CN107463838B - 基于sgx的安全监控方法、装置、系统及存储介质 - Google Patents
基于sgx的安全监控方法、装置、系统及存储介质 Download PDFInfo
- Publication number
- CN107463838B CN107463838B CN201710695657.8A CN201710695657A CN107463838B CN 107463838 B CN107463838 B CN 107463838B CN 201710695657 A CN201710695657 A CN 201710695657A CN 107463838 B CN107463838 B CN 107463838B
- Authority
- CN
- China
- Prior art keywords
- software
- terminal
- enclave
- server
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 67
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000006870 function Effects 0.000 claims abstract description 29
- 230000006386 memory function Effects 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 45
- 238000004422 calculation algorithm Methods 0.000 claims description 29
- 238000012806 monitoring device Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000005611 electricity Effects 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 13
- 238000002955 isolation Methods 0.000 description 9
- 239000000284 extract Substances 0.000 description 8
- 238000013507 mapping Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 238000004883 computer application Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 206010048669 Terminal state Diseases 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710695657.8A CN107463838B (zh) | 2017-08-14 | 2017-08-14 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710695657.8A CN107463838B (zh) | 2017-08-14 | 2017-08-14 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107463838A CN107463838A (zh) | 2017-12-12 |
CN107463838B true CN107463838B (zh) | 2019-10-18 |
Family
ID=60549735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710695657.8A Active CN107463838B (zh) | 2017-08-14 | 2017-08-14 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107463838B (zh) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218364A (zh) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | 加密流量数据的监控方法、代理服务器端、待监控客户端和监控系统 |
CN107463838B (zh) * | 2017-08-14 | 2019-10-18 | 广州大学 | 基于sgx的安全监控方法、装置、系统及存储介质 |
CN108768978B (zh) * | 2018-05-16 | 2020-12-11 | 浙江大学 | 一种基于sgx的远端存储服务方法及系统 |
CN109063471A (zh) * | 2018-07-17 | 2018-12-21 | 广州大学 | 一种sgx运行的保护方法 |
EP3857838A1 (en) * | 2018-10-16 | 2021-08-04 | Huawei Technologies Co., Ltd. | Node and method for secure server communication |
CN109510708B (zh) * | 2018-10-24 | 2021-07-13 | 中国科学院信息工程研究所 | 一种基于Intel SGX机制的公钥密码计算方法和系统 |
CN112468473B (zh) * | 2018-11-16 | 2023-10-24 | 创新先进技术有限公司 | 可信应用程序的远程证明方法及装置、电子设备 |
CN113302893B (zh) * | 2019-01-08 | 2022-11-18 | 华为云计算技术有限公司 | 用于信任验证的方法及装置 |
CN109561110B (zh) * | 2019-01-19 | 2021-06-04 | 北京工业大学 | 一种基于sgx的云平台审计日志保护方法 |
CN109993003A (zh) * | 2019-03-12 | 2019-07-09 | 广州大学 | 一种基于sgx的软件流安全验证方法及装置 |
CN109995776B (zh) * | 2019-03-26 | 2021-10-26 | 西安纸贵互联网科技有限公司 | 一种互联网数据验证方法及系统 |
CN110289954B (zh) * | 2019-06-25 | 2022-02-25 | 大唐高鸿信安(浙江)信息科技有限公司 | 一种密钥处理方法及装置 |
CN112487450A (zh) * | 2020-11-30 | 2021-03-12 | 银盛支付服务股份有限公司 | 一种文件服务器访问分级方法 |
CN115514584B (zh) * | 2022-11-16 | 2023-01-31 | 北京锘崴信息科技有限公司 | 服务器以及金融相关服务器的可信安全认证方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105389513A (zh) * | 2015-11-26 | 2016-03-09 | 华为技术有限公司 | 一种虚拟可信平台模块vTPM的可信执行方法和装置 |
CN106796638A (zh) * | 2014-09-25 | 2017-05-31 | 迈克菲股份有限公司 | 使用飞地认证进行数据验证 |
CN106845168A (zh) * | 2016-12-20 | 2017-06-13 | 西安电子科技大学 | 一种面向远程计算的控制流隐藏方法 |
CN107463838A (zh) * | 2017-08-14 | 2017-12-12 | 广州大学 | 基于sgx的安全监控方法、装置、系统及存储介质 |
-
2017
- 2017-08-14 CN CN201710695657.8A patent/CN107463838B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106796638A (zh) * | 2014-09-25 | 2017-05-31 | 迈克菲股份有限公司 | 使用飞地认证进行数据验证 |
CN105389513A (zh) * | 2015-11-26 | 2016-03-09 | 华为技术有限公司 | 一种虚拟可信平台模块vTPM的可信执行方法和装置 |
CN106845168A (zh) * | 2016-12-20 | 2017-06-13 | 西安电子科技大学 | 一种面向远程计算的控制流隐藏方法 |
CN107463838A (zh) * | 2017-08-14 | 2017-12-12 | 广州大学 | 基于sgx的安全监控方法、装置、系统及存储介质 |
Non-Patent Citations (2)
Title |
---|
Intel SGX Explained;Victor Costan,et al;《https://eprint.iacr.org/2016/086.pdf》;20170221;全文 * |
Intel SGX 技术初探;Q7318;《https://blog.csdn.net/u010071291/article/details/52750372》;20161020;博客全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN107463838A (zh) | 2017-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107463838B (zh) | 基于sgx的安全监控方法、装置、系统及存储介质 | |
CN108399329B (zh) | 一种提高可信应用程序安全的方法 | |
US10659237B2 (en) | System and method for verifying integrity of an electronic device | |
CN102271042B (zh) | 数字证书认证方法、系统、USB Key设备和服务器 | |
CN109194625B (zh) | 一种基于云端服务器的客户端应用保护方法、装置及存储介质 | |
CN104715183B (zh) | 一种虚拟机运行时的可信验证方法和设备 | |
CN113014539B (zh) | 一种物联网设备安全保护系统及方法 | |
CN109726588B (zh) | 基于信息隐藏的隐私保护方法和系统 | |
Liu et al. | On manually reverse engineering communication protocols of linux-based iot systems | |
CN112257086B (zh) | 一种用户隐私数据保护方法及电子设备 | |
WO2008012567A1 (en) | Secure use of user secrets on a computing platform | |
CN109960903A (zh) | 一种应用加固的方法、装置、电子设备及存储介质 | |
CN112733178B (zh) | 基于数字证书认证的跨链信任方法、装置、设备以及介质 | |
CN102231729A (zh) | 支持多种ca身份认证的方法 | |
CN106055936A (zh) | 可执行程序数据包加密/解密方法及装置 | |
CN102833745B (zh) | 一种软件安全升级的方法、通信设备和通信系统 | |
CN112632562B (zh) | 设备启动方法、设备管理方法和嵌入式设备 | |
CN109309645A (zh) | 一种软件分发安全保护方法 | |
CN101859373A (zh) | 一种移动可信终端安全接入方法 | |
CN111585995A (zh) | 安全风控信息传输、处理方法、装置、计算机设备及存储介质 | |
CN111600701B (zh) | 一种基于区块链的私钥存储方法、装置及存储介质 | |
CN109376557B (zh) | 一种信息安全管理系统 | |
CN111898101A (zh) | 一种应用的安全设备验证方法及装置 | |
CN106778227A (zh) | 应用程序处理方法、应用程序启动方法及装置 | |
CN110311917A (zh) | 主机度量方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171212 Assignee: SHENZHEN CDTECH ELECTRONICS CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025694 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: SHENZHEN SNAPPER TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025153 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221207 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171212 Assignee: SHENZHEN BANNER CLOUD INTELLIGENCE TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025178 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: SHENZHEN COMSTAR TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980025172 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: Shenzhen Barium Rhenium Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025124 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 Application publication date: 20171212 Assignee: Guangdong Changyu Intelligent Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025115 Denomination of invention: SGX based security monitoring method, device, system and storage medium Granted publication date: 20191018 License type: Common License Record date: 20221208 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20171212 Assignee: SHENZHEN HUAHUI DATA SERVICE Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980026331 Denomination of invention: SGX-based security monitoring methods, devices, systems and storage media Granted publication date: 20191018 License type: Common License Record date: 20230103 |