CN102214277A - Method and device for establishing trusted environments for virtual machine system of multicore processor - Google Patents
Method and device for establishing trusted environments for virtual machine system of multicore processor Download PDFInfo
- Publication number
- CN102214277A CN102214277A CN201010138515XA CN201010138515A CN102214277A CN 102214277 A CN102214277 A CN 102214277A CN 201010138515X A CN201010138515X A CN 201010138515XA CN 201010138515 A CN201010138515 A CN 201010138515A CN 102214277 A CN102214277 A CN 102214277A
- Authority
- CN
- China
- Prior art keywords
- polycaryon processor
- nuclear
- virtual
- machine system
- trusted context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000005055 memory storage Effects 0.000 claims description 13
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 238000002955 isolation Methods 0.000 description 4
- 239000002585 base Substances 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- QZXCCPZJCKEPSA-UHFFFAOYSA-N chlorfenac Chemical compound OC(=O)CC1=C(Cl)C=CC(Cl)=C1Cl QZXCCPZJCKEPSA-UHFFFAOYSA-N 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000001994 activation Methods 0.000 description 1
- 239000003637 basic solution Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006854 communication Effects 0.000 description 1
- 230000005059 dormancy Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000007711 solidification Methods 0.000 description 1
- 230000008023 solidification Effects 0.000 description 1
Images
Abstract
The invention relates to a method and device for establishing trusted environments for a virtual machine system of a multicore processor. The method comprises the following steps of: 1, isolating one core from the multicore processor, and running a customized TPM (Trusted Platform Module) chip simulator on the core; 2, measuring a virtual machine monitor with the TPM chip simulator when the trusted environments are established. With the method and the device, the trusted environments can be established for the virtual machine system, and the problem that a computer network terminal system is not trusted is solved.
Description
Technical field
The present invention relates to computer safety field, relate in particular to method and the device of creating polycaryon processor dummy machine system trusted context.
Background technology
Intel Virtualization Technology is born in the sixties in 20th century the earliest, is proposed by IBM Corporation, and this technology is applied to System 370 systems of IBM.Along with the widespread use of Intel Virtualization Technology, thing followed safety problem is also varied.Though Intel Virtualization Technology can guarantee certain security,, do not disturb mutually such as being isolated from each other between each virtual machine that operates on the physical platform.But because the safety problem that this not basic solution computer system faces.On the contrary, because VMM (Virtual Machine Monitor, monitor of virtual machine) has super authority, making becomes a big potential safety hazard of system to the attack of VMM.
Partly virtual is the notion that Cambridge University proposes, and what accompany with it is the research and development of Xen hypervisor project.Xen hypervisor is system-level virtual tool, is used for realizing dummy machine system in terminal.
Fig. 1 is the structural representation of Xen hypervisor virtual machine, and the bottom is a hardware resource among Fig. 1, and the VMM of Xen hypervisor runs on the hardware resource, hardware resource is managed, and virtual several virtual hardware environments that dissolves.Operation a plurality of Guest OS (child-operation system) are expressed as DomU on the VMM of Xen hypervi sor, and Guest OS is one and is installed on the virtual machine or the operating system in the disk partition except parent-operation system or master operating system.There is not the application layer that the user application of revising runs on DomU.Inner nuclear layer operation at DomU has front-end equipment to drive, and user application drives by front-end equipment hardware resource is operated.And the front-end equipment driving is not really operated hardware resource, and it drives by rear end equipment and realizes hardware resource is operated.Rear end equipment drives and is arranged in VMO, and VMO is expressed as DomO in Fig. 1.VMO is a special Guest OS, also is referred to as privileged Guest OS.Being called as privileged Guest OS is all to move in the application layer of VMO because of VMM hypervisor interfaces interface program, part resource manager, Guest OS supervisor control program, also is that VMO is the Guest OS that has administration authority; VMO can directly conduct interviews to peripherals, also is the authority that it has management and operates all peripherals.
Having moved a rear end equipment in the kernel of VMO drives, be used to accept from what other Guest OS sent hardware resource is carried out operation requests, hand to the device drives among the VMO, finish operation by device drives, and slave unit is driven the operating result that returns return to front-end equipment and drive hardware resource.
In such Intel Virtualization Technology framework, keep isolation between each system by Xen hypervisor, each VM (virtual machine) operates in the memory headroom of oneself, VM self perception is less than the existence of other VM, think and oneself monopolize whole physical platform, corresponding application operates on the VM kernel.Xen hypervisor isolates different VM, makes the various safety problems of one of them VM can not have influence on other VM on the identical platform.But still there is following safety problem in such framework.
Because VMO is authorized Guest OS for privilege by Xen hypervisor, can be directly and hardware carry out alternately, just may cause the leakage of other VM information so to the attack of VMO.
The VMM of Xen hypervisor also has privilege, the VMM of Xen hypervisor itself runs on the privilege level of CPU, with the operating system non-privilege level that runs on a bank, the safety problem of Xen hypervisor itself has been also referred to as a big potential safety hazard of total system.
Reliable computing technology is born in last century end, is exactly in order to improve the credibility of terminal system from the basis at the beginning of the birth.IBM (International Business Machines Corporation), HP (Hewlett-Packard), Intel (Intel), Microsoft IT enterprises such as (Microsofts) have been set up credible calculating platform alliance, and (Trusted ComputingPlatform Alliance, TCPA), the member is 190 families nearly.TCPA has defined the credible platform module (TPM) with safe storage and encryption function, is devoted to the Trusted Computing of data security, comprises development crypto chip, special CPU, mainboard or operating system security kernel.Subsequently, this tissue renames, and (Trusted Computing Group TCG), continues to advance the development of Trusted Computing to the Trusted Computing tissue.
The Trusted Computing tissue has proposed the standard of a series of promotion computer system securities, comprises TPM (Trusted Platform Module) safety chip standard, and the TPM chip is by implanting this chip in terminal, setting up the credible of terminal.Here TPM safety chip role is from computer starting, the module of terminal system is before control system, its integrality need be through excess vol, the tolerance here is meant does Hash operation to program, and be kept at register PCR (the PlatformConfiguration Register of TPM inside, the platform configuration storer) in, judges by the cryptographic hash that reads among the PCR whether terminal system is distorted, determine whether this terminal is credible.
But for various reasons, the use of TPM chip is greatly limited, and shows following several aspect.The problem that existence is supported TPM is not because existing most of computer system is considered the support to reliable computing technology at the beginning of design.The complicacy of TPM chip design itself, according to the standard of TCG, the TPM chip probably need be at general more than 120 power functions of self inside solidification.And in actual use, especially in the use of portable terminal, cost and portability are very important indexs.And the labyrinth of TPM itself has limited its being extensive use of in this equipment to a great extent.Support to Intel Virtualization Technology is not provided.TPM standard and TPM chip all do not relate to the support to Intel Virtualization Technology.
Summary of the invention
For addressing the above problem, the invention provides method and the device of creating polycaryon processor dummy machine system trusted context, can create trusted context for dummy machine system, solve the insincere problem of system of computer network terminal.
The invention discloses a kind of method of creating polycaryon processor dummy machine system trusted context, comprising:
Step 1 isolates a nuclear from polycaryon processor, the TPM chip simulator of operation customization on described nuclear;
Step 2, when creating trusted context, described TPM chip simulator is measured monitor of virtual machine.
Described step 2 further is,
Step 21, when creating trusted context, described TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash that calculates.
Described step 1 further is,
Step 31 isolates a nuclear from polycaryon processor, operation customization operations system on described nuclear;
Step 32, the TPM chip simulator of operation customization in described customization operations system.
Also comprise between described step 1 and the described step 2:
Step 41, the operation virtual tool carries out virtual, starts privileged child-operation system; Provide the nuclear of service for using nuclear for virtual machine in the polycaryon processor.
Before measuring monitor of virtual machine, the simulator of TPM chip described in the described step 2 also comprises:
Step 51 is closed described virtual tool;
Step 52 is closed the application nuclear in the polycaryon processor dummy machine system, forbids virtual memory, and forbids direct memory storage;
Step 53 is carried out initialization to the hardware of polycaryon processor dummy machine system;
Also comprise after the described step 2:
Step 54 is recovered the pent application nuclear and the virtual memory that is under an embargo, and forbidden direct memory storage; And start described virtual tool and set up virtual machine.
The invention also discloses a kind of device of creating polycaryon processor dummy machine system trusted context,
Comprise being used for when creating trusted context the TPM chip simulator that monitor of virtual machine is measured;
Described TPM chip simulator operates on the nuclear that isolates in the polycaryon processor.
Described TPM chip simulator is further used for when creating trusted context, the code of virtual machine monitor is carried out Hash operation, and preserve the cryptographic hash that calculates.
The described nuclear operation customization operations system that from polycaryon processor, isolates; Described TPM chip simulator operates in the described customization operations system.
Virtual instrument is moving before creating trusted context, and starts privileged child-operation system; Provide the nuclear of service for using nuclear for virtual machine in the polycaryon processor.
Described device also comprises:
Disabled module is used for before described TPM chip simulator is measured described virtual tool being closed; Close the application nuclear in the polycaryon processor dummy machine system, forbid virtual memory, and forbid direct memory storage;
The security initialization module, be used for described disabled module finish close and forbid after, the hardware of polycaryon processor dummy machine system is carried out initialization, start described TPM chip simulator after finishing initialization;
Recover module, be used for after described TPM chip simulator has been stored described cryptographic hash, recover pent application nuclear and forbidden virtual memory, and forbidden direct memory storage; And start the foundation that described virtual tool carries out dummy machine system.
Beneficial effect of the present invention is, in dummy machine system, realize TPM simulator (TPM FunctionModule), because the TPM simulator can be according to the demand for security customization of concrete dummy machine system, do not really want all to realize the standard of TCG, thus can be at the cost that guarantees to reduce under the believable prerequisite of terminal mobile device; By the start-up course of record virtual tool, before the control of virtual tool catcher system, the integrality of virtual tool is measured, and preserve the tolerance result, and then guarantee the credibility of start-up course; Carry out safe calculating by from the multinuclear of processor, isolating a nuclear, can improve the utilization factor of entire process device, and strengthen the safety of dummy machine system; Create trusted context by starting the back at dummy machine system, make that BIOS no longer is the part of credible base, dwindled trusted computing base, more little credible base can guarantee the safety of system more, and then increases the dummy machine system security.
Description of drawings
Fig. 1 is the structural representation of Xen hypervisor virtual machine in the prior art;
Fig. 2 is the process flow diagram that the present invention creates the method for polycaryon processor dummy machine system trusted context;
Fig. 3 is the embodiment synoptic diagram that the present invention creates the method for polycaryon processor dummy machine system trusted context;
Fig. 4 is the hardware structure diagram of dummy machine system with polycaryon processor of trusted context.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
The present invention create polycaryon processor dummy machine system trusted context method flow process as shown in Figure 2.
Step S100 isolates a nuclear from polycaryon processor, the TPM chip simulator of operation customization on described nuclear.
Isolate one of them and examine the TPM chip simulator that moves customization in multi-core CPU, can guarantee that the operation of TPM chip simulator is not subjected to the influence of other nuclears, other nuclear perception are less than the existence of TPM chip simulator.
Step S200, when creating trusted context, described TPM chip simulator is measured VMM (monitor of virtual machine).
By said method, TPM chip simulator operates in the environment of isolation, and its sightless to external world characteristic has guaranteed the robustness of itself on the one hand; On the other hand, the starting state that it also can register system, whether the start-up course of authentication system is distorted.
After dummy machine system starts end, set up the dummy machine system of credible startup, the dummy machine system of described credible startup is meant from initial trust initial point, dummy machine system module or assembly that each has started, its integrality has all been passed through tolerance, just hash operations.
Described tolerance realizes that by calculating cryptographic hash described TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash that calculates.
Creating trusted context can be to create when dummy machine system starts, and directly measure VMM this moment.Also can start the back and when security threat takes place, create trusted context at dummy machine system.
The concrete implementing procedure that starts establishment trusted context in back at dummy machine system is as described below.
Virtual instrument is Xen hypervisor or Vmware.
Step S201 isolates a nuclear from polycaryon processor, the TPM chip simulator of operation customization on described nuclear.
From polycaryon processor, isolate a nuclear, operation customization operations system on described nuclear; The TPM chip simulator of operation customization in described customization operations system.
The customization operations system writes down the information of virtual instrument and virtual machine activation process thereof for but virtual instrument provides telecommunications services.
But provide for virtual instrument in the process of telecommunications services in the customization operations system, the communication process of the two is to read or fill message is realized by the identical file in disk.Like this, the custom operation system both can write down the information of virtual instrument start-up, also can realize hiding virtual instrument.
Step S202, the operation virtual tool carries out virtual, starts privileged child-operation system; Provide the nuclear of service for using nuclear for virtual machine in the polycaryon processor.
Step S203 closes described virtual tool.
Step S204 closes the application nuclear in the polycaryon processor dummy machine system, forbids virtual memory, and forbids direct memory storage.
Step S205 carries out initialization to the hardware of polycaryon processor dummy machine system.
Step S206, TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash that calculates.
Step S207 recovers pent application nuclear and forbidden virtual memory, and forbidden direct memory storage; And start described virtual tool and set up virtual machine.
Embodiment
The present invention create polycaryon processor dummy machine system trusted context method embodiment as shown in Figure 3.Comprise four core processors in this dummy machine system, wherein virtual tool is Xen hypervisor.
Wherein the band arrow line of solid line is represented the property finished tolerance, and the band arrow line of dotted line is represented the storage to metric.
In polycaryon processor, isolate one of them nuclear, nuclear 1 moves the customization operations system, and the TPM chip simulator of operation customization thereon, with this customization operations system and the binding of TPM chip simulator, externally provide the TPM function interface simultaneously, make its TPM safety chip that is virtually reality like reality.Like this simulating the TPM safety chip in the multiple nucleus system arbitrarily, for the credible of system provides support.
In the virtualized environment of Xen hypervisor, Xen hypervisor VMM runs directly on the hardware, the virtual machine (being called Domain) of a plurality of mutual isolation of the last operation of VMM, the DomO that a privilege is wherein arranged, be called GuestOS, be in charge of other DomU on the whole Xen hypervisor.When dummy machine system was attacked or is injected into wooden horse, total system was faced with serious security threat., thereby need to create trusted context.It is described to create being implemented as follows of trusted context.
Step S301 starts the customization operations system, operation TPM chip simulator.
Step S302 starts Xen Hypersior and DomO.
After DomO start to finish, continue start-up system, the system of this moment is not credible startup, treats that certain Domain of a certain moment when higher, carries out step S303 to safety requirements.
Step S303 sends credible reconstruction order Sec-restart, XenHypersior cycle power then by DomO.
Step S304, the security initialization program brings into operation, and the security initialization program is carried out a series of action, comprises closing interruption, forbid virtual memory, forbid DMA (directly memory storage), and close application by the IPI instruction and examine, make to use to examine to be in dormant state.
Step S305, security initialization program initialization system hardware.
Step S306, in the final stage of security initialization program run, TPM chip simulator is measured Xen hypervisor VMM by the security initialization program, and the security initialization program sends to TPM chip simulator with the result and preserves.
Step S307 recovers other just at the application nuclear of dormancy by the IPI instruction, and previous forbidden function in the open system as interruption, DMA, is given Xen Hypersior with control.
Step S308, Xen Hypersior brings into operation, and then the startup of DomainO and DomainU just is based upon on the safe Xen Hypersior.
In order to guarantee that said process is not destroyed, top series of steps all is that atomic form is carried out.Through this process of tolerance before loading, set up the execution environment of a safety for Xen hypervisor VMM.In the present invention, do not use real TPM chip, utilize the function of general multi-core CPU simulation TPM chip, wherein metrics process is exactly the process that code or memory address to each object carry out hash.In the process that system begins most, by TPM chip simulator, utilize its hash function, safe loading procedure and Xen hypervisor are moved, and write down its hash value, use during for authentic authentication.
The present invention is a kind of technology of strick precaution, and it guarantees that each link of system all is controllable, all be complete do not have ruined.Owing to trust to transmit and always need a source, just must be by the node that be trusted, so from the beginning, just set up the execution environment of a believable isolation, guarantee that Xenhypervisor operates in this reliable environment, and with trust chain one-level one-level hand on, the application that needs up to the user moves, like this, from the bottom to the upper strata a complete system of not distorted, make the user know the situation of the platform that oneself is using.
The device that the present invention creates polycaryon processor dummy machine system trusted context comprises and being used for when creating trusted context, the TPM chip simulator that monitor of virtual machine is measured; Described TPM chip simulator operates in and isolates in the polycaryon processor on the nuclear.
Described TPM chip simulator is further used for when creating trusted context, the code of virtual machine monitor is carried out Hash operation, and preserve the cryptographic hash that calculates.
The described nuclear operation customization operations system that from polycaryon processor, isolates; Described TPM chip simulator operates in the described customization operations system.
Virtual instrument is moving before creating trusted context, and starts privileged child-operation system; Provide the nuclear of service for using nuclear for virtual machine in the polycaryon processor.
Device also comprises described in the preferred implementation: disabled module, security initialization module and recovery module.
Disabled module is used for before TPM chip simulator is measured described virtual tool being closed; Close the application nuclear in the polycaryon processor dummy machine system, forbid virtual memory, and forbid direct memory storage;
The security initialization module, be used for described disabled module finish close and forbid after, the hardware of polycaryon processor dummy machine system is carried out initialization, start described TPM chip simulator after finishing initialization;
Recover module, be used for after described TPM chip simulator has been stored described cryptographic hash, recover pent application nuclear and forbidden virtual memory, and forbidden direct memory storage; And start the foundation that described virtual tool carries out dummy machine system.
The hardware of dummy machine system with polycaryon processor of trusted context is realized as shown in Figure 4.
Internal memory comprises two parts, TPM environment internal memory and Xen hypervisor internal memory, the nuclear of polycaryon processor also is divided into two big classes, nuclear 1 and examine 2 to nuclear 4, be respectively TPM chip simulator and Xenhypervisor service is provided, TPM chip simulator and Xen hypervisor isolate by access control mechanisms, Xen hypervisor and on virtual machine service externally is provided, TPM chip simulator then is responsible for the credible problem of total system.
Those skilled in the art can also carry out various modifications to above content under the condition that does not break away from the definite the spirit and scope of the present invention of claims.Therefore scope of the present invention is not limited in above explanation, but determine by the scope of claims.
Claims (10)
1. a method of creating polycaryon processor dummy machine system trusted context is characterized in that, comprising:
Step 1 isolates a nuclear from polycaryon processor, the TPM chip simulator of operation customization on described nuclear;
Step 2, when creating trusted context, described TPM chip simulator is measured monitor of virtual machine.
2. the method for establishment polycaryon processor dummy machine system trusted context as claimed in claim 1 is characterized in that,
Described step 2 further is,
Step 21, when creating trusted context, described TPM chip simulator carries out Hash operation to the code of virtual machine monitor, and preserves the cryptographic hash that calculates.
3. the method for establishment polycaryon processor dummy machine system trusted context as claimed in claim 2 is characterized in that,
Described step 1 further is,
Step 31 isolates a nuclear from polycaryon processor, operation customization operations system on described nuclear;
Step 32, the TPM chip simulator of operation customization in described customization operations system.
4. the method for establishment polycaryon processor dummy machine system trusted context as claimed in claim 2 is characterized in that, also comprises between described step 1 and the described step 2:
Step 41, the operation virtual tool carries out virtual, starts privileged child-operation system; Provide the nuclear of service for using nuclear for virtual machine in the polycaryon processor.
5. the method for establishment polycaryon processor dummy machine system trusted context as claimed in claim 4 is characterized in that, also comprises before the simulator of TPM chip described in the described step 2 is measured monitor of virtual machine:
Step 51 is closed described virtual tool;
Step 52 is closed the application nuclear in the polycaryon processor dummy machine system, forbids virtual memory, and forbids direct memory storage;
Step 53 is carried out initialization to the hardware of polycaryon processor dummy machine system;
Also comprise after the described step 2:
Step 54 is recovered the pent application nuclear and the virtual memory that is under an embargo, and forbidden direct memory storage; And start described virtual tool and set up virtual machine.
6. a device of creating polycaryon processor dummy machine system trusted context is characterized in that,
Comprise being used for when creating trusted context the TPM chip simulator that monitor of virtual machine is measured;
Described TPM chip simulator operates on the nuclear that isolates in the polycaryon processor.
7. the device of establishment polycaryon processor dummy machine system trusted context as claimed in claim 6 is characterized in that,
Described TPM chip simulator is further used for when creating trusted context, the code of virtual machine monitor is carried out Hash operation, and preserve the cryptographic hash that calculates.
8. the device of establishment polycaryon processor dummy machine system trusted context as claimed in claim 7 is characterized in that,
The described nuclear operation customization operations system that from polycaryon processor, isolates; Described TPM chip simulator operates in the described customization operations system.
9. the device of establishment polycaryon processor dummy machine system trusted context as claimed in claim 7 is characterized in that,
Virtual instrument is moving before creating trusted context, and starts privileged child-operation system; Provide the nuclear of service for using nuclear for virtual machine in the polycaryon processor.
10. the device of establishment polycaryon processor dummy machine system trusted context as claimed in claim 9 is characterized in that described device also comprises:
Disabled module is used for before described TPM chip simulator is measured described virtual tool being closed; Close the application nuclear in the polycaryon processor dummy machine system, forbid virtual memory, and forbid direct memory storage;
The security initialization module, be used for described disabled module finish close and forbid after, the hardware of polycaryon processor dummy machine system is carried out initialization, start described TPM chip simulator after finishing initialization;
Recover module, be used for after described TPM chip simulator has been stored described cryptographic hash, recover pent application nuclear and forbidden virtual memory, and forbidden direct memory storage; And start the foundation that described virtual tool carries out dummy machine system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010138515.XA CN102214277B (en) | 2010-04-01 | 2010-04-01 | Method and device for establishing trusted environments for virtual machine system of multicore processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010138515.XA CN102214277B (en) | 2010-04-01 | 2010-04-01 | Method and device for establishing trusted environments for virtual machine system of multicore processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102214277A true CN102214277A (en) | 2011-10-12 |
| CN102214277B CN102214277B (en) | 2014-05-21 |
Family
ID=44745579
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010138515.XA Active CN102214277B (en) | 2010-04-01 | 2010-04-01 | Method and device for establishing trusted environments for virtual machine system of multicore processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102214277B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103530578A (en) * | 2013-10-18 | 2014-01-22 | 武汉大学 | Method for constructing STPM of android system |
| CN104468712A (en) * | 2014-10-31 | 2015-03-25 | 中标软件有限公司 | Lightweight class trusted calculating platform, communication method of lightweight class trusted calculating platform and trust chain establishing method |
| CN103580885B (en) * | 2012-07-20 | 2017-05-31 | 华为技术有限公司 | The monitoring method and physical node of cloud environment |
| CN106778249A (en) * | 2017-01-23 | 2017-05-31 | 湖南文盾信息技术有限公司 | A kind of construction method and constructing system of the credible performing environment of java applet |
| CN107301082A (en) * | 2016-04-15 | 2017-10-27 | 中兴通讯股份有限公司 | A kind of method and apparatus for realizing operating system integrity protection |
| CN107861795A (en) * | 2017-11-20 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Method, system, device and the readable storage medium storing program for executing of analog physical TCM chips |
| CN108885668A (en) * | 2016-03-31 | 2018-11-23 | 西门子股份公司 | Method, processor and the equipment of integrity checking for user data |
| WO2018214850A1 (en) * | 2017-05-22 | 2018-11-29 | 华为技术有限公司 | Method, apparatus and systems for accessing secure world |
| CN110109710A (en) * | 2019-05-15 | 2019-08-09 | 苏州浪潮智能科技有限公司 | A kind of OS trust chain constructing method and system of no physics trusted root |
| CN113448677A (en) * | 2020-03-24 | 2021-09-28 | 阿里巴巴集团控股有限公司 | Data processing method and system of virtual machine |
| DE102020115820B3 (en) | 2020-06-16 | 2021-10-21 | Audi Aktiengesellschaft | Test device and method and storage medium for operating a processor system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050210467A1 (en) * | 2004-03-18 | 2005-09-22 | Zimmer Vincent J | Sharing trusted hardware across multiple operational environments |
| CN101317417A (en) * | 2005-11-29 | 2008-12-03 | 英特尔公司 | Network access control for many-core systems |
| US20090220090A1 (en) * | 2008-02-28 | 2009-09-03 | Uday Savagaonkar | Tamper resistant method, apparatus and system for secure portability of digital rights management-protected content |
-
2010
- 2010-04-01 CN CN201010138515.XA patent/CN102214277B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050210467A1 (en) * | 2004-03-18 | 2005-09-22 | Zimmer Vincent J | Sharing trusted hardware across multiple operational environments |
| CN101317417A (en) * | 2005-11-29 | 2008-12-03 | 英特尔公司 | Network access control for many-core systems |
| US20090220090A1 (en) * | 2008-02-28 | 2009-09-03 | Uday Savagaonkar | Tamper resistant method, apparatus and system for secure portability of digital rights management-protected content |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103580885B (en) * | 2012-07-20 | 2017-05-31 | 华为技术有限公司 | The monitoring method and physical node of cloud environment |
| CN103530578B (en) * | 2013-10-18 | 2016-01-27 | 武汉大学 | The construction method of a kind of soft structure credible platform module STPM of Android system |
| CN103530578A (en) * | 2013-10-18 | 2014-01-22 | 武汉大学 | Method for constructing STPM of android system |
| CN104468712A (en) * | 2014-10-31 | 2015-03-25 | 中标软件有限公司 | Lightweight class trusted calculating platform, communication method of lightweight class trusted calculating platform and trust chain establishing method |
| CN104468712B (en) * | 2014-10-31 | 2018-05-29 | 中标软件有限公司 | Lightweight credible calculating platform and its communication means, trust chain method for building up |
| CN108885668A (en) * | 2016-03-31 | 2018-11-23 | 西门子股份公司 | Method, processor and the equipment of integrity checking for user data |
| US11568088B2 (en) | 2016-03-31 | 2023-01-31 | Siemens Aktiengesellschaft | Method, processor and device for checking the integrity of user data |
| CN108885668B (en) * | 2016-03-31 | 2022-11-29 | 西门子股份公司 | Method, processor and device for integrity checking of user data |
| CN107301082B (en) * | 2016-04-15 | 2020-10-09 | 南京中兴软件有限责任公司 | Method and device for realizing integrity protection of operating system |
| CN107301082A (en) * | 2016-04-15 | 2017-10-27 | 中兴通讯股份有限公司 | A kind of method and apparatus for realizing operating system integrity protection |
| CN106778249B (en) * | 2017-01-23 | 2020-02-14 | 湖南文盾信息技术有限公司 | Method and system for constructing trusted execution environment of Java program |
| CN106778249A (en) * | 2017-01-23 | 2017-05-31 | 湖南文盾信息技术有限公司 | A kind of construction method and constructing system of the credible performing environment of java applet |
| CN108959916B (en) * | 2017-05-22 | 2022-01-14 | 华为技术有限公司 | Method, device and system for accessing secure world |
| EP3637288A4 (en) * | 2017-05-22 | 2020-04-22 | Huawei Technologies Co., Ltd. | Method, apparatus and systems for accessing secure world |
| WO2018214850A1 (en) * | 2017-05-22 | 2018-11-29 | 华为技术有限公司 | Method, apparatus and systems for accessing secure world |
| CN108959916A (en) * | 2017-05-22 | 2018-12-07 | 华为技术有限公司 | Methods, devices and systems for the access safety world |
| CN107861795A (en) * | 2017-11-20 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Method, system, device and the readable storage medium storing program for executing of analog physical TCM chips |
| CN107861795B (en) * | 2017-11-20 | 2022-04-26 | 浪潮(北京)电子信息产业有限公司 | Method, system and device for simulating physical TCM chip and readable storage medium |
| CN110109710B (en) * | 2019-05-15 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Method and system for establishing OS (operating system) trust chain without physical root of trust |
| CN110109710A (en) * | 2019-05-15 | 2019-08-09 | 苏州浪潮智能科技有限公司 | A kind of OS trust chain constructing method and system of no physics trusted root |
| CN113448677A (en) * | 2020-03-24 | 2021-09-28 | 阿里巴巴集团控股有限公司 | Data processing method and system of virtual machine |
| CN113448677B (en) * | 2020-03-24 | 2024-01-23 | 阿里巴巴集团控股有限公司 | Data processing method and system of virtual machine |
| DE102020115820B3 (en) | 2020-06-16 | 2021-10-21 | Audi Aktiengesellschaft | Test device and method and storage medium for operating a processor system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102214277B (en) | 2014-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102214277B (en) | Method and device for establishing trusted environments for virtual machine system of multicore processor | |
| CN101866408B (en) | Transparent trust chain constructing system based on virtual machine architecture | |
| Zhang et al. | Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization | |
| US8375221B1 (en) | Firmware-based trusted platform module for arm processor architectures and trustzone security extensions | |
| US8938782B2 (en) | Systems and methods for providing network access control in virtual environments | |
| EP2973179B1 (en) | Dynamically loaded measured environment for secure code launch | |
| US8776041B2 (en) | Updating a virtual machine monitor from a guest partition | |
| CN110622138B (en) | Data migration method and device | |
| CN109165079B (en) | Cloud data center trusted platform based on virtualization and method for building trust chain | |
| US10719346B2 (en) | Disk encryption | |
| WO2017112248A1 (en) | Trusted launch of secure enclaves in virtualized environments | |
| US10754680B2 (en) | Disk encription | |
| Hunt et al. | Confidential computing for OpenPOWER | |
| US20200257814A1 (en) | Disk encryption | |
| US8205197B2 (en) | Apparatus, system, and method for granting hypervisor privileges | |
| Yao et al. | Sugar: Secure GPU acceleration in web browsers | |
| CN102609638A (en) | Xen virtual machine framework based on UEFI (unified extensible firmware interface) runtime service and implementation method thereof | |
| Jayaram Masti et al. | An architecture for concurrent execution of secure environments in clouds | |
| US11645101B2 (en) | Providing trusted virtual secure cryptoprocessors for guests | |
| Gu et al. | Unified enclave abstraction and secure enclave migration on heterogeneous security architectures | |
| CN106845245B (en) | A kind of hot restorative procedure of loophole based on Xen virtual platform | |
| Toegl et al. | acTvSM: A dynamic virtualization platform for enforcement of application integrity | |
| Jin et al. | Administrative domain: security enhancement for virtual TPM | |
| EP3408780B1 (en) | Disk encryption | |
| Sergeev et al. | Malicious hypervisor and hidden virtualization of operation systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240320 Address after: Room 711C, Floor 7, Building A, Yard 19, Ronghua Middle Road, Daxing District, Beijing Economic-Technological Development Area, 100176 Patentee after: Beijing Zhongke Flux Technology Co.,Ltd. Country or region after: China Address before: 100190 No. 6 South Road, Zhongguancun Academy of Sciences, Beijing, Haidian District Patentee before: Institute of Computing Technology, Chinese Academy of Sciences Country or region before: China |
|
| TR01 | Transfer of patent right |