CN105022968A - Integrity checking method of memory data - Google Patents

Integrity checking method of memory data Download PDF

Info

Publication number
CN105022968A
CN105022968A CN201510458902.4A CN201510458902A CN105022968A CN 105022968 A CN105022968 A CN 105022968A CN 201510458902 A CN201510458902 A CN 201510458902A CN 105022968 A CN105022968 A CN 105022968A
Authority
CN
China
Prior art keywords
node
data
block
data block
counter2
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510458902.4A
Other languages
Chinese (zh)
Other versions
CN105022968B (en
Inventor
张国印
郭振华
姚念民
石翠华
吴艳霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Engineering University
Original Assignee
Harbin Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Engineering University filed Critical Harbin Engineering University
Priority to CN201510458902.4A priority Critical patent/CN105022968B/en
Publication of CN105022968A publication Critical patent/CN105022968A/en
Application granted granted Critical
Publication of CN105022968B publication Critical patent/CN105022968B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

The invention relates to the field of the integrity checking of a memory, in particular to an integrity checking method of memory data on the basis of a dynamic caching Hash tree. According to a locality principle of a program, data_blocks with a high access frequency and the data_blocks with a low access frequency are distinguished; a phenomenon that only intermediate nodes of a fixed layer are stored in the caching Hash tree is changed, and therefore, a Hash cache stores the intermediate nodes of different layers, a memory is divided into the data_blocks of different sizes, and one Hash tree is established by taking the data_blocks as leaf nodes; each data_block is provided with two counters (counter 1 and counter 2); and during initial time, the counter 1 is equal to 0, and the counter 2 is equal to 0; and t is set to represent a current moment, and T is a statistical period. Since a locality principle of the program is utilized, the intermediate nodes stored in the cache are dynamically regulated so as to integrally shorten an average checking path length of each data_block.

Description

A kind of integrity checking method of internal storage data
Technical field
What the present invention relates to is internal memory completeness check field, is specially a kind of integrity checking method of the internal storage data based on dynamic buffering Hash tree.
Technical background
Along with the development of science and technology, computer application is more and more universal, the all a large amount of use computing machine of current ecommerce, bank, government, cloud computing and mobile computing is as computational tool, because the data of process can relate to a lot of secrets, therefore, ensure that computing machine has become the focus of current research in the safety of these data of process.The security of data comprises confidentiality and integrity.The present invention only discusses the integrality how guaranteeing data.Assailant can cheat the data of the flowing in bus, recombinate, Replay Attack.Integrity protection is exactly the malice tampering that will guarantee to detect that assailant implements data, as hardware piggyback attack.It focuses on protection information makes it from Replay Attack.Replay Attack refers to that assailant uses the data be stored in certain address location in the past to replace present data.Current strick precaution Replay Attack mainly uses tree-like verification scheme.According to the method for authentication ' unit employing and the different of structure tree process, Merkle Tree, parallel check can be divided into again to set these three kinds of schemes of PAT and TEC-Tree.
Merkle Tree, also known as Hash Tree, is a kind of the earliest for the tree mechanism of completeness check.The effective computational problem be mainly used in public key cryptosyst is proposed in 1980 by Merkle.Use it in the completeness check of memory content after people's amendments such as Blum.It sets up one tree by carrying out iteration Hash calculation to internal storage data block, preserves root node thus can guarantee the integrality of data, especially can resist Replay Attack in CPU.Shortcoming is that data block can not parallel computation when upgrading, and therefore retardation ratio is larger.Parallel check tree PAT is proposed for this shortcoming descendant, due to a random number all corresponding when the method carries out Hash calculation at every turn, the calculating of higher node does not directly depend on level node, upper strata node calculates MAC after the random number of child node being connected, and therefore it achieves parallel computation during Data Update.But Merkle Tree and PAT tree can only ensure the integrality of data; namely their integrity protection and Confidentiality protection scheme are separated; for this problem, descendant also been proposed TEC-Tree; it, by adding redundant data in data, also ensure that the confidentiality of data while guaranteeing data integrity.
The common shortcoming of these three kinds trees is that the completeness check path of all data blocks is identical, all needs from leafy node to root node, verification path length, postpone large when therefore carrying out Hash calculation during each verification
Summary of the invention
The object of the present invention is to provide a kind of integrity checking method shortening the internal storage data of the verification path of tree.
The object of the present invention is achieved like this:
According to the principle of locality of program, the data block high to access frequency and the low data block of access frequency are distinguished; Change the intermediate node only storing fixing level in buffer memory Hash tree, make the intermediate node storing different levels in Hash buffer memory; Internal memory is divided into the data block data_block of formed objects, sets up a Hash tree using data block as leaf node; Each data block has two counter counter1 and counter2; Counter1=0, counter2=0 time initial; If t represents current time, T is measurement period; Initial seasonal T1 assignment is t; The read-write number of times of the upper statistics cycle data block of counter1 record, the block if processor reads and writes data, then make counter2 increase by 1; As current time t-T1>T, change T1 is current time; And the variation delta counter=counter2-counter1 of statistics block access number of times, and press the node in buffer memory movement rule adjustment buffer memory; And if counter2 does not overflow, make counter1=counter2, counter2=0; If counter2 overflows, then make counter1=0, counter2=0; The standard adopting the rate of change k of access times to move up and down as cache node, fixes k constant in systems in which; The rate of change of the actual access number of times of data block data_block is k '; Namely, as k ' >k, the access times of data block data_block are obviously rise; As k ' <-k, the access times of data block data_block are obviously decline; As k<k ' <-k, the access times change of data block data_block is not obvious; 3 kinds are divided into the situation of movement of buffer memory interior joint, move down respectively, do not move, move up; Judge how cache node moves by following rule:
(1) for the node of in buffer memory, have left/right two stalk to set respectively, how this moves to judge father node according to the situation of movement of left and right subtree; Rule is as follows:
(1.1) if a stalk root vertex judges that needs move up, the root node of another stalk tree judges that needs move up/do not move, then this father node moves up;
(1.2) if a stalk root vertex judges that needs move up, the root node of an another subtree judges that needs move down, then this father node does not move;
(1.3) if a stalk root vertex judges that needs move down, the root node of an another subtree judges that needs move down/do not move, then this father node moves down;
(2) if left and right subtree corresponding to node is leaf node, the rate of change of the access times of these two leaf nodes is respectively k1 and k2, then decide it by following rule and how to move;
(2.1) if access times corresponding to leaf node increase, i.e. k1>k, the access times that another leaf node is corresponding obviously increase or change not obvious, i.e. k2>k or-k<k2<k; Judge that cache node moves down;
(2.2) access times that leaf node is corresponding obviously increase, i.e. k1>k, and the access times that another leaf node is corresponding obviously reduce, i.e. k2<-k; Cache node is made not move; The access times of two leaf nodes all change not obvious, make cache node not move;
(2.3), in other situation, judge that cache node moves up;
(3) when processor carries out write operation to storer, the more access times counter2 of new data block, upgrades whole Hash tree simultaneously:
(3.1) when CPU is to internal memory writing data blocks data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded;
(3.2) this data block is connected with the data block corresponding to sibling, recalculate after data block connects cryptographic hash hash, upgrade the cryptographic hash of father node, repeat this process until root node;
(3.3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, write operation terminates;
(4) when processor carries out read operation to storer, the more access times counter2 of new data block, carries out integrity check to data simultaneously.Concrete operation is as follows:
(4.1) when CPU is from internal memory read data block data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded;
(4.2) data block is connected with the data block corresponding to sibling, calculate data block connect after cryptographic hash hash, check whether buffer memory hits simultaneously, if do not hit, repeat this process until cache hit; Compare the cryptographic hash after calculating after cache hit whether identical with the cryptographic hash stored in buffer memory, if come to the same thing, then illustrate that data are correct, are not tampered, CPU can usage data; Otherwise, then illustrate that data are tampered, and give the alarm;
(4.3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, read operation terminates;
Beneficial effect of the present invention is:
(1) Buffer Utilization is improved.Common buffer memory Hash tree CHTree great majority are all directly utilize L2 cache to store the node of the Hash tree intermediate level, due to L2 cache will be shared with general data, if therefore the node of buffer memory is many, then the data of buffer memory must reduce, therefore the hit rate of data can be reduced, cause more internal storage access, increase time delay during processor read data; Otherwise if the intermediate node of buffer memory is few, then when carrying out integrity checking, Hash hit rate reduces, and when not hitting, the access delay of data then increases greatly.And the memory integrity protection method DCHTIP of this dynamic buffering Hash tree in this paper can adjust the node in Hash buffer memory dynamically according to the principle of locality of program; change the intermediate node that original Hash buffer memory only stores fixing level; each node in buffer memory can be used recently, improve the utilization factor of Hash buffer memory.
(2) verification path is shortened.Owing to make use of the principle of locality of program, the intermediate node stored in dynamic adjustment buffer memory.Thus shorten the average verification path of data block on the whole.
Accompanying drawing explanation
Fig. 1 (a) is the buffer memory Hash tree before improvement;
Fig. 1 (b) is the buffer memory Hash tree after improvement;
Fig. 2 is cache node regulation rule;
Fig. 3 for write data in internal memory;
Fig. 4 is read data from internal memory.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described further:
What the present invention relates to is internal memory completeness check field, is a kind of integrity checking method of internal storage data.In internal memory integrality, mainly adopt tree construction at present, as Merkle Tree, PAT, TEC-Tree protect internal memory, need from leafy node recurrence to root node when verifying, and postpone very large.Forefathers propose CHTree, and its only needs verification to node in Hash buffer memory, but due to the intermediate node of fixed storage one deck in buffer memory, cache contents is always constant.The common feature of this several tree is, does not consider the difference of data block access frequency, and the verification path of data block is identical.According to the principle of locality of program, within a period of time, some data access frequency is high, and certain some data access frequency is low.Therefore the present invention improves CHTree, makes Hash buffer memory can store the intermediate node of different levels, and the verification path of the data making access frequency high is short, the data check path length that access frequency is low, shortens verification path on the whole, reduces and postpone.
Use the cum rights check length of tree as the standard of Performance comparision, represent with WPL, namely wherein weight w ifor the read/write number of times of each leaf node; Wherein l ifor the check length of leaf node, i.e. path top set number; N is the number of node.
An integrity checking method for internal storage data, according to the principle of locality of program, the data block high to access frequency and the low data block of access frequency are distinguished.Change the intermediate node only storing fixing level in buffer memory Hash tree, make the intermediate node storing different levels in Hash buffer memory.Internal memory is divided into the data block data_block of formed objects, sets up a Hash tree using data block as leaf node.Each data block has two counter counter1 and counter2.Counter1=0, counter2=0 time initial.If t represents current time, T is measurement period.Initial seasonal T1 assignment is t.The read-write number of times of the upper statistics cycle data block of counter1 record, the block if processor reads and writes data, then make counter2 increase by 1.As current time t-T1>T, change T1 is current time.And the variation delta counter=counter2-counter1 of statistics block access number of times, and press buffer memory movement rule 1) adjustment buffer memory in node; And if counter2 does not overflow, make counter1=counter2, counter2=0; If counter2 overflows, then make counter1=0, counter2=0.The standard adopting the rate of change k of access times to move up and down as cache node, fixes k constant in systems in which.The rate of change of the actual access number of times of data block data_block is k '.Namely, as k ' >k, the access times of data block data_block are obviously rise; As k ' <-k, the access times of data block data_block are obviously decline; As k<k ' <-k, the access times change of data block data_block is not obvious.3 kinds are divided into the situation of movement of buffer memory interior joint, move down respectively, do not move, move up.Judge how cache node moves by following rule.
1) for the node of in buffer memory, it has left/right two stalk to set (respectively to left and right subtree according to step 2) to carry out recurrence judgement respectively), how this moves to judge father node according to the situation of movement of left and right subtree.Rule is as follows:
(1) if a stalk root vertex judges that needs move up, the root node of another stalk tree judges that needs move up/do not move, then this father node moves up.
(2) if a stalk root vertex judges that needs move up, the root node of an another subtree judges that needs move down, then this father node does not move.
(3) if a stalk root vertex judges that needs move down, the root node of an another subtree judges that needs move down/do not move, then this father node moves down.
2) if left and right subtree corresponding to node is leaf node, the rate of change of the access times of these two leaf nodes is respectively k1 and k2, then decide it by following rule and how to move.
