CN105389513B - A kind of credible execution method and apparatus of virtual credible platform module vTPM - Google Patents
A kind of credible execution method and apparatus of virtual credible platform module vTPM Download PDFInfo
- Publication number
- CN105389513B CN105389513B CN201510837577.2A CN201510837577A CN105389513B CN 105389513 B CN105389513 B CN 105389513B CN 201510837577 A CN201510837577 A CN 201510837577A CN 105389513 B CN105389513 B CN 105389513B
- Authority
- CN
- China
- Prior art keywords
- vtpm
- sgx
- examples
- modules
- enclave
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The invention discloses the credible execution method and apparatus of virtual credible platform module vTPM a kind of, operating system loads SGX modules, and the operating system has the first vTPM simulators, including:First vTPM simulators of the operating system send the first request to create to the SGX modules; so that the SGX modules establish the first memory protection zone enclave according to first request to create; the first communication secret key is generated, the 2nd vTPM simulators are realized in the first enclave to execute the program code of the first vTPM simulators;The 2nd vTPM simulators communicate the data deciphering that SGX modules subsequently forward described in secret key pair using described first.Using the embodiment of the present invention, the security isolation of vTPM simulators and insincere operating system is realized using the hardware protection function of SGX modules and enclave, ensure that the computational security of vTPM simulators.
Description
Technical field
The present invention relates to a kind of credible execution methods of electronic technology field more particularly to virtual credible platform module vTPM
And device.
Background technology
Since virtualization technology has many advantages, such as rational resource-sharing, good isolation mech isolation test, easy care and low cost,
Thus virtualization technology is widely used, but virtual machine technique is also faced with such as data safety storage, sensitive information and protects
The problems such as shield and integrity measurement.The target of reliable computing technology is to establish safety verification system for computer system, is embedded into
TPM (Trusted Platform Module, credible platform module) on physical equipment mainboard can provide for computer system
The security functions such as hardware based credible measurement, credible proof and credible encapsulation.Therefore, virtualization is mutually tied with trust computing
It closes, is the inevitable outcome of technology development.Wherein, (Virtual Trusted Platform Module, virtual credible are flat by vTPM
Platform module) be TPM virtualization a kind of realization method, it provides trust computing work(for the multiple virtual machines operated on host
Can, and the integrity measurement information of virtual machine can be obtained by vTPM, and realize the secure storage of virtual-machine data, it is hard to solve
The fast-developing safety problem brought of part virtualization.
VTPM realization methods under different virtualization modes are different.Fig. 1 is that Xen does the framework of the vTPM in quasi- virtualization and shows
It is intended to, Fig. 2 is that the framework of the vTPM in KVM (Kernel-based Virtual Machine, the system virtualization increased income) shows
It is intended to.When creating the virtual machine with vTPM, vTPM simulators are each virtual machine creating newly created and distribute a vTPM reality
Example, visioning procedure are as follows:(1) when creating virtual machine, first determine whether the order received requires to create the virtual machine with vTPM,
If not requiring, normal virtual machine creating flow is carried out;(2) if it is desired to create the virtual machine with vTPM, then after parsing this order
The request for creating vTPM examples is transmitted to vTPM simulators;(3) vTPM simulators create new vTPM examples, are preserved for its distribution
NVRAM (Non-Volatile Random Access Memory, the nonvolatile random access memory) texts of permanent information
The memory headroom of part and operation vTPM;(4) newly-built vTPM examples and newly-built virtual machine are bound, is allowed to correspond;(5)
Continue other steps of establishment virtual machine, until virtual machine creating is completed.
In the prior art scheme, as shown in figure 3, Fig. 3 is a kind of credible platform module TPM (fTPM) frame based on firmware
Composition.FTPM may insure to be isolated when security code executes, and to prevent various potential Security Violations, be isolated realizing
When without using Special safety processor hardware.In general, fTPM first in booting operating system environment by from system
FTPM is read in firmware or the addressable memory of firmware, and fTPM is placed in the shielded read-only memory of equipment
Instantiation, once being instantiated, fTPM just enables isolated operation, and code executes to ensure safety.Specifically, fTPM be placed in by
The read-only memory of protection so that the equipment can use the hardware of the TrustZoneTM extension classes of such as architecture, safety
Primitive (similar processor architecture) and the equipment based on these architectures, in fTPM provide safety execute every
From without carrying out hardware modifications to existing equipment.
But the development of TPM at present does not support also hardware virtualization, current vTPM to be all based on software realization, such as TPM
Library Emulator, libtpms etc., they are not affected by hardware protection, vulnerable.It is operated in the vTPM server-sides of Xen frameworks
When in level of privilege domain0, the attacker with administrator right obtains possibly also with the privilege of domain0 to other on host
The access right of the corresponding vTPM memories of virtual machine, distorts or deletes its data or code, to destroy the trust of respective virtual machine
Basis.Why credible the key correlation computations process of hardware TPM is, is because they are all executed inside closed hardware, no
It can be leaked and distort;But the key of the vTPM of software realization generates and encryption process is all realized in host memory, such as Fig. 4
Shown, when being implanted malicious code in the memory of vTPM simulators and vTPM examples, key may be leaked out, this just makes
At great safety problem.Therefore the credibility of vTPM implementation procedures and guarantee in insincere system environments how to be protected
The safety of key correlation computations process, is a urgent problem needed to be solved in vTPM memories.
Invention content
The application provides a kind of credible execution method and apparatus of virtual credible platform module vTPM.It can improve can not
Believe system environments in vTPM implementation procedures credibility and ensure vTPM memories in key correlation computations process safety.
In a first aspect, embodiments herein provides a kind of credible execution method of virtual credible platform module vTPM, side
Method includes:
Operation has the first vTPM simulators in an operating system, is operated first system by SGX module loadings to operating system
In, then the first vTPM simulators send the first request to create to the SGX modules being loaded into operating system, and SGX modules receive
To after the first request to create, the first memory protection zone enclave is established according to the first request to create, and it is logical to generate first
Believe secret key, finally after the first memory protection zone enclave is created successfully, executes the journey of the first vTPM simulators wherein
Sequence code, to realize the 2nd vTPM simulators, and the 2nd vTPM simulators can use generate first obtained before
The data deciphering that communication secret key pair SGX modules subsequently forward.To utilize SGX modules and memory protection zone enclave
Hardware protection function realizes the security isolation of vTPM simulators and insincere operating system, ensure that the calculating of vTPM simulators
Safety.
In a possible design, virtual machine manager is triggered when creating the first virtual machine VM creates vTPM examples
Order, the order that vTPM examples are then created using the first communication secret key pair are encrypted, and encrypted establishment vTPM is real
The order of example is sent to SGX modules and is forwarded it to after SGX modules receive the encrypted order for creating vTPM examples
The 2nd vTPM simulators run in the first enclave;
After 2nd vTPM simulators receive the encrypted order for creating vTPM examples, the first communication secret key pair is used
The order for creating vTPM examples is decrypted, and sends the second establishment to SGX modules according to the order for creating vTPM examples and ask
It asks, after SGX modules receive the second request to create, creates and specify vTPM examples corresponding second with the second request to create
Enclave, to execute the program code of vTPM examples in the 2nd enclave of establishment, and then to realize and the first VM institutes
Corresponding vTPM examples.During creating herein, the order of the specified vTPM examples of the second request to create and establishment vTPM examples
The first specified VM is corresponded to.To be realized using the hardware protection function of SGX modules and memory protection zone enclave
The security isolation of vTPM examples and insincere operating system ensure that the computational security of vTPM examples.
In another possible design, number that the first VM is communicated between the vTPM examples that the 2nd enclave is run
According to by forwarding among SGX modules, SGX modules generation the second communication secret key, the first VM and in the 2nd enclave operations
The data communicated between vTPM examples are encrypted or are decrypted using the second communication secret key of generation.
Second aspect, embodiments herein provide a kind of credible execution method of virtual credible platform module vTPM, side
Method includes:
First virtual machine VM triggering vTPM instance communications instructions first, and it is logical using the second communication secret key pair hair vTPM examples
Letter instruction is encrypted, and then will be sent to SGX modules by encrypted communication instruction, SGX modules receive communication instruction it
Afterwards, vTPM examples will be transmitted to by encrypted communication instruction, last vTPM examples receive the encrypted logical of SGX module forwards
Letter instruction, and be decrypted by encrypted communication instruction using the second communication secret key pair, and then execute communication instruction.
The third aspect, embodiments herein provide a kind of credible execution method of virtual credible platform module vTPM, side
Method includes:
First virtual machine VM first receives the communication instruction of user's triggering, and using the second communication secret key pair communication instruction into
Row encryption, then will be sent to SGX modules, SGX modules are received by encrypted communication instruction by encrypted communication instruction
Later, vTPM examples will be transmitted to by encrypted communication instruction, the process encryption of SGX module forwards is received in vTPM examples
Communication instruction after, vTPM examples are decrypted using the second communication secret key pair by encrypted communication instruction, and are executed
Communication instruction is encrypted, most after executing communication instruction and determining implementing result using the second communication secret key pair implementing result
It is sent afterwards to SGX modules and passes through encrypted implementing result;SGX modules, which receive, passes through encrypted implementing result, and forwards it to
First VM, last first VM are received after encrypted implementing result, are held by encrypted using the second communication secret key pair
Row result is decrypted, and obtains implementing result.It is generated when to using the memory protection zone enclave of structure vTPM examples
Secret key coded communication data, encryption information is transmitted by the safe lanes of SGX module constructions, realize virtual machine VM with it is corresponding
Security isolation when vTPM examples progress communication data with insincere operating system, ensure that the safety of VM and vTPM instance communications
Property.
Fourth aspect, embodiments herein provide a kind of credible executive device of virtual credible platform module vTPM, behaviour
Make system loads SGX modules, operating system has the first vTPM simulators, device to include:
First vTPM simulators of operating system, for sending the first request to create to SGX modules, SGX modules connect
After receiving the first request to create, the first memory protection zone enclave is established according to the first request to create, and generate first
Secret key is communicated, finally after the first memory protection zone enclave is created successfully, executes the first vTPM simulators wherein
Program code, to realize the 2nd vTPM simulators, and the 2nd vTPM simulators can generate the obtained before use
The data deciphering that one communication secret key pair SGX modules subsequently forward.To utilize SGX modules and memory protection zone enclave
Hardware protection function realize the security isolation of vTPM simulators and insincere operating system, ensure that the meter of vTPM simulators
Calculate safety.
In a possible design, the 2nd vTPM simulators, the establishment vTPM examples for receiving SGX module forwards
Order, the order for creating vTPM examples are triggered when creating the first virtual machine VM by virtual machine manager and use described first
Communicate secret key encryption, again to the transmission of SGX modules;
2nd vTPM simulators are also used for the order decryption that the first communication secret key pair creates vTPM examples, and root
The second request to create is sent to SGX modules according to the order for creating vTPM examples, after SGX modules receive the second request to create,
Twoth enclave corresponding with the specified vTPM examples of the second request to create is created, to be executed in the 2nd enclave of establishment
The program code of vTPM examples, and then to realize and the vTPM examples corresponding to the first VM.During creating herein, second creates
The specified vTPM examples of request are corresponding with the first VM that the order for creating vTPM examples is specified.To utilize SGX modules and interior
Depositing the hardware protection function of protection zone enclave realizes the security isolation of vTPM examples and insincere operating system, ensures
The computational securities of vTPM examples.
In another possible design, number that the first VM is communicated between the vTPM examples that the 2nd enclave is run
According to by forwarding among SGX modules, SGX modules generation the second communication secret key, the first VM and in the 2nd enclave operations
The data communicated between vTPM examples are encrypted or are decrypted using the second communication secret key of generation.
5th aspect, embodiments herein provide a kind of credible executive device of virtual credible platform module vTPM, fill
Set including:
Then first virtual machine VM first will for triggering the instruction of vTPM instance communications, and using the second communication secret key pair
SGX modules are issued by encrypted communication instruction, SGX modules will pass through encrypted communication instruction for receiving communication instruction
VTPM examples are transmitted to, last vTPM examples are used to receive the encrypted communication instruction of SGX module forwards, and logical using second
Letter secret key pair is decrypted by encrypted communication instruction, and then executes communication instruction.
6th aspect, embodiments herein provide a kind of credible executive device of virtual credible platform module vTPM, fill
Set including:
First virtual machine VM first is used to receive the communication instruction of user's triggering, and is communicated using the second communication secret key pair
Instruction is encrypted, and SGX modules then will be sent to by encrypted communication instruction, and SGX modules are received by encrypted logical
After letter instruction, vTPM examples will be transmitted to by encrypted communication instruction, vTPM examples are used to receive the warp of SGX module forwards
Encrypted communication instruction is crossed, and is decrypted and executes by the encrypted communication instruction using the second communication secret key pair
Communication instruction is encrypted, most after executing communication instruction and determining implementing result using the second communication secret key pair implementing result
It is sent afterwards to SGX modules and passes through encrypted implementing result;SGX modules are received by encrypted by encrypted implementing result, and
The first VM is forwarded it to, last first VM is received after encrypted implementing result, is passed through using the second communication secret key pair
It crosses encrypted implementing result to be decrypted, and obtains implementing result.To utilize the memory protection zone of structure vTPM examples
The secret key coded communication data generated when enclave are transmitted encryption information by the safe lane of SGX module constructions, are realized
Virtual machine VM and the security isolation with insincere operating system when corresponding vTPM examples progress communication data, ensure that VM and vTPM
The safety of instance communications.
7th aspect, embodiments herein provide a kind of computer equipment, and computer equipment includes processor and deposits
Reservoir, processor are connect with memory by bus;
Memory is for storing computer executed instructions, and when the computer equipment is run, processor executes memory
The computer executed instructions of storage, computer equipment execute the credible execution side of any of the above-described virtual credible platform module vTPM
Method.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are some embodiments of the invention, for this field
For those of ordinary skill, without creative efforts, other drawings may also be obtained based on these drawings.
Fig. 1 is the configuration diagram that a kind of Xen is the vTPM in quasi- virtualization in prior art;
Fig. 2 is the configuration diagram of the vTPM in the system virtualization KVM to increase income in prior art a kind of;
Fig. 3 is a kind of credible platform module TPM Organization Charts based on firmware in prior art;
Fig. 4 is a kind of insincere system environments schematic diagram of vTPM simulators and vTPM examples in prior art;
Fig. 5 is that a kind of flow of the credible execution method for virtual credible platform module vTPM that the embodiment of the present invention proposes is shown
It is intended to;
Fig. 6 is the structure signal of the memory protection zone enclave of vTPM simulators provided in an embodiment of the present invention a kind of
Figure;
Fig. 7 is the interaction schematic diagram of a kind of SGX modules and application program provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram of memory protection zone enclave provided in an embodiment of the present invention a kind of;
Fig. 9 is a kind of stream of the credible execution method for virtual credible platform module vTPM that another embodiment of the present invention proposes
Journey schematic diagram;
Figure 10 is the structure signal of the memory protection zone enclave of vTPM examples provided in an embodiment of the present invention a kind of
Figure;
Figure 11 is a kind of credible execution method for virtual credible platform module vTPM that further embodiment of this invention proposes
Flow diagram;
Figure 12 is schematic diagram when a kind of virtual machine VM provided in an embodiment of the present invention is communicated with corresponding vTPM examples;
Figure 13 is a kind of credible execution method for virtual credible platform module vTPM that further embodiment of this invention provides
Schematic diagram;
Figure 14 is a kind of structure of the credible executive device of virtual credible platform module vTPM provided in an embodiment of the present invention
Schematic diagram;
Figure 15 is a kind of structural schematic diagram of computer equipment provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Referring to FIG. 5, Fig. 5 is a kind of credible execution side for virtual credible platform module vTPM that the embodiment of the present invention proposes
The flow diagram of method.As shown, the method includes:
The first vTPM simulators of S501, the operating system send the first request to create to the SGX modules, make
It obtains the SGX modules and the first memory protection zone enclave is established according to first request to create, it is secret to generate the first communication
Key, so as to execute the program code of the first vTPM simulators in the first enclave realize the 2nd vTPM simulate
Device.
S502, the 2nd vTPM simulators communicate the number that SGX modules subsequently forward described in secret key pair using described first
According to decryption.
As shown in fig. 6, CPU supports Intel SGX frameworks, when apparatus system initializes, the system of being operated first can incite somebody to action
SGX modules in CPU are loaded into operating system, start the first vTPM simulators of operation.Virtual machine manager (has virtual at this time
Machine authority at the highest level) can be that the first vTPM simulators create simulator certificate, which is according to the first vTPM
The identity tag for the first vTPM simulators that the hash value and server hardware public key of simulator generate.Then first
The first memory protection zone enclave, SGX module that vTPM simulators create vTPM simulators to SGX module applications receives wound
It builds to execute after order and creates order, distribute the first memory protection zone enclave, and by the program generation of the first vTPM simulators
Code, which is loaded into the first memory protection zone enclave, CPU, can be loaded onto the program code of the first memory protection zone enclave
The integrality of the program code for the first vTPM simulators being loaded into is compared to determine with the program code being provided previously, finally
The program code of the first vTPM simulators is executed in the first memory protection zone enclave to realize the 2nd vTPM simulators.Separately
Outside, after SGX modules establish first memory protection zone enclave according to first request to create, can be created
One communication secret key, the 2nd vTPM simulators can use the data deciphering that SGX modules subsequently forward described in the first communication secret key pair.
Wherein, the first vTPM simulators and the 2nd vTPM simulators can be with isolated operations, can also the relevant communication of synthetic operation execution
Instruction.
It should be noted that SGX modules are a kind of extensions to CPU architecture, provided firmly for the safety execution of application program
Part is protected.This extension allows the application program of user mode to create one piece of memory guarantor in the virtual address space of application program
Protect region enclave, wherein the hardware isolated technology of combining encryption technology and memory, hardware be enclave provide confidentiality with
Integrity protection is allowed to that malice privilege software can be fought, as can host operating system or malicious virtual machine that confrontation is invaded
The attack of monitor, and the physical attacks to memory, such as probe the memory can be resisted.SGX modules to Intel Architecture instruction set and
Internal storage access mode makes some modifications, and to allow the shielded region of memory enclave of one piece of process creation, enclave can
Protection runs on program code therein and is not encroached on by malice authorization code and hardware attack.As shown in fig. 7, Fig. 7 is a kind of
The interaction schematic diagram of SGX modules and application program.Wherein, enclave has following feature:(1) there is the code sum number of oneself
According to;(2) Confidentiality protection is provided;(3) integrity protection is provided;(4) there is controllable entrance;(5) multithreading is supported;(6)
There are highest access rights to application program internal memory.Show as shown in figure 8, Fig. 8 is a kind of structure of memory protection zone enclave
It is intended to.Wherein, TCS (Thread Control Structure) is in store enters or restores enclave lines when exiting enclave
The specific information of journey.
Optionally, as shown in figure 9, the method in above-described embodiment can also include:
S901, the 2nd vTPM simulators run in the first enclave receive the wound of the SGX module forwards
The order of vTPM examples is built, the order for creating vTPM examples is by the virtual machine manager when creating the first virtual machine VM
Trigger and use the first communication secret key encryption, again to SGX modules transmission.
S902, the 2nd vTPM simulators communicate the order decryption that vTPM examples are created described in secret key pair using described first,
The second request to create is sent to the SGX modules according to the order for creating vTPM examples, second request to create is specified
VTPM examples it is corresponding with the first VM that the order for creating vTPM examples is specified so that the SGX module creations with it is described
Second request to create specifies corresponding 2nd enclave of vTPM examples, real to execute the vTPM in the 2nd enclave
The program code of example is realized and the vTPM examples corresponding to the first VM.
As shown in Figure 10, virtual machine manager triggers the order for creating vTPM examples when creating the first virtual machine VM, so
Afterwards using first communication secret key pair create vTPM examples order be encrypted, and by it is encrypted create vTPM examples order
SGX modules are sent to forward it to described after SGX modules receive the encrypted order for creating vTPM examples
The 2nd vTPM simulators run in first enclave of vTPM simulators, the 2nd vTPM simulators, which receive, creates vTPM realities
After the order of example, the 2nd vTPM simulators communicate the order decryption that vTPM examples are created described in secret key pair using described first,
And it sends the second request to create to the SGX modules being loaded into operating system to build after SGX modules receive the second request to create
The memory protection zone enclave of the vTPM examples is found, and the program code of vTPM examples is loaded into the vTPM examples
Memory protection zone enclave, CPU can be loaded onto the program code of memory protection zone enclave and the journey being provided previously
Sequence code is compared to determine the integrality of the program code for the vTPM examples being loaded into, finally in memory protection zone
Enclave executes the program code of the vTPM examples.In addition, the first VM with the 2nd enclave operation vTPM examples it
Between the data that communicate pass through forwarding among SGX modules, SGX modules generate the second communication secret key, the first VM with second
The data communicated between the vTPM examples of enclave operations are encrypted or are decrypted using the second communication secret key of generation.
To realize vTPM examples and insincere behaviour using the hardware protection function of SGX modules and memory protection zone enclave
The security isolation for making system ensure that the computational security of vTPM examples.
It should be noted that vTPM examples are bound with corresponding virtual machine VM, and with the life cycle of corresponding virtual machine VM
It is consistent, the information between vTPM examples and virtual machine VM, which passes through SGX modules and is encrypted, to be communicated, and is utilized
Enclave instructions are realized.
Continue to refer to figure 11, Figure 11 be further embodiment of this invention propose a kind of virtual credible platform module vTPM can
Believe the flow diagram of execution method.Present invention method includes:
S1101, the first virtual machine VM receive the communication instruction of user's triggering, are referred to using being communicated described in the second communication secret key pair
Order is encrypted, and will be sent to SGX modules by the encrypted communication instruction, so that the SGX modules will pass through encryption
The communication instruction be transmitted to vTPM examples.
S1102, vTPM example receive the encrypted communication instruction of SGX module forwards.
S1103, vTPM example communicate secret key pair using described second and are decrypted by the encrypted communication instruction, hold
The row communication instruction, and sent by encryption using the second communication secret key pair implementing result encryption, to the SGX modules
The implementing result.
S1104, the first VM communicate secret key pair using described second and are decrypted by the encrypted implementing result,
And obtain the implementing result.
In the specific implementation, as shown in figure 12, the first virtual machine VM first receives the communication instruction of user's triggering, and uses the
Two communication secret key pair communication instructions are encrypted, and then will be sent to SGX modules by encrypted communication instruction, SGX modules connect
It receives after encrypted communication instruction, vTPM examples will be transmitted to by encrypted communication instruction, received in vTPM examples
To after the encrypted communication instruction of process of SGX module forwards, vTPM examples are using the second communication secret key pair by encrypted logical
Letter instruction is decrypted, and executes communication instruction, secret using the second communication after executing communication instruction and determining implementing result
Implementing result is encrypted in key, is finally sent to SGX modules and passes through encrypted implementing result;SGX modules are received by encryption
Implementing result, and forward it to the first VM, last first VM is received after encrypted implementing result, uses second
Communication secret key pair is decrypted by encrypted implementing result, and obtains implementing result.To utilize the interior of structure vTPM examples
The secret key coded communication data generated when the enclave of protection zone are deposited, encryption letter is transmitted by the safe lane of SGX module constructions
Breath realizes virtual machine VM and the security isolation with insincere operating system when corresponding vTPM examples progress communication data, ensures
The safety of VM and vTPM instance communications.
Particularly, as shown in figure 13, Figure 13 is a kind of signal of the credible execution method of virtual credible platform module vTPM
Figure, this method are the memory protection zones for creating vTPM threads corresponding with virtual machine VM and establishing the vTPM threads
Enclave, due to similar with the establishment of vTPM examples and the memory protection zone enclave of vTPM threads, this step is not
It repeats again.
Please refer to Fig.1 the credible execution that 4, Figure 14 is a kind of virtual credible platform module vTPM provided in an embodiment of the present invention
The structural schematic diagram of device, as shown, operating system loads SGX modules, the operating system has the first vTPM simulations
Device, described device include:
First vTPM simulators of the operating system make for sending the first request to create to the SGX modules
It obtains the SGX modules and the first memory protection zone enclave is established according to first request to create, it is secret to generate the first communication
Key, so as to execute the program code of the first vTPM simulators in the first enclave realize the 2nd vTPM simulate
Device;
The 2nd vTPM simulators, for communicating the number that SGX modules subsequently forward described in secret key pair using described first
According to decryption.
As shown in fig. 6, CPU supports Intel SGX frameworks, when apparatus system initializes, the system of being operated first can incite somebody to action
SGX modules in CPU are loaded into operating system, start the first vTPM simulators of operation.Virtual machine manager (has virtual at this time
Machine authority at the highest level) can be that the first vTPM simulators create simulator certificate, which is according to the first vTPM
The identity tag for the first vTPM simulators that the hash value and server hardware public key of simulator generate.Then first
VTPM simulators are created after the first memory protection zone enclave, SGX module receives establishment order to SGX module applications and are held
Row creates order, distributes the first memory protection zone enclave for the first vTPM simulators, and by the journey of the first vTPM simulators
Sequence code, which is loaded into the first memory protection zone enclave, CPU, can be loaded onto the program of the first memory protection zone enclave
Code is compared to determine the integrality of the program code for the first vTPM simulators being loaded into the program code being provided previously,
The program code of the first vTPM simulators is finally executed in the first memory protection zone enclave to realize that the 2nd vTPM is simulated
Device.In addition, after SGX modules establish first memory protection zone enclave according to first request to create, Ke Yichuan
The first communication secret key is built, the 2nd vTPM simulators can use the data that SGX modules subsequently forward described in the first communication secret key pair
Decryption.Wherein, the first vTPM simulators and the 2nd vTPM simulators can with isolated operation, can also synthetic operation execute it is relevant
Communication instruction.
It should be noted that SGX modules are a kind of extensions to CPU architecture, provided firmly for the safety execution of application program
Part is protected.This extension allows the application program of user mode to create one piece of memory guarantor in the virtual address space of application program
Protect region enclave, wherein the hardware isolated technology of combining encryption technology and memory, hardware be enclave provide confidentiality with
Integrity protection is allowed to that malice privilege software can be fought, as can host operating system or malicious virtual machine that confrontation is invaded
The attack of monitor, and the physical attacks to memory, such as probe the memory can be resisted.SGX modules to Intel Architecture instruction set and
Internal storage access mode makes some modifications, and to allow the shielded region of memory enclave of one piece of process creation, enclave can
Protection runs on program code therein and is not encroached on by malice authorization code and hardware attack.As shown in fig. 7, Fig. 7 is a kind of
The interaction schematic diagram of SGX modules and application program.Wherein, enclave has following feature:(1) there is the code sum number of oneself
According to;(2) Confidentiality protection is provided;(3) integrity protection is provided;(4) there is controllable entrance;(5) multithreading is supported;(6)
There are highest access rights to application program internal memory.Show as shown in figure 8, Fig. 8 is a kind of structure of memory protection zone enclave
It is intended to.Wherein, TCS (Thread Control Structure) is in store enters or restores enclave lines when exiting enclave
The specific information of journey.
Optionally, as shown in figure 14, the device in the embodiment of the present invention can also include the 2nd vTPM simulators, second
VTPM simulators are used for:
The order of the establishment vTPM examples of the SGX module forwards is received, the order for creating vTPM examples is by described
Virtual machine manager triggers when creating the first virtual machine VM and uses the first communication secret key encryption, again to the SGX moulds
Block is sent.
The order decryption that vTPM examples are created described in secret key pair is communicated using described first, according to the establishment vTPM examples
Order send the second request to create, the specified vTPM examples of second request to create and the establishment to the SGX modules
The first VM that the order of vTPM examples is specified is corresponded to so that the SGX module creations specify vTPM with second request to create
Corresponding 2nd enclave of example, so as to execute the program code of the vTPM examples in the 2nd enclave realize with
VTPM examples corresponding to first VM.
As shown in Figure 10, virtual machine manager triggers the order for creating vTPM examples when creating the first virtual machine VM, so
Afterwards using first communication secret key pair create vTPM examples order be encrypted, and by it is encrypted create vTPM examples order
SGX modules are sent to forward it to described after SGX modules receive the encrypted order for creating vTPM examples
The 2nd vTPM simulators run in first enclave of vTPM simulators, the 2nd vTPM simulators, which receive, creates vTPM realities
After the order of example, the 2nd vTPM simulators communicate the order decryption that vTPM examples are created described in secret key pair using described first,
And it sends the second request to create to the SGX modules being loaded into operating system to build after SGX modules receive the second request to create
The memory protection zone enclave of the vTPM examples is found, and the program code of vTPM examples is loaded into the vTPM examples
Memory protection zone enclave, CPU can be loaded onto the program code of memory protection zone enclave and the journey being provided previously
Sequence code is compared to determine the integrality of the program code for the vTPM examples being loaded into, finally in memory protection zone
Enclave executes the program code of the vTPM examples.In addition, the first VM with the 2nd enclave operation vTPM examples it
Between the data that communicate pass through forwarding among SGX modules, SGX modules generate the second communication secret key, the first VM with second
The data communicated between the vTPM examples of enclave operations are encrypted or are decrypted using the second communication secret key of generation.
To realize vTPM examples and insincere behaviour using the hardware protection function of SGX modules and memory protection zone enclave
The security isolation for making system ensure that the computational security of vTPM examples.
It should be noted that vTPM examples are bound with corresponding virtual machine VM, and with the life cycle of corresponding virtual machine VM
It is consistent, the information between vTPM examples and virtual machine VM, which passes through SGX modules and is encrypted, to be communicated, and is utilized
Enclave instructions are realized.
As shown in figure 14, the device in the embodiment of the present invention can also include vTPM examples, and the vTPM examples are specifically used
In:
Receive the encrypted communication instruction of SGX module forwards, the communication instruction by the first virtual machine VM triggering,
And it is encrypted using communication instruction described in the second communication secret key pair, again to the transmission of SGX modules;Secret key is communicated using described second
To being decrypted by the encrypted communication instruction, the communication instruction is executed.
In the specific implementation, as shown in figure 12, the first virtual machine VM triggering vTPM instance communications instruction first, and use the
Then two communication secret key pairs will issue SGX modules by encrypted communication instruction, will after SGX modules receive communication instruction
VTPM examples are transmitted to by encrypted communication instruction, the encrypted communication that last vTPM examples receive SGX module forwards refers to
It enables;After vTPM examples receive encrypted communication instruction, vTPM examples are using the second communication secret key pair by encrypted
Communication instruction is decrypted, and then executes communication instruction.
As shown in figure 14, the device in the embodiment of the present invention can also include the first virtual machine VM, the first virtual machine VM tools
Body is used for:
The communication instruction for receiving user's triggering is encrypted using communication instruction described in the second communication secret key pair, and will be through
It crosses the encrypted communication instruction and is sent to SGX modules, so that the SGX modules will pass through the encrypted communication instruction forwarding
Give vTPM examples so that the vTPM examples communicate secret key pair using described second and solved by the encrypted communication instruction
Close, the execution communication instruction communicates the encryption of secret key pair implementing result using described second, sends and pass through to the SGX modules
The encrypted implementing result;
Secret key pair is communicated using described second to be decrypted by the encrypted implementing result, and obtains described executing knot
Fruit.
Specifically, as shown in figure 12, the first virtual machine VM first receives the communication instruction of user's triggering, and uses second
Communication secret key pair communication instruction is encrypted, and SGX modules then will be sent to by encrypted communication instruction, and SGX modules receive
To by after encrypted communication instruction, vTPM examples will be transmitted to by encrypted communication instruction, SGX is received in vTPM examples
After the encrypted communication instruction of process of module forwards, vTPM examples pass through the encrypted communication using the second communication secret key pair
Instruction is decrypted and executes communication instruction, after executing communication instruction and determining implementing result, uses the second communication secret key
Implementing result is encrypted, is finally sent to SGX modules and passes through encrypted implementing result;SGX modules are received by encrypted
By encrypted implementing result, and the first VM being forwarded it to, last first VM is received after encrypted implementing result,
It is decrypted by encrypted implementing result using the second communication secret key pair, and obtains implementing result.To utilize structure vTPM
The secret key coded communication data generated when the memory protection zone enclave of example are passed by the safe lane of SGX module constructions
Progressively increase confidential information, realize safety when virtual machine VM and corresponding vTPM examples carry out communication data with insincere operating system every
From ensure that the safety of VM and vTPM instance communications.
It is an example structure schematic diagram of computer equipment of the present invention please continue to refer to Figure 15.As shown in figure 15, the meter
It includes processor 1501 and interface circuit 1502 to calculate machine equipment, memory 1503 and bus 1504 is given in figure, the processing
Device 1501, interface circuit 1502 and memory 1503 are connected by bus 1504 and complete mutual communication.
Wherein, processor 1501 is used for:
The first request to create is sent to the SGX modules so that the SGX modules are established according to first request to create
First memory protection zone enclave generates the first communication secret key, to execute described first in the first enclave
The program code of vTPM simulators realizes the 2nd vTPM simulators;
The data deciphering that SGX modules subsequently forward described in secret key pair is communicated using described first.
Optionally, processor 1501 is additionally operable to:
The order of the establishment vTPM examples of the SGX module forwards is received, the order for creating vTPM examples is by described
Virtual machine manager triggers when creating the first virtual machine VM and uses the first communication secret key encryption, again to the SGX moulds
Block is sent;
The order decryption that vTPM examples are created described in secret key pair is communicated using described first, according to the establishment vTPM examples
Order send the second request to create, the specified vTPM examples of second request to create and the establishment to the SGX modules
The first VM that the order of vTPM examples is specified is corresponded to so that the SGX module creations specify vTPM with second request to create
Corresponding 2nd enclave of example, so as to execute the program code of the vTPM examples in the 2nd enclave realize with
VTPM examples corresponding to first VM.
Optionally, the SGX modules generate the second communication secret key, so as to the first VM and in the 2nd enclave
The data that communicate are by forwarding among the SGX modules between the vTPM examples of operation, the first VM with described
The data communicated between the vTPM examples of 2nd enclave operations communicate secret key encryption/decryption using described second.
Wherein, processor 1501 is additionally operable to:
The encrypted communication instruction of SGX module forwards is received, the communication instruction is triggered and made by the first virtual machine VM
The communication instruction described in the second communication secret key pair is encrypted, again to the transmission of SGX modules;
Secret key pair is communicated using described second to be decrypted by the encrypted communication instruction, is executed the communication and is referred to
It enables.
Wherein, processor 1501 is additionally operable to:
The communication instruction for receiving user's triggering is encrypted using communication instruction described in the second communication secret key pair, and will be through
It crosses the encrypted communication instruction and is sent to SGX modules, so that the SGX modules will pass through the encrypted communication instruction forwarding
Give vTPM examples so that the vTPM examples communicate secret key pair using described second and solved by the encrypted communication instruction
Close, the execution communication instruction communicates the encryption of secret key pair implementing result using described second, sends and pass through to the SGX modules
The encrypted implementing result;
Secret key pair is communicated using described second to be decrypted by the encrypted implementing result, and obtains described executing knot
Fruit.
It should be noted that processor 1501 here can be a processing element, can also be multiple processing elements
General designation.For example, the processing element can be central processing unit (Central Processing Unit, CPU), can also be
Specific integrated circuit (Application Specific Integrated Circuit, ASIC), or be arranged to implement
One or more integrated circuits of the embodiment of the present invention, such as:One or more microprocessors (digital singnal
Processor, DSP), or, one or more field programmable gate array (Field Programmable Gate Array,
FPGA)。
Memory 1503 can be a storage device, can also be the general designation of multiple memory elements, and can for storing
Execute parameter, data etc. required for program code or the operation of application program running gear.And memory 1503 may include random
Memory (RAM) can also include nonvolatile memory (non-volatilememory), such as magnetic disk storage, flash memory
(Flash) etc..
Bus 1504 can be that industry standard architecture (Industry Standard Architecture, ISA) is total
Line, external equipment interconnection (Peripheral Component, PCI) bus or extended industry-standard architecture (Extended
Industry Standard Architecture, EISA) bus etc..It is total that the bus 1504 can be divided into address bus, data
Line, controlling bus etc..For ease of indicating, only indicated with a thick line in Figure 15, it is not intended that an only bus or one kind
The bus of type.
The computer equipment can also include input/output unit, bus 1504 is connected to, to pass through bus and processor
The other parts such as 1501 connect.The input/output unit can provide an input interface for operating personnel, so that operating personnel are logical
It crosses the input interface and selects item of deploying to ensure effective monitoring and control of illegal activities, can also be other interfaces, the external miscellaneous equipment of the interface can be passed through.
It should be noted that for each embodiment of the method above-mentioned, for simple description, therefore it is all expressed as to a system
The combination of actions of row, but those skilled in the art should understand that, the present invention is not limited by the described action sequence, because
For according to the present invention, certain some step can be performed in other orders or simultaneously.Secondly, those skilled in the art also should
Know, embodiment described in this description belongs to preferred embodiment, involved action and module not necessarily this hair
Necessary to bright.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in some embodiment
Part, may refer to the associated description of other embodiment.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage
Medium may include:Flash disk, read-only memory (English:Read-Only Memory, referred to as:ROM), random access device (English
Text:Random Access Memory, referred to as:RAM), disk or CD etc..
It is provided for the embodiments of the invention content download method above and relevant device, system are described in detail,
Principle and implementation of the present invention are described for specific case used herein, and the explanation of above example is only used
In facilitating the understanding of the method and its core concept of the invention;Meanwhile for those of ordinary skill in the art, according to the present invention
Thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as
Limitation of the present invention.
Claims (11)
1. the credible execution method of virtual credible platform module vTPM a kind of, which is characterized in that operating system loads SGX modules,
The operating system has the first vTPM simulators, the method includes:
First vTPM simulators of the operating system send the first request to create to the SGX modules so that the SGX
Module establishes the first memory protection zone enclave according to first request to create, the first communication secret key is generated, so as in institute
It states and executes the program code of the first vTPM simulators in the first enclave to realize the 2nd vTPM simulators;
The 2nd vTPM simulators communicate the data deciphering that SGX modules subsequently forward described in secret key pair using described first.
2. the method as described in claim 1, which is characterized in that the operating system virtual machine manager, the method
Further include:
The 2nd vTPM simulators run in the first enclave receive the establishment vTPM examples of the SGX module forwards
Order, it is described create vTPM examples order triggered and made when creating the first virtual machine VM by the virtual machine manager
Secret key encryption is communicated with described first, again to SGX modules transmission;
The 2nd vTPM simulators communicate the order decryption that vTPM examples are created described in secret key pair using described first, according to institute
The order for stating establishment vTPM examples sends the second request to create, the specified vTPM of second request to create to the SGX modules
Example is corresponding with the first VM that the order for creating vTPM examples is specified so that the SGX module creations are created with described second
It builds request and specifies corresponding 2nd enclave of vTPM examples, to execute the journey of the vTPM examples in the 2nd enclave
Sequence code is realized and the vTPM examples corresponding to the first VM.
3. method as claimed in claim 2, which is characterized in that the SGX modules generate the second communication secret key, so as to described the
The data that one VM is communicated between the vTPM examples that the 2nd enclave is run are passed through among the SGX modules
Forwarding, the data that the first VM is communicated between the vTPM examples that the 2nd enclave is run use described
Second communication secret key encryption/decryption.
4. the credible execution method of virtual credible platform module vTPM a kind of, which is characterized in that the method includes:
VTPM examples receive the encrypted communication instruction of SGX module forwards, and the communication instruction is triggered and used by the first VM
Second communication secret key is encrypted, again to SGX modules transmission;Wherein, corresponding to the vTPM examples and the first VM,
The vTPM examples by the 2nd enclave execute the program code of the vTPM examples to realize, the 2nd enclave be by
The SGX module creations and with the second request to create specify the vTPM examples it is corresponding, second request to create is by second
The order that vTPM simulators create vTPM examples using the first communication secret key pair is decrypted, according to the order for creating vTPM examples
It is sent to the SGX modules, the order for creating vTPM examples is touched by virtual machine manager when creating the first virtual machine VM
It sends out and uses the first communication secret key encryption, again to SGX modules transmission, created described in the SGX module forwards
To the 2nd vTPM simulators run in the first enclave, the 2nd vTPM simulators are for the order of vTPM examples
The 2nd vTPM simulators for executing the program code of the first vTPM simulators in first enclave to realize, described first
Enclave is the first memory protection zone enclave that the SGX modules are established according to the first request to create, and described first is logical
Letter secret key is generated by the SGX modules according to the first request to create;
The vTPM examples communicate secret key pair using described second and are decrypted by the encrypted communication instruction, described in execution
Communication instruction.
5. the credible execution method of virtual credible platform module vTPM a kind of, which is characterized in that the method includes:
First VM receives the communication instruction of user's triggering, is encrypted using communication instruction described in the second communication secret key pair, and will
SGX modules are sent to by the encrypted communication instruction, are turned so that the SGX modules will pass through the encrypted communication instruction
Issue vTPM examples so that the vTPM examples communicate secret key pair using described second and carried out by the encrypted communication instruction
It decrypts, execute the communication instruction, the encryption of secret key pair implementing result is communicated using described second, sends warp to the SGX modules
Cross the encrypted implementing result, wherein the vTPM examples are with corresponding to the first VM, and the vTPM examples are by second
Enclave executes the program code of the vTPM examples to realize, the 2nd enclave be by the SGX module creations and
Corresponding with the vTPM examples that the second request to create is specified, second request to create uses first by the 2nd vTPM simulators
The order decryption that secret key pair creates vTPM examples is communicated, is sent to the SGX modules according to the order for creating vTPM examples,
The order for creating vTPM examples is triggered by virtual machine manager when creating the first virtual machine VM and is led to using described first
Believe secret key encryption, send again to the SGX modules, the order of vTPM examples is created described in the SGX module forwards to the
The 2nd vTPM simulators run in one enclave, the 2nd vTPM simulators are to be executed in the first enclave
For the program code of first vTPM simulators come the 2nd vTPM simulators realized, the first enclave is the SGX modules root
According to the first request to create establish the first memory protection zone enclave, it is described first communication secret key by the SGX modules according to
First request to create generates;
First VM communicates secret key pair using described second and is decrypted by the encrypted implementing result, and obtains described
Implementing result.
6. a kind of credible executive device of virtual credible platform module vTPM, which is characterized in that operating system loads SGX modules,
The operating system has the first vTPM simulators, described device to include:
First vTPM simulators of the operating system, for sending the first request to create to the SGX modules so that institute
It states SGX modules and the first memory protection zone enclave is established according to first request to create, generate the first communication secret key, with
Just the program code of the first vTPM simulators is executed in the first enclave to realize the 2nd vTPM simulators;
The 2nd vTPM simulators, for communicating the data solution that SGX modules subsequently forward described in secret key pair using described first
It is close.
7. device as claimed in claim 6, which is characterized in that the operating system virtual machine manager, described device
It is included in the 2nd vTPM simulators run in the first enclave, the 2nd vTPM simulators are used for:
The order of the establishment vTPM examples of the SGX module forwards is received, the order for creating vTPM examples is by described virtual
Machine manager triggers when creating the first virtual machine VM and uses the first communication secret key encryption, again to SGX modules hair
It send;
The order decryption that vTPM examples are created described in secret key pair is communicated using described first, according to the life for creating vTPM examples
It enables to the SGX modules and sends the second request to create, the specified vTPM examples of second request to create and the establishment vTPM
The first VM that the order of example is specified is corresponded to so that the SGX module creations specify vTPM examples with second request to create
Corresponding 2nd enclave, so as to execute the program code of the vTPM examples in the 2nd enclave realize with it is described
VTPM examples corresponding to first VM.
8. device as claimed in claim 7, which is characterized in that the SGX modules generate the second communication secret key, so as to described the
The data that one VM is communicated between the vTPM examples that the 2nd enclave is run are passed through among the SGX modules
Forwarding, the data that the first VM is communicated between the vTPM examples that the 2nd enclave is run use described
Second communication secret key encryption/decryption.
9. a kind of credible executive device of virtual credible platform module vTPM, which is characterized in that described device includes vTPM examples,
The vTPM examples are specifically used for:
The encrypted communication instruction of SGX module forwards is received, the communication instruction is triggered by the first VM and uses the second communication
Secret key is encrypted, again to SGX modules transmission;Wherein, corresponding to the vTPM examples and the first VM, the vTPM
Example executes the program code of the vTPM examples to realize by the 2nd enclave, and the 2nd enclave is by the SGX
Module creation and with the second request to create specify the vTPM examples it is corresponding, second request to create is simulated by the 2nd vTPM
The order that device creates vTPM examples using the first communication secret key pair is decrypted, according to the order for creating vTPM examples to described
SGX modules are sent, and the order for creating vTPM examples is triggered and made when creating the first virtual machine VM by virtual machine manager
Secret key encryption is communicated with described first, again to SGX modules transmission, vTPM examples are created described in the SGX module forwards
Order to the 2nd vTPM simulators that are run in the first enclave, the 2nd vTPM simulators are described first
The 2nd vTPM simulators for executing the program code of the first vTPM simulators in enclave to realize, the first enclave are
The first memory protection zone enclave that the SGX modules are established according to the first request to create, the first communication secret key is by institute
SGX modules are stated to be generated according to the first request to create;
Secret key pair is communicated using described second to be decrypted by the encrypted communication instruction, executes the communication instruction.
10. a kind of credible executive device of virtual credible platform module vTPM, which is characterized in that described device includes the first VM,
First VM is specifically used for:
The communication instruction for receiving user's triggering is encrypted using communication instruction described in the second communication secret key pair, and will pass through and add
The close communication instruction is sent to SGX modules, so that the SGX modules will be transmitted to by the encrypted communication instruction
VTPM examples so that the vTPM examples communicate secret key pair using described second and solved by the encrypted communication instruction
Close, the execution communication instruction communicates the encryption of secret key pair implementing result using described second, sends and pass through to the SGX modules
The encrypted implementing result;Wherein, the vTPM examples are with corresponding to the first VM, and the vTPM examples are by second
Enclave executes the program code of the vTPM examples to realize, the 2nd enclave be by the SGX module creations and
Corresponding with the vTPM examples that the second request to create is specified, second request to create uses first by the 2nd vTPM simulators
The order decryption that secret key pair creates vTPM examples is communicated, is sent to the SGX modules according to the order for creating vTPM examples,
The order for creating vTPM examples is triggered by virtual machine manager when creating the first virtual machine VM and is led to using described first
Believe secret key encryption, send again to the SGX modules, the order of vTPM examples is created described in the SGX module forwards to the
The 2nd vTPM simulators run in one enclave, the 2nd vTPM simulators are to be executed in the first enclave
For the program code of first vTPM simulators come the 2nd vTPM simulators realized, the first enclave is the SGX modules root
According to the first request to create establish the first memory protection zone enclave, it is described first communication secret key by the SGX modules according to
First request to create generates;
Secret key pair is communicated using described second to be decrypted by the encrypted implementing result, and obtains the implementing result.
11. a kind of computer equipment, which is characterized in that the computer equipment includes processor and memory, the processor
It is connect by bus with the memory;
The memory is for storing computer executed instructions, and when the computer equipment is run, the processor executes institute
State the computer executed instructions of memory storage so that the computer equipment perform claim requires described in 1 to 5 any one
Virtual credible platform module vTPM credible execution method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510837577.2A CN105389513B (en) | 2015-11-26 | 2015-11-26 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510837577.2A CN105389513B (en) | 2015-11-26 | 2015-11-26 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105389513A CN105389513A (en) | 2016-03-09 |
| CN105389513B true CN105389513B (en) | 2018-10-12 |
Family
ID=55421789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510837577.2A Active CN105389513B (en) | 2015-11-26 | 2015-11-26 | A kind of credible execution method and apparatus of virtual credible platform module vTPM |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105389513B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9934407B2 (en) | 2014-07-15 | 2018-04-03 | Neil Sikka | Apparatus for and method of preventing unsecured data access |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342980B (en) * | 2017-06-05 | 2020-05-19 | 杭州云象网络技术有限公司 | Credibility verification method and system for public link node workload certification |
| CN107463838B (en) * | 2017-08-14 | 2019-10-18 | 广州大学 | Method for safety monitoring, device, system and storage medium based on SGX |
| CN107832606B (en) * | 2017-09-28 | 2020-05-19 | 中国船舶重工集团公司第七0九研究所 | SGX-based trust chain implementation method and system |
| CN108255579A (en) * | 2018-01-11 | 2018-07-06 | 浪潮(北京)电子信息产业有限公司 | A kind of virtual machine management method and device based on KVM platforms |
| CN110874468B (en) * | 2018-08-31 | 2024-02-09 | 华为技术有限公司 | Application program security protection method and related equipment |
| CN109150517B (en) * | 2018-09-04 | 2021-03-12 | 大唐高鸿信安(浙江)信息科技有限公司 | Secret key safety management system and method based on SGX |
| CN109800584B (en) * | 2018-10-24 | 2020-10-16 | 中国科学院信息工程研究所 | Identity or attribute encryption calculation method and system based on Intel SGX mechanism |
| CN109583191B (en) * | 2018-10-31 | 2021-02-02 | 清华大学 | Method and device for protecting integrity of control flow of cloud program |
| CN113468535A (en) * | 2020-03-31 | 2021-10-01 | 华为技术有限公司 | Credibility measuring method and related device |
| CN112182560B (en) * | 2020-09-17 | 2022-04-26 | 上海交通大学 | Efficient isolation method, system and medium for Intel SGX interior |
| CN112446032B (en) * | 2020-11-20 | 2022-05-31 | 南方科技大学 | Trusted execution environment construction method, system and storage medium |
| CN112836217B (en) * | 2021-01-12 | 2023-02-10 | 清华大学深圳国际研究生院 | SGX-based block chain virtual machine method and system for dynamically reducing TCB |
| CN114398156B (en) * | 2022-03-24 | 2022-09-09 | 阿里云计算有限公司 | Data channel construction method and device |
| CN114625484A (en) * | 2022-03-31 | 2022-06-14 | 苏州浪潮智能科技有限公司 | Virtualization implementation method, device, electronic equipment, medium and ARM platform |
| CN117194286B (en) * | 2023-09-08 | 2024-03-26 | 上海合芯数字科技有限公司 | Micro control unit, processor, access method and access system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425027A (en) * | 2008-11-20 | 2009-05-06 | 上海交通大学 | Virtual machine safety protocol method and system based on TPM |
| CN101488174A (en) * | 2009-01-15 | 2009-07-22 | 北京交通大学 | Implementing method for dynamically transparent virtual credible platform module |
| CN101599025A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | Safety virtualization method of trusted crypto module |
| CN102110197A (en) * | 2009-12-25 | 2011-06-29 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| CN103532985A (en) * | 2013-11-01 | 2014-01-22 | 中国联合网络通信集团有限公司 | Communication method, equipment and system between virtual machines |
| CN103618724A (en) * | 2013-12-03 | 2014-03-05 | 中标软件有限公司 | Method and system for communications between terminal and virtual machine |
| EP2913956A1 (en) * | 2012-11-22 | 2015-09-02 | Huawei Technologies Co., Ltd. | Management control method, device and system for virtual machine |
-
2015
- 2015-11-26 CN CN201510837577.2A patent/CN105389513B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425027A (en) * | 2008-11-20 | 2009-05-06 | 上海交通大学 | Virtual machine safety protocol method and system based on TPM |
| CN101488174A (en) * | 2009-01-15 | 2009-07-22 | 北京交通大学 | Implementing method for dynamically transparent virtual credible platform module |
| CN101599025A (en) * | 2009-07-07 | 2009-12-09 | 武汉大学 | Safety virtualization method of trusted crypto module |
| CN102110197A (en) * | 2009-12-25 | 2011-06-29 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| EP2913956A1 (en) * | 2012-11-22 | 2015-09-02 | Huawei Technologies Co., Ltd. | Management control method, device and system for virtual machine |
| CN103532985A (en) * | 2013-11-01 | 2014-01-22 | 中国联合网络通信集团有限公司 | Communication method, equipment and system between virtual machines |
| CN103618724A (en) * | 2013-12-03 | 2014-03-05 | 中标软件有限公司 | Method and system for communications between terminal and virtual machine |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9934407B2 (en) | 2014-07-15 | 2018-04-03 | Neil Sikka | Apparatus for and method of preventing unsecured data access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105389513A (en) | 2016-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105389513B (en) | A kind of credible execution method and apparatus of virtual credible platform module vTPM | |
| US20230034410A1 (en) | Secure Execution Support for A.I. Systems (and other Heterogeneous Systems) | |
| Santos et al. | Using ARM TrustZone to build a trusted language runtime for mobile applications | |
| CN103051451B (en) | The encryption certification of safe managed execution environments | |
| CN107346401B (en) | Information security system for securely executing program | |
| CN106687980B (en) | Management program and virtual machine protection | |
| CN106462708A (en) | Management of authenticated variables | |
| CN107851163A (en) | For the integrality of I/O data, anti-replay and the technology of authenticity guarantee | |
| US20130022201A1 (en) | Encrypted memory | |
| Amiri Sani | Schrodintext: Strong protection of sensitive textual content of mobile applications | |
| KR20100066404A (en) | Method and apparatus for the secure processing of confidential content within a virtual machine of a processor | |
| ES2941312T3 (en) | Secure deployment and operation of a virtual platform system | |
| CN109033869A (en) | Encrypted file system hanging method and device | |
| Brasser et al. | Advances and throwbacks in hardware-assisted security: Special session | |
| EP3980898A1 (en) | Systems and methods for processor virtualization | |
| Nashimoto et al. | Bypassing isolated execution on risc-v using side-channel-assisted fault-injection and its countermeasure | |
| Brasser et al. | Special session: Advances and throwbacks in hardware-assisted security | |
| Zhou et al. | Smile: Secure memory introspection for live enclave | |
| Gallery | An overview of trusted computing technology | |
| US9111072B1 (en) | Anti-reverse engineering unified process | |
| Mohammad et al. | Required policies and properties of the security engine of an SoC | |
| Donnini | Integration of the DICE specification into the Keystone framework | |
| US20170134379A1 (en) | Method for securing an application and data | |
| Smith | Hardware security modules | |
| Ahmed et al. | Trusted IP solution in multi-tenant cloud FPGA platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220214 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |