CN104794395A - Architecture characteristic based lightweight multi-system safety management structure - Google Patents
Architecture characteristic based lightweight multi-system safety management structure Download PDFInfo
- Publication number
- CN104794395A CN104794395A CN201510243615.1A CN201510243615A CN104794395A CN 104794395 A CN104794395 A CN 104794395A CN 201510243615 A CN201510243615 A CN 201510243615A CN 104794395 A CN104794395 A CN 104794395A
- Authority
- CN
- China
- Prior art keywords
- safety management
- management structure
- safety
- architecture
- commercial operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an architecture characteristic based lightweight multi-system safety management structure, belonging to the technical field of mobile platform safety. The architecture characteristic based lightweight multi-system safety management structure includes establishment of a trusted execution environment and safe and efficient switching among multiple commercial operating systems. The lightweight multi-system safety management structure relates to the field of mobile safety, is designed on the basis of the system architecture characteristics of mobile equipment or embedded equipment and can meet the requirements on safety and functionality at present. Compared with the existing solutions, the architecture characteristic based lightweight multi-system safety management structure has the advantages of better property, portability, usability, isolation, functionality and safety. The structure disclosed by the invention can be configured in most of present mobile equipment and embedded equipment easily, thereby creating considerable social and economic benefits.
Description
Technical field
The invention belongs to mobile platform security technology area, specifically, be a kind of can security and functional between seek the lightweight multisystem safety management framework of an equilibrium point.
Background technology
Ordinary solution is determined the means two nothing more than of safety problem of computer system: encryption and isolation.Mostly encryption is the aspect of the scholar's research studying cryptography and mathematics, and system researchers just uses some basic cryptographic means to reach a certain object usually; And isolation is as the sharp weapon of system researchers, be used to all kinds of problems of resolution system safety always.In server field, the isolation of operating system is mainly completed by virtual, and different operating system (virtual machine) shares all physical resources by monitor of virtual machine simultaneously.But at mobile platform, virtually could not to be widely adopted always, one is that hardware condition and resource limit (hardware virtualization is immature), two is demand not strong (mobile phone seldom needs to run several operating system simultaneously, and electric quantity consumption is also a stubborn problem).If but a mobile phone can run two OS, certain time only has an OS but can bring many benefits in execution: at the better Secure isolation of guarantee, do not consume again too much resource (electricity) to user while more selecting.
The software developer of mobile device and embedded system often lock into security and functional between make a choice.The TrustZone technology of ARM company has been used to set up a credible execution environment, it can with the conventional commercial operating system concurrent running of feature richness, simultaneously for trusted application provides the execution environment of a safety of isolating.TrustZone technology marks off two and runs the world, safer world and the normal world.The prerogative grade of safer world is higher, and credible execution environment is generally based upon wherein.Really, utilize TrustZone technology to set up demand that credible execution environment can meet security aspect.But be just limited by very large in functional, need to carry out the work such as a large amount of scope checks because run in based on the credible execution environment of TrustZone, thus cause poor-performing, function limitation.
Hardware virtualization method can pass through establishment two virtual machines, thus all obtains good effect in security and functional two.But in real life, most embedded and mobile device all lacks hardware virtualization support.Therefore this dual virtual machine architecture based on hardware virtualization is difficult to instantly popularizing.
In research circle, also have a kind of system to be called as " red green dual system " (Red-green dual-OS), green system wherein provides a safe and reliable environment to go to perform security related tasks, and red system is other common application task service.This system utilizes resource isolation instead of virtual going to reach design object, and now a lot of mobile device adopts this design, and in the safer world provided at TrustZone by green system cloud gray model, red system cloud gray model is in common world.Then, in this existing framework, the prerogative grade of green system is higher than red system, once the assailant of green system malice breaks through, so red system has also just been broken, and that is this does not reach both mutually isolated security requirements.
Therefore how to meet the demand of security and functional two aspects simultaneously, become those skilled in the art's technical barrier urgently to be resolved hurrily in fact.
Summary of the invention
The object of the invention is to, design a kind of system architecture, can be deployed in easily in the mobile device and embedded device instantly having similar TrustZone technology, and the demand that user grows with each passing day in Services-Security and system functionality can be met.
For achieving the above object, the present invention is achieved through the following technical solutions, the present invention includes credible execution environment and set up, the safe and efficient switching between many commercial operation systems.
Further, in the present invention, the foundation of credible execution environment comprises and loads lightweight trusted kernel, disposes commercial operation system watch-dog and provides execution environment for commercial operation system.
Further, in the present invention, safe and efficient switching between many commercial operation systems, in the framework of the present invention's proposition, multiple commercial operation system can be run in a mobile device or embedded device, this framework ensure that the isolation between these operating systems, and makes to switch at Millisecond between them.
The technical scheme that the present invention proposes, a kind of lightweight multisystem safety management framework-TVisor based on architecture characteristics, it can create the operating system that two have same privilege level, and the credible execution environment that these two operating systems can both provide in the use safety world.
Main modular of the present invention has: one, security kernel and credible execution environment; Two, be the sandbox (running environment) that the operating system run in common world provides; Three, TVisor monitor, the operating system run in management common world and physical resource.
Fig. 1 illustrates overall Organization Chart of the present invention.By clean boot flow process in safer world, the integrality of checking trusted kernel, and be loaded in secure memory, thus deploy a believable small-scale operating system, and set up credible execution environment, thus the execution of trusted application can be supported.This security kernel is that the application of common world provides the interface (API) meeting international standard, that is the program of common world can go to call by these strictly controlled interfaces the security service that trusted kernel provides, thus meet their demand for security, and great majority do not need in the time of very high security, these programs may operate in that performance is better, in the more common world of function.
In common world, each conventional commercial operating system is (sandbox is exactly the execution environment for operating system provides) in a sandbox.In the current realization of this invention, two sandboxs are had to operate in common world, the red system (non-security system) of red green dual system corresponding traditional respectively and green system (security system).At some time points, an operating system in common world, is only had to be in running status.When an operating system is in running status, utilize the hardware supported of similar TrustZone, its internal memory is marked as non-security, and all the other internal memories are marked as safe, thus achieves isolation at all on physical layer.And then ensure that the state of program that the operating system of current operation unexpectedly or mala fide can not be distorted other operating system and be run in safer world.The interface that the operating system run can be provided by safer world, communicates with the service operating in credible execution environment.
TVisor monitor runs in the monitoring mode, and it is in charge of the state of the operating system run in common world, comprise external unit isolation distribute and management and different sandbox between switching and scheduling.In addition, the operating system operating in common world can register some real-time tasks in TVisor monitor, thus monitor can ensure that this operating system can process its important real-time task (as making a phone call), even if this operating system is not in running status when event occurs.
Concrete example, as shown in Figure 2, in this invention, the idiographic flow of switching operating system is that Android and Ubuntu system all operates in common world, in safer world, run trusted kernel, and trusted kernel is served as monitor and managed this two systems.In incipient stage operation is system A (being assumed to be Android), run once user wants to be switched to system B (Ubuntu), so trusted kernel (monitor) can will send out an order to Android, it is allowed to enter dormant state, then the running status be necessary of Android can be preserved, the state of peripheral hardware comprising processor state, interrupt table state and be necessary, is then set to secure memory (preventing Ubuntu from distorting Android state) by the application heap at Android place.The Ubuntu system state of preserving before being then loaded into, then recovers and is switched to Ubuntu to run.
The invention has the beneficial effects as follows: the lightweight multisystem safety management framework-Tvsior based on architecture characteristic that the present invention proposes, ensure that the isolation without operating system in common world, can effectively utilize existing hardware technology instantly to reach security and functional doulbe-sides' victory.The present invention utilizes architecture characteristics to propose a kind of multisystem safety management framework of the lightweight without the need to hardware virtualization, thus security and functional between sought an equilibrium point.This framework can be deployed in the embedded device and mobile device that major part has similar TrustZone technical support.
Accompanying drawing explanation
Fig. 1 is system architecture diagram of the present invention;
Fig. 2 is that in the present invention, common world operating system switches schematic diagram.
Embodiment
Elaborate to embodiments of the invention below in conjunction with accompanying drawing, the present embodiment, premised on technical solution of the present invention, give detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
embodiment
Concrete deployment flow process based on the lightweight multisystem management framework of architecture feature comprises [loading security kernel], [setting up credible execution environment], [creation of operating system running environment] and [intersystem handover operation] four-stage.Below will describe the present invention in detail by concrete exemplifying embodiment.
Example concrete steps of the present invention are as follows:
Step
when mobile device or embedded device starting up, built-in start-up loading device is utilized to be loaded in safe region of memory by a lightweight trusted kernel from external unit, in loading procedure, verify the letter of identity of this kernel, ensure that this is the kernel of a complete safety with this.
1., after lightweight trusted kernel is loaded into the secure memory of hardware guarantee, this kernel can divide region of memory step, arranges different rights to different external unit, sets up security system service table, thus sets up credible execution environment.
2., TVsior monitor is set to run step under the monitoring mode of safer world, and this monitor collects hardware information and the related data structures of initialization oneself as interrupt table etc.Monitor the behavior of operating system in common world and make corresponding in time.
Step 3., when the commercial operation system in common world starts, TVsior can for marking off some physical memories, and external unit uses to it with due authority, thus be its establishment running environment, and assist it that the necessary initialization tasks such as interruption are set.Then, this commercial operation system can register some necessary events to simulator, and sets up communication port.
(repeat step and 3. can set up multiple commercial operation system in common world, as set up commercial operation system 1 and 2).
Step 4., in common world, when user wishes to be switched to commercial operation system 2 from commercial operation system 1, now monitor can say the word to commercial operation system 1 by the communication port pre-set, tell that it temporarily can not continue to run, allow it enter dormant state.Trusted kernel in safer world can preserve the running status be necessary of commercial operation system 1, and its application heap is set to secure memory.The running status of the commercial operation system 2 preserved before then recovering, monitor notifies that it can continue to perform.
(4. repetition step can complete the handoff-security in common world between different commercial operation system).
Above-mentioned case study on implementation only listing property illustrates principle of the present invention and effect, but not for limiting the present invention.Any person skilled in the art person all can without departing from the spirit and scope of the present invention, modify to above-described embodiment.Therefore, the scope of the present invention, should listed by claims.
Claims (3)
1. based on a lightweight multisystem safety management framework for architecture characteristics, it is characterized in that, comprising: 1) credible execution environment is set up; 2) the safe and efficient switching between many commercial operation systems.
2. the lightweight multisystem safety management framework based on architecture characteristics according to claim 1, it is characterized in that, the foundation of described credible execution environment comprises and loads lightweight trusted kernel, disposes commercial operation system watch-dog and provides execution environment for commercial operation system.
3. the lightweight multisystem safety management framework based on architecture characteristics according to claim 2, it is characterized in that, safe and efficient switching between described many commercial operation systems, in the framework of the present invention's proposition, multiple commercial operation system can be run in a mobile device or embedded device, this framework ensure that the isolation between these operating systems, and makes to switch at Millisecond between them.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510243615.1A CN104794395A (en) | 2015-05-13 | 2015-05-13 | Architecture characteristic based lightweight multi-system safety management structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510243615.1A CN104794395A (en) | 2015-05-13 | 2015-05-13 | Architecture characteristic based lightweight multi-system safety management structure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104794395A true CN104794395A (en) | 2015-07-22 |
Family
ID=53559184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510243615.1A Pending CN104794395A (en) | 2015-05-13 | 2015-05-13 | Architecture characteristic based lightweight multi-system safety management structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104794395A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105574720A (en) * | 2015-12-14 | 2016-05-11 | 联想(北京)有限公司 | Secure information processing method and secure information processing apparatus |
| CN107038128A (en) * | 2016-02-03 | 2017-08-11 | 华为技术有限公司 | A kind of virtualization of performing environment, the access method of virtual execution environment and device |
| CN107066331A (en) * | 2016-12-20 | 2017-08-18 | 华为技术有限公司 | A kind of resource allocation methods and equipment based on TrustZone |
| CN107563224A (en) * | 2017-09-04 | 2018-01-09 | 济南浪潮高新科技投资发展有限公司 | A kind of multi-user's physical isolation method and device |
| CN107679393A (en) * | 2017-09-12 | 2018-02-09 | 中国科学院软件研究所 | Android integrity verification methods and device based on credible performing environment |
| CN107844713A (en) * | 2016-09-18 | 2018-03-27 | 展讯通信(上海)有限公司 | A kind of electronic equipment for running credible performing environment |
| WO2019072158A1 (en) * | 2017-10-13 | 2019-04-18 | 华为技术有限公司 | Security control method and computer system |
| CN112346789A (en) * | 2020-11-06 | 2021-02-09 | 中国电子信息产业集团有限公司 | Dual-system sleeping and awakening method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| US20130227264A1 (en) * | 2012-02-24 | 2013-08-29 | Samsung Electronics Co. Ltd. | Integrity protection method and apparatus for mobile terminal |
| CN103391374A (en) * | 2013-08-08 | 2013-11-13 | 北京邮电大学 | Dual system terminal supporting seamless switching |
| CN103677989A (en) * | 2013-12-13 | 2014-03-26 | Tcl集团股份有限公司 | Device and method for obtaining multiple systems through linux kernel |
-
2015
- 2015-05-13 CN CN201510243615.1A patent/CN104794395A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130227264A1 (en) * | 2012-02-24 | 2013-08-29 | Samsung Electronics Co. Ltd. | Integrity protection method and apparatus for mobile terminal |
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| CN103391374A (en) * | 2013-08-08 | 2013-11-13 | 北京邮电大学 | Dual system terminal supporting seamless switching |
| CN103677989A (en) * | 2013-12-13 | 2014-03-26 | Tcl集团股份有限公司 | Device and method for obtaining multiple systems through linux kernel |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105574720A (en) * | 2015-12-14 | 2016-05-11 | 联想(北京)有限公司 | Secure information processing method and secure information processing apparatus |
| CN107038128A (en) * | 2016-02-03 | 2017-08-11 | 华为技术有限公司 | A kind of virtualization of performing environment, the access method of virtual execution environment and device |
| CN107038128B (en) * | 2016-02-03 | 2020-07-28 | 华为技术有限公司 | Virtualization of execution environment, and access method and device of virtual execution environment |
| US11321452B2 (en) | 2016-02-03 | 2022-05-03 | Huawei Technologies Co., Ltd. | Execution environment virtualization method and apparatus and virtual execution environment access method and apparatus |
| CN107844713A (en) * | 2016-09-18 | 2018-03-27 | 展讯通信(上海)有限公司 | A kind of electronic equipment for running credible performing environment |
| CN107066331B (en) * | 2016-12-20 | 2021-05-18 | 华为技术有限公司 | TrustZone-based resource allocation method and equipment |
| CN107066331A (en) * | 2016-12-20 | 2017-08-18 | 华为技术有限公司 | A kind of resource allocation methods and equipment based on TrustZone |
| CN107563224A (en) * | 2017-09-04 | 2018-01-09 | 济南浪潮高新科技投资发展有限公司 | A kind of multi-user's physical isolation method and device |
| CN107679393A (en) * | 2017-09-12 | 2018-02-09 | 中国科学院软件研究所 | Android integrity verification methods and device based on credible performing environment |
| CN107679393B (en) * | 2017-09-12 | 2020-12-04 | 中国科学院软件研究所 | Android integrity verification method and device based on trusted execution environment |
| WO2019072158A1 (en) * | 2017-10-13 | 2019-04-18 | 华为技术有限公司 | Security control method and computer system |
| US11687645B2 (en) | 2017-10-13 | 2023-06-27 | Huawei Technologies Co., Ltd. | Security control method and computer system |
| CN112346789A (en) * | 2020-11-06 | 2021-02-09 | 中国电子信息产业集团有限公司 | Dual-system sleeping and awakening method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104794395A (en) | Architecture characteristic based lightweight multi-system safety management structure | |
| CN101866408B (en) | Transparent trust chain constructing system based on virtual machine architecture | |
| CN102929719B (en) | The control method of multiple operating system and multi-core computer on a kind of multi-core computer | |
| CN108509251B (en) | Safe virtualization system suitable for trusted execution environment | |
| CN102708028B (en) | Trusted redundant fault-tolerant computer system | |
| CN103019836B (en) | State switching method and electronic equipment | |
| CN103841198A (en) | Cleanroom cloud computing data processing method and system | |
| CN101149685A (en) | Combined device and method for starting up multiple operation system from mobile memory apparatus | |
| CN112948063B (en) | Cloud platform creation method and device, cloud platform and cloud platform implementation system | |
| CN108549571B (en) | Secure virtualization method applicable to trusted execution environment | |
| CN107003891A (en) | Virtual machine switching method, device, electronic equipment and computer program product | |
| CN102147763A (en) | Method, system and computer for recording weblog | |
| CN107463856B (en) | Anti-attack data processor based on trusted kernel | |
| CN108549812A (en) | Security isolation method, safety insulating device based on Trustzone and car-mounted terminal | |
| CN106970823A (en) | Efficient secure virtual machine guard method and system based on nested virtualization | |
| CN103870749A (en) | System and method for implementing safety monitoring of virtual machine system | |
| JP2015524128A5 (en) | ||
| CN108228308A (en) | The monitoring method and device of virtual machine | |
| WO2017172665A1 (en) | Secure driver platform | |
| CN105940375A (en) | Dynamic reassignment for multi-operating system devices | |
| CN107273765B (en) | Processor based on double virtual kernel mechanism | |
| CN107066331B (en) | TrustZone-based resource allocation method and equipment | |
| CN104598309B (en) | The system of multi-mode OS based on OS virtualizations and its establishment, switching method | |
| Oliveira et al. | Towards a green and secure architecture for reconfigurable IoT end-devices | |
| CN110851885B (en) | Safety protection architecture system of embedded system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150722 |
|
| RJ01 | Rejection of invention patent application after publication |