(1) if access times corresponding to leaf node " obviously increase ", i.e. k1>k, the access times that another leaf node is corresponding " obviously increase " or " changing not obvious ", i.e. k2>k or-k<k2<k.In this case, judge that cache node moves down.
(2) two kinds of situations are had to need to discuss.The first is the access times " obviously increase " that a leaf node is corresponding, i.e. k1>k, the access times that another leaf node is corresponding " obviously reduce ", i.e. k2<-k.In this case, cache node is made not move.The second is, the access times of two leaf nodes all " change not obvious ", in this case, make cache node not move.
(3), in other situation, judge that cache node moves up.
When processor carries out write operation to storer, the more access times counter2 of new data block, upgrades whole Hash tree simultaneously.Concrete operation is as follows:
1) when CPU is to internal memory writing data blocks data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded.
2) this data block is connected with the data block corresponding to sibling, recalculate after data block connects cryptographic hash hash, upgrade the cryptographic hash of father node, repeat this process until root node.
3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, write operation terminates.
When processor carries out read operation to storer, the more access times counter2 of new data block, carries out integrity check to data simultaneously.Concrete operation is as follows:
1) when CPU is from internal memory read data block data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded.
2) this data block is connected with the data block corresponding to sibling, then calculate data block connect after cryptographic hash hash, check whether buffer memory hits simultaneously, if do not hit, repeat this process until cache hit; Compare the cryptographic hash after calculating after cache hit whether identical with the cryptographic hash stored in buffer memory, if come to the same thing, then illustrate that data are correct, are not tampered, CPU can usage data; Otherwise, then illustrate that data are tampered, and give the alarm.
3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, read operation terminates.
Use the cum rights check length cum rights check length sum of all leaf nodes (in the tree) of tree as the standard of Performance comparision, represent with WPL, namely wherein weight w ifor the read/write number of times of each leaf node.Wherein l ifor the check length of leaf node, i.e. path top set number.N is the number of node.
In order to shorten the verification path of tree, the present invention proposes a kind of integrity checking method of the internal storage data based on dynamic buffering Hash tree.The thought that the present invention is based on buffer memory Hash tree is further improved when cache hit again, namely makes differentiation to the high data block of access frequency and the low data block of access frequency.The check length of the node making access frequency different is different, and namely the check length of the node that access frequency is high is short; Otherwise the check length of the node that access frequency is low is short.Thus shorten the average verification path of data block on the whole.As shown in Figure 1 (numeral wherein on leaf node is access times).
First provide to give a definition before introducing content of the present invention:
Weights: the read/write number of times of data block, represents with w.
The cum rights check length of node: the product that the check length between node to root vertex and node are weighed, represents with WPL, namely WPL i = w 1 * l i .
The cum rights check length of tree: the cum rights check length sum of all leaf nodes in tree, represents with WPL, namely W P L = &Sigma; i = 1 i = n w i * l i .
According to the principle of locality of program, the data block high to access frequency and the low data block of access frequency are distinguished.Change the intermediate node only storing fixing level in buffer memory Hash tree, make the intermediate node storing different levels in Hash buffer memory.Internal memory is divided into the data block data_block of formed objects, sets up a Hash tree using data block as leaf node.Each data block has two counter counter1 and counter2.Counter1=0, counter2=0 time initial.If t represents current time, T is measurement period.Initial seasonal T1 assignment is t.The read-write number of times of the upper statistics cycle data block of counter1 record, the block if processor reads and writes data, then make counter2 increase by 1.As current time t-T1>T, change T1 is current time.And the variation delta counter=counter2-counter1 of statistics block access number of times, and press the node in buffer memory movement rule (1.1) adjustment buffer memory; And if counter2 does not overflow, make counter1=counter2, counter2=0; If counter2 overflows, then make counter1=0, counter2=0.The standard adopting the rate of change k of access times to move up and down as cache node, fixes k constant in systems in which.The rate of change of the actual access number of times of data block data_block is k '.Namely, as k ' >k, the access times of data block data_block are obviously rise; As k ' <-k, the access times of data block data_block are obviously decline; As k<k ' <-k, the access times change of data block data_block is not obvious.3 kinds are divided into the situation of movement of buffer memory interior joint, move down respectively, do not move, move up.
By following process implementation internal memory integrity checking method of the present invention:
1) initialization
(1) internal memory is divided into the data block data_block of formed objects, sets up a Hash tree using data block as leaf node.Each data block has two counter counter1 and counter2.Counter1=0, counter2=0 time initial.If t represents current time, T is measurement period.Initial seasonal T1 assignment is t.
(2) data structure adopts 3 linked list type, as follows:
Node
{
Long int counter; // read-write number of times, as the weights of leaf node
Long int hash; // cryptographic hash
Struct node*lchild; // left child
Struct node*rchild; // right child
Struct node*parent; // father node
}node;
2) cache node regulation rule
As shown in Figure 2, concrete steps are as follows for the flow process of cache node adjustment:
(1) for the node of in buffer memory, it has left/right two stalk to set (carrying out recurrence judgement to left and right subtree according to step 1.2 respectively) respectively, and how this moves to judge father node according to the situation of movement of left and right subtree.Rule is as follows:
If a) a stalk root vertex judges that needs move up, the root node of another stalk tree judges that needs move up/do not move, then this father node moves up.
If b) a stalk root vertex judges that needs move up, the root node of an another subtree judges that needs move down, then this father node does not move.
If c) a stalk root vertex judges that needs move down, the root node of an another subtree judges that needs move down/do not move, then this father node moves down.
(2) if left and right subtree corresponding to node is leaf node, the rate of change of the access times of these two leaf nodes is respectively k1 and k2, then decide it by following rule and how to move.
If the access times " obviously increase " that a) leaf node is corresponding, i.e. k1>k, the access times that another leaf node is corresponding " obviously increase " or " changing not obvious ", i.e. k2>k or-k<k2<k.In this case, judge that cache node moves down.
B) two kinds of situations are had to need to discuss.The first is the access times " obviously increase " that a leaf node is corresponding, i.e. k1>k, the access times that another leaf node is corresponding " obviously reduce ", i.e. k2<-k.In this case, cache node is made not move.The second is, the access times of two leaf nodes all " change not obvious ", in this case, make cache node not move.
C), in other situation, judge that cache node moves up.
3) in internal memory, a data block is write
When processor carries out write operation to storer, the more access times counter2 of new data block, upgrades whole Hash tree simultaneously.Processor carries out the flow process of write operation as shown in Figure 3 to storer, and concrete operation is as follows:
(1) when CPU is to internal memory writing data blocks data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded.
(2) this data block is connected with the data block corresponding to sibling, recalculate after data block connects cryptographic hash hash, upgrade the cryptographic hash of father node, repeat this process until root node.
(3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, write operation terminates.
4) from internal memory, a data block is read
When processor carries out read operation to storer, the more access times counter2 of new data block, carries out integrity check to data simultaneously.Processor carries out the flow process of read operation as shown in Figure 4 to storer, and concrete operation is as follows:
(1) when CPU is from internal memory read data block data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded.
(2) this data block is connected with the data block corresponding to sibling, then calculate data block connect after cryptographic hash hash, check whether buffer memory hits simultaneously, if do not hit, repeat this process until cache hit; Compare the cryptographic hash after calculating after cache hit whether identical with the cryptographic hash stored in buffer memory, if come to the same thing, then illustrate that data are correct, are not tampered, CPU can usage data; Otherwise, then illustrate that data are tampered, and give the alarm.
(3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, read operation terminates.
The object of the present invention is achieved like this:
The present invention uses SimpleScalar tool Set 3.0 simulator to realize a kind of memory integrity protection method based on dynamic buffering Hash tree proposed by the invention.
1, cache node regulation rule
As shown in Figure 2, concrete steps are as follows for the flow process of cache node adjustment:
(1) for the node of in buffer memory, it has left/right two stalk to set (carrying out recurrence judgement to left and right subtree according to step 1.2 respectively) respectively, and how this moves to judge father node according to the situation of movement of left and right subtree.Rule is as follows:
If a) a stalk root vertex judges that needs move up, the root node of another stalk tree judges that needs move up/do not move, then this father node moves up.
If b) a stalk root vertex judges that needs move up, the root node of an another subtree judges that needs move down, then this father node does not move.
If c) a stalk root vertex judges that needs move down, the root node of an another subtree judges that needs move down/do not move, then this father node moves down.
(2) if left and right subtree corresponding to node is leaf node, the rate of change of the access times of these two leaf nodes is respectively k1 and k2, then decide it by following rule and how to move.
If the access times " obviously increase " that a) leaf node is corresponding, i.e. k1>k, the access times that another leaf node is corresponding " obviously increase " or " changing not obvious ", i.e. k2>k or-k<k2<k.In this case, judge that cache node moves down.
B) two kinds of situations are had to need to discuss.The first is the access times " obviously increase " that a leaf node is corresponding, i.e. k1>k, the access times that another leaf node is corresponding " obviously reduce ", i.e. k2<-k.In this case, cache node is made not move.The second is, the access times of two leaf nodes all " change not obvious ", in this case, make cache node not move.
C), in other situation, judge that cache node moves up.
The specific algorithm that the present invention realizes operating cache node adjustment in simulator describes as shown in algorithm 1.
2, in internal memory, a data block is write
When processor carries out write operation to storer, the more access times counter2 of new data block, upgrades whole Hash tree simultaneously.Processor carries out the flow process of write operation as shown in Figure 3 to storer, and concrete operation is as follows:
(1) when CPU is to internal memory writing data blocks data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded.
(2) this data block is connected with the data block corresponding to sibling, recalculate after data block connects cryptographic hash hash, upgrade the cryptographic hash of father node, repeat this process until root node.
(3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, write operation terminates.
The specific algorithm that the present invention realizes when writing a data block in internal memory in simulator describes as shown in algorithm 2.
3, from internal memory, a data block is read
When processor carries out read operation to storer, the more access times counter2 of new data block, carries out integrity check to data simultaneously.Processor carries out the flow process of read operation as shown in Figure 4 to storer, and concrete operation is as follows:
(1) when CPU is from internal memory read data block data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded.
(2) this data block is connected with the data block corresponding to sibling, then calculate data block connect after cryptographic hash hash, check whether buffer memory hits simultaneously, if do not hit, repeat this process until cache hit; Compare the cryptographic hash after calculating after cache hit whether identical with the cryptographic hash stored in buffer memory, if come to the same thing, then illustrate that data are correct, are not tampered, CPU can usage data; Otherwise, then illustrate that data are tampered, and give the alarm.
(3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, read operation terminates.
The specific algorithm that the present invention realizes when reading a data block from internal memory in simulator describes as shown in algorithm 3.

Claims (1)

1. an integrity checking method for internal storage data, is characterized in that: according to the principle of locality of program, and the data block high to access frequency and the low data block of access frequency are distinguished; Change the intermediate node only storing fixing level in buffer memory Hash tree, make the intermediate node storing different levels in Hash buffer memory; Internal memory is divided into the data block data_block of formed objects, sets up a Hash tree using data block as leaf node; Each data block has two counter counter1 and counter2; Counter1=0, counter2=0 time initial; If t represents current time, T is measurement period; Initial seasonal T1 assignment is t; The read-write number of times of the upper statistics cycle data block of counter1 record, the block if processor reads and writes data, then make counter2 increase by 1; As current time t-T1>T, change T1 is current time; And the variation delta counter=counter2-counter1 of statistics block access number of times, and press the node in buffer memory movement rule adjustment buffer memory; And if counter2 does not overflow, make counter1=counter2, counter2=0; If counter2 overflows, then make counter1=0, counter2=0; The standard adopting the rate of change k of access times to move up and down as cache node, fixes k constant in systems in which; The rate of change of the actual access number of times of data block data_block is k '; Namely, as k ' >k, the access times of data block data_block are obviously rise; As k ' <-k, the access times of data block data_block are obviously decline; As k<k ' <-k, the access times change of data block data_block is not obvious; 3 kinds are divided into the situation of movement of buffer memory interior joint, move down respectively, do not move, move up; Judge how cache node moves by following rule:
(1) for the node of in buffer memory, have left/right two stalk to set respectively, how this moves to judge father node according to the situation of movement of left and right subtree; Rule is as follows:
(1.1) if a stalk root vertex judges that needs move up, the root node of another stalk tree judges that needs move up/do not move, then this father node moves up;
(1.2) if a stalk root vertex judges that needs move up, the root node of an another subtree judges that needs move down, then this father node does not move;
(1.3) if a stalk root vertex judges that needs move down, the root node of an another subtree judges that needs move down/do not move, then this father node moves down;
(2) if left and right subtree corresponding to node is leaf node, the rate of change of the access times of these two leaf nodes is respectively k1 and k2, then decide it by following rule and how to move;
(2.1) if access times corresponding to leaf node increase, i.e. k1>k, the access times that another leaf node is corresponding obviously increase or change not obvious, i.e. k2>k or-k<k2<k; Judge that cache node moves down;
(2.2) access times that leaf node is corresponding obviously increase, i.e. k1>k, and the access times that another leaf node is corresponding obviously reduce, i.e. k2<-k; Cache node is made not move; The access times of two leaf nodes all change not obvious, make cache node not move;
(2.3), in other situation, judge that cache node moves up;
(3) when processor carries out write operation to storer, the more access times counter2 of new data block, upgrades whole Hash tree simultaneously:
(3.1) when CPU is to internal memory writing data blocks data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded;
(3.2) this data block is connected with the data block corresponding to sibling, recalculate after data block connects cryptographic hash hash, upgrade the cryptographic hash of father node, repeat this process until root node;
(3.3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, write operation terminates;
(4) when processor carries out read operation to storer, the more access times counter2 of new data block, carries out integrity check to data simultaneously.Concrete operation is as follows:
(4.1) when CPU is from internal memory read data block data_block [i], its counter counter2 [i]=counter2 [i]+1 is upgraded;
(4.2) data block is connected with the data block corresponding to sibling, calculate data block connect after cryptographic hash hash, check whether buffer memory hits simultaneously, if do not hit, repeat this process until cache hit; Compare the cryptographic hash after calculating after cache hit whether identical with the cryptographic hash stored in buffer memory, if come to the same thing, then illustrate that data are correct, are not tampered, CPU can usage data; Otherwise, then illustrate that data are tampered, and give the alarm;
(4.3) judge whether t-T1>T sets up, if set up, then represent and arrived a measurement period, change T1 is current time, and the variable quantity of statistics block access number of times, readjusts the node in buffer memory according to cache node regulation rule simultaneously; If be false, read operation terminates;
Use the cum rights check length of tree as the standard of Performance comparision, represent with WPL, namely wherein weight w ifor the read/write number of times of each leaf node; Wherein l ifor the check length of leaf node, i.e. path top set number; N is the number of node.
CN201510458902.4A 2015-07-30 2015-07-30 A kind of integrity checking method of internal storage data Active CN105022968B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510458902.4A CN105022968B (en) 2015-07-30 2015-07-30 A kind of integrity checking method of internal storage data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510458902.4A CN105022968B (en) 2015-07-30 2015-07-30 A kind of integrity checking method of internal storage data

Publications (2)

Publication Number Publication Date
CN105022968A true CN105022968A (en) 2015-11-04
CN105022968B CN105022968B (en) 2017-12-19

Family

ID=54412930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510458902.4A Active CN105022968B (en) 2015-07-30 2015-07-30 A kind of integrity checking method of internal storage data

Country Status (1)

Country Link
CN (1) CN105022968B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107220560A (en) * 2017-06-22 2017-09-29 北京航空航天大学 A kind of embedded system data completeness protection method expanded based on data buffer storage
CN109492005A (en) * 2018-11-07 2019-03-19 郑州云海信息技术有限公司 A kind of B+ tree read buffer method and relevant apparatus
CN109725983A (en) * 2018-11-22 2019-05-07 海光信息技术有限公司 A kind of method for interchanging data, device, relevant device and system
CN112597488A (en) * 2020-12-30 2021-04-02 海光信息技术股份有限公司 Page table integrity protection method, device and equipment
CN112651054A (en) * 2020-12-30 2021-04-13 海光信息技术股份有限公司 Memory data integrity protection method and device and electronic equipment
CN112948166A (en) * 2019-10-16 2021-06-11 长江存储科技有限责任公司 Data processing method and related product
CN113111391A (en) * 2021-04-09 2021-07-13 支付宝(杭州)信息技术有限公司 Method for memory integrity protection and memory controller

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355352A (en) * 2011-07-24 2012-02-15 哈尔滨工程大学 Data confidentiality and integrity protection method
US20120072470A1 (en) * 2010-09-22 2012-03-22 International Business Machines Corporation Write behind cache with m-to-n referential integrity
CN102629236A (en) * 2012-02-22 2012-08-08 哈尔滨工程大学 Memory protection method based on unequal-length counter
CN102841998A (en) * 2012-07-11 2012-12-26 哈尔滨工程大学 Stored data integrity protection method of memory addition validator

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120072470A1 (en) * 2010-09-22 2012-03-22 International Business Machines Corporation Write behind cache with m-to-n referential integrity
CN102355352A (en) * 2011-07-24 2012-02-15 哈尔滨工程大学 Data confidentiality and integrity protection method
CN102629236A (en) * 2012-02-22 2012-08-08 哈尔滨工程大学 Memory protection method based on unequal-length counter
CN102841998A (en) * 2012-07-11 2012-12-26 哈尔滨工程大学 Stored data integrity protection method of memory addition validator

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
马海峰等: "基于不等长counter的存储器机密性和完整性保护方法", 《电子学报》 *
马海峰等: "非对称hash树存储器完整性保护方法", 《小型微型计算机系统》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107220560A (en) * 2017-06-22 2017-09-29 北京航空航天大学 A kind of embedded system data completeness protection method expanded based on data buffer storage
CN109492005A (en) * 2018-11-07 2019-03-19 郑州云海信息技术有限公司 A kind of B+ tree read buffer method and relevant apparatus
CN109725983A (en) * 2018-11-22 2019-05-07 海光信息技术有限公司 A kind of method for interchanging data, device, relevant device and system
CN109725983B (en) * 2018-11-22 2021-07-27 海光信息技术股份有限公司 Data exchange method, device, related equipment and system
CN112948166A (en) * 2019-10-16 2021-06-11 长江存储科技有限责任公司 Data processing method and related product
CN112948166B (en) * 2019-10-16 2021-12-21 长江存储科技有限责任公司 Data processing method and related product
CN112597488A (en) * 2020-12-30 2021-04-02 海光信息技术股份有限公司 Page table integrity protection method, device and equipment
CN112651054A (en) * 2020-12-30 2021-04-13 海光信息技术股份有限公司 Memory data integrity protection method and device and electronic equipment
CN112651054B (en) * 2020-12-30 2022-10-14 海光信息技术股份有限公司 Memory data integrity protection method and device and electronic equipment
CN113111391A (en) * 2021-04-09 2021-07-13 支付宝(杭州)信息技术有限公司 Method for memory integrity protection and memory controller
CN113111391B (en) * 2021-04-09 2022-07-08 支付宝(杭州)信息技术有限公司 Method for memory integrity protection and memory controller

Also Published As

Publication number Publication date
CN105022968B (en) 2017-12-19

Similar Documents

Publication Publication Date Title
CN105022968A (en) Integrity checking method of memory data
CN105138478A (en) Memory integrity protection method employing unbalanced hash tree mode
US11914449B2 (en) Methods and apparatus for characterizing memory devices
WO2018121319A1 (en) Block data check method and apparatus
Breslow et al. Horton tables: Fast hash tables for {In-Memory}{Data-Intensive} computing
CN102629258B (en) Repeating data deleting method and device
CN105069379A (en) Memory integrity protection method based on write counter
CN110023939A (en) Method and apparatus for the checkpoint in storage device based on range
US11171774B2 (en) System for synchronizing a cryptographic key state through a blockchain
US9336152B1 (en) Method and system for determining FIFO cache size
US11847183B2 (en) Methods and apparatus for checking the results of characterized memory searches
CN103164219B (en) The distributing real time system system of polymorphic type copy is used in decentralization framework
US10957416B2 (en) Methods and apparatus for maintaining characterized memory devices
US20170235496A1 (en) Data deduplication with augmented cuckoo filters
CN102831222A (en) Differential compression method based on data de-duplication
CN102521330A (en) Mirror distributed storage method under desktop virtual environment
CN105243334B (en) A kind of data storage protection method and system
CN105359108A (en) Storage systems with adaptive erasure code generation
Duro et al. A hierarchical parallel storage system based on distributed memory for large scale systems
CN109191287A (en) A kind of sharding method, device and the electronic equipment of block chain intelligence contract
CN101901316B (en) Data integrity protection method based on Bloom filter
CN107632779B (en) Data processing method and device and server
Du et al. ESD: An ECC-assisted and Selective Deduplication for Encrypted Non-Volatile Main Memory
Borba et al. Stochastic modeling for performance and availability evaluation of hybrid storage systems
CN107193947A (en) A kind of file system cache incremental refreshment method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant