normal work;
When described computer system is under the safe condition of the second level, described first detector unit starts, and detects institute Whether abnormal state the data that processing unit calls, subsequently intercept and be judged as abnormal described data;
When described computer system is under third level safe condition, described secure processing units start, and substitute institute State processing unit to be operated.
Preferably, this safe condition changing method, wherein, in described step s2, when described computer system is in the 3rd When under level security state, described processing unit quits work, and subsequently described secure processing units start.
Preferably, this safe condition changing method, wherein, comprising:
Second memory element, connects described secure processing units, preserves one second operating system;In described step s2, When described computer system is under described third level safe condition, described secure processing units start, and run described the Two operating systems are operated.
Preferably, this safe condition changing method, wherein:
It is provided with a memory unit, for preserving multiple default execute instructions, for described place in described processing unit Reason unit execution;
Setting one is connected to the second detector unit between described processing unit and described first memory element;
Under the safe condition of the described second level, described processing unit runs described first operating system and shields described execution The step of instruction specifically includes:
Step s11, described processing unit runs described first operating system, will need the described execute instruction pair of shielding The storage address information answered is set as suspicious storage address information;
Step s12, described second detector unit obtains the addressing request sending to described processing unit;
Step s13, described second detector unit is by the storage address information in described addressing request and described suspicious storage Address information is mated:
If described storage address information is matched with described suspicious storage address, go to step s14;
If described storage address information does not match described suspicious storage address, go to step s15;
Step s14, described second detector unit intercepts described addressing request, is then returned to described step s12;
Step s15, the described second detector unit described addressing request of clearance, it is then returned to described step s12.
The beneficial effect of technique scheme is: can effectively intercept the exceptional instructions in the Internet or in storage network Data, it is ensured that the security performance of computer system, does not affect the normal operation of computer system simultaneously.
Brief description
Fig. 1 is in the preferred embodiment of the present invention, a kind of structural representation of safe condition switched system;
Fig. 2 is in the preferred embodiment of the present invention, and safe condition switched system is applied to the structure in computer system Schematic diagram;
Fig. 3-4 is in the preferred embodiment of the present invention, a kind of schematic flow sheet of safe condition changing method.
Specific embodiment
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings, but not as limiting to the invention.
As shown in figure 1, a kind of safe condition switched system is it is adaptable in computer system, this computer system includes:
Processing unit 1, i.e. the processor of computer system;
First memory element 2, i.e. the memorizer of computer system, connect processing unit 1, for preserving data or instruction, So that processing unit 1 calls process;
Processing unit 1 also receives instructing and carrying out respective handling of external network input.
In the preferred embodiment of the present invention, processing unit 1 is operated by one first operating system.
Therefore, in the preferred embodiment of the present invention, above-mentioned safe condition switched system specifically includes:
Input block 3, inputs the status command of the safe condition for switching computer system for user.The present invention's In preferred embodiment, user can start different safe conditions by general input mode such as key-press input, Or by the higher input mode of encryption level, such as fingerprint inputs or carries out the side such as subscriber authentication before the input Formula starts different safe conditions.In the preferred embodiment of the present invention, safe condition is started to the encryption of input mode Grade, the grade with safe condition rises and increases step by step.
In the preferred embodiment of the present invention, when needing to start some junior safe conditions, can adopt and connect Receive the input mode of the Internet instruction, that is, in this case, input block 3 can be overlapped with external network.
Status toggle unit 4, connects above-mentioned input block 3, for the status command being sent according to input block 3, arranges The safe condition that computer system is presently in.In the preferred embodiment of the present invention, status toggle unit 4 is according to above-mentioned state Instruction, computer system can be arranged under three kinds of safe conditions: first order safe condition, or the second level security shape State, or third level safe condition.
In the preferred embodiment of the present invention, first order safe condition is safe shape when computer system is normally run State, be also the present invention preferred embodiment in, the computer system safe condition that is in of acquiescence.
First detector unit 5, is connected between processing unit 1 and the first memory element 2, and connects above-mentioned state switching Unit 4.In the preferred embodiment of the present invention, when computer system is arranged in the second level security by status toggle unit 4 When under state, start the first detector unit 5, the first detector unit 5 is adjusted from the first memory element 2 for detection process unit 1 Whether data or instruction are abnormal, and detection sends to whether processing unit 1 is abnormal from the instruction of external network, and Interception is above-mentioned to be judged as abnormal data and instruction.
Specifically, in the preferred embodiment of the present invention, above-mentioned first detector unit 5 is first according to status toggle unit 4 The safe condition of setting judges whether to need to start;When the safe condition of computer system is arranged to second level safe condition When, the first detector unit 5 starts, and starts to catch data or the instruction that processing unit 1 is transferred to the first memory element 2, and/or The instruction being sent to processing unit 1 from external network or data;Subsequently the data being captured and/or instruction are judged, if The data that is captured and/or instruction are judged as abnormal data and/or instruction, then the first detector unit 5 intercept these data and/ Or instruction.
In the preferred embodiment of the present invention, above-mentioned it is judged as abnormal data and/or the situation of instruction can include It is judged as malicious instructions, for example " automatic shutdown " etc.;First detector unit 5 detects the such as requirement being sent by external network After the malicious instructions of computer system automatic shutdown, intercept these instructions.
In the preferably enforcement of the present invention, the first storage that above-mentioned malicious instructions equally can be stored in computer system is single In unit 2, when the first detector unit 5 detects processing unit 1 and calls corresponding malicious instructions to the first memory element 2, intercept These instructions.
Secure processing units 6, connect above-mentioned first memory element 2, and connection status switch unit 4.The present invention is relatively In good embodiment, when computer system is arranged under the third level safe condition status toggle unit 4, above-mentioned safety Processing unit 6 is activated, and works as the processor of whole computer system for alternate process unit 1.
Correspondingly, in the preferred embodiment of the present invention, above-mentioned processing unit 1 is also connected with status toggle unit 4, works as state When switch unit 4 controls secure processing units 6 to start, control process unit 1 quits work simultaneously.Further, the present invention In preferred embodiment, when computer system is arranged under the third level safe condition status toggle unit 4, first at stopping Reason unit 1, subsequent start-up secure processing units 6 work substituting above-mentioned processing unit 1.
In the preferred embodiment of the present invention, above-mentioned secure processing units 6, actual is processor chips, this processor The performance of chip may be not so good as the processing unit 1 of the processor as computer system in embodiments of the invention, but wherein Do not include any " safe back door ".Further, in the preferred embodiment of the present invention, above-mentioned secure processing units 6 can be The unified processor chips producing, to ensure wherein not being preset with any abnormal special instruction.
Second memory element 7, attachment security processing unit 6.
In the preferred embodiment of the present invention, preserve one second operating system in the second memory element 7, work as department of computer science When system is under third level safe condition, secure processing units 6 are activated, and are subsequently operated using the second operating system.
In the preferred embodiment of the present invention, it is additionally provided with above-mentioned processing unit 1:
Memory unit 11, for preserving the execute instruction calling execution for processing unit 1.The preferred embodiment of the present invention In, processing unit 1, when being produced, may be preset with some special execute instructions, that is, above in above-mentioned memory unit 11 Described in " safe back door ".And this " safe back door ", in particular time, is easily subject to the outside instruction sending to activate, from And the normal work of destruction of computer systems.
Therefore, in the preferred embodiment of the present invention, one second detector unit 8 is set, is connected to processing unit 1 and first Between memory element 2.
When computer is under the safe condition of the above-mentioned second level, if desired shields some and default in processing unit 1 Execute instruction, that is, when " safe back door ", processing unit 1 passes through to run the execute instruction that some needs are shielded by the first operating system Corresponding storage address information is set as suspicious storage address information, subsequently adopts the second detector unit 8 detection to send and extremely locates The addressing request of reason unit, and storage address information that this addressing request is included and suspicious storage address information carry out Join, intercept the addressing request being matched with above-mentioned suspicious storage address information.
In the preferred embodiment of the present invention, the multiple suspicious storage address information of above-mentioned setting can be used for identifying one can Doubtful instruction memory size a, preserves suspicious execute instruction in this suspicious instruction memory size a, that is, executing these instructions can Computer system can be worked the mischief.
In the preferred embodiment of the present invention, remove the execute instruction of preserving outside above-mentioned suspicious instruction memory size a Memory space is credible instruction memory size b, and processing unit 1 executes the execute instruction preserving in credible instruction memory size b Computer system will not be worked the mischief.
Further, in the preferred embodiment of the present invention, data generally in processor products for the above-mentioned credible instruction There is clear explanation in handbook, and the clear instruction recorded may not be estimated to be in data book is suspicious instruction.This In the preferred embodiment of invention, can detect in memory unit 11 whether be preset with the way of in advance using some reverse engineerings Suspicious instruction.In the preferred embodiment of the present invention, analyzed by reverse engineering, record the corresponding storage of suspicious instruction Location, and the corresponding storage address of credible instruction, and recorded and storage address information by described second detector unit 8.This In bright preferred embodiment, sent to the addressing request of processing unit 1 using the second detector unit 8 detection, and to default Suspicious storage address information is mated, to judge whether this addressing request is illegal.When this addressing request be matched with default can During doubtful storage address information, the second detector unit 8 intercepts this addressing request.
Further, although credible instruction when executed will not be to department of computer science in the preferred embodiment of the present invention System works the mischief, but can be by multiple credible instructing combinations, or takes out a part of data in each credible instruction The method being overlapped, produces new execute instruction, executes these new execute instruction is equally possible and jeopardize computer system Normal operation.Therefore, under the safe condition of the second level, user can continue the corresponding storage address information of credible instruction Shielded together as suspicious storage address information, stoped by the instructing combination on described memory unit 11 with reaching Produce the probability of new execute instruction.
In sum, in the preferred embodiment of the present invention, status toggle unit 4, according to status command, can calculate Corresponding three kinds of different grades of safe conditions are set on machine system, include respectively:
First order safe condition: now safe class is minimum, computer system can normally be run.Under normal circumstances, write from memory The safe condition recognized is first order safe condition, and status toggle unit 4 does not export any first under first order safe condition Control instruction, now the first detector unit 5 and secure processing units 6 are all not actuated;Now, the first detector unit 5 is processing list It is only used as the data transmission channel of a connection between unit 1 and the first memory element 2, do not carry out any data interception work.
But, in the preferred embodiment of the present invention, when computer system is not presently within first order safe condition, make User inputs the status command of first order safe condition, then computer system is set to by status toggle unit 4 according to this instruction Be under the first order safe condition of acquiescence, will computer system recover default setting, for example close the first detector unit and/ Or secure processing units etc..
Second level safe condition: safe class is slightly higher, now status toggle unit 4 export one first control instruction starting First detector unit 5 is operated, to detect and to intercept the abnormal data sending to processing unit 1 and/or instruction.
Under the safe condition of the above-mentioned second level, now status toggle unit activation processing unit 1, make system in processing unit In 1, setting suspicious storage address information accordingly, carrys out intercept process unit 1 and to the access of suspicious instruction accordingly and calls.
In the preferred embodiment of the present invention, under the safe condition of the above-mentioned second level, with the continuous lifting of demand for security, The scope of default suspicious storage address information also constantly expands, and the storage address of the most credible instruction be also included within suspicious In the range of storage address information, thus control process unit 1 shields wherein default all execute instructions.In this situation Under, instruct so that its performance is under some influence due to shielding all high-performance in processing unit 1, but ensure that The safe operation of whole computer system.
Third level safe condition, safe class highest, the work of now status toggle unit 4 stopping processing unit 1, simultaneously Start secure processing units 6, using secure processing units 6 as whole computer system processor.
In the preferred embodiment of the present invention, as shown in Fig. 2 above-mentioned first detector unit 5 and secure processing units 6 are all provided with It is placed in the north bridge chips a on computer system motherboard, the area overhead that this setup need not be extra, and mainboard is not yet Need to make any big change, come into operation very convenient, effective reduces cost.In Fig. 2, north bridge chips a is generally used for processing High speed signal, South Bridge chip b is generally used for processing the data communication in i/o bus, enters between South Bridge chip b and external network c Row data interactive communication.
In the preferred embodiment of the present invention, it is illustrated in figure 3 the safety realized using above-mentioned safe condition switched system State switching method, specifically includes:
S1: obtain the status command of outside input;
In the preferred embodiment of the present invention, user inputs the different state of safe class by different input modes Instruction, for example, input the relatively low status command of safe class by way of key-press input;Subsequently defeated by subscriber authentication The mode entering inputs the slightly higher status command of safe class;Input safe class highest state to refer to by way of fingerprint inputs Order.
In the other embodiment of the present invention, can also be using the instruction of other input mode input states.
S2: the safe condition according to residing for status command arranges computer system:
In the preferred embodiment of the present invention, according to the different status command of grade, computer system is arranged in Under different safe conditions, comprising:
S2a: when computer system is under first order safe condition, computer system normal work;
S2b: when computer system is under the safe condition of the second level, the first detector unit starts, and detection process list Whether the data of metacall or instruction are abnormal, subsequently intercept and are judged as abnormal data or instruction;
S2c: when computer system is under third level safe condition, secure processing units start, and alternate process list Unit is operated.
In the preferred embodiment of the present invention, before secure processing units are activated, control process unit stops first Work, to ensure that secure processing units can be operated with alternate process unit.
In the preferred embodiment of the present invention, according to the hierarchical arrangement of the above safe condition, detector unit is total It is to start in advance before secure processing units start, when secure processing units start it is meant that now computer systems division In safe class highest safe condition.
Further, in the preferred embodiment of the present invention, under the safe condition of the second level, can be further according to safety Demand carries out sequence of operations to processing unit, comprising:
Activation processing unit, arranges suspicious storage address information accordingly by the first operating system in processing unit, Carry out intercept process unit to the access of suspicious instruction and to call.
In the preferred embodiment of the present invention, under the safe condition of the above-mentioned second level, with the continuous lifting of demand for security, The scope of default suspicious storage address information also constantly expands, and the storage address information of the most credible instruction is also included within In the range of suspicious storage address information, thus control process unit shields wherein default all execute instructions.In this feelings Under condition, instruct so that its performance is under some influence due to shielding all high-performance in processing unit, but ensure that The safe operation of whole computer system.
Further, in the preferred embodiment of the present invention, as shown in figure 4, above-mentioned processing unit shields suspicious instruction Step specifically includes:
Step s11, processing unit runs the first operating system, will need the corresponding storage address of execute instruction of shielding Information setting is suspicious storage address information;
Step s12, the second detector unit obtains the addressing request sending to processing unit;
Step s13, the storage address information in addressing request is carried out by the second detector unit with suspicious storage address information Coupling:
If storage address information is matched with suspicious storage address, go to step s14;
If storage address information does not match suspicious storage address, go to step s15;
Step s14, the second detector unit intercepts addressing request, is then returned to step s12;
Step s15, the second detector unit clearance addressing request, it is then returned to step s12.
The foregoing is only preferred embodiments of the present invention, not thereby limit embodiments of the present invention and protection model Enclose, to those skilled in the art it should can appreciate that done by all utilization description of the invention and diagramatic content Scheme obtained by equivalent and obvious change, all should be included in protection scope of the present invention.

Claims (9)

1. a kind of safe condition switched system is it is adaptable in computer system, described computer system adopts the first operating system Work, and include processing unit and the first memory element;Described processing unit obtains from data carries out from described memory element Reason, and receive and execute the instruction from external network;
It is characterized in that, described safe condition switched system includes:
First detector unit, is connected between described first memory element and described processing unit, single for detecting described process Whether the data that unit calls from described first memory element is abnormal, and detection sends to described processing unit from outside Whether the instruction of network is abnormal;
Described first detector unit intercepts and is detected as abnormal data and instruction;
Secure processing units, connect described first memory element, and receive and execute the instruction from external network;
Described secure processing units are used for substituting described processing unit work;
Input block, inputs the status command for handover security state for user;
Status toggle unit, connects described input block, described first detector unit and described secure processing units respectively, is used for Described computer system is arranged under the first order safe condition of normal work according to described status command, or starts Under the second level safe condition of the first detector unit, or start under the third level safe condition of secure processing units;
Described first detector unit and described secure processing units may be contained within the north bridge chips of described computer system.
2. safe condition switched system as claimed in claim 1 is it is characterised in that also include:
Second memory element, connects described secure processing units;
One second operating system is preserved, described secure processing units are in the safe shape of the described third level in described second memory element After being activated under state, run described second operating system and be operated.
3. safe condition switched system as claimed in claim 1 it is characterised in that described status toggle unit be also connected with described Processing unit, described status toggle unit described computer system is arranged under described third level safe condition and controls Described processing unit quits work.
4. safe condition switched system as claimed in claim 2 is it is characterised in that be provided with a storage part in described processing unit Part, preserves the multiple default execute instruction calling execution for described processing unit;
Described processing unit will need depositing corresponding to the multiple described execute instruction being stored in described memory unit shielding Storage address information setting is suspicious storage address information.
5. safe condition switched system as claimed in claim 4 is it is characterised in that also include:
Second detector unit, is connected between described processing unit and described first memory element, sends extremely described for detection Whether the corresponding described storage address information of addressing request of processing unit is matched with described suspicious storage address information, and intercepts It is matched with the described addressing request of described suspicious storage address information.
6. a kind of safe condition changing method is it is adaptable in computer system, described computer system adopts the first operating system Work, and include processing unit and the first memory element;Described processing unit obtains from data carries out from described memory element Reason, and receive and execute the instruction from external network;
It is characterized in that, comprising:
First detector unit, is connected between described first memory element and described processing unit;
Secure processing units, connect described first memory element;
Described first detector unit and described secure processing units may be contained within the north bridge chips of described computer system;
Described safe condition changing method specifically includes:
Step s1, obtains the status command of outside input;
Step s2, the safe condition according to residing for described status command arranges described computer system:
When described computer system is under first order safe condition, described computer system normal work;
When described computer system is under the safe condition of the second level, described first detector unit starts, and detects described place Whether the data of reason cell call is abnormal, subsequently intercepts and is judged as abnormal described data;
When described computer system is under third level safe condition, described secure processing units start, and substitute described place Reason unit is operated.
7. safe condition changing method as claimed in claim 6 is it is characterised in that in described step s2, when described computer When system is under third level safe condition, described processing unit quits work, and subsequently described secure processing units start.
8. safe condition changing method as claimed in claim 6 is it is characterised in that include:
Second memory element, connects described secure processing units, preserves one second operating system;In described step s2, work as institute When stating computer system and being under described third level safe condition, described secure processing units start, and run described second behaviour It is operated as system.
9. safe condition changing method as claimed in claim 8 it is characterised in that:
It is provided with a memory unit in described processing unit, for preserving multiple default execute instructions, process list for described Unit's execution;
Setting one is connected to the second detector unit between described processing unit and described first memory element;
Under the safe condition of the described second level, described processing unit runs described first operating system and shields described execute instruction Step specifically include:
Step s11, described processing unit runs described first operating system, will be corresponding for the described execute instruction needing shielding Storage address information is set as suspicious storage address information;
Step s12, described second detector unit obtains the addressing request sending to described processing unit;
Step s13, described second detector unit is by the storage address information in described addressing request and described suspicious storage address Information is mated:
If described storage address information is matched with described suspicious storage address, go to step s14;
If described storage address information does not match described suspicious storage address, go to step s15;
Step s14, described second detector unit intercepts described addressing request, is then returned to described step s12;
Step s15, the described second detector unit described addressing request of clearance, it is then returned to described step s12.
CN201410174774.6A 2014-04-28 2014-04-28 Safe state switching system and switching method Active CN103942503B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410174774.6A CN103942503B (en) 2014-04-28 2014-04-28 Safe state switching system and switching method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410174774.6A CN103942503B (en) 2014-04-28 2014-04-28 Safe state switching system and switching method

Publications (2)

Publication Number Publication Date
CN103942503A CN103942503A (en) 2014-07-23
CN103942503B true CN103942503B (en) 2017-02-01

Family

ID=51190169

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410174774.6A Active CN103942503B (en) 2014-04-28 2014-04-28 Safe state switching system and switching method

Country Status (1)

Country Link
CN (1) CN103942503B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106372527A (en) * 2016-04-28 2017-02-01 深圳市金立通信设备有限公司 Data processing method and terminal
WO2018119904A1 (en) * 2016-12-29 2018-07-05 华为技术有限公司 System-on-chip and method for switching secure operating systems

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102024115A (en) * 2010-11-19 2011-04-20 紫光股份有限公司 Computer with user security subsystem
CN103377349A (en) * 2012-04-27 2013-10-30 美国博通公司 Security controlled multi-processor system
CN103473508A (en) * 2013-09-17 2013-12-25 肖楠 Security verification method during kernel operation of operation system
CN103593603A (en) * 2012-08-17 2014-02-19 美国博通公司 Protecting secure software in a multi-security-CPU system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102024115A (en) * 2010-11-19 2011-04-20 紫光股份有限公司 Computer with user security subsystem
CN103377349A (en) * 2012-04-27 2013-10-30 美国博通公司 Security controlled multi-processor system
CN103593603A (en) * 2012-08-17 2014-02-19 美国博通公司 Protecting secure software in a multi-security-CPU system
CN103473508A (en) * 2013-09-17 2013-12-25 肖楠 Security verification method during kernel operation of operation system

Also Published As

Publication number Publication date
CN103942503A (en) 2014-07-23

Similar Documents

Publication Publication Date Title
CN109753806B (en) Server protection method and device
CN102999716B (en) virtual machine monitoring system and method
US8479276B1 (en) Malware detection using risk analysis based on file system and network activity
CN108931968B (en) Network security protection system applied to industrial control system and protection method thereof
JP2018522359A (en) System and method for detecting unknown vulnerabilities in computing processes
GB2485622A (en) Server detecting malware in user device.
CN105224862A (en) A kind of hold-up interception method of office shear plate and device
CN106650514A (en) Secure input system and method based on TrustZone technology
CN105825131A (en) Computer security startup protection method on basis of UEFI (Unified Extensible Firmware Interface)
CN108183901B (en) FPGA-based host security protection physical card and data processing method thereof
CN103942503B (en) Safe state switching system and switching method
CN106682493B (en) A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment
CN105550574B (en) Side channel analysis evidence-obtaining system and method based on memory activity
CN107992745A (en) Kidnap countermeasure in a kind of interface based on Android platform
CN103927477B (en) A kind of safe mainboard and its application process
CN102722678B (en) A kind of virtual desktop executable program protection mechanism
CN109785537B (en) Safety protection method and device for ATM
CN107169354A (en) Multi-layer android system malicious act monitoring method
CN101178761A (en) Apparatus and method for preventing virus dynamic state attack program
CN106022105B (en) A kind of command processing method and device
US11811803B2 (en) Method of threat detection
CN101374048A (en) System for monitoring compulsion terminal of mobile work base on fine grain centralization type tactic
CN104021351A (en) Method and device for data resource access
KR101410289B1 (en) system and method for tracking remote access server of malicious code
CN103916391B (en) A kind of method and system preventing illegal external connection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant