CN105184167A - Trusted platform module (TPM) fine-grained permission-based Android system security enhancement system and method - Google Patents
Trusted platform module (TPM) fine-grained permission-based Android system security enhancement system and method Download PDFInfo
- Publication number
- CN105184167A CN105184167A CN201510428961.7A CN201510428961A CN105184167A CN 105184167 A CN105184167 A CN 105184167A CN 201510428961 A CN201510428961 A CN 201510428961A CN 105184167 A CN105184167 A CN 105184167A
- Authority
- CN
- China
- Prior art keywords
- module
- authority
- tpm
- application
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses trusted platform module (TPM) fine-grained permission-based Android system security enhancement system and method. The system comprises an application layer, an application framework layer, a kernel layer and a hardware layer, wherein the application layer comprises a common application and an administrator application; the application framework layer comprises a user audit module, an installation program module and an application package file (APK) security instruction module; the kernel layer comprises a private data module, a privacy permission management module, a common data module and a shared region; and the hardware layer comprises a TPM. The TPM fine-grained permission-based Android system security enhancement system and method have the beneficial effects that the defects in traditional coarse-grained permission control are overcome through a fine-grained privacy permission distribution module; a multi-application and multi-permission distribution strategy is achieved; through the TPM, trusted storage, trusted identification and trusted reporting of the privacy permission can be achieved; with the TPM as a trusted root, the data security is ensured through a trust chain; a malicious application or progress elevation permission is prevented from accessing privacy data of other applications or progresses; the security mechanism is high; and the TPM fine-grained permission-based Android system security enhancement system and method can be widely applied to the environment with high demands on the security level.
Description
Technical field
The present invention relates to the method for the credible and secure enhancing of a kind of Android operation system, particularly relate to one and be applicable to existing secure operating system framework (as LSM), based on android system safety enhancing system and the method for credible platform module (TPM) fine granularity authority.
Background technology
Along with the widespread use of mobile terminal, Android operation system enters into the life of people, becomes operating system most popular in numerous operating system.Because Android is an open system, giving people easily simultaneously, also create many potential safety hazards, therefore the safety of system is particularly important.Current had the safety of multiple reality enhancing operating system to be designed and to have opened out.The wherein important state security policy operating system had based on Flask architecture, the most influential secure operating system SecurityLinux and its realization mechanism LSM (LinuxSecurityModel).
LSM (LinuxSecurityModel) is a lightweight generalized framework for access control, the mode making various different safe access control model can load kernel with Linux realizes, and selects appropriate security module to be loaded in kernel as required.Not enhancement mode access control model at present, as all accomplished on LSM framework in enhanced security Linux (SELinux), territory and type enhancing (DTE) etc.
Traditional access control DAC (DiscretionaryAccessControl, self contained navigation model) greatest problem is that the authority of main body is too large, and just likely leak important information unintentionally, opposing attacking ability is more weak.MAC (MandatoryAccessControl, Mandatory Access Control Model) be a kind of a kind of access mode imposing on access main body, it is larger that its major defect of MAC is to realize workload, management is inconvenient, underaction, and owing to overemphasizing confidentiality, to system continuous working ability, empowerment management aspect is considered not enough.
TPM (TrustedPlatformModule, credible platform module) be a small-sized SOC (system on a chip) containing crypto-operation parts and memory unit, the module that can be used as independent operating is connected with trusted computer platform mainboard, with platform motherboard peripherals form believable hardware platform, for system software provides credible tolerance, trusted storage and credible report etc.It is the maker of key, it is again key management device, additionally provide unified DLL (dynamic link library) simultaneously, TPM is by providing the characteristic such as key management and configuration management, together with supporting application software, the functions such as the reliability certification of computing platform, authenticating user identification and digital signature are mainly used in.Meanwhile, utilize various key in the encrypting module generation system of TPM built-in chip type, application modules carries out encryption and decryption, upwards provides secure communication interface, to ensure the safety of upper application module.
Summary of the invention
The object of the invention is to overcome the deficiencies in the prior art, a kind of shortcoming being changed coarseness control of authority in the past by fine granularity privacy authority distribution module is provided, achieve many application many right assignment strategies; Take TPM as root of trust, ensured the security of data by trust chain, achieve Android operation system and the fine granularity authority trust authentication technology android system safety enhancing system based on TPM fine granularity authority that strengthens of tightly coupled safety and method.
The object of the invention is to be achieved through the following technical solutions: based on the android system safety enhancing system of TPM fine granularity authority, comprise application layer, application framework layer, inner nuclear layer and hardware layer:
Described application layer comprises common application and keeper's application;
Described application framework layer comprises: user's auditing module, for whether installing common application to application layer audits;
Installation procedure module: the installation being used to guide common application;
The safe indicating module of APK: enter fine granularity privacy authority distribution module for guiding common application;
Fine granularity privacy authority distribution module: the personalized secure strategy formulated for the security strategy that retains according to system and user applies distribution authority for application common application and keeper;
Described inner nuclear layer comprises private data module, privacy authority administration module, general data module and shared region;
Described hardware layer comprises TPM module, for providing protection for the authority records of new application.
Further, described privacy authority administration module comprises privacy authority record sub module, privacy authority checking submodule and verifies credible report submodule.
The safe Enhancement Method of android system based on TPM fine granularity authority of the present invention, comprises the following steps:
S1, application layer send to user's auditing module the request of installation when needing to install common application;
The auditing result that S2, application layer return according to user's auditing module operates: if user determines to install this common application, install under the guidance of installation procedure, otherwise inoperation;
S3, common application enter fine granularity privacy authority distribution module after being indicated safely by APK, the security strategy that fine granularity privacy authority distribution module retains according to system and the personalized secure strategy that user formulates are that new common application of installing distributes authority, the authority records of new common application, by calling TPM Driver Library interface, is write privacy authority administration module by fine granularity privacy authority distribution module;
Need to be verified by privacy authority administration module during S4, subject process access object data: subject process initiates system call access object data, privacy authority administration module is verified this system call command, then allow access if the verification passes, otherwise the abnormal behaviour of record subject process, and interrupt this visit.
Further, described step S4 specifically comprises following sub-step:
S41, subject process initiate the request of access to object data by system call command;
The integrity report of S42, TPM module receiving system regulative strategy module request strategy;
After S43, TPM module receives request, the corresponding information of request is passed to authority trust authentication submodule;
S44, authority trust authentication submodule call the authority records of subject process and object data respectively from the credible record sub module of authority, between Subjective and Objective authority and the authority of Subjective and Objective self carry out integrity measurement;
The result of Subjective and Objective authority is passed to the credible report submodule of authority by S45, authority trust authentication submodule, and records this authentication result;
The certification that S46, the credible report submodule of system call policy module reading authority send is reported the result, and generates strategy;
S47, system operate object data according to strategy.
Wherein, described system strategy module contains tactful judging part and strategy implements parts.In step S42, TPM module connected the integrity report of the hook receiving system regulative strategy module request strategy being embedded into system call policy module.
Further, the main body described in the present invention is the perform bulk-process in system, and object comprises file, catalogue, equipment, IPC and Socket object.
The invention has the beneficial effects as follows: the shortcoming being changed coarseness control of authority in the past by fine granularity privacy authority distribution module, achieve many application many right assignment strategies; By TPM module, can realize the trusted storage of privacy authority, trust authentication and credible report, in system operation, take TPM as root of trust, ensured the security of data by trust chain, stop malicious application or process lifting authority to access the private data of other application or process; Achieve Android operation system and fine granularity authority trust authentication technology tightly coupled safety strengthens, make security mechanism stronger, can widespread use and safe class is required in high environment.
Accompanying drawing explanation
Fig. 1 is android system safety enhancing system structural representation of the present invention;
Fig. 2 is subject process of the present invention access object data flowchart.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with accompanying drawing, the present invention is described in more detail.Arbitrary feature disclosed in this instructions (comprising any accessory claim, summary and accompanying drawing), unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.
As shown in Figure 1, based on the android system safety enhancing system of TPM fine granularity authority, comprise application layer, application framework layer, inner nuclear layer and hardware layer:
Described application layer comprises common application (common application A, common application B) and keeper's application;
Described application framework layer comprises: user's auditing module, for whether installing common application to application layer audits;
Installation procedure module: the installation being used to guide common application;
The safe indicating module of APK: enter fine granularity privacy authority distribution module for guiding common application;
Fine granularity privacy authority distribution module: the personalized secure strategy formulated for the security strategy that retains according to system and user applies distribution authority for application common application and keeper;
Described inner nuclear layer comprises private data module, privacy authority administration module, general data module and shared region;
Described hardware layer comprises TPM module, for providing protection for the authority records of new application.
Further, described privacy authority administration module comprises privacy authority record sub module, privacy authority checking submodule and verifies credible report submodule.
The safe Enhancement Method of android system based on TPM fine granularity authority of the present invention, comprises the following steps:
S1, application layer send to user's auditing module the request of installation when needing to install common application;
The auditing result that S2, application layer return according to user's auditing module operates: if user determines to install this common application, install under the guidance of installation procedure, otherwise inoperation;
S3, common application enter fine granularity privacy authority distribution module after being indicated safely by APK, the security strategy that fine granularity privacy authority distribution module retains according to system and the personalized secure strategy that user formulates are that new common application of installing distributes authority, the authority records of new common application, by calling TPM Driver Library interface, is write privacy authority administration module by fine granularity privacy authority distribution module;
Need to be verified by privacy authority administration module during S4, subject process access object data: subject process initiates system call access object data, privacy authority administration module is verified this system call command, then allow access if the verification passes, otherwise the abnormal behaviour of record subject process, and interrupt this visit.
Further, as shown in Figure 2, described step S4 specifically comprises following sub-step:
S41, subject process initiate the request of access to object data by system call command;
The integrity report of S42, TPM module receiving system regulative strategy module request strategy;
After S43, TPM module receives request, the corresponding information of request is passed to authority trust authentication submodule;
S44, authority trust authentication submodule call the authority records of subject process and object data respectively from the credible record sub module of authority, between Subjective and Objective authority and the authority of Subjective and Objective self carry out integrity measurement;
The result of Subjective and Objective authority is passed to the credible report submodule of authority by S45, authority trust authentication submodule, and records this authentication result;
The certification that S46, the credible report submodule of system call policy module reading authority send is reported the result, and generates strategy;
S47, system operate object data according to strategy.
Wherein, described system strategy module contains tactful judging part and strategy implements parts.In step S42, TPM module connected the integrity report of the hook receiving system regulative strategy module request strategy being embedded into system call policy module.
Further, the main body described in the present invention is the perform bulk-process in system, and object comprises file, catalogue, equipment, IPC and Socket object.
Fine granularity privacy authority distribution module of the present invention changes the shortcoming of coarseness control of authority in the past, realizes many application many right assignment strategies.By TPM module, the trusted storage of privacy authority, trust authentication and credible report can be realized.In addition, in system operation, take TPM as root of trust, ensured the security of data by trust chain, stop malicious application or process lifting authority to access the private data of other application or process.
Adopt LSM framework and credible platform module (TPM); application fine granularity privacy authority allocation strategy; by close coupled system, Android operation system security function is rooted in the trusted mechanism protection of TPM, achieves the secure and trusted of application process operational process.Safety due to whole system is structured on the basis of root of trust, and only have and fully believe that the TPM of root of trust is safe, then whole system is safe.TPM is the hardware device possessing physical security protective characteristic, therefore adopts the security of system grade of this technique construction very high.The present invention can widespread use with require to go in high environment to safe class.
Those of ordinary skill in the art will appreciate that, embodiment described here is to help reader understanding's principle of the present invention, should be understood to that protection scope of the present invention is not limited to so special statement and embodiment.Those of ordinary skill in the art can make various other various concrete distortion and combination of not departing from essence of the present invention according to these technology enlightenment disclosed by the invention, and these distortion and combination are still in protection scope of the present invention.
Claims (7)
1. based on the android system safety enhancing system of TPM fine granularity authority, it is characterized in that, comprise application layer, application framework layer, inner nuclear layer and hardware layer:
Described application layer comprises common application and keeper's application;
Described application framework layer comprises: user's auditing module, for whether installing common application to application layer audits;
Installation procedure module: the installation being used to guide common application;
The safe indicating module of APK: enter fine granularity privacy authority distribution module for guiding common application;
Fine granularity privacy authority distribution module: the personalized secure strategy formulated for the security strategy that retains according to system and user applies distribution authority for application common application and keeper;
Described inner nuclear layer comprises private data module, privacy authority administration module, general data module and shared region;
Described hardware layer comprises TPM module, for providing protection for the authority records of new application.
2. the android system safety enhancing system based on TPM fine granularity authority according to claim 1, it is characterized in that, described privacy authority administration module comprises privacy authority record sub module, privacy authority checking submodule and verifies credible report submodule.
3., based on the safe Enhancement Method of android system of TPM fine granularity authority, it is characterized in that, comprise the following steps:
S1, application layer send to user's auditing module the request of installation when needing to install common application;
The auditing result that S2, application layer return according to user's auditing module operates: if user determines to install this common application, install under the guidance of installation procedure, otherwise inoperation;
S3, common application enter fine granularity privacy authority distribution module after being indicated safely by APK, the security strategy that fine granularity privacy authority distribution module retains according to system and the personalized secure strategy that user formulates are that new common application of installing distributes authority, the authority records of new common application, by calling TPM Driver Library interface, is write privacy authority administration module by fine granularity privacy authority distribution module;
Need to be verified by privacy authority administration module during S4, subject process access object data: subject process initiates system call access object data, privacy authority administration module is verified this system call command, then allow access if the verification passes, otherwise the abnormal behaviour of record subject process, and interrupt this visit.
4. the safe Enhancement Method of android system based on TPM fine granularity authority according to claim 3, it is characterized in that, described step S4 specifically comprises following sub-step:
S41, subject process initiate the request of access to object data by system call command;
The integrity report of S42, TPM module receiving system regulative strategy module request strategy;
After S43, TPM module receives request, the corresponding information of request is passed to authority trust authentication submodule;
S44, authority trust authentication submodule call the authority records of subject process and object data respectively from the credible record sub module of authority, between Subjective and Objective authority and the authority of Subjective and Objective self carry out integrity measurement;
The result of Subjective and Objective authority is passed to the credible report submodule of authority by S45, authority trust authentication submodule, and records this authentication result;
The certification that S46, the credible report submodule of system call policy module reading authority send is reported the result, and generates strategy;
S47, system operate object data according to strategy.
5. the safe Enhancement Method of android system based on TPM fine granularity authority according to claim 4, is characterized in that, described system strategy module contains tactful judging part and strategy implements parts.
6. the safe Enhancement Method of android system based on TPM fine granularity authority according to claim 4, it is characterized in that, in described step S42, TPM module connected the integrity report of the hook receiving system regulative strategy module request strategy being embedded into system call policy module.
7. the safe Enhancement Method of android system based on TPM fine granularity authority according to claim 4, is characterized in that, described main body is the perform bulk-process in system, and object comprises file, catalogue, equipment, IPC and Socket object.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510428961.7A CN105184167B (en) | 2015-07-21 | 2015-07-21 | Android system safety enhancing system and method based on TPM fine granularity authorities |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510428961.7A CN105184167B (en) | 2015-07-21 | 2015-07-21 | Android system safety enhancing system and method based on TPM fine granularity authorities |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105184167A true CN105184167A (en) | 2015-12-23 |
| CN105184167B CN105184167B (en) | 2017-12-08 |
Family
ID=54906241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510428961.7A Active CN105184167B (en) | 2015-07-21 | 2015-07-21 | Android system safety enhancing system and method based on TPM fine granularity authorities |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105184167B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106372537A (en) * | 2016-08-31 | 2017-02-01 | 宇龙计算机通信科技(深圳)有限公司 | Document protection method and device and terminal equipment |
| CN106997434A (en) * | 2017-03-28 | 2017-08-01 | 西安电子科技大学 | Secret protection module and guard method based on android system |
| CN105740713B (en) * | 2016-01-28 | 2018-03-27 | 浪潮电子信息产业股份有限公司 | A kind of TPM read/writing control methods based on priority |
| CN108694329A (en) * | 2018-05-15 | 2018-10-23 | 中国科学院信息工程研究所 | A kind of mobile intelligent terminal security incident based on software and hardware combining is credible record system and method |
| CN108769002A (en) * | 2018-05-24 | 2018-11-06 | 南京奥工信息科技有限公司 | The method for security protection of Android terminal acceleration information based on difference privacy |
| CN108830100A (en) * | 2018-05-30 | 2018-11-16 | 山东大学 | Privacy of user leakage detection method, server and system based on multi-task learning |
| CN111125793A (en) * | 2019-12-23 | 2020-05-08 | 北京工业大学 | Trusted verification method and system for object memory in access control |
| CN117194286A (en) * | 2023-09-08 | 2023-12-08 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
| US20140157351A1 (en) * | 2012-12-04 | 2014-06-05 | International Business Machines Corporation | Mobile device security policy based on authorized scopes |
| CN104156660A (en) * | 2014-08-28 | 2014-11-19 | 东南大学 | Android permission fine-grained access control method based on operating environment state |
| CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
| CN104243491A (en) * | 2014-09-30 | 2014-12-24 | 深圳数字电视国家工程实验室股份有限公司 | Trusted security service control method and system |
-
2015
- 2015-07-21 CN CN201510428961.7A patent/CN105184167B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
| US20140157351A1 (en) * | 2012-12-04 | 2014-06-05 | International Business Machines Corporation | Mobile device security policy based on authorized scopes |
| CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
| CN104156660A (en) * | 2014-08-28 | 2014-11-19 | 东南大学 | Android permission fine-grained access control method based on operating environment state |
| CN104243491A (en) * | 2014-09-30 | 2014-12-24 | 深圳数字电视国家工程实验室股份有限公司 | Trusted security service control method and system |
Non-Patent Citations (2)
| Title |
|---|
| 戴威 等: "基于Android权限机制的动态隐私保护模型", 《计算机应用研究》 * |
| 蒋绍林 等: "Android安全研究综述", 《计算机应用与软件》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105740713B (en) * | 2016-01-28 | 2018-03-27 | 浪潮电子信息产业股份有限公司 | A kind of TPM read/writing control methods based on priority |
| CN106372537B (en) * | 2016-08-31 | 2019-08-30 | 宇龙计算机通信科技(深圳)有限公司 | A kind of document protection method, apparatus and terminal device |
| CN106372537A (en) * | 2016-08-31 | 2017-02-01 | 宇龙计算机通信科技(深圳)有限公司 | Document protection method and device and terminal equipment |
| CN106997434A (en) * | 2017-03-28 | 2017-08-01 | 西安电子科技大学 | Secret protection module and guard method based on android system |
| CN108694329A (en) * | 2018-05-15 | 2018-10-23 | 中国科学院信息工程研究所 | A kind of mobile intelligent terminal security incident based on software and hardware combining is credible record system and method |
| CN108769002A (en) * | 2018-05-24 | 2018-11-06 | 南京奥工信息科技有限公司 | The method for security protection of Android terminal acceleration information based on difference privacy |
| CN108769002B (en) * | 2018-05-24 | 2021-01-15 | 南京奥工信息科技有限公司 | Safety protection method for Android terminal acceleration information based on differential privacy |
| CN108830100A (en) * | 2018-05-30 | 2018-11-16 | 山东大学 | Privacy of user leakage detection method, server and system based on multi-task learning |
| CN108830100B (en) * | 2018-05-30 | 2021-11-30 | 山东大学 | User privacy leakage detection method, server and system based on multitask learning |
| CN111125793A (en) * | 2019-12-23 | 2020-05-08 | 北京工业大学 | Trusted verification method and system for object memory in access control |
| CN111125793B (en) * | 2019-12-23 | 2022-03-11 | 北京工业大学 | Trusted verification method and system for object memory in access control |
| CN117194286A (en) * | 2023-09-08 | 2023-12-08 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
| CN117194286B (en) * | 2023-09-08 | 2024-03-26 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105184167B (en) | 2017-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105184167A (en) | Trusted platform module (TPM) fine-grained permission-based Android system security enhancement system and method | |
| US8051459B2 (en) | Method and system for extending SELinux policy models and their enforcement | |
| Parno et al. | Bootstrapping trust in modern computers | |
| US8850212B2 (en) | Extending an integrity measurement | |
| KR101067399B1 (en) | Saving and retrieving data based on symmetric key encryption | |
| US20160350534A1 (en) | System, apparatus and method for controlling multiple trusted execution environments in a system | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| US20040093505A1 (en) | Open generic tamper resistant CPU and application system thereof | |
| CN106991329A (en) | A kind of trust calculation unit and its operation method based on domestic TCM | |
| KR20190063264A (en) | Method and Apparatus for Device Security Verification Utilizing a Virtual Trusted Computing Base | |
| CN103189877B (en) | software authentication | |
| WO2018149110A1 (en) | Key protection method and apparatus | |
| CN109918919A (en) | Authenticate the management of variable | |
| US20190228135A1 (en) | Method and system of state consistency protection for intel sgx | |
| CN104202296A (en) | Trusted security enhancement method for domestic operating system | |
| CN104408371A (en) | Implementation method of high security application system based on trusted execution environment | |
| CN102663313B (en) | Method for realizing information security of computer system | |
| Strackx et al. | Salus: Kernel support for secure process compartments | |
| Almohri et al. | Process authentication for high system assurance | |
| CN111245620A (en) | Mobile security application architecture in terminal and construction method thereof | |
| US20170262640A1 (en) | Database operation method and device | |
| WO2024036832A1 (en) | Method for realizing smart token cryptography application interface on basis of tpm | |
| CN105447398A (en) | Data safety protection method and device | |
| Avonds et al. | Salus: Non-hierarchical memory access rights to enforce the principle of least privilege | |
| CN102833296A (en) | Method and equipment for constructing safe computing environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |