CN107463856B - 一种基于可信内核的防攻击数据处理器 - Google Patents

一种基于可信内核的防攻击数据处理器 Download PDF

Info

Publication number
CN107463856B
CN107463856B CN201710648239.3A CN201710648239A CN107463856B CN 107463856 B CN107463856 B CN 107463856B CN 201710648239 A CN201710648239 A CN 201710648239A CN 107463856 B CN107463856 B CN 107463856B
Authority
CN
China
Prior art keywords
kernel
trusted
switching
data processor
trusted kernel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710648239.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN107463856A (zh
Inventor
崔晓夏
李春强
侯光恩
陈理
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou C Sky Microsystems Co Ltd
Original Assignee
Hangzhou C Sky Microsystems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou C Sky Microsystems Co Ltd filed Critical Hangzhou C Sky Microsystems Co Ltd
Priority to CN201710648239.3A priority Critical patent/CN107463856B/zh
Publication of CN107463856A publication Critical patent/CN107463856A/zh
Priority to PCT/CN2018/096759 priority patent/WO2019024708A1/zh
Priority to EP18841743.0A priority patent/EP3663958B1/en
Priority to JP2020502210A priority patent/JP7113887B2/ja
Priority to US16/175,710 priority patent/US10909246B2/en
Application granted granted Critical
Publication of CN107463856B publication Critical patent/CN107463856B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/545Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
CN201710648239.3A 2017-08-01 2017-08-01 一种基于可信内核的防攻击数据处理器 Active CN107463856B (zh)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CN201710648239.3A CN107463856B (zh) 2017-08-01 2017-08-01 一种基于可信内核的防攻击数据处理器
PCT/CN2018/096759 WO2019024708A1 (zh) 2017-08-01 2018-07-24 一种基于可信内核的防攻击数据处理器
EP18841743.0A EP3663958B1 (en) 2017-08-01 2018-07-24 Trusted kernel-based attack-prevention data processor
JP2020502210A JP7113887B2 (ja) 2017-08-01 2018-07-24 トラステッドカーネルベースの耐攻撃データプロセッサ
US16/175,710 US10909246B2 (en) 2017-08-01 2018-10-30 Trusted kernel-based anti-attack data processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710648239.3A CN107463856B (zh) 2017-08-01 2017-08-01 一种基于可信内核的防攻击数据处理器

Publications (2)

Publication Number Publication Date
CN107463856A CN107463856A (zh) 2017-12-12
CN107463856B true CN107463856B (zh) 2020-06-16

Family

ID=60548019

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710648239.3A Active CN107463856B (zh) 2017-08-01 2017-08-01 一种基于可信内核的防攻击数据处理器

Country Status (5)

Country Link
US (1) US10909246B2 (enExample)
EP (1) EP3663958B1 (enExample)
JP (1) JP7113887B2 (enExample)
CN (1) CN107463856B (enExample)
WO (1) WO2019024708A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107463856B (zh) * 2017-08-01 2020-06-16 杭州中天微系统有限公司 一种基于可信内核的防攻击数据处理器
CN108390856B (zh) * 2018-01-12 2020-09-18 北京奇艺世纪科技有限公司 一种DDoS攻击检测方法、装置及电子设备
CN108985098B (zh) * 2018-07-27 2020-10-13 杭州中天微系统有限公司 数据处理器
CN109033842B (zh) * 2018-07-27 2020-10-16 杭州中天微系统有限公司 数据处理器
CN109063516B (zh) * 2018-07-27 2020-12-04 杭州中天微系统有限公司 数据处理器
CN111552514B (zh) * 2019-02-12 2024-12-06 阿里巴巴集团控股有限公司 一种处理器以及指令执行方法
CN115718444A (zh) * 2022-11-04 2023-02-28 航天科工空间工程发展有限公司 一种基于异构计算机的星务工作模式的切换方法和系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599717A (zh) * 2016-12-01 2017-04-26 杭州中天微系统有限公司 数据处理器
CN106778365A (zh) * 2016-12-01 2017-05-31 杭州中天微系统有限公司 实现延时压栈的装置及处理器

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4519032A (en) * 1982-06-09 1985-05-21 At&T Bell Laboratories Memory management arrangement for microprocessor systems
US20030225817A1 (en) * 2002-06-04 2003-12-04 Prashanth Ishwar Concurrent execution of kernel work and non-kernel work in operating systems with single-threaded kernel
GB2396034B (en) 2002-11-18 2006-03-08 Advanced Risc Mach Ltd Technique for accessing memory in a data processing apparatus
FR2937439B1 (fr) * 2008-10-17 2012-04-20 Commissariat Energie Atomique Procede d'execution deterministe et de synchronisation d'un systeme de traitement de l'information comportant plusieurs coeurs de traitement executant des taches systemes.
KR102012436B1 (ko) * 2012-09-17 2019-08-20 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. 화상형성장치, 구동 제어 방법, 및 컴퓨터 판독가능 기록매체
JP2014089652A (ja) * 2012-10-31 2014-05-15 Toshiba Corp 情報処理装置
CN103176855A (zh) * 2013-03-15 2013-06-26 中兴通讯股份有限公司 消息交互处理方法及装置
WO2016041592A1 (en) * 2014-09-17 2016-03-24 Irdeto B.V. Generating and executing protected items of software
US9870467B2 (en) * 2015-03-27 2018-01-16 Intel Corporation Apparatus and method for implementing a forked system call in a system with a protected region
CN106775971B (zh) * 2016-12-02 2020-01-31 杭州中天微系统有限公司 数据处理装置
US10367639B2 (en) * 2016-12-29 2019-07-30 Intel Corporation Graphics processor with encrypted kernels
CN107463856B (zh) 2017-08-01 2020-06-16 杭州中天微系统有限公司 一种基于可信内核的防攻击数据处理器
US10565141B1 (en) * 2018-08-28 2020-02-18 Dell Products L.P. Systems and methods for hiding operating system kernel data in system management mode memory to thwart user mode side-channel attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599717A (zh) * 2016-12-01 2017-04-26 杭州中天微系统有限公司 数据处理器
CN106778365A (zh) * 2016-12-01 2017-05-31 杭州中天微系统有限公司 实现延时压栈的装置及处理器

Also Published As

Publication number Publication date
EP3663958A1 (en) 2020-06-10
US10909246B2 (en) 2021-02-02
JP2020529063A (ja) 2020-10-01
EP3663958B1 (en) 2023-06-21
WO2019024708A1 (zh) 2019-02-07
US20190073477A1 (en) 2019-03-07
EP3663958A4 (en) 2020-07-22
CN107463856A (zh) 2017-12-12
JP7113887B2 (ja) 2022-08-05

Similar Documents

Publication Publication Date Title
CN107463856B (zh) 一种基于可信内核的防攻击数据处理器
Tiburski et al. Lightweight security architecture based on embedded virtualization and trust mechanisms for IoT edge devices
CN109086100B (zh) 一种高安全可信移动终端安全体系架构及安全服务方法
EP3761208B1 (en) Trust zone-based operating system and method
US8413230B2 (en) API checking device and state monitor
CN109522754B (zh) 一种移动终端可信隔离环境核心控制方法
CN113051034A (zh) 一种基于kprobes的容器访问控制方法与系统
CN108154032B (zh) 具有内存完整性保障功能的计算机系统信任根构建方法
US20150199507A1 (en) Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices
US10757100B2 (en) Methods and apparatus for protecting domains of a device from unauthorized accesses
US9135435B2 (en) Binary translator driven program state relocation
RU2005115083A (ru) Переключение процессора между защищенным и незащищенным режимами
CN101477601A (zh) 给非安全应用提供安全业务
US9037823B2 (en) Protecting IAT/EAT hooks from rootkit attacks using new CPU assists
TWI667611B (zh) 資料處理設備及用於其之方法
CN112464182A (zh) 一种移动设备管理的安全管控方法、装置、介质和设备
KR20200041639A (ko) 차량용 소프트웨어 업데이트 장치 및 그 제어 방법
CN103996004A (zh) 一种基于虚拟化的高可用系统设计方法
EP4231181B1 (en) Data protection method, apparatus, storage medium, and computer device
CN112363797A (zh) 一种虚拟机安全运行方法、电子设备及存储介质
KR20080090253A (ko) 무선 단말 장치 및 시스템 보호 방법
CN108985098B (zh) 数据处理器
CN109063516B (zh) 数据处理器
WO2022093186A1 (en) Code execution using trusted code record
KR102321497B1 (ko) 악성코드 감염 차단 시스템 및 방법

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant