CN105389513A - Trusted execution method and apparatus for virtual trusted platform module (vTPM) - Google Patents
Trusted execution method and apparatus for virtual trusted platform module (vTPM) Download PDFInfo
- Publication number
- CN105389513A CN105389513A CN201510837577.2A CN201510837577A CN105389513A CN 105389513 A CN105389513 A CN 105389513A CN 201510837577 A CN201510837577 A CN 201510837577A CN 105389513 A CN105389513 A CN 105389513A
- Authority
- CN
- China
- Prior art keywords
- vtpm
- communication
- secret key
- module
- sgx
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The present invention discloses a trusted execution method and apparatus for a virtual trusted platform module (vTPM). An operating system loads an SGX module, and the operating system runs a first vTPM simulator. The method comprises: the first vTPM simulator run by the operating system sending a first creation request to the SGX module, so that the SGX module establishes a first memory protection region enclave according to the first creation request and generates a first communication key, so as to execute program code of the first vTPM simulator in the first enclave to implement a second vTPM simulator; and the second vTPM simulator using the first communication key to decrypt data subsequently forwarded by the SGX module. According to the method and apparatus disclosed by the embodiments of the present invention, security isolation of a vTPM simulator from a non-trusted operating system is realized by using an SGX module and a hardware protection function of an enclave, thereby ensuring computing security of the vTPM simulator.
Description
Technical field
The present invention relates to electronic technology field, particularly relate to credible manner of execution and the device of a kind of virtual credible platform module vTPM.
Background technology
There is due to Intel Virtualization Technology the advantages such as rational resource sharing, good isolation mech isolation test, easy care and low cost; thus Intel Virtualization Technology obtains and is widely used, but virtual machine technique is also faced with the problems such as such as data security storage, sensitive information protection and integrity measurement.The target of reliable computing technology is for computer system sets up safety verification system, the TPM (TrustedPlatformModule, credible platform module) be embedded on physical equipment mainboard can provide the security functions such as hardware based credible tolerance, credible proof and credible encapsulation for computer system.Therefore, combining virtual with trust computing, is the inevitable outcome of technical development.Wherein, vTPM (VirtualTrustedPlatformModule, virtual credible platform module) be the virtualized a kind of implementation of TPM, it provides trust computing function for the multiple virtual machines operated on main frame, and the integrity measurement information of virtual machine can be obtained by vTPM, realize the safe storage of virtual-machine data, to solve the safety problem that hardware virtualization fast development brings.
VTPM implementation under different virtual mode is different.Fig. 1 be Xen do accurate virtual in the configuration diagram of vTPM, Fig. 2 is the configuration diagram of the vTPM in KVM (Kernel-basedVirtualMachine, the system virtualization of increasing income).When creating the virtual machine of band vTPM, vTPM simulator is the virtual machine creating of each new establishment and distributes a vTPM example, visioning procedure is as follows: during (1) newly-built virtual machine, first judge whether the order received requires to create the virtual machine of band vTPM, if not requirement, then carry out normal virtual machine creating flow process; (2) to ask the virtual machine creating band vTPM, then the request forward of vTPM example will be created to vTPM simulator after resolving this order; (3) vTPM simulator creates new vTPM example, for it distributes NVRAM (Non-VolatileRandomAccessMemory, the nonvolatile random access memory) file preserving permanent information and the memory headroom running vTPM; (4) newly-built vTPM example and newly-built virtual machine are bound, make it one_to_one corresponding; (5) continue other step creating virtual machine, complete to virtual machine creating.
In the prior art scheme, as shown in Figure 3, Fig. 3 is a kind of credible platform module TPM (fTPM) Organization Chart based on firmware.FTPM is isolated when can guarantee that security code performs, to prevent various potential Security Violation, when realizing isolation without the need to using Special safety processor hardware.Generally speaking; first fTPM passes through to read fTPM from system firmware or the addressable storer of firmware in booting operating system environment; and shielded ROM (read-only memory) fTPM being placed in equipment carrys out instantiation; once be instantiated, fTPM just enables isolated operation to guarantee that security code performs.Particularly; fTPM is placed in shielded ROM (read-only memory); make this equipment can use the hardware of the TrustZoneTM extension class of such as architecture, safe primitive (similar processor architecture) and the equipment based on these architectures; thus in fTPM, provide Secure execution to isolate, and without the need to carrying out hardware modifications to existing equipment.
But also support hardware is not virtual in the development of current TPM, current vTPM is based on software simulating, and as TPMEmulator, libtpms storehouse etc., they are not subject to hardware protection, vulnerable.When the vTPM service end of Xen framework operates in level of privilege domain0, the assailant with administrator right may utilize the privilege of domain0 to obtain access right to vTPM internal memory corresponding to other virtual machine on main frame, distort or delete its data or code, thus destroy the foundation of trust of respective virtual machine.Why credible the key correlation computations process of hardware TPM is, is because they all perform in the hardware inside closed, can not revealed and distort; But the key of the vTPM of software simulating produces and all realizes in host memory with encryption process, and as shown in Figure 4, in the internal memory of vTPM simulator and vTPM example during implanted malicious code, key just may be leaked out, and this just causes great safety problem.Therefore how protecting the credibility of vTPM implementation in insincere system environments and ensure the security of key correlation computations process in vTPM internal memory, is a problem needing solution badly.
Summary of the invention
The application provides credible manner of execution and the device of a kind of virtual credible platform module vTPM.The credibility of vTPM implementation in insincere system environments can be improved and ensure the security of key correlation computations process in vTPM internal memory.
First aspect, the embodiment of the application provides the credible manner of execution of a kind of virtual credible platform module vTPM, and method comprises:
Run in an operating system and have a vTPM simulator, first operating system by SGX module loading in operating system, then a vTPM simulator sends the first request to create to the SGX module be loaded in operating system, after SGX module receives the first request to create, the first memory protect region enclave is set up according to the first request to create, and generate the secret key of the first communication, it is last after the first memory protect region enclave creates successfully, perform the program code of a vTPM simulator wherein, thus realize the 2nd vTPM simulator, and generate the data deciphering of the follow-up forwarding of the first communication secret key pair SGX module obtained before the 2nd vTPM simulator can use.Thus utilize the hardware protection functional realiey of SGX module and the memory protect region enclave Secure isolation of vTPM simulator and insincere operating system, ensure that the computational security of vTPM simulator.
In a possible design, virtual machine manager triggers the order creating vTPM example when establishment first virtual machine VM, then the order using the first communication secret key pair to create vTPM example is encrypted, and the order of the establishment vTPM example after encryption is sent to SGX module, after SGX module receives the order of the establishment vTPM example after encryption, be transmitted to the 2nd vTPM simulator run in a described enclave;
After 2nd vTPM simulator receives the order of the establishment vTPM example after encryption, the order using the first communication secret key pair to create vTPM example is decrypted, and the order according to creating vTPM example sends the second request to create to SGX module, after SGX module receives the second request to create, create the 2nd enclave specifying vTPM example corresponding with the second request to create, thus in the 2nd enclave created, perform the program code of vTPM example, and then realize and the vTPM example corresponding to a VM.In this constructive process, the vTPM example that the second request to create is specified is corresponding with the VM that the order creating vTPM example is specified.Thus utilize the hardware protection functional realiey of SGX module and the memory protect region enclave Secure isolation of vTPM example and insincere operating system, ensure that the computational security of vTPM example.
In the design that another is possible, the data communicated between one VM with the vTPM example run at the 2nd enclave all forward in the middle of SGX module, the secret key of SGX CMOS macro cell second communication, the data communicated between a VM with the vTPM example run at the 2nd enclave all use the secret key of the second communication of generation to be encrypted or to decipher.
Second aspect, the embodiment of the application provides the credible manner of execution of a kind of virtual credible platform module vTPM, and method comprises:
First the first virtual machine VM triggers the instruction of vTPM instance communications, and use second communication secret key pair to send out the instruction of vTPM instance communications to be encrypted, then the communication instruction through encryption is sent to SGX module, after SGX module receives communication instruction, communication instruction through encryption is transmitted to vTPM example, last vTPM example receives the communication instruction encrypted of SGX module forwards, and uses second communication secret key pair to be decrypted through the communication instruction of encryption, and then executive communication order.
The third aspect, the embodiment of the application provides the credible manner of execution of a kind of virtual credible platform module vTPM, and method comprises:
First the first virtual machine VM receives the communications command that user triggers, and use second communication secret key pair communications command to be encrypted, then the communication instruction through encryption is sent to SGX module, SGX module receives after the communication instruction of encryption, communication instruction through encryption is transmitted to vTPM example, after vTPM example receives the communication instruction of process encryption of SGX module forwards, vTPM example uses second communication secret key pair to be decrypted through the communication instruction of encryption, and executive communication order, after executive communication order determination execution result, second communication secret key pair execution result is used to be encrypted, the execution result through encryption is sent to SGX module, SGX module receives the execution result through encryption, and is transmitted to a VM, and a last VM receives after the execution result of encryption, uses second communication secret key pair to be decrypted through the execution result of encryption, and obtains execution result.Thus utilize the secret key coded communication data generated during the memory protect region enclave building vTPM example; enciphered message is transmitted by the safe lane of SGX module construction; achieve when virtual machine VM and corresponding vTPM example carry out communication data and the Secure isolation of insincere operating system, ensure that the security of VM and vTPM instance communications.
Fourth aspect, the embodiment of the application provides the credible actuating unit of a kind of virtual credible platform module vTPM, and operating system loads SGX module, and operating system has a vTPM simulator, and device comprises:
One vTPM simulator of operating system; for sending the first request to create to SGX module; after SGX module receives the first request to create; the first memory protect region enclave is set up according to the first request to create; and generate the secret key of the first communication; it is last after the first memory protect region enclave creates successfully; perform the program code of a vTPM simulator wherein; thus realize the 2nd vTPM simulator, and the 2nd vTPM simulator generates the data deciphering of the follow-up forwarding of the first communication secret key pair SGX module obtained before can using.Thus utilize the hardware protection functional realiey of SGX module and the memory protect region enclave Secure isolation of vTPM simulator and insincere operating system, ensure that the computational security of vTPM simulator.
In a possible design, 2nd vTPM simulator, for receiving the order of the establishment vTPM example of SGX module forwards, the order creating vTPM example is triggered when establishment first virtual machine VM by virtual machine manager and uses the secret key encryption of described first communication, sends to SGX module;
2nd vTPM simulator, order deciphering also for using the first communication secret key pair to create vTPM example, and the order according to creating vTPM example sends the second request to create to SGX module, after SGX module receives the second request to create, create the 2nd enclave specifying vTPM example corresponding with the second request to create, thus in the 2nd enclave created, perform the program code of vTPM example, and then realize and the vTPM example corresponding to a VM.In this constructive process, the vTPM example that the second request to create is specified is corresponding with the VM that the order creating vTPM example is specified.Thus utilize the hardware protection functional realiey of SGX module and the memory protect region enclave Secure isolation of vTPM example and insincere operating system, ensure that the computational security of vTPM example.
In the design that another is possible, the data communicated between one VM with the vTPM example run at the 2nd enclave all forward in the middle of SGX module, the secret key of SGX CMOS macro cell second communication, the data communicated between a VM with the vTPM example run at the 2nd enclave all use the secret key of the second communication of generation to be encrypted or to decipher.
5th aspect, the embodiment of the application provides the credible actuating unit of a kind of virtual credible platform module vTPM, and device comprises:
First the first virtual machine VM is for triggering the instruction of vTPM instance communications, and use second communication secret key pair then the communication instruction through encryption to be issued SGX module, SGX module is used for receiving communication instruction, communication instruction through encryption is transmitted to vTPM example, last vTPM example is for receiving the communication instruction encrypted of SGX module forwards, and use second communication secret key pair to be decrypted through the communication instruction of encryption, and then executive communication order.
6th aspect, the embodiment of the application provides the credible actuating unit of a kind of virtual credible platform module vTPM, and device comprises:
First the first virtual machine VM is for receiving the communications command of user's triggering, and use second communication secret key pair communications command to be encrypted, then the communication instruction through encryption is sent to SGX module, SGX module receives after the communication instruction of encryption, communication instruction through encryption is transmitted to vTPM example, vTPM example is for receiving the communication instruction through encryption of SGX module forwards, and use second communication secret key pair to be decrypted through the described communication instruction of encryption, and executive communication order, after executive communication order determination execution result, second communication secret key pair execution result is used to be encrypted, the execution result through encryption is sent to SGX module, SGX module receives the execution result through encryption through encryption, and is transmitted to a VM, and a last VM receives after the execution result of encryption, uses second communication secret key pair to be decrypted through the execution result of encryption, and obtains execution result.Thus utilize the secret key coded communication data generated during the memory protect region enclave building vTPM example; enciphered message is transmitted by the safe lane of SGX module construction; achieve when virtual machine VM and corresponding vTPM example carry out communication data and the Secure isolation of insincere operating system, ensure that the security of VM and vTPM instance communications.
7th aspect, the embodiment of the application provides a kind of computer equipment, and computer equipment comprises processor and storer, and processor is connected by bus with storer;
Storer is for storing computer executed instructions, and when described computer equipment runs, the computer executed instructions that processor execute store stores, computer equipment performs the credible manner of execution of above-mentioned any one virtual credible platform module vTPM.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 be in prior art a kind of Xen do accurate virtual in the configuration diagram of vTPM;
Fig. 2 is the configuration diagram of the vTPM in prior art in a kind of system virtualization KVM increased income;
Fig. 3 is a kind of credible platform module TPM Organization Chart based on firmware in prior art;
Fig. 4 is the insincere system environments schematic diagram of a kind of vTPM simulator and vTPM example in prior art;
Fig. 5 is the schematic flow sheet of the credible manner of execution of a kind of virtual credible platform module vTPM that the embodiment of the present invention proposes;
Fig. 6 is the structure schematic diagram of the memory protect region enclave of a kind of vTPM simulator that the embodiment of the present invention provides;
Fig. 7 is the mutual schematic diagram of a kind of SGX module of providing of the embodiment of the present invention and application program;
Fig. 8 is the structural representation of a kind of memory protect region enclave that the embodiment of the present invention provides;
Fig. 9 is the schematic flow sheet of the credible manner of execution of a kind of virtual credible platform module vTPM that another embodiment of the present invention proposes;
Figure 10 is the structure schematic diagram of the memory protect region enclave of a kind of vTPM example that the embodiment of the present invention provides;
Figure 11 is the schematic flow sheet of the credible manner of execution of a kind of virtual credible platform module vTPM that further embodiment of this invention proposes;
Figure 12 is a kind of virtual machine VM that the embodiment of the present invention provides schematic diagram when communicating with corresponding vTPM example;
Figure 13 is the schematic diagram of the credible manner of execution of a kind of virtual credible platform module vTPM that further embodiment of this invention provides;
Figure 14 is the structural representation of the credible actuating unit of a kind of virtual credible platform module vTPM that the embodiment of the present invention provides;
Figure 15 is the structural representation of a kind of computer equipment that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Please refer to Fig. 5, Fig. 5 is the schematic flow sheet of the credible manner of execution of a kind of virtual credible platform module vTPM that the embodiment of the present invention proposes.As shown in the figure, described method comprises:
S501; one vTPM simulator of described operating system sends the first request to create to described SGX module; described SGX module is made to set up the first memory protect region enclave according to described first request to create; generate the secret key of the first communication, so that the program code performing a described vTPM simulator in a described enclave realizes the 2nd vTPM simulator.
S502, described 2nd vTPM simulator uses the data deciphering of the follow-up forwarding of SGX module described in described first communication secret key pair.
As shown in Figure 6, CPU supports IntelSGX framework, and when apparatus system initialization, first the SGX module in CPU can be loaded in operating system by operating system, startup optimization the one vTPM simulator.Now virtual machine manager (having virtual machine authority at the highest level) can be that the first vTPM simulator creates simulator certificate, and this simulator certificate is the identity tag generating the vTPM simulator obtained according to the hash value of a vTPM simulator and server hardware PKI.Then a vTPM simulator creates the first memory protect region enclave of vTPM simulator to the application of SGX module, SGX module performs after receiving and creating order and creates order, distribute the first memory protect region enclave, and the program code of a vTPM simulator is loaded into the first memory protect region enclave, the program code of loading first memory protect region enclave and the program code provided in advance can be compared the integrality of the program code of the vTPM simulator determining to be loaded into by CPU, finally realize the 2nd vTPM simulator at the program code of the first memory protect region enclave execution the one vTPM simulator.In addition, after SGX module sets up described first memory protect region enclave according to described first request to create, can create the secret key of the first communication, the 2nd vTPM simulator can use the data deciphering of the follow-up forwarding of SGX module described in the first communication secret key pair.Wherein, a vTPM simulator and the 2nd vTPM simulator can isolated operations, also synthetic operation can perform relevant communications command.
It should be noted that, SGX module expands the one of CPU architecture, for the Secure execution of application program provides hardware protection.This expansion allows the application program of user model in the virtual address space of application program, create one piece of memory protect region enclave; wherein; the hardware isolated technology of combining encryption technology and internal memory; hardware provides confidentiality and integrity to protect for enclave; make it to resist malice privilege software; if resist the attack of invaded host operating system or malicious virtual machine monitor, the physical attacks to internal memory can be resisted again, as probe the memory etc.SGX module makes some amendments to Intel Architecture instruction set and internal storage access mode; with the program code allowing process creation one piece shielded region of memory enclave, enclave to protect to run on wherein by the infringement of malice authorization code and hardware attack.As shown in Figure 7, Fig. 7 is the mutual schematic diagram of a kind of SGX module and application program.Wherein, enclave has following feature: (1) has oneself code and data; (2) Confidentiality protection is provided; (3) integrity protection is provided; (4) there is controlled entrance; (5) multithreading is supported; (6) application programs internal memory has the highest access rights.As shown in Figure 8, Fig. 8 is the structural representation of a kind of memory protect region enclave.Wherein, TCS (ThreadControlStructure) is in store recovers the specific information of enclave thread when entering or exit enclave.
Optionally, as shown in Figure 9, the method in above-described embodiment can also comprise:
S901, the 2nd vTPM simulator run in a described enclave, receive the order of the establishment vTPM example of described SGX module forwards, the order of described establishment vTPM example is triggered by described virtual machine manager and uses the secret key of described first communication to encrypt, send to described SGX module when establishment first virtual machine VM.
S902, 2nd vTPM simulator uses the order deciphering creating vTPM example described in described first communication secret key pair, order according to described establishment vTPM example sends the second request to create to described SGX module, the vTPM example that described second request to create is specified is corresponding with the VM that the described order creating vTPM example is specified, make the 2nd enclave that described SGX module creation and described second request to create specify vTPM example corresponding, so that the program code performing described vTPM example at described 2nd enclave realizes and the vTPM example corresponding to a described VM.
As shown in Figure 10, virtual machine manager triggers the order creating vTPM example when establishment first virtual machine VM, then the order using the first communication secret key pair to create vTPM example is encrypted, and the order of the establishment vTPM example after encryption is sent to SGX module, after SGX module receives the order of the establishment vTPM example after encryption, be transmitted to the 2nd vTPM simulator run in an enclave of described vTPM simulator, after 2nd vTPM simulator receives the order creating vTPM example, 2nd vTPM simulator uses the order deciphering creating vTPM example described in described first communication secret key pair, and send the second request to create to the SGX module be loaded in operating system, after SGX module receives the second request to create, set up the memory protect region enclave of described vTPM example, and the program code of vTPM example is loaded into the memory protect region enclave of described vTPM example, the program code being loaded into memory protect region enclave and the program code provided in advance can be compared the integrality of the program code of the vTPM example determining to be loaded into by CPU, the last program code performing described vTPM example at memory protect region enclave.In addition, the data communicated between one VM with the vTPM example run at the 2nd enclave all forward in the middle of SGX module, the secret key of SGX CMOS macro cell second communication, the data communicated between a VM with the vTPM example run at the 2nd enclave all use the secret key of the second communication of generation to be encrypted or to decipher.Thus utilize the hardware protection functional realiey of SGX module and the memory protect region enclave Secure isolation of vTPM example and insincere operating system, ensure that the computational security of vTPM example.
It should be noted that, vTPM example is bound with corresponding virtual machine VM, and is consistent with the life cycle of corresponding virtual machine VM, and the information between vTPM example and virtual machine VM passes through SGX module and is encrypted communication, and utilizes enclave instruction to realize.
Continue the schematic flow sheet of the credible manner of execution with reference to Figure 11, Figure 11 being a kind of virtual credible platform module vTPM that further embodiment of this invention proposes.Embodiment of the present invention method comprises:
S1101, first virtual machine VM receives the communications command that user triggers, use communications command described in second communication secret key pair to be encrypted, and the described communication instruction through encryption is sent to SGX module, so that the described communication instruction through encryption is transmitted to vTPM example by described SGX module.
S1102, vTPM example receives the described communication instruction encrypted of SGX module forwards.
S1103, vTPM example uses described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command, and use described second communication secret key pair execution result to encrypt, to the described execution result of described SGX module transmission through encrypting.
S1104, a described VM use described second communication secret key pair to be decrypted through the described execution result of encryption, and obtain described execution result.
In specific implementation, as shown in figure 12, first the first virtual machine VM receives the communications command that user triggers, and use second communication secret key pair communications command to be encrypted, then the communication instruction through encryption is sent to SGX module, SGX module receives after the communication instruction of encryption, communication instruction through encryption is transmitted to vTPM example, after vTPM example receives the communication instruction of process encryption of SGX module forwards, vTPM example uses second communication secret key pair to be decrypted through the communication instruction of encryption, and executive communication order, after executive communication order determination execution result, second communication secret key pair execution result is used to be encrypted, the execution result through encryption is sent to SGX module, SGX module receives the execution result through encryption, and is transmitted to a VM, and a last VM receives after the execution result of encryption, uses second communication secret key pair to be decrypted through the execution result of encryption, and obtains execution result.Thus utilize the secret key coded communication data generated during the memory protect region enclave building vTPM example; enciphered message is transmitted by the safe lane of SGX module construction; achieve when virtual machine VM and corresponding vTPM example carry out communication data and the Secure isolation of insincere operating system, ensure that the security of VM and vTPM instance communications.
Especially; as shown in figure 13; Figure 13 is the schematic diagram of the credible manner of execution of a kind of virtual credible platform module vTPM; the method is the memory protect region enclave creating the vTPM thread corresponding with virtual machine VM and set up described vTPM thread; because the memory protect region enclave of establishment and vTPM thread with vTPM example is similar, this step repeats no more.
Please refer to Figure 14, Figure 14 is the structural representation of the credible actuating unit of a kind of virtual credible platform module vTPM that the embodiment of the present invention provides, and as shown in the figure, operating system loads SGX module, described operating system has a vTPM simulator, and described device comprises:
One vTPM simulator of described operating system, for sending the first request to create to described SGX module, described SGX module is made to set up the first memory protect region enclave according to described first request to create, generate the secret key of the first communication, so that the program code performing a described vTPM simulator in a described enclave realizes the 2nd vTPM simulator;
Described 2nd vTPM simulator, for using the data deciphering of the follow-up forwarding of SGX module described in described first communication secret key pair.
As shown in Figure 6, CPU supports IntelSGX framework, and when apparatus system initialization, first the SGX module in CPU can be loaded in operating system by operating system, startup optimization the one vTPM simulator.Now virtual machine manager (having virtual machine authority at the highest level) can be that the first vTPM simulator creates simulator certificate, and this simulator certificate is the identity tag generating the vTPM simulator obtained according to the hash value of a vTPM simulator and server hardware PKI.Then a vTPM simulator creates the first memory protect region enclave to the application of SGX module, SGX module performs after receiving and creating order and creates order, be that a vTPM simulator distributes the first memory protect region enclave, and the program code of a vTPM simulator is loaded into the first memory protect region enclave, the program code of loading first memory protect region enclave and the program code provided in advance can be compared the integrality of the program code of the vTPM simulator determining to be loaded into by CPU, finally realize the 2nd vTPM simulator at the program code of the first memory protect region enclave execution the one vTPM simulator.In addition, after SGX module sets up described first memory protect region enclave according to described first request to create, can create the secret key of the first communication, the 2nd vTPM simulator can use the data deciphering of the follow-up forwarding of SGX module described in the first communication secret key pair.Wherein, a vTPM simulator and the 2nd vTPM simulator can isolated operations, also synthetic operation can perform relevant communications command.
It should be noted that, SGX module expands the one of CPU architecture, for the Secure execution of application program provides hardware protection.This expansion allows the application program of user model in the virtual address space of application program, create one piece of memory protect region enclave; wherein; the hardware isolated technology of combining encryption technology and internal memory; hardware provides confidentiality and integrity to protect for enclave; make it to resist malice privilege software; if resist the attack of invaded host operating system or malicious virtual machine monitor, the physical attacks to internal memory can be resisted again, as probe the memory etc.SGX module makes some amendments to Intel Architecture instruction set and internal storage access mode; with the program code allowing process creation one piece shielded region of memory enclave, enclave to protect to run on wherein by the infringement of malice authorization code and hardware attack.As shown in Figure 7, Fig. 7 is the mutual schematic diagram of a kind of SGX module and application program.Wherein, enclave has following feature: (1) has oneself code and data; (2) Confidentiality protection is provided; (3) integrity protection is provided; (4) there is controlled entrance; (5) multithreading is supported; (6) application programs internal memory has the highest access rights.As shown in Figure 8, Fig. 8 is the structural representation of a kind of memory protect region enclave.Wherein, TCS (ThreadControlStructure) is in store recovers the specific information of enclave thread when entering or exit enclave.
Optionally, as shown in figure 14, the device in the embodiment of the present invention can also comprise the 2nd vTPM simulator, and the 2nd vTPM simulator is used for:
Receive the order of the establishment vTPM example of described SGX module forwards, the order of described establishment vTPM example is triggered by described virtual machine manager and uses the secret key of described first communication to encrypt, send to described SGX module when establishment first virtual machine VM.
Use the order deciphering creating vTPM example described in described first communication secret key pair, order according to described establishment vTPM example sends the second request to create to described SGX module, the vTPM example that described second request to create is specified is corresponding with the VM that the described order creating vTPM example is specified, make the 2nd enclave that described SGX module creation and described second request to create specify vTPM example corresponding, so that the program code performing described vTPM example at described 2nd enclave realizes and the vTPM example corresponding to a described VM.
As shown in Figure 10, virtual machine manager triggers the order creating vTPM example when establishment first virtual machine VM, then the order using the first communication secret key pair to create vTPM example is encrypted, and the order of the establishment vTPM example after encryption is sent to SGX module, after SGX module receives the order of the establishment vTPM example after encryption, be transmitted to the 2nd vTPM simulator run in an enclave of described vTPM simulator, after 2nd vTPM simulator receives the order creating vTPM example, 2nd vTPM simulator uses the order deciphering creating vTPM example described in described first communication secret key pair, and send the second request to create to the SGX module be loaded in operating system, after SGX module receives the second request to create, set up the memory protect region enclave of described vTPM example, and the program code of vTPM example is loaded into the memory protect region enclave of described vTPM example, the program code being loaded into memory protect region enclave and the program code provided in advance can be compared the integrality of the program code of the vTPM example determining to be loaded into by CPU, the last program code performing described vTPM example at memory protect region enclave.In addition, the data communicated between one VM with the vTPM example run at the 2nd enclave all forward in the middle of SGX module, the secret key of SGX CMOS macro cell second communication, the data communicated between a VM with the vTPM example run at the 2nd enclave all use the secret key of the second communication of generation to be encrypted or to decipher.Thus utilize the hardware protection functional realiey of SGX module and the memory protect region enclave Secure isolation of vTPM example and insincere operating system, ensure that the computational security of vTPM example.
It should be noted that, vTPM example is bound with corresponding virtual machine VM, and is consistent with the life cycle of corresponding virtual machine VM, and the information between vTPM example and virtual machine VM passes through SGX module and is encrypted communication, and utilizes enclave instruction to realize.
As shown in figure 14, the device in the embodiment of the present invention can also comprise vTPM example, described vTPM example specifically for:
Receive the described communication instruction encrypted of SGX module forwards, described communication instruction is triggered by the first virtual machine VM and uses communications command described in second communication secret key pair to be encrypted, sends to SGX module; Use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command.
In specific implementation, as shown in figure 12, first the first virtual machine VM triggers the instruction of vTPM instance communications, and use second communication secret key pair then the communication instruction through encryption to be issued SGX module, after SGX module receives communication instruction, communication instruction through encryption is transmitted to vTPM example, and last vTPM example receives the communication instruction encrypted of SGX module forwards; After vTPM example receives the communication instruction encrypted, vTPM example uses second communication secret key pair to be decrypted through the communication instruction of encryption, and then executive communication order.
As shown in figure 14, the device in the embodiment of the present invention can also comprise the first virtual machine VM, the first virtual machine VM specifically for:
Receive the communications command that user triggers, communications command described in second communication secret key pair is used to be encrypted, and the described communication instruction through encryption is sent to SGX module, so that the described communication instruction through encryption is transmitted to vTPM example by described SGX module, makes described vTPM example use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command, use described second communication secret key pair execution result to encrypt, send the described execution result through encryption to described SGX module;
Use described second communication secret key pair to be decrypted through the described execution result of encryption, and obtain described execution result.
Concrete, as shown in figure 12, first the first virtual machine VM receives the communications command that user triggers, and use second communication secret key pair communications command to be encrypted, then the communication instruction through encryption is sent to SGX module, SGX module receives after the communication instruction of encryption, communication instruction through encryption is transmitted to vTPM example, after vTPM example receives the communication instruction of process encryption of SGX module forwards, vTPM example uses second communication secret key pair to be decrypted through the described communication instruction of encryption, and executive communication order, after executive communication order determination execution result, second communication secret key pair execution result is used to be encrypted, the execution result through encryption is sent to SGX module, SGX module receives the execution result through encryption through encryption, and is transmitted to a VM, and a last VM receives after the execution result of encryption, uses second communication secret key pair to be decrypted through the execution result of encryption, and obtains execution result.Thus utilize the secret key coded communication data generated during the memory protect region enclave building vTPM example; enciphered message is transmitted by the safe lane of SGX module construction; achieve when virtual machine VM and corresponding vTPM example carry out communication data and the Secure isolation of insincere operating system, ensure that the security of VM and vTPM instance communications.
Please continue to refer to Figure 15, it is an example structure schematic diagram of computer equipment of the present invention.As shown in figure 15, this computer equipment comprises in processor 1501 and interface circuit 1502, figure and gives storer 1503 and bus 1504, and this processor 1501, interface circuit 1502 and storer 1503 are connected by bus 1504 and complete mutual communication.
Wherein, processor 1501 for:
The first request to create is sent to described SGX module, described SGX module is made to set up the first memory protect region enclave according to described first request to create, generate the secret key of the first communication, so that the program code performing a described vTPM simulator in a described enclave realizes the 2nd vTPM simulator;
Use the data deciphering of the follow-up forwarding of SGX module described in described first communication secret key pair.
Optionally, processor 1501 also for:
Receive the order of the establishment vTPM example of described SGX module forwards, the order of described establishment vTPM example is triggered by described virtual machine manager and uses the secret key of described first communication to encrypt, send to described SGX module when establishment first virtual machine VM;
Use the order deciphering creating vTPM example described in described first communication secret key pair, order according to described establishment vTPM example sends the second request to create to described SGX module, the vTPM example that described second request to create is specified is corresponding with the VM that the described order creating vTPM example is specified, make the 2nd enclave that described SGX module creation and described second request to create specify vTPM example corresponding, so that the program code performing described vTPM example at described 2nd enclave realizes and the vTPM example corresponding to a described VM.
Optionally, the secret key of described SGX CMOS macro cell second communication, so that the data communicated between a described VM with the described vTPM example run at described 2nd enclave all forward in the middle of described SGX module, the data communicated between a described VM with the described vTPM example run at described 2nd enclave all use the secret key encrypt/decrypt of described second communication.
Wherein, processor 1501 also for:
Receive the communication instruction encrypted of SGX module forwards, described communication instruction is triggered by the first virtual machine VM and uses communications command described in second communication secret key pair to be encrypted, sends to SGX module;
Use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command.
Wherein, processor 1501 also for:
Receive the communications command that user triggers, communications command described in second communication secret key pair is used to be encrypted, and the described communication instruction through encryption is sent to SGX module, so that the described communication instruction through encryption is transmitted to vTPM example by described SGX module, makes described vTPM example use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command, use described second communication secret key pair execution result to encrypt, send the described execution result through encryption to described SGX module;
Use described second communication secret key pair to be decrypted through the described execution result of encryption, and obtain described execution result.
It should be noted that, processor 1501 here can be a treatment element, also can be the general designation of multiple treatment element.Such as, this treatment element can be central processing unit (CentralProcessingUnit, CPU), also can be specific integrated circuit (ApplicationSpecificIntegratedCircuit, ASIC), or be configured to the one or more integrated circuit implementing the embodiment of the present invention, such as: one or more microprocessor (digitalsingnalprocessor, DSP), or, one or more field programmable gate array (FieldProgrammableGateArray, FPGA).
Storer 1503 can be a memory storage, also can be the general designation of multiple memory element, and runs parameter, data etc. for stores executable programs code or application program running gear.And storer 1503 can comprise random access memory (RAM), also can comprise nonvolatile memory (non-volatilememory), such as magnetic disk memory, flash memory (Flash) etc.
Bus 1504 can be industry standard architecture (IndustryStandardArchitecture, ISA) bus, peripheral component interconnect (PeripheralComponent, PCI) bus or extended industry-standard architecture (ExtendedIndustryStandardArchitecture, EISA) bus etc.This bus 1504 can be divided into address bus, data bus, control bus etc.For ease of representing, only representing with a thick line in Figure 15, but not representing the bus only having a bus or a type.
This computer equipment can also comprise input-output unit, is connected to bus 1504, to be connected with other parts such as processors 1501 by bus.This input-output unit can provide an inputting interface for operating personnel, so that operating personnel select to deploy to ensure effective monitoring and control of illegal activities item by this inputting interface, can also be other interface, by the external miscellaneous equipment of this interface.
It should be noted that, for each embodiment of the method aforesaid, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, certain some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is that the hardware that can carry out instruction relevant by program has come, this program can be stored in a computer-readable recording medium, storage medium can comprise: flash disk, ROM (read-only memory) are (English: Read-OnlyMemory, be called for short: ROM), random access device (English: RandomAccessMemory, RAM), disk or CD etc. be called for short:.
The content download method provided the embodiment of the present invention above and relevant device, system are described in detail, apply specific case herein to set forth principle of the present invention and embodiment, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (11)
1. a credible manner of execution of virtual credible platform module vTPM, is characterized in that, operating system loads SGX module, and described operating system has a vTPM simulator, and described method comprises:
One vTPM simulator of described operating system sends the first request to create to described SGX module, described SGX module is made to set up the first memory protect region enclave according to described first request to create, generate the secret key of the first communication, so that the program code performing a described vTPM simulator in a described enclave realizes the 2nd vTPM simulator;
Described 2nd vTPM simulator uses the data deciphering of the follow-up forwarding of SGX module described in described first communication secret key pair.
2. the method for claim 1, is characterized in that, described operating system virtual machine manager, and described method also comprises:
The 2nd vTPM simulator run in a described enclave, receive the order of the establishment vTPM example of described SGX module forwards, the order of described establishment vTPM example is triggered by described virtual machine manager and uses the secret key of described first communication to encrypt, send to described SGX module when establishment first virtual machine VM;
Described 2nd vTPM simulator uses the order deciphering creating vTPM example described in described first communication secret key pair, order according to described establishment vTPM example sends the second request to create to described SGX module, the vTPM example that described second request to create is specified is corresponding with the VM that the described order creating vTPM example is specified, make the 2nd enclave that described SGX module creation and described second request to create specify vTPM example corresponding, so that the program code performing described vTPM example at described 2nd enclave realizes and the vTPM example corresponding to a described VM.
3. method as claimed in claim 2, it is characterized in that, the secret key of described SGX CMOS macro cell second communication, so that the data communicated between a described VM with the described vTPM example run at described 2nd enclave all forward in the middle of described SGX module, the data communicated between a described VM with the described vTPM example run at described 2nd enclave all use the secret key encrypt/decrypt of described second communication.
4. a credible manner of execution of virtual credible platform module vTPM, is characterized in that, described method comprises:
VTPM example receives the communication instruction encrypted of SGX module forwards, and described communication instruction is triggered by the first virtual machine VM and uses communications command described in second communication secret key pair to be encrypted, sends to SGX module;
Described vTPM example uses described second communication secret key pair to be decrypted through the described communication instruction of encryption, performs described communications command.
5. a credible manner of execution of virtual credible platform module vTPM, is characterized in that, described method comprises:
First virtual machine VM receives the communications command that user triggers, communications command described in second communication secret key pair is used to be encrypted, and the described communication instruction through encryption is sent to SGX module, so that the described communication instruction through encryption is transmitted to vTPM example by described SGX module, makes described vTPM example use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command, use described second communication secret key pair execution result to encrypt, send the described execution result through encryption to described SGX module;
A described VM uses described second communication secret key pair to be decrypted through the described execution result of encryption, and obtains described execution result.
6. a credible actuating unit of virtual credible platform module vTPM, is characterized in that, operating system loads SGX module, and described operating system has a vTPM simulator, and described device comprises:
One vTPM simulator of described operating system, for sending the first request to create to described SGX module, described SGX module is made to set up the first memory protect region enclave according to described first request to create, generate the secret key of the first communication, so that the program code performing a described vTPM simulator in a described enclave realizes the 2nd vTPM simulator;
Described 2nd vTPM simulator, for using the data deciphering of the follow-up forwarding of SGX module described in described first communication secret key pair.
7. device as claimed in claim 6, it is characterized in that, described operating system virtual machine manager, described device is included in the 2nd vTPM simulator run in a described enclave, and described 2nd vTPM simulator is used for:
Receive the order of the establishment vTPM example of described SGX module forwards, the order of described establishment vTPM example is triggered by described virtual machine manager and uses the secret key of described first communication to encrypt, send to described SGX module when establishment first virtual machine VM;
Use the order deciphering creating vTPM example described in described first communication secret key pair, order according to described establishment vTPM example sends the second request to create to described SGX module, the vTPM example that described second request to create is specified is corresponding with the VM that the described order creating vTPM example is specified, make the 2nd enclave that described SGX module creation and described second request to create specify vTPM example corresponding, so that the program code performing described vTPM example at described 2nd enclave realizes and the vTPM example corresponding to a described VM.
8. device as claimed in claim 7, it is characterized in that, the secret key of described SGX CMOS macro cell second communication, so that the data communicated between a described VM with the described vTPM example run at described 2nd enclave all forward in the middle of described SGX module, the data communicated between a described VM with the described vTPM example run at described 2nd enclave all use the secret key encrypt/decrypt of described second communication.
9. a credible actuating unit of virtual credible platform module vTPM, is characterized in that, described device comprises vTPM example, described vTPM example specifically for:
Receive the communication instruction encrypted of SGX module forwards, described communication instruction is triggered by the first virtual machine VM and uses communications command described in second communication secret key pair to be encrypted, sends to SGX module;
Use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command.
10. a credible actuating unit of virtual credible platform module vTPM, is characterized in that, described device comprises the first virtual machine VM, described first virtual machine VM specifically for:
Receive the communications command that user triggers, communications command described in second communication secret key pair is used to be encrypted, and the described communication instruction through encryption is sent to SGX module, so that the described communication instruction through encryption is transmitted to vTPM example by described SGX module, makes described vTPM example use described second communication secret key pair to be decrypted through the described communication instruction of encryption, perform described communications command, use described second communication secret key pair execution result to encrypt, send the described execution result through encryption to described SGX module;
Use described second communication secret key pair to be decrypted through the described execution result of encryption, and obtain described execution result.
11. 1 kinds of computer equipments, it is characterized in that, described computer equipment comprises processor and storer, described processor is connected by bus with described storer;
Described storer is for storing computer executed instructions, when described computer equipment runs, described processor performs the described computer executed instructions that described storer stores, and makes described computer equipment enforcement of rights require the credible manner of execution of the virtual credible platform module vTPM described in 1 to 5 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510837577.2A CN105389513B (en) | 2015-11-26 | 2015-11-26 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510837577.2A CN105389513B (en) | 2015-11-26 | 2015-11-26 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105389513A true CN105389513A (en) | 2016-03-09 |
| CN105389513B CN105389513B (en) | 2018-10-12 |
Family
ID=55421789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510837577.2A Active CN105389513B (en) | 2015-11-26 | 2015-11-26 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105389513B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342980A (en) * | 2017-06-05 | 2017-11-10 | 杭州云象网络技术有限公司 | A kind of trust authentication method and system of publicly-owned chain node proof of work |
| CN107463838A (en) * | 2017-08-14 | 2017-12-12 | 广州大学 | Method for safety monitoring, device, system and storage medium based on SGX |
| CN107832606A (en) * | 2017-09-28 | 2018-03-23 | 中国船舶重工集团公司第七0九研究所 | Trust chain realization method and system based on SGX |
| CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
| CN109150517A (en) * | 2018-09-04 | 2019-01-04 | 大唐高鸿信安(浙江)信息科技有限公司 | Key security management system and method based on SGX |
| CN109583191A (en) * | 2018-10-31 | 2019-04-05 | 清华大学 | Cloud program control flow completeness protection method and device |
| CN109800584A (en) * | 2018-10-24 | 2019-05-24 | 中国科学院信息工程研究所 | A kind of identity or encryption attribute calculation method and system based on Intel SGX mechanism |
| CN110874468A (en) * | 2018-08-31 | 2020-03-10 | 华为技术有限公司 | Application program safety protection method and related equipment |
| CN112182560A (en) * | 2020-09-17 | 2021-01-05 | 上海交通大学 | Efficient isolation method, system and medium for Intel SGX interior |
| CN112446032A (en) * | 2020-11-20 | 2021-03-05 | 南方科技大学 | Trusted execution environment construction method, system and storage medium |
| CN112836217A (en) * | 2021-01-12 | 2021-05-25 | 清华大学深圳国际研究生院 | SGX-based block chain virtual machine method and system for dynamically reducing TCB |
| WO2021197040A1 (en) * | 2020-03-31 | 2021-10-07 | 华为技术有限公司 | Trusted measurement method and related apparatus |
| CN114398156A (en) * | 2022-03-24 | 2022-04-26 | 阿里云计算有限公司 | Data channel construction method and device |
| WO2023184920A1 (en) * | 2022-03-31 | 2023-10-05 | 苏州浪潮智能科技有限公司 | Virtualization implementation method and apparatus, electronic device, non-volatile readable storage medium, and arm platform |
| CN117194286A (en) * | 2023-09-08 | 2023-12-08 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016010665A1 (en) | 2014-07-15 | 2016-01-21 | Sikka Neil | Apparatus for and method of preventing unsecured data access |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425027A (en) * | 2008-11-20 | 2009-05-06 | 上海交通大学 | Virtual machine safety protocol method and system based on TPM |
| CN101488174A (en) * | 2009-01-15 | 2009-07-22 | 北京交通大学 | Implementing method for dynamically transparent virtual credible platform module |
| CN101599025A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | Safety virtualization method of trusted crypto module |
| CN102110197A (en) * | 2009-12-25 | 2011-06-29 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| CN103532985A (en) * | 2013-11-01 | 2014-01-22 | 中国联合网络通信集团有限公司 | Communication method, equipment and system between virtual machines |
| CN103618724A (en) * | 2013-12-03 | 2014-03-05 | 中标软件有限公司 | Method and system for communications between terminal and virtual machine |
| EP2913956A1 (en) * | 2012-11-22 | 2015-09-02 | Huawei Technologies Co., Ltd. | Management control method, device and system for virtual machine |
-
2015
- 2015-11-26 CN CN201510837577.2A patent/CN105389513B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425027A (en) * | 2008-11-20 | 2009-05-06 | 上海交通大学 | Virtual machine safety protocol method and system based on TPM |
| CN101488174A (en) * | 2009-01-15 | 2009-07-22 | 北京交通大学 | Implementing method for dynamically transparent virtual credible platform module |
| CN101599025A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | Safety virtualization method of trusted crypto module |
| CN102110197A (en) * | 2009-12-25 | 2011-06-29 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| EP2913956A1 (en) * | 2012-11-22 | 2015-09-02 | Huawei Technologies Co., Ltd. | Management control method, device and system for virtual machine |
| CN103532985A (en) * | 2013-11-01 | 2014-01-22 | 中国联合网络通信集团有限公司 | Communication method, equipment and system between virtual machines |
| CN103618724A (en) * | 2013-12-03 | 2014-03-05 | 中标软件有限公司 | Method and system for communications between terminal and virtual machine |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342980A (en) * | 2017-06-05 | 2017-11-10 | 杭州云象网络技术有限公司 | A kind of trust authentication method and system of publicly-owned chain node proof of work |
| CN107342980B (en) * | 2017-06-05 | 2020-05-19 | 杭州云象网络技术有限公司 | Credibility verification method and system for public link node workload certification |
| CN107463838A (en) * | 2017-08-14 | 2017-12-12 | 广州大学 | Method for safety monitoring, device, system and storage medium based on SGX |
| CN107463838B (en) * | 2017-08-14 | 2019-10-18 | 广州大学 | Method for safety monitoring, device, system and storage medium based on SGX |
| CN107832606A (en) * | 2017-09-28 | 2018-03-23 | 中国船舶重工集团公司第七0九研究所 | Trust chain realization method and system based on SGX |
| CN107832606B (en) * | 2017-09-28 | 2020-05-19 | 中国船舶重工集团公司第七0九研究所 | SGX-based trust chain implementation method and system |
| CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
| CN110874468B (en) * | 2018-08-31 | 2024-02-09 | 华为技术有限公司 | Application program security protection method and related equipment |
| CN110874468A (en) * | 2018-08-31 | 2020-03-10 | 华为技术有限公司 | Application program safety protection method and related equipment |
| CN109150517A (en) * | 2018-09-04 | 2019-01-04 | 大唐高鸿信安(浙江)信息科技有限公司 | Key security management system and method based on SGX |
| CN109800584A (en) * | 2018-10-24 | 2019-05-24 | 中国科学院信息工程研究所 | A kind of identity or encryption attribute calculation method and system based on Intel SGX mechanism |
| CN109583191A (en) * | 2018-10-31 | 2019-04-05 | 清华大学 | Cloud program control flow completeness protection method and device |
| WO2021197040A1 (en) * | 2020-03-31 | 2021-10-07 | 华为技术有限公司 | Trusted measurement method and related apparatus |
| CN112182560B (en) * | 2020-09-17 | 2022-04-26 | 上海交通大学 | Efficient isolation method, system and medium for Intel SGX interior |
| CN112182560A (en) * | 2020-09-17 | 2021-01-05 | 上海交通大学 | Efficient isolation method, system and medium for Intel SGX interior |
| CN112446032A (en) * | 2020-11-20 | 2021-03-05 | 南方科技大学 | Trusted execution environment construction method, system and storage medium |
| CN112836217A (en) * | 2021-01-12 | 2021-05-25 | 清华大学深圳国际研究生院 | SGX-based block chain virtual machine method and system for dynamically reducing TCB |
| CN114398156A (en) * | 2022-03-24 | 2022-04-26 | 阿里云计算有限公司 | Data channel construction method and device |
| CN114398156B (en) * | 2022-03-24 | 2022-09-09 | 阿里云计算有限公司 | Data channel construction method and device |
| WO2023184920A1 (en) * | 2022-03-31 | 2023-10-05 | 苏州浪潮智能科技有限公司 | Virtualization implementation method and apparatus, electronic device, non-volatile readable storage medium, and arm platform |
| CN117194286A (en) * | 2023-09-08 | 2023-12-08 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
| CN117194286B (en) * | 2023-09-08 | 2024-03-26 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105389513B (en) | 2018-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105389513A (en) | Trusted execution method and apparatus for virtual trusted platform module (vTPM) | |
| Jang et al. | Heterogeneous isolated execution for commodity gpus | |
| US10148442B2 (en) | End-to-end security for hardware running verified software | |
| CN103069428B (en) | Secure virtual machine in insincere cloud infrastructure guides | |
| JP6055561B2 (en) | A starting point of trust for measuring virtual machines | |
| Coppolino et al. | A comprehensive survey of hardware-assisted security: From the edge to the cloud | |
| US8694781B1 (en) | Techniques for providing hardware security module operability | |
| Demigha et al. | Hardware-based solutions for trusted cloud computing | |
| CN110874468B (en) | Application program security protection method and related equipment | |
| Bleikertz et al. | Client-controlled cryptography-as-a-service in the cloud | |
| Park et al. | Toward live migration of SGX-enabled virtual machines | |
| Brasser et al. | Advances and throwbacks in hardware-assisted security: Special session | |
| Zegzhda et al. | Use of Intel SGX to ensure the confidentiality of data of cloud users | |
| Brasser et al. | Special session: Advances and throwbacks in hardware-assisted security | |
| Bugiel et al. | Implementing an application-specific credential platform using late-launched mobile trusted module | |
| Zhou et al. | Smile: Secure memory introspection for live enclave | |
| Mofrad et al. | Leveraging Intel SGX to create a nondisclosure cryptographic library | |
| Coppola et al. | Automation for industry 4.0 by using secure lorawan edge gateways | |
| Narayanan et al. | Remote attestation of SEV-SNP confidential VMs using e-vTPMs | |
| Liang et al. | Architectural protection of trusted system services for SGX enclaves in cloud computing | |
| Gupta et al. | Security and Cryptography | |
| Park et al. | A tiny hypervisor-based trusted geolocation framework with minimized TPM operations | |
| Kim et al. | CAFE: A virtualization-based approach to protecting sensitive cloud application logic confidentiality | |
| Murtaza et al. | Efficient application protection against untrusted operating systems | |
| Rasmusson et al. | Protecting private data in the cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220214 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |