CN107194287A - A kind of module safety partition method on ARM platforms - Google Patents
A kind of module safety partition method on ARM platforms Download PDFInfo
- Publication number
- CN107194287A CN107194287A CN201710334806.8A CN201710334806A CN107194287A CN 107194287 A CN107194287 A CN 107194287A CN 201710334806 A CN201710334806 A CN 201710334806A CN 107194287 A CN107194287 A CN 107194287A
- Authority
- CN
- China
- Prior art keywords
- space
- untrusted
- abort
- kernel
- trusted kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The present invention provides the module safety partition method on a kind of ARM platforms, and linux kernel space is divided into trusted kernel space and untrusted space by this method;Wherein linux kernel is run in trusted kernel space;Segregate module is run in untrusted space;Trusted kernel space is switched to untrusted space by this method by the Hypervisor Monitor of the franchise layers of EL2 simultaneously, when switching to trusted kernel space by untrusted space, the Trampoline of the franchise layers of EL1 is first passed through, then is absorbed in Hypervisor Monitor to switch to trusted kernel space by Trampoline.The inventive method is safer efficiently to limit untrusted module also by ARM ardware features, to ensure the reliability and stability of linux system.
Description
Technical field
The present invention relates to the module on computer operating system internal memory security technology area, more particularly to a kind of ARM platforms
Security isolation method.
Background technology
For a long time, calculator memory is the basis of safety of computer operating system safely.Stored in calculator memory
Data message includes sensitive content, also including code information and operating system data.Data message in internal memory needs to be protected
Maliciously not stolen or be distorted.
Such as drive module in linux system.The Linux device drives of failure would be possible to whole linux system
Cause harm.Linux device drives are the interfaces of software systems and hardware device interaction, and it turns the device request order of software
Turn to the control command of particular device so that the equipment in Linux can run well and be used by Linux user programs.It is another
Aspect, device drives notify the state of equipment to include linux system to software in time.In recent years, because device drives occur therefore
Hinder the accident caused to emerge in an endless stream.The high complexity of Linux device drives is to influence the reliability and correctness of device drives
One of key factor.Asynchronous event, which is such as interrupted, causes interlock executions, the static data structure of complexity of code to be interleaved with each other, drive and open
The highly difficult of originator exploitation is the reason for device drives have mistake.To ensure the reliability of device drives, an important side
Method is by device drives Fault Isolation.It is by using Fault Isolation and the means recovered so that the event of device driver
Barrier will not cause the operation of itself or operating system to be aborted, so as to ensure that the reliability of system to a certain extent.
ARM frameworks have low-power consumption, the easily advantage such as extension, reliability, and the release of ARMv8 frameworks has promoted ARM significantly
Prevalence of the architecture processor in traditional PC, server field.Thereupon, the safety on the linux system of ARM frameworks is closed
Note.
But unlike that tradition x86 frameworks, ARM frameworks especially ARMv8 frameworks, have different ardware features, cause
There is suitable difference in the realization of the specific linux system of framework.It is hard that security isolation mechanism based on x86 frameworks relies on x86 mostly
Part attribute, is not suitable for the security isolation of ARM frameworks.
The content of the invention
It is an object of the invention to provide the module safety partition method on a kind of ARM platforms, this method can protect Linux
System improves the security reliability of linux system from the threat from untrusted module.
For up to above-mentioned purpose, the technical solution adopted in the present invention is:
A kind of module safety partition method on ARM platforms, its step includes:
1) linux kernel space is divided into trusted kernel space and untrusted space;Run wherein in trusted kernel space
Linux kernel;Segregate module (untrusted module) is run in untrusted space;
2) when trusted kernel space code jumps to untrusted space code or accesses the data in untrusted space, can
Believe that kernel spacing produces Instruction Abort (instruction stops) or Data Abort (data abort), if described
Instruction Abort or Data Abort are produced by the isolation mech isolation test in trusted kernel space and untrusted space, then by EL2
Trusted kernel space is switched to untrusted space by the Hypervisor Monitor (security monitor) of franchise layer;
3) untrusted space code is performed, MMU fault are abnormal until untrusted space is produced, and the MMU fault are abnormal
Hypervisor Monitor are absorbed in after the Trampoline processing of the franchise layers of EL1;
4) LR, FAR_EL1, ELR_EL1 when above-mentioned MMU fault occur Hypervisor Monitor extremely are deposited
Device content and the Access Policy (safety regulation) of the franchise layers of EL2 are contrasted, if the content of registers meets normally
Call and access relation, then untrusted space is switched into trusted kernel by the Hypervisor Monitor of the franchise layers of EL2
Space.
Further, step 2) in when detecting the position that the Instruction Abort or Data Abort occur
Corresponding page table entry authority for Not Present (i.e. the page table entry be not present or illegally) when, then the Instruction
Abort or Data Abort are produced by the isolation mech isolation test in trusted kernel space and untrusted space.
Further, step 2) if in the Instruction Abort or Data Abort be not empty by trusted kernel
Between produced with the isolation mech isolation test in untrusted space, then it is different as the abnormal kernels existing in linux kernel of normal MMU fault
Normal treatment mechanism is handled.
Further, step 2) described in switch to untrusted space be by changing page table base address in trusted kernel space
Register TTBR1_EL1 and exception vector base address register VABR_EL1 is that the value in correspondence untrusted space is completed.
Further, step 2) also include:HCR_EL2.TVM is controlled position 1 by Hypervisor Monitor, to limit
The write access for the register that untrusted space code after switching is specified to HCR_EL2.TVM.
Further, step 3) also include:The exception vector base address register VABR_EL1 specifies exception vector
The base address of table, different types of MMU fault are directed to each exception handler by the exception vector table extremely.
Further, step 3) described in MMU fault are abnormal not only includes step 2) in Instruction
Abort and Data Abort.
Further, step 3) described in Trampoline be that the auxiliary security for belonging to .fi_trampoline areas is isolated
Component;And Trampoline includes exception handling code and hypercalls (HVC instructions) correlative code.
Further, step 4) described in switch to trusted kernel space be by changing page table base address in untrusted space
Register TTBR1_EL1 and exception vector base address register VABR_EL1 is that the value in correspondence trusted kernel space is completed.
Further, step 4) also include:Hypervisor Monitor set to 0 HCR_EL2.TVM control bits, to recover
The write access for the register that trusted kernel space code after switching is specified to HCR_EL2.TVM.
The beneficial effects of the present invention are:The present invention provides the module safety partition method on a kind of ARM platforms, this method
According to virtual memory layout by the segmentation of linux kernel space to isolate virtual address space, wherein linux kernel space is divided into
The trusted kernel space of linux kernel and the untrusted space of operation untrusted module are run, to improve the safety of linux system
Reliability.The inventive method is safer efficiently to limit untrusted module also by ARM ardware features, to ensure linux system
Reliability and stability.
Brief description of the drawings
Fig. 1 is trusted kernel space of the present invention and the component diagram of the isolation mech isolation test in untrusted space;
Fig. 2 is the internal memory mapping schematic diagram in trusted kernel space of the present invention and untrusted space;
Fig. 3 is the flow chart of trusted kernel space of the present invention and the switching of untrusted space.
Embodiment
To enable the features described above and advantage of the present invention to become apparent, special embodiment below, and coordinate institute's accompanying drawing work
Describe in detail as follows.
The present invention is the scheme based on linux system, wherein involved existing system is called, structure, the name of function
Claim to get used to English in this area, the title for generally acknowledging Chinese lexical or textual analysis, be possible to allow ability on the contrary using Chinese
Field technique personnel confuse;And these titles have specific meanings in linux system, technical staff can specify each title institute table
The content shown, without misunderstanding.Therefore existing, nothing generally acknowledges translator of Chinese in linux system involved in the present invention
Title using English expression.
The present invention provides the module safety partition method on a kind of ARM platforms, and its step is:
1) linux kernel space is split to isolate virtual address space according to virtual memory layout, and linux kernel is empty
Between be divided into trusted kernel space and untrusted space.Segregate module (i.e. untrusted mould is wherein run in untrusted space
Block);Linux kernel (i.e. Linux Kernel) is run in trusted kernel space.
2) when trusted kernel space code jumps to the code in untrusted space or accesses the data in untrusted space,
Instruction Abort or Data Abort (i.e. two kinds MMU fault are abnormal) are produced in trusted kernel space, by credible interior
Kernel exception processing code adapter processing in nuclear space, and inspection judges security in period, to decide whether to be absorbed in ARM's
EL2 privilege layers.If Instruction Abort or the Data Abor by trusted kernel space and untrusted kernel spacing every
The system of disembarking is produced, that is, detects the corresponding page table entry authority of the position of Instruction Abort or Data Abort generations
During for Not Present, then it is absorbed in the franchise layers of EL2;Conversely, will be abnormal as normal MMU fault, in linux kernel
Existing kernel exception treatment mechanism is handled.
If 3) be absorbed in the franchise layers of EL2, then by by the Hypervisor Monitor processing of the franchise layers of EL2.
Hypervisor Monitor will switch space, i.e., switch to untrusted space by trusted kernel space.This operation passes through modification
Page table base address register TTBR1_EL1 and exception vector base address register VABR_EL1 is that the value in correspondence untrusted space is complete
Into.Meanwhile, HCR_EL2.TVM is controlled position 1, the untrusted space code pair after limitation switching by Hypervisor Monitor
The write access for the register that HCR_EL2.TVM is specified.
4) after handover, untrusted space code will be performed, the abnormal quilts of MMU fault produced until untrusted space
The Trampoline of EL1 privilege layers is intercepted and captured, and Trampoline is absorbed in after handling MMU fault exceptions afterwards
Hypervisor Monitor.Exception vector base address register VABR_EL1 specifies the base address of exception vector table, inhomogeneity
The MMU fault of type are directed to each exception handler by the exception vector table extremely.It is abnormal for EL1_SYNC classes, protect
Deposit after abnormal context, Hypervisor Monitor are absorbed in using hypercalls (HVC instructions).
5) the Hypervisor Monitor of the franchise layers of EL2 are according to above-mentioned Instruction Abort or Data Abort
LR, FAR_EL1, ELR_EL1 content of registers during generation, by this group of content of registers and the Access of the franchise layers of EL2
Policy is contrasted, and is normally called and access relation with determining whether to meet.
Normally called and access relation 6) if above-mentioned content of registers meets, by the franchise layers of EL2
Hypervisor Monitor switchings space switches to trusted kernel space by untrusted space.This operation is by changing page
Table base address register TTBR1_EL1 and exception vector base address register VABR_EL1 is that the value in correspondence trusted kernel space is real
It is existing.Meanwhile, Hypervisor Monitor set to 0 HCR_EL2.TVM control bits, recover the untrusted space code pair after switching
The write access for the register that HCR_EL2.TVM is specified.
A specific embodiment is named to illustrate the inventive method.
A kind of module safety partition method on ARM platforms, its step includes:
1st, Fig. 1 is refer to, the trusted kernel space and the component of the isolation mech isolation test in untrusted space that the present invention is provided include
The Access Policy of the franchise layer of Hypervisor Monitor, EL2 of the franchise layer of Trampoline, EL2 of EL1 privilege layers.
Wherein EL1, EL2 are the privilege level of ARMv8 processors respectively, and EL2 privilege level is higher than EL1.Hypervisor
Monitor is security monitor, and Access Policy are safety regulations, and Trampoline is then the component of auxiliary security isolation.
2nd, the source code of linux system is modified, using GCC compilers _ attribute_ attributes, change it is non-can
Believe space code, set up multiple such as the area (section) of the types such as .unstrusted.text and .untrusted.data.
Change afterwards in vmlinux.lds.S link script, the section that area is mapped in vmlinux mirror images (Segment).
Here is a bit of code, and this section of code will be in link with page size alignment .untrusted.text areas, will
.untrusted.text area is mapped to .text sections, and obtains section original position value _ untrusted_stext and an end position
Value _ untrusted_etext.
By the above method, code and data can respectively be merged and align to page size..untrusted.data
With .untrusted.text areas untrusted object data and function will be included respectively.
3rd, in order to realize that untrusted space, to the switching in trusted kernel space, introduces a trampoline, processing comes from
The MMU fault in untrusted space are abnormal, and the MMU fault are abnormal not only to include Instruction Abort and Data
Abort.Trampoline belongs to .fi_trampoline areas.Trampoline includes exception handling code and hypercalls (HVC
Instruction) correlative code.
4th, fi_create_ is added after initial kernel page table sets up initial memory mapping layout, i.e. paging_init
Init_mapping functions.By this function, by .unstrusted.text .untrusted.data and .fi_
The object map in trampoline areas is to untrusted space, while the corresponding page by the object in these areas in initial kernel page table
List item permission bits are set to Not Present (i.e. the page table entry be not present or illegally), and this just establishes initial memory mapping cloth
Office.As shown in Fig. 2 RX represents page table entry authority to read, can perform in the figure;RW represents that page table entry authority is reading and writing.In initial
The layout of core page table is the internal memory mapping situation in trusted kernel space in figure, only trusted kernel space code, kernel data
It is mapped;Rather than in the internal memory mapping of confidence space, only untrusted space code, untrusted data, Trampoline are reflected
Penetrate.
5th, the method for limiting based on ARM hardware is used to the object in untrusted space.Use the HCR_ in ARMv8
EL2.TVM control bits cause untrusted spatial object can not be to the register progress write access such as including TCR_EL1, TTBR1_EL1.
This control bit is then closed to trusted kernel spatial object.This is by trusted kernel space and untrusted space handoff procedure
Middle set reset TVM realize.
6th, for switching to the path that arrow b is indicated in the operation in untrusted space, such as Fig. 3 from trusted kernel space.Can
When believing that kernel spacing accesses untrusted space, the ARM instruction that trusted kernel space switches to untrusted kernel spacing is produced
Instruction Abort or Data Abort (i.e. two kinds MMU fault abnormal), and preserve Instruction Abort or
Data Abort contextual information.When above-mentioned Instruction Abort or Data Abort be by trusted kernel space with
When the isolation mech isolation test in untrusted space is produced, then the Hypervisor Monitor of the franchise layers of EL2 are absorbed in;When above-mentioned
When Instruction Abort or Data Abort are not the isolation mech isolation test generations by trusted kernel space and untrusted space,
Then handled as the abnormal kernel exception treatment mechanisms existing in linux kernel of normal MMU fault.Wherein work as generation
When instruction abnormal MMU fault is a controlling stream switching command, then Instruction Abort are produced;As generation MMU
When instruction abnormal fault is a Store (internal memory is write) and Load (internal memory reading) instructions, then Data Abort are produced.It is credible
Existing kernel exception processing code in kernel spacing, it is right respectively in kernel exception processing entrance such as EL1_INV and EL1_DA
Instruction Abort and Data Abort processing.Hook operations are carried out to kernel exception handling process, for EL1_
INV, insertion checks this time whether MMU fault are caused by untrusted space extremely for code check in bad_mode functions, and
Check whether current thread information is mapped to untrusted space, if then entering Hypervisor using hypercalls
Monitor carries out subsequent treatment.For EL1_DA, insertion checks code, these code checks in do_mem_abort functions
This time whether MMU fault are caused by untrusted space extremely, if then entering Hypervisor using hypercalls
Monitor carries out Subsequent secure inspection.
7th, after step 6, the Hypervisor Monitor in the franchise layers of EL2 by reading ESR_EL1 information,
Distinguish Instruction Abort or Data Abort Exception Type.Distinguished for Instruction Abort by BL still
It is abnormal caused by RET instruction, the destination address of controlling stream conversion is obtained, then recovers context and is directly entered untrusted space.
Information in ESR_EL1 is then read for Data Abort, distinguishes and caused exception is instructed by Store or Load, pass through
Hypervisor Monitor are simulated to data access, finally recover context, into untrusted space.
