CN107229863A - A kind of secure operating environment virtual method - Google Patents
A kind of secure operating environment virtual method Download PDFInfo
- Publication number
- CN107229863A CN107229863A CN201710438129.4A CN201710438129A CN107229863A CN 107229863 A CN107229863 A CN 107229863A CN 201710438129 A CN201710438129 A CN 201710438129A CN 107229863 A CN107229863 A CN 107229863A
- Authority
- CN
- China
- Prior art keywords
- virtual
- environment
- user
- simulated environment
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Abstract
The present invention provides a kind of secure operating environment virtual method, belongs to field of information security technology, the present invention includes:Secure virtual environment is created, cpu kernels is completed virtually, safe operation system simulated environment is customized on virtual kernel, and create the external communication interface of simulated environment.The present invention can be the trusted context of the virtual safety of terminal device, and private information can be stored the processing procedure with information, all preserve and handle in safe and reliable environment by terminal user, solve the environmental problem needed for the processing of terminal device security information.
Description
Technical field
The present invention relates to information security technology, more particularly to a kind of secure operating environment virtual method.
Background technology
Terminal device is widely used, such as PC, tablet personal computer, mobile terminal, smart mobile phone, our daily lifes
In be found everywhere, brought " facility " of every aspect, the moment study, work, life, amusement, exchange, shopping,
Consumption, tourism, affect us in terms of traffic, but the Information Security of terminal device is also our special care & concerns
The problem of, special terminal user's private information is preserved and processing procedure, and the security of terminal device information depends on running ring
The security in border, therefore realize that the secure operating environment of terminal device is effective solution.
The content of the invention
In order to solve problem above, the present invention proposes a kind of secure operating environment virtual method.It is mainly used in terminal to set
It is standby to fictionalize a believable secure operating environment, meet user security demand.
The technical scheme is that:
A kind of secure operating environment virtual method,
It is main to include three parts:
1)Secure virtual environment is created,
2)Complete cpu kernels virtual,
3)Safe operation system simulated environment is customized on virtual kernel, and creates the external communication interface of simulated environment.
Specifically include the following steps:
Step 1, after user terminal operation, virtual environment module first, if checking that user does not set up virtual ring
Border, will provide the user a series of guide and help, and the virtual environment of user oneself is set up in the case where guide helps to instruct.
Whole process includes:Virtual one independent cpu core, default spatial cache and physical store are empty in multinuclear cpu
Between, safe operation system simulated environment is customized in virtual environment, the information security needed for completing terminal user is stored and information
Deployment needed for security processing services, while completing virtual environment externally usb interfaces, serial ports, the setting of parallel port needed for communication;
Step 2, after user terminal operation, if detecting user has been set up virtual environment, it will directly initiate and backstage
The virtual environment is run, and user's information security storage set in advance and information security processing service are provided for terminal user;
Step 3, terminal user can be communicated by virtual interface with virtual environment, complete private information empty in safety
Preservation and processing in near-ring border, realize that terminal user's private information is preserved and handled, meet the need of user information safety secrecy
Ask.
The beneficial effects of the invention are as follows
The effective tool for setting up a Special safety environment is provided for terminal user, facilitates various of terminal user
The demand of property safety applications.
Brief description of the drawings
Fig. 1 is the workflow diagram of the present invention;
Fig. 2 is the high-level schematic functional block diagram being applied on terminal device.
Embodiment
More detailed illustrate is carried out to present disclosure below:
It is as follows according to specific works shown in Fig. 1:
1st, secure operating environment virtual tool operation is installed, and the virtual environment of user oneself is set up in the case where installation helps to instruct,
Whole process includes:Virtual one independent cpu core, default spatial cache and amount of physical memory in multinuclear cpu, virtual
Personalized secure runtime simulated environment is environmentally customized, the information security needed for completing terminal user is stored and information security
The deployment needed for service is handled, the personalized secure demand of terminal user is reached, externally communicated while completing virtual environment
Required usb interfaces, serial ports, the setting of parallel port;
2nd, terminal user is again started up secure operating environment virtual tool, directly initiates the virtual environment installed and on backstage
The virtual environment is run, user's information security storage set in advance is provided for terminal user and information security handles service;
3rd, forbid the illegal module operation for signature in constructed virtual secure running environment, prevent that running environment from illegally being controlled
System, operation and access, it is ensured that the security of running environment.
4th, terminal user can be communicated by virtual interface with virtual environment, complete private information empty in safety
Preservation and processing in near-ring border, such as:Message reference control, information encrypting storing, private key are preserved, Information Signature processing etc. one is
The safety approach of row, realizes that terminal user's private information is preserved and handled, meets the demand of user information safety secrecy.
Claims (5)
1. a kind of secure operating environment virtual method, it is characterised in that
It is main to include three parts:
1)Secure virtual environment is created,
2)Complete cpu kernels virtual,
3)Safe operation system simulated environment is customized on virtual kernel, and creates the external communication interface of simulated environment.
2. according to the method described in claim 1, it is characterised in that
Concrete operation step is:
Step 1, virtual one independent cpu core, default spatial cache and amount of physical memory in multinuclear cpu, virtual
Safe operation system simulated environment is environmentally customized, the information security storage needed for completing terminal user handles clothes with information security
Deployment needed for business, while completing virtual environment externally usb interfaces, serial ports, the setting of parallel port needed for communication;
Step 2, after user terminal operation, if detecting user has been set up virtual environment, it will directly initiate and backstage fortune
The row virtual environment, and provide user's information security storage set in advance and information security processing service for terminal user;
Step 3, terminal user is communicated by virtual interface with virtual environment, completes private information in secure virtual ring
Preservation and processing in border.
3. method according to claim 2, it is characterised in that
The safe operation system simulated environment include windows operating systems, linux operating systems, apple system,
Under the security context that the operating system of android system, SCM system and user oneself exploitation can be set up, security context
All modules of runtime are used by allowing to enable operation after legal signature verification.
4. according to the method in claim 2 or 3, it is characterised in that
The external communication interface of simulated environment includes usb interfaces, serial ports, parallel port and User Defined interface.
5. method according to claim 4, it is characterised in that
The safe operation system simulated environment is run independently of terminal device, and terminal user voluntarily selectes simulated environment
Install and configuration.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710438129.4A CN107229863A (en) | 2017-06-12 | 2017-06-12 | A kind of secure operating environment virtual method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710438129.4A CN107229863A (en) | 2017-06-12 | 2017-06-12 | A kind of secure operating environment virtual method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107229863A true CN107229863A (en) | 2017-10-03 |
Family
ID=59934911
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710438129.4A Pending CN107229863A (en) | 2017-06-12 | 2017-06-12 | A kind of secure operating environment virtual method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107229863A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021164271A1 (en) * | 2020-02-17 | 2021-08-26 | 华为技术有限公司 | Method for monitoring program code execution behavior, and computer device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103733663A (en) * | 2011-08-10 | 2014-04-16 | 高通股份有限公司 | Method and apparatus for providing a secure virtual environment on a mobile device |
| CN104573422A (en) * | 2015-01-08 | 2015-04-29 | 浪潮软件股份有限公司 | Virtual machine-based application process operation method and device |
| US20170091140A1 (en) * | 2015-03-09 | 2017-03-30 | ZPE Systems, Inc. | High density communications device |
-
2017
- 2017-06-12 CN CN201710438129.4A patent/CN107229863A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103733663A (en) * | 2011-08-10 | 2014-04-16 | 高通股份有限公司 | Method and apparatus for providing a secure virtual environment on a mobile device |
| CN104573422A (en) * | 2015-01-08 | 2015-04-29 | 浪潮软件股份有限公司 | Virtual machine-based application process operation method and device |
| US20170091140A1 (en) * | 2015-03-09 | 2017-03-30 | ZPE Systems, Inc. | High density communications device |
Non-Patent Citations (1)
| Title |
|---|
| 文全刚等: "《嵌入式Linux操作系统原理与应用》", 31 May 2017 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021164271A1 (en) * | 2020-02-17 | 2021-08-26 | 华为技术有限公司 | Method for monitoring program code execution behavior, and computer device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100462949C (en) | Automatic-installable information safety equipment and control method thereof | |
| CN103748594B (en) | For ARM*TRUSTZONETMThe credible platform module based on firmware realized | |
| CN104182662B (en) | Hiding and deployment method, system and the mobile terminal of hide application program | |
| CN103150514B (en) | A kind of trusted module based on mobile device and trusted service method thereof | |
| CN105446713A (en) | Safe storage method and equipment | |
| EP3706019B1 (en) | Hardware-enforced access protection | |
| CN105723377A (en) | Secure enclaves for use by kernel mode applications | |
| CN104216761B (en) | It is a kind of that the method for sharing equipment is used in the device that can run two kinds of operating system | |
| CN107111728A (en) | Safe key export function | |
| CN101520854B (en) | Smart memory card, data safety control system and method thereof | |
| CN202362788U (en) | Dependable computing device with USB (Universal Serial Bus) interfaces | |
| CN201397508Y (en) | Stand-alone terminal secure login and monitoring device | |
| US20180227276A1 (en) | Data interaction method and device for composite smart card device | |
| CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
| CN106778337A (en) | Document protection method, device and terminal | |
| CN101047701B (en) | System and method for ensuring safety operation of applied program | |
| Meletiou et al. | Design and Implementation of an E-exam System Based on the Android Platform | |
| CN101789088A (en) | SD card with payment function | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN102831081A (en) | Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof | |
| CN101888627A (en) | Mobile terminal and system data protection method thereof | |
| CN201150069Y (en) | Information safety equipment supporting multiple identification authentication | |
| CN107229863A (en) | A kind of secure operating environment virtual method | |
| CN102999839A (en) | Cloud platform and virtual SE (security element) based electronic currency security payment system and cloud platform and virtual SE based electronic currency security payment method | |
| CN107798256A (en) | A kind of smart card and design method based on cryptographic algorithm separation storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171003 |
|
| RJ01 | Rejection of invention patent application after publication |