CN107463838A - 基于sgx的安全监控方法、装置、系统及存储介质 - Google Patents
基于sgx的安全监控方法、装置、系统及存储介质 Download PDFInfo
- Publication number
- CN107463838A CN107463838A CN201710695657.8A CN201710695657A CN107463838A CN 107463838 A CN107463838 A CN 107463838A CN 201710695657 A CN201710695657 A CN 201710695657A CN 107463838 A CN107463838 A CN 107463838A
- Authority
- CN
- China
- Prior art keywords
- software
- terminal
- enclave
- server
- characteristic value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 67
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000006870 function Effects 0.000 claims abstract description 29
- 230000006386 memory function Effects 0.000 claims abstract description 16
- 230000015654 memory Effects 0.000 claims description 70
- 238000012795 verification Methods 0.000 claims description 45
- 238000004422 calculation algorithm Methods 0.000 claims description 29
- 238000012806 monitoring device Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 238000000605 extraction Methods 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000005538 encapsulation Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 11
- 238000002955 isolation Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 8
- 238000013507 mapping Methods 0.000 description 4
- 238000004883 computer application Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 206010048669 Terminal state Diseases 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710695657.8A CN107463838B (zh) | 2017-08-14 | 2017-08-14 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710695657.8A CN107463838B (zh) | 2017-08-14 | 2017-08-14 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107463838A true CN107463838A (zh) | 2017-12-12 |
CN107463838B CN107463838B (zh) | 2019-10-18 |
Family
ID=60549735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710695657.8A Active CN107463838B (zh) | 2017-08-14 | 2017-08-14 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107463838B (zh) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768978A (zh) * | 2018-05-16 | 2018-11-06 | 浙江大学 | 一种基于sgx的远端存储服务方法及系统 |
CN109063471A (zh) * | 2018-07-17 | 2018-12-21 | 广州大学 | 一种sgx运行的保护方法 |
CN109218364A (zh) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | 加密流量数据的监控方法、代理服务器端、待监控客户端和监控系统 |
CN109510708A (zh) * | 2018-10-24 | 2019-03-22 | 中国科学院信息工程研究所 | 一种基于Intel SGX机制的公钥密码计算方法和系统 |
CN109561110A (zh) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | 一种基于sgx的云平台审计日志保护方法 |
CN109995776A (zh) * | 2019-03-26 | 2019-07-09 | 西安纸贵互联网科技有限公司 | 一种互联网数据验证方法及系统 |
CN109993003A (zh) * | 2019-03-12 | 2019-07-09 | 广州大学 | 一种基于sgx的软件流安全验证方法及装置 |
CN110289954A (zh) * | 2019-06-25 | 2019-09-27 | 大唐高鸿信安(浙江)信息科技有限公司 | 一种密钥处理方法及装置 |
CN107463838B (zh) * | 2017-08-14 | 2019-10-18 | 广州大学 | 基于sgx的安全监控方法、装置、系统及存储介质 |
TWI716078B (zh) * | 2018-11-16 | 2021-01-11 | 開曼群島商創新先進技術有限公司 | 可信應用程式的遠端證明方法及裝置、電子設備 |
CN112487450A (zh) * | 2020-11-30 | 2021-03-12 | 银盛支付服务股份有限公司 | 一种文件服务器访问分级方法 |
CN113261252A (zh) * | 2018-10-16 | 2021-08-13 | 华为技术有限公司 | 用于安全服务器通信的节点和方法 |
CN113302893A (zh) * | 2019-01-08 | 2021-08-24 | 华为技术有限公司 | 用于信任验证的方法及装置 |
CN115514584A (zh) * | 2022-11-16 | 2022-12-23 | 北京锘崴信息科技有限公司 | 服务器以及金融相关服务器的可信安全认证方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105389513A (zh) * | 2015-11-26 | 2016-03-09 | 华为技术有限公司 | 一种虚拟可信平台模块vTPM的可信执行方法和装置 |
CN106796638A (zh) * | 2014-09-25 | 2017-05-31 | 迈克菲股份有限公司 | 使用飞地认证进行数据验证 |
CN106845168A (zh) * | 2016-12-20 | 2017-06-13 | 西安电子科技大学 | 一种面向远程计算的控制流隐藏方法 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107463838B (zh) * | 2017-08-14 | 2019-10-18 | 广州大学 | 基于sgx的安全监控方法、装置、系统及存储介质 |
-
2017
- 2017-08-14 CN CN201710695657.8A patent/CN107463838B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106796638A (zh) * | 2014-09-25 | 2017-05-31 | 迈克菲股份有限公司 | 使用飞地认证进行数据验证 |
CN105389513A (zh) * | 2015-11-26 | 2016-03-09 | 华为技术有限公司 | 一种虚拟可信平台模块vTPM的可信执行方法和装置 |
CN106845168A (zh) * | 2016-12-20 | 2017-06-13 | 西安电子科技大学 | 一种面向远程计算的控制流隐藏方法 |
Non-Patent Citations (2)
Title |
---|
Q7318: "Intel SGX 技术初探", 《HTTPS://BLOG.CSDN.NET/U010071291/ARTICLE/DETAILS/52750372》 * |
VICTOR COSTAN,ET AL: "Intel SGX Explained", 《HTTPS://EPRINT.IACR.ORG/2016/086.PDF》 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218364A (zh) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | 加密流量数据的监控方法、代理服务器端、待监控客户端和监控系统 |
CN107463838B (zh) * | 2017-08-14 | 2019-10-18 | 广州大学 | 基于sgx的安全监控方法、装置、系统及存储介质 |
CN108768978A (zh) * | 2018-05-16 | 2018-11-06 | 浙江大学 | 一种基于sgx的远端存储服务方法及系统 |
CN109063471A (zh) * | 2018-07-17 | 2018-12-21 | 广州大学 | 一种sgx运行的保护方法 |
CN113261252A (zh) * | 2018-10-16 | 2021-08-13 | 华为技术有限公司 | 用于安全服务器通信的节点和方法 |
CN109510708B (zh) * | 2018-10-24 | 2021-07-13 | 中国科学院信息工程研究所 | 一种基于Intel SGX机制的公钥密码计算方法和系统 |
CN109510708A (zh) * | 2018-10-24 | 2019-03-22 | 中国科学院信息工程研究所 | 一种基于Intel SGX机制的公钥密码计算方法和系统 |
TWI716078B (zh) * | 2018-11-16 | 2021-01-11 | 開曼群島商創新先進技術有限公司 | 可信應用程式的遠端證明方法及裝置、電子設備 |
CN113302893A (zh) * | 2019-01-08 | 2021-08-24 | 华为技术有限公司 | 用于信任验证的方法及装置 |
CN109561110B (zh) * | 2019-01-19 | 2021-06-04 | 北京工业大学 | 一种基于sgx的云平台审计日志保护方法 |
CN109561110A (zh) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | 一种基于sgx的云平台审计日志保护方法 |
CN109993003A (zh) * | 2019-03-12 | 2019-07-09 | 广州大学 | 一种基于sgx的软件流安全验证方法及装置 |
CN109995776A (zh) * | 2019-03-26 | 2019-07-09 | 西安纸贵互联网科技有限公司 | 一种互联网数据验证方法及系统 |
CN109995776B (zh) * | 2019-03-26 | 2021-10-26 | 西安纸贵互联网科技有限公司 | 一种互联网数据验证方法及系统 |
CN110289954A (zh) * | 2019-06-25 | 2019-09-27 | 大唐高鸿信安(浙江)信息科技有限公司 | 一种密钥处理方法及装置 |
CN110289954B (zh) * | 2019-06-25 | 2022-02-25 | 大唐高鸿信安(浙江)信息科技有限公司 | 一种密钥处理方法及装置 |
CN112487450A (zh) * | 2020-11-30 | 2021-03-12 | 银盛支付服务股份有限公司 | 一种文件服务器访问分级方法 |
CN115514584A (zh) * | 2022-11-16 | 2022-12-23 | 北京锘崴信息科技有限公司 | 服务器以及金融相关服务器的可信安全认证方法 |
Also Published As
Publication number | Publication date |
---|---|
CN107463838B (zh) | 2019-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107463838B (zh) | 基于sgx的安全监控方法、装置、系统及存储介质 | |
CN108399329B (zh) | 一种提高可信应用程序安全的方法 | |
CN102271042B (zh) | 数字证书认证方法、系统、USB Key设备和服务器 | |
CA2838763C (en) | Credential authentication methods and systems | |
US7503064B2 (en) | Framework for providing a security context and configurable firewall for computing systems | |
CN104715183B (zh) | 一种虚拟机运行时的可信验证方法和设备 | |
CN104462965B (zh) | 应用程序完整性验证方法及网络设备 | |
EP1280042A2 (en) | Privacy of data on a computer platform | |
CN103051451A (zh) | 安全托管执行环境的加密认证 | |
CN106778283A (zh) | 一种系统分区关键数据的保护方法及系统 | |
CN102624699A (zh) | 一种保护数据的方法和系统 | |
CN112257086B (zh) | 一种用户隐私数据保护方法及电子设备 | |
CN109960903A (zh) | 一种应用加固的方法、装置、电子设备及存储介质 | |
CN108496323B (zh) | 一种证书导入方法及终端 | |
CN105099705B (zh) | 一种基于usb协议的安全通信方法及其系统 | |
CN102231729A (zh) | 支持多种ca身份认证的方法 | |
CN110378105A (zh) | 安全升级方法、系统、服务器及车载终端 | |
US9350761B1 (en) | System for the distribution and deployment of applications, with provisions for security and policy conformance | |
US10148440B2 (en) | Binary code authentication | |
KR100939725B1 (ko) | 모바일 단말기 인증 방법 | |
CN109067544A (zh) | 一种软硬结合的私钥验证方法、装置及系统 | |
EP1561301B1 (en) | Software integrity test in a mobile telephone | |
CN104104650B (zh) | 数据文件访问方法及终端设备 | |
CN107040501A (zh) | 基于平台即服务的认证方法和装置 | |
CN109508201A (zh) | 一种基于硬件认证和安全审查的uefi更新方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171212 Assignee: SHENZHEN CDTECH ELECTRONICS CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025694 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: SHENZHEN SNAPPER TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025153 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221207 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171212 Assignee: SHENZHEN BANNER CLOUD INTELLIGENCE TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025178 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: SHENZHEN COMSTAR TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025172 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: Shenzhen Barium Rhenium Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025124 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: Guangdong Changyu Intelligent Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025115 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171212 Assignee: SHENZHEN HUAHUI DATA SERVICE Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980026331 Denomination of invention: SGX-based security monitoring methods, devices, systems and storage media Granted publication date: 20191018 License type: Common License Record date: 20230103 |
|
EE01 | Entry into force of recordation of patent licensing contract |