8th, after step 7, in order to return to untrusted space from Hypervisor Monitor, used in step 6
The contextual information that Instruction Abort or the Data Abort of description is preserved when occurring extremely, using x0 as interim
Register, SP_EL1, ELR, ESR, SPSR_EL2, ELR_EL2, x2-x29, LR registers are recovered to when not producing exception
Context, and recover value when x0 and x1 does not produce exception using LDR x0, x1 [x0, #16*0] finally.Following macrodoce is shown
The step of example illustrates return course.
.macro el2_to_el1
restore SP
shift x0content to fit with HYP mapping
load value to ELR_EL2and SPSR_EL2
recover x2-x29using x0as SP
recover LR using x0as SP
recover x0and x1using x0as SP
exception return
.endm
9th, for switching to the path that arrow a is indicated in the operation in trusted kernel space, such as Fig. 3 from untrusted space.It is non-
Confidence space object performs the instruction in trusted kernel space, and it is abnormal to produce MMU fault in untrusted space.This MMU
Fault extremely will be by trampoline processing, and the exception vector table passed through is as follows:
This kind of MMU fault of kvm_el1_sync branch process are abnormal in Trampoline, saving current exception
Contextual information is absorbed in the Hypervisor in the franchise layers of EL2 to after kernel stack using a hypercalls (HVC instructions)
Monitor。
10th, after step 9, Hypervisor Monitor are by reading in FAR_EL1, ELR_EL1, LR register
Hold, differentiate this MMU fault Exception Type.For Exception Type is Instruction Abort, by checking FAR_
EL1 content of registers, distinguishes this time whether the Instruction Abort from untrusted space are normal, for normal
Instruction Abort then switch TTBR1_EL1 and VBAR_EL1 and return to untrusted space.If checking to be improper
Instruction Abort then report failure.For Exception Type is Data Abort, by checking that ESR_EL1 is deposited
Device content, distinguishes Load, Store, checks whether as the normal operation from untrusted space.Operated for normal,
Simulate read-write operation in Hypervisor Monitor, after the completion of return to untrusted space, skip and cause this abnormal instruction.
If failure is then reported in improper operation.
11st, after step 10, it is to return to trusted kernel space from Hypervisor Monitor, has used step 9
The contextual information preserved during middle abnormal generation, the same macrodoce using similar step 8, to return to trusted kernel space.
Implement to be merely illustrative of the technical solution of the present invention rather than be limited above, the ordinary skill people of this area
Member can modify or equivalent substitution to technical scheme, without departing from the spirit and scope of the present invention, this hair
Bright protection domain should be to be defined described in claims.
Claims (10)
1. a kind of module safety partition method on ARM platforms, its step includes:
1) linux kernel space is divided into trusted kernel space and untrusted space;Wherein Linux is run in trusted kernel space
Kernel;Segregate module is run in untrusted space;
2) when trusted kernel space code jumps to untrusted space code or accesses the data in untrusted space, credible interior
Nuclear space produce Instruction Abort or Data Abort, if the Instruction Abort or Data Abort by
The isolation mech isolation test in trusted kernel space and untrusted space is produced, then can by the Hypervisor Monitor of the franchise layers of EL2
Letter kernel spacing switches to untrusted space;
3) untrusted space code is performed, MMU fault are abnormal until untrusted space is produced, and the MMU fault are abnormal by EL1
Hypervisor Monitor are absorbed in after the Trampoline processing of franchise layer;
4) in LR, FAR_EL1, ELR_EL1 register when above-mentioned MMU fault occur Hypervisor Monitor extremely
The Access Policy held with the franchise layers of EL2 are contrasted, if the content of registers, which meets, normally calls and access pass
System, then switch to trusted kernel space by the Hypervisor Monitor of the franchise layers of EL2 by untrusted space.
2. the method as described in claim 1, it is characterised in that step 2) in when detecting the Instruction Abort
Or the corresponding page table entry authorities of position that occur of Data Abort are when being Not Present, then Instruction Abort
Or Data Abort are produced by the isolation mech isolation test in trusted kernel space and untrusted space.
3. the method as described in claim 1, it is characterised in that step 2) if in the Instruction Abort or Data
Abort is produced by the isolation mech isolation test in trusted kernel space and untrusted space, then as normal MMU fault it is abnormal by
Existing kernel exception treatment mechanism is handled in linux kernel.
4. the method as described in claim 1, it is characterised in that step 2) described in switch to untrusted empty in trusted kernel space
Between be by change page table base address register TTBR1_EL1 and exception vector base address register VABR_EL1 for correspondence it is non-can
Believe that the value in space is completed.
5. the method as described in claim 1, it is characterised in that step 2) also include:Hypervisor Monitor are by HCR_
EL2.TVM controls position 1, and visit is write with limit the register specified to HCR_EL2.TVM of untrusted space code after switching
Ask.
6. method as claimed in claim 4, it is characterised in that step 3) also include:The exception vector base address register
VABR_EL1 specifies the base address of exception vector table, and different types of MMU fault are directed to by the exception vector table extremely
Each exception handler.
7. the method as described in claim 1, it is characterised in that step 3) described in MMU fault are abnormal not only includes step
It is rapid 2) in Instruction Abort and Data Abort.
8. the method as described in claim 1, it is characterised in that step 3) described in Trampoline be to belong to .fi_
The component of the auxiliary security isolation in trampoline areas;And Trampoline includes exception handling code generation related to hypercalls
Code.
9. the method as described in claim 1, it is characterised in that step 4) described in switch to trusted kernel empty in untrusted space
Between be by change page table base address register TTBR1_EL1 and exception vector base address register VABR_EL1 for correspondence it is credible
The value of kernel spacing is completed.
10. the method as described in claim 1, it is characterised in that step 4) also include:Hypervisor Monitor are by HCR_
EL2.TVM control bits are set to 0, to recover writing for the register that the trusted kernel space code after switching is specified to HCR_EL2.TVM
Access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710334806.8A CN107194287A (en) | 2017-05-12 | 2017-05-12 | A kind of module safety partition method on ARM platforms |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710334806.8A CN107194287A (en) | 2017-05-12 | 2017-05-12 | A kind of module safety partition method on ARM platforms |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107194287A true CN107194287A (en) | 2017-09-22 |
Family
ID=59874051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710334806.8A Pending CN107194287A (en) | 2017-05-12 | 2017-05-12 | A kind of module safety partition method on ARM platforms |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107194287A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108595983A (en) * | 2018-04-24 | 2018-09-28 | 许昌学院 | A kind of hardware structure and application context integrity measurement method based on hardware security isolated execution environment |
| CN109033842A (en) * | 2018-07-27 | 2018-12-18 | 杭州中天微系统有限公司 | Data processor |
| CN109063516A (en) * | 2018-07-27 | 2018-12-21 | 杭州中天微系统有限公司 | Data processor |
| CN110691278A (en) * | 2018-07-05 | 2020-01-14 | 武汉斗鱼网络科技有限公司 | Method, storage medium, electronic device and system for preventing plug-in misjudgment in live broadcast |
| CN111373405A (en) * | 2017-10-02 | 2020-07-03 | 华为国际有限公司 | Computer-implemented method for preventing bit flipping attacks in computing devices |
| CN111783165A (en) * | 2020-06-29 | 2020-10-16 | 中国人民解放军战略支援部队信息工程大学 | Safe and trusted system chip architecture based on hardware isolation calling mode |
| WO2021238294A1 (en) * | 2020-05-27 | 2021-12-02 | 华为技术有限公司 | Data processing method and data processing apparatus |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106203082A (en) * | 2016-06-29 | 2016-12-07 | 上海交通大学 | The system and method efficiently isolating kernel module based on virtualization hardware characteristic |
-
2017
- 2017-05-12 CN CN201710334806.8A patent/CN107194287A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106203082A (en) * | 2016-06-29 | 2016-12-07 | 上海交通大学 | The system and method efficiently isolating kernel module based on virtualization hardware characteristic |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111373405A (en) * | 2017-10-02 | 2020-07-03 | 华为国际有限公司 | Computer-implemented method for preventing bit flipping attacks in computing devices |
| CN111373405B (en) * | 2017-10-02 | 2023-04-18 | 华为国际有限公司 | Computer-implemented method for preventing bit flipping attacks in computing devices |
| CN108595983A (en) * | 2018-04-24 | 2018-09-28 | 许昌学院 | A kind of hardware structure and application context integrity measurement method based on hardware security isolated execution environment |
| CN110691278A (en) * | 2018-07-05 | 2020-01-14 | 武汉斗鱼网络科技有限公司 | Method, storage medium, electronic device and system for preventing plug-in misjudgment in live broadcast |
| CN110691278B (en) * | 2018-07-05 | 2022-02-22 | 武汉斗鱼网络科技有限公司 | Method, storage medium, electronic device and system for preventing plug-in misjudgment in live broadcast |
| CN109033842A (en) * | 2018-07-27 | 2018-12-18 | 杭州中天微系统有限公司 | Data processor |
| CN109063516A (en) * | 2018-07-27 | 2018-12-21 | 杭州中天微系统有限公司 | Data processor |
| CN109033842B (en) * | 2018-07-27 | 2020-10-16 | 杭州中天微系统有限公司 | Data processor |
| WO2021238294A1 (en) * | 2020-05-27 | 2021-12-02 | 华为技术有限公司 | Data processing method and data processing apparatus |
| CN111783165A (en) * | 2020-06-29 | 2020-10-16 | 中国人民解放军战略支援部队信息工程大学 | Safe and trusted system chip architecture based on hardware isolation calling mode |
| CN111783165B (en) * | 2020-06-29 | 2022-09-20 | 中国人民解放军战略支援部队信息工程大学 | Safe and trusted system chip architecture based on hardware isolation calling mode |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107194287A (en) | A kind of module safety partition method on ARM platforms | |
| CN104364770B (en) | The control operation of detecting instrument during operation from smaller privileged mode | |
| CN107102888B (en) | A kind of shared library insulation blocking method and system based on hardware virtualization technology | |
| US7330942B2 (en) | Method for efficient virtualization of physical memory in a virtual-machine monitor | |
| CN101952807B (en) | Managing use of storage by multiple pageable guests of a computing environment | |
| CN104350468B (en) | Non-transactional storage instruction | |
| US6996748B2 (en) | Handling faults associated with operation of guest software in the virtual-machine architecture | |
| CN101189582B (en) | Providing support for single stepping a virtual machine in a virtual machine environment | |
| EP1939754B1 (en) | Providing protected access to critical memory regions | |
| CN104364771B (en) | Modifying run-time-instrumentation controls from a lesser-privileged state | |
| US20110029821A1 (en) | Method and system for recording a selected computer process for subsequent replay | |
| CN109359487A (en) | A kind of expansible safe shadow storage and label management method based on hardware isolated | |
| CN110348252A (en) | Operating system and method based on trusted domain | |
| KR102624352B1 (en) | Memory management | |
| CN104169888B (en) | For realizing running the method and system of time detecting orientation sampling | |
| CN107025405A (en) | The method that cloud availability and silicon are isolated is improved using safe fort | |
| JP2004171564A (en) | Monitoring control for multi-domain processor | |
| US11797398B2 (en) | Systems and methods for checking safety properties | |
| CN103778368A (en) | Safe progress isolating method based on system virtualization technology | |
| CN102651062A (en) | System and method for tracking malicious behavior based on virtual machine architecture | |
| CN106970823A (en) | Efficient secure virtual machine guard method and system based on nested virtualization | |
| EP3961446A1 (en) | Method and apparatus for securely entering trusted execution environment in hyper-threading scenario | |
| CN106156621A (en) | A kind of method and device detecting virtual machine escape | |
| US20200409857A1 (en) | Operational context subspaces | |
| CN104657683B (en) | The method for testing security of smart card COS application isolation more |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |