CN107526969A - A kind of method and device for determining IP kernel level of security - Google Patents
A kind of method and device for determining IP kernel level of security Download PDFInfo
- Publication number
- CN107526969A CN107526969A CN201610446930.9A CN201610446930A CN107526969A CN 107526969 A CN107526969 A CN 107526969A CN 201610446930 A CN201610446930 A CN 201610446930A CN 107526969 A CN107526969 A CN 107526969A
- Authority
- CN
- China
- Prior art keywords
- attribute information
- safety value
- target
- core
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
This application provides a kind of method and device for determining IP kernel level of security, method includes:The target property information of Target IP core is obtained, the target property information includes multiclass attribute information, and all kinds of attribute informations are different to the influence degree of Target IP core security in multiclass attribute information;The corresponding relation of attribute information and safety value based on IP kernel set in advance determines the safety value with target property information;Using the safety value of target property information, the level of security based on safety classification set in advance rule determination Target IP core.The method and device of determination IP kernel level of security that the application provides can be assessed the security of IP kernel, by the security evaluation to IP kernel, can improve the safety and reliability of the information computing system with IP kernel.
Description
Technical field
The present invention relates to chip design and technical field of measurement and test, more particularly to it is a kind of determine IP kernel safe level method for distinguishing and
Device.
Background technology
It is a large amount of in consumer electronics, Aero-Space, finance and medical field with the development of mobile Internet and Internet of Things
Embedded computing system is applied, and on-chip system (System on Chip, SoC) is the important of composition embedded computing system
Part.
In order to which adaptive system scale is more and more huger, the application scenarios that function becomes increasingly complex, a large amount of multiplexings the 3rd in SoC
Intellectual property (Intellectual Property, the IP) nuclear component of side improves design efficiency.Based on IP kernel multiplexing technology
Design method turns into the gap made up between design production efficiency and chip density, and rapidly enters the maximally effective of market
Method.According to statistics, the quantity of IP kernel can reach up to a hundred on a SoC, and the extensive application of IP kernel is substantially reduced on piece
The design time of system, accelerate the listing of Related product.
However, because IP kernel source is different, the application of the upper a large amount of IP kernels of SoC undoubtedly adds the risk of chip, especially
To the extremely sensitive information computing system of security.Information computing system does not require nothing more than the IP kernel of integrated a large amount of separate sources
SoC meets the correctness of function, it should also ensure that its security for using.However, in actual design, the supplier of different IP kernels
The test verification environment and credibility provided is uneven, although in the world relevant integrated circuit IP design, availability, can
The work such as durability and quality evaluation and its standardization begins to start from the later stage nineties in last century, but currently there is no IP kernel to pacify
The relevant criterion that full property is assessed, and co-verification technology and main flow eda tool do not have the special part for security consideration, only
Code coverage and function are verified.
Increasing research shows that the third party IP of untrusted use may introduce malicious code or malice circuit
Such as hardware Trojan horse, it can carry out direct or indirect attack to trusted module on piece or core content, may cause different journeys
The security information leakage of degree, or even including most crucial key and password leakage etc., have a strong impact on the reliable of whole information system
Property.As can be seen here, the problem of security evaluation for IP kernel is urgent need to resolve.
The content of the invention
In view of this, the invention provides a kind of method and device for determining IP kernel level of security, to realize IP kernel
Security evaluation, and then the safety and reliability of the computing system using IP kernel is improved, its technical scheme is as follows:
One kind determines IP kernel safe level method for distinguishing, and methods described includes:
The target property information of Target IP core is obtained, the target property information includes multiclass attribute information, the multiclass
All kinds of attribute informations are different to the influence degree of the Target IP core security in attribute information;
The corresponding relation of attribute information and safety value based on IP kernel set in advance determines and the target property information
Safety value;
Using the safety value of the target property information, the Target IP is determined based on safety classification set in advance rule
The level of security of core.
Wherein, the safety value using the target property information, determined based on safety classification set in advance rule
The level of security of the Target IP core, including:
By the safety value of each attribute information in the first kind attribute information in the multiclass attribute information, based on advance
The binary hierarchical rule of setting determines the level of security of the Target IP core, and the first kind attribute information is preset to described
The influence degree highest attribute information of Target IP core security, the binary hierarchical rule is by the safety of the Target IP core
Partition of the level is regular for the classification of two-stage;
Or it is based in advance by the safety value of each attribute information in all kinds of attribute informations in the multiclass attribute information
The polynary classification rule first set determines the level of security of the Target IP core, and the polynary classification rule is by the Target IP
The security classification of core is multistage classification rule, and the multistage is more than two-stage.
Wherein, in the first kind attribute information by the multiclass attribute information each attribute information safety
Value, the level of security of the Target IP core is determined based on binary hierarchical set in advance rule, including:
The safety value for judging whether to have at least one attribute information in the first kind attribute information for the first safety value, and
And the safety value for having at least one attribute information is the second safety value;
If it is, the rank for determining the Target IP core is the rank that the instruction target core is dangerous IP kernel;
If it is not, then the rank for determining the Target IP core is the rank that the instruction Target IP core is safe IP kernel.
Wherein, the multiclass attribute information includes:First kind attribute information, the second generic attribute information and the 3rd generic attribute letter
Breath, the first kind attribute information are higher than the second generic attribute information, institute to the influence degree of the Target IP core security
State the second generic attribute information and the 3rd generic attribute information is higher than to the influence degree of the Target IP core security;
The then safety value of each attribute information by all kinds of attribute informations in the multiclass attribute information, is based on
Polynary classification rule set in advance determines the level of security of the Target IP core, including:
When the safety value of at least one attribute information in the first kind attribute information is the first safety value, institute is determined
The level of security for stating Target IP core is first level;
When the safety value of each attribute information in the first kind attribute information is not first safety value, and institute
When the safety value for stating at least two attribute informations in first kind attribute information is the second safety value, the Target IP core is determined
Level of security be second level;
When the safety value of each attribute information in the first kind attribute information is not the first safety value, and described
When only having the safety value of an attribute information to be the second safety value in a kind of attribute information, or, when in first kind attribute information
The safety value of each attribute information be not the first safety value nor the second safety value, and in the second generic attribute information
When thering is the safety value of at least one attribute information to be the first safety value or the second safety value, the safe level of the Target IP core is determined
Wei not third level;
When each attribute information in the first kind attribute information and the second generic attribute information safety value not
It is the first safety value, is not also the second safety value, and first attribute information, the second generic attribute information and described
When thering is the safety value of the attribute information of not more than two to be three preset values in three attribute informations, the peace of the Target IP core is determined
Full rank is fourth level;
When each attribute information in first attribute information, second attribute information and the 3rd attribute information
Safety value is not the first safety value, be not the second safety value, when not being three preset values yet, determines the Target IP core
Level of security be fifth level;
Wherein, the safety value of attribute information is that first safety value shows that the attribute information is the worst category of security
Property information, attribute information is the attribute information that second safety value shows that the attribute information is security time difference, attribute letter
Cease and show that the attribute information is the poor attribute information of security the 3rd for the 3rd total head, described in the fifth level instruction
The security highest of Target IP core, the fourth level, the third level, the second level and the first level are signified
The security shown gradually reduces.
Wherein, the first kind attribute information includes:The offer of the acquisition channel, the Target IP core of the Target IP core
The application field of person's level of security and the Target IP core;
The second generic attribute information includes:The delivery of the degree of conformity of the Target IP core and standard, the Target IP core
The mode of operation of item, the function information of the Target IP core and the Target IP core;
The 3rd generic attribute information is to remove the second generic attribute information and the described 3rd in the target property information
Attribute information outside generic attribute information.
A kind of device for determining IP kernel level of security, described device include:Attribute information acquisition module, safety value determine mould
Block and level of security determining module;
The attribute information acquisition module, for obtaining the target property information of Target IP core, the target property information
Including multiclass attribute information, influence degree of all kinds of attribute informations to the Target IP core security in the multiclass attribute information
It is different;
The safety value determining module, for attribute information and the corresponding relation of safety value based on IP kernel set in advance
It is determined that the safety value of the target property information obtained with the attribute information acquisition module;
The level of security determining module, for the target property information determined using the safety value determining module
Safety value, the level of security of the Target IP core is determined based on safety classification set in advance rule.
Wherein, the level of security determining module includes:First determining module or the second determining module;
First determining module, for passing through each attribute in the first kind attribute information in the multiclass attribute information
The safety value of information, the level of security of the Target IP core is determined based on binary hierarchical set in advance rule, wherein, described the
A kind of attribute information be in the multiclass attribute information to the influence degree highest attribute information of the Target IP core security,
Binary hierarchical rule is by classification rule that the security classification of the Target IP core is two-stage;
Second determining module, for being believed by each attribute in all kinds of attribute informations in the multiclass attribute information
The safety value of breath determines the level of security of the Target IP core, the polynary classifier based on polynary classification rule set in advance
It is then that the multistage is more than two-stage by the classification rule that the security classification of the Target IP core is multistage.
Wherein, first determining module includes:Judging submodule and determination sub-module;
The judging submodule, for the peace for judging whether to have at least one attribute information in the first kind attribute information
Total head is the first safety value, and the safety value for having at least one attribute information is the second safety value, wherein, the peace of attribute information
Total head is that first safety value shows that the attribute information is the worst attribute information of security, and attribute information is described second
Safety value shows attribute information of the attribute information for security time difference;
The determination sub-module, for judging there is at least one in the first kind attribute information when the judging submodule
The safety value of individual attribute information is the first safety value, and when thering is the safety value of at least one attribute information to be the second safety value,
The rank for determining the Target IP core is the rank that the instruction target core is dangerous IP kernel, otherwise determines the Target IP core
Rank be rank that the instruction Target IP core is safe IP kernel.
Wherein, the multiclass attribute information includes:First kind attribute information, the second generic attribute information and the 3rd generic attribute letter
Breath, the first kind attribute information are higher than the second generic attribute information, institute to the influence degree of the Target IP core security
State the second generic attribute information and the 3rd generic attribute information is higher than to the influence degree of the Target IP core security;
Then second determining module includes:First determination sub-module, the second determination sub-module, the 3rd determination sub-module and
4th determination sub-module;
First determination sub-module, for when the safety of at least one attribute information in the first kind attribute information
Be worth for the first safety value when, the level of security for determining the Target IP core is first level;
Second determination sub-module, for when the safety value of each attribute information in the first kind attribute information it is equal
It is not first safety value, and the safety value of at least two attribute informations in the first kind attribute information is the second peace
During total head, the level of security for determining the Target IP core is second level;
3rd determination sub-module, for when the safety value of each attribute information in the first kind attribute information it is equal
It is not the first safety value, and there was only the safety value of an attribute information in the first kind attribute information when being the second safety value,
Or when the safety value of each attribute information in first kind attribute information is not the first safety value nor the second safety
Value, and it is the first safety value or the second safety value to have the safety value of at least one attribute information in the second generic attribute information
When, the level of security for determining the Target IP core is third level;
4th determination sub-module, for when each in the first kind attribute information and the second generic attribute information
The safety value of individual attribute information is not the first safety value, is not the second safety value yet, and first attribute information, described
The safety value for having the attribute information of not more than two in second generic attribute information and the 3rd attribute information is the 3rd preset value
When, the level of security for determining the Target IP core is fourth level;
5th determination sub-module, for when first attribute information, second attribute information and the described 3rd
The safety value of each attribute information is not the first safety value, is not the second safety value, is not the 3rd yet in attribute information
During preset value, the level of security for determining the Target IP core is fifth level;
Wherein, the safety value of attribute information is that first safety value shows that the attribute information is the worst category of security
Property information, attribute information is the attribute information that second safety value shows that the attribute information is security time difference, attribute letter
Cease and show that the attribute information is the poor attribute information of security the 3rd for the 3rd total head, described in the fifth level instruction
The security highest of Target IP core, the fourth level, the third level, the second level and the first level are signified
The security shown gradually reduces.
Wherein, the first kind attribute information includes:The offer of the acquisition channel, the Target IP core of the Target IP core
The application field of person's level of security and the Target IP core;
The second generic attribute information includes:The delivery of the degree of conformity of the Target IP core and standard, the Target IP core
The mode of operation of item, the function information of the Target IP core and the Target IP core;
The 3rd generic attribute information is to remove the second generic attribute information and the described 3rd in the target property information
Attribute information outside generic attribute information.
Above-mentioned technical proposal has the advantages that:
The method and device provided by the invention for determining IP kernel level of security, the objective attribute target attribute letter of Target IP core is obtained first
Breath, the target property information include pressing the multiclass attribute information for dividing the influence degree height of Target IP core security, then
The corresponding relation of attribute information and safety value based on IP kernel set in advance determines the safety value with target property information, finally
Using the safety value of target property information, the safe level based on the safety classification set in advance rule determination Target IP core
Not.Method and device provided by the invention can realize the safety and reliability to IP kernel, the information computing system with IP kernel
Assessment, by the security reliability assessment to IP kernel, can improve the information computing system with IP kernel security and can
By property.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is the schematic flow sheet of determination IP kernel safe level method for distinguishing provided in an embodiment of the present invention;
Fig. 2 is the structural representation of the device of determination IP kernel level of security provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
The embodiments of the invention provide one kind to determine IP kernel safe level method for distinguishing, referring to Fig. 1, showing this method
Schematic flow sheet, this method can include:
Step S101:Obtain the target property information of Target IP core.
Wherein, target property information includes multiclass attribute information, and multiclass attribute information presses the shadow to Target IP core security
The degree height of sound divides, i.e., all kinds of attribute informations are different to the influence degree of Target IP core security in multiclass attribute information.
Step S102:The corresponding relation of attribute information and safety value based on IP kernel set in advance determines and objective attribute target attribute
The safety value of information.
Step S103:Using the safety value of target property information, target is determined based on safety classification set in advance rule
The level of security of IP kernel.
The method and device provided by the invention for determining IP kernel level of security, the objective attribute target attribute letter of Target IP core is obtained first
Breath, the corresponding relation of the attribute information and safety value that are then based on IP kernel set in advance determine the safety with target property information
Value, finally using the safety value of target property information, the Target IP core is determined based on safety classification set in advance rule
Level of security.Determination IP kernel safe level method for distinguishing provided in an embodiment of the present invention can be assessed the security of IP kernel, led to
The security evaluation to IP kernel is crossed, the safety and reliability of the information computing system with IP kernel can be improved.
In the above-described embodiments, the attribute information of Target IP core can include source-information, the function information of Target IP core
With usage scenario information.
Further, the source-information of Target IP core can include level of security, the Target IP of the supplier of Target IP core
The issuing time of core, the acquisition channel of Target IP core, Target IP core and standard degree of conformity and Target IP core deliver item.
Wherein, the partition strategy of the level of security of the supplier of Target IP core has two kinds, and the first is two Meta-Policys, and second
Kind is multiplex strategy.
Two Meta-Policys, i.e., Target IP core supplier is divided into believable (being represented with T) and (being represented with U) of untrusted.Its
In, believable supplier includes independent development, the shared developer of hand-in-glove, by authoritative Third Party Authentication agency qualification
Supplier, other high confidences appoint the developer of department.The supplier of untrusted includes open network and downloads to obtain, typically cooperates
Partner, unauthenticated enterprise development person, unauthenticated individual developer, Sensitive Units supplier, other unknown sources
Supplier.
Multiplex strategy, i.e., supplier is divided into complete credible (being represented with FT) by cooperative security degree, certification (uses AU tables
Show), uncertain (being represented with UN), (being represented with PS) and strong suspicion (being represented with HS) may be suspected.Complete believable supplier
For the shared developer of independent development, hand-in-glove, do not influenceed to directly obtain the supplier of IP kernel by any extraneous factor.Recognize
The supplier of card is supplier, the developer of other high confidences times department by authoritative Third Party Authentication agency qualification, by
Influenceed to certain extraneous factor, but remain to smooth access authentication IP supplier's (such as commercial relations).Not true supplier is public affairs
Open network to download to obtain the source for claiming certification, (first cooperation or indirect cooperation, verification process do not complete general affiliate
Or authenticated unit is not authoritative).The supplier that may be suspected is that open network is downloaded to obtain but do not claim the source of any certification,
Unauthenticated enterprise development person, unauthenticated individual developer.The supplier of strong suspicion is that Sensitive Units supplier is (preceding
Phase contact have record of bad behavior or once have by report record, sensitive storehouse list member), the supplier of other unknown sources.
The issuing time of Target IP core, show the time that Target IP core formally obtains.If independent development or closely conjunction
The IP kernel of author's joint development, it is defined by the time of final version issue.Other sources should be provided IP kernel issue by supplier
Time, even if the IP kernel that can not obtain timestamp should also do downshift processing by certification in original safe class.
The acquisition channel of Target IP core, show that IP is obtained by which kind of mode, the attribute should be with supplier's attribute phase
Matching.
Target IP core and standard degree of conformity, normative reference specification have international VSIA systems, domestic CSIP systems etc.,
Indicate what is specifically followed is which kind of version of which kind of standard.As do not developed according to any standard, then with standard degree of conformity
Not meet.
The delivery item of Target IP core, with reference to requirements of the VSIA and CSIP to delivery item, rule are made to soft core and stone respectively
Fixed (Gu reference stone of core).Soft core delivery item is divided into following a few classes:Document delivery item, system design deliver item, logic is set
Meter delivers item, test delivery item, item is delivered in functional verification, code check delivers item, sequential and power consumption analysis and delivers item.By stone
Deliver item and be divided into following a few classes:Document delivery item, circuit design deliver item, model delivers item, item is delivered in functional verification, test is handed over
Item is delivered in creditor side and silicon checking.
Deliverable item is divided into by following a few classes according to the forced type of deliverable item:Force (Mandatory, M), condition strong
Make (Conditional Mandatory, CM), recommend (Recommended, R) and condition to recommend (Conditional
Recommended, CR).Wherein, conditional force CM is determined by specific application environment, recommends R to lift designing quality and essence
Degree, the integrated time is reduced, condition recommends CR to should be noted that the condition of defined, in the case of condition satisfaction, can improve designing quality
And precision, reduce integrated time etc..
Further, the function information of Target IP core include classification information, structural information, function information, performance information and
Form information.Wherein, classification information is used for the species for showing IP kernel, belongs to stone, solid core or soft core, structural information and is used for table
The architectural feature of bright IP kernel, such as digital IP can be divided into bus or non-BUS architecture, and structural information can indicate whether bus type, work(
Can information clearly state the function classification of the IP, performance information shows all quantifiable indicators of IP kernel performance, and form information is big
More effective to stone, including all results related to after technique and the checking of final silicon, soft core only need offer can comprehensive network
Digit of the door number of table, input data and address bus etc..
Further, the usage scenario of Target IP core includes mode of operation, verification environment and target positioning.Wherein, work
Pattern is used to point out the pattern classification and definition of Target IP core in actual use, for example, principal and subordinate, read-write, full work/dormancy,
And the switch condition between each pattern of explanation, it can be described by state machine diagram.Verification environment is used to indicate with outside which
The condition of checking, which checking file is have matched, or had which checking report, indicate the instrument version used.Target is determined
Position uses field for hard objectives IP kernel, is classified according to level of security, can be divided into shared IP kernel, special IP kernel, peace
Full Sensitive Domain IP kernel, non-security Sensitive Domain IP kernel.
In the above-described embodiments, above-mentioned attribute information is divided into by the influence degree height to Target IP core security more
Class, obtain multiclass attribute information.
, can be according to the influence degree to Target IP core security just by Target IP core in a kind of possible implementation
Multiple attribute informations be divided into three generic attribute information, respectively first kind attribute information, the second generic attribute information and the 3rd class
Attribute information.Wherein, first kind attribute information is special important attribute information, and the second generic attribute information is important attribute information,
3rd generic attribute information is general property information.
Specifically, first kind attribute information can include the acquisition of the level of security, Target IP core of Target IP core supplier
The application field of channel, Target IP core, the second generic attribute information can include Target IP core and standard degree of conformity, Target IP core
Deliver item, the function of Target IP core, the classification of Target IP core, the mode of operation of Target IP core, its in addition to above-mentioned attribute information
Its attribute information is then the 3rd generic attribute information.
After the target property information i.e. multiclass attribute information of Target IP core is got, based on IP kernel attribute set in advance
The corresponding relation of information and safety value determines the safety value of target property information.
In the present embodiment, IP kernel attribute information can be preset and the corresponding relation of safety value is as follows:
(1) special important attribute information
1st, for " IP kernel supplier rank " this attribute information:
For two Meta-Policys, if the level of security of IP kernel supplier is believable (T), safety value A, if
The level of security of IP kernel supplier is (U) of untrusted, then safety value is E.For multiplex strategy, if IP kernel supplier
Level of security be complete credible (FT), if then safety value is A, the level of security of IP kernel supplier is certification (AU),
Safety value is B, if the level of security of IP kernel supplier is uncertain (UN), safety value C, if the peace of IP kernel supplier
For full rank for that may suspect (PS), then safety value is D, if the level of security of IP kernel supplier is strong suspicion (HS), is pacified
Total head is E.
2nd, for " the acquisition channel of IP kernel " this attribute information:
If independent research (O), then safety value is A, if purchase copyright (P), then safety value is B, if from
Open environment obtains (F), then safety value is D.
3rd, for " target of IP kernel positions " this attribute information:
If the non-security special IP of Sensitive Domain, then safety value is B, if non-security Sensitive Domain shares IP, then
Safety value is C, if security sensitive domain-specific IP, then safety value is D, if security sensitive field shares IP, is then pacified
Total head is E.
(2) important attribute information:
1st, for " with standard degree of conformity " this attribute information:
If complying fully with standard (being represented with TM), safety value A, as fruit part meets standard (being represented with PM), then
Safety value is B, if not being inconsistent standardization (being represented with NM), safety value C.
2nd, for " delivery item " this attribute information:
If all items are complete, safety value A, if all M items and CM items are complete, safety value B, otherwise pacify
Total head is C.
3rd, for " function of IP kernel " this attribute information:
If the function of IP kernel is physical criterion unit, safety value A, if the function of IP kernel is processor, pacify
Total head is B, if the function of IP kernel is fixing function IP and generic interface IP, safety value C, if the function of IP kernel be with
Too other high-speed interfaces of net/USB/ and controller, then safety value is D, if the function of IP kernel is the IP such as memory/encryption and decryption,
Then safety value is E.
4th, for " IP kernel classification " this attribute information:
If IP kernel is stone, safety value A, if IP kernel is soft core or solid core, safety value B.
5th, for " mode of operation of IP kernel " this attribute information:
If by master slave mode point, Host Security value is A, and slave safety value is B, if divided by read-write situation, only
Reading safety value is A, and it is B only to write safety value, and read-write safety value is C, if by work/resting state point, there is dormant state, safety
It is worth for A, without dormant state, safety value B.
(3) general property information
For each attribute information in general property information, if a certain attribute information, then attribute information
Safety value is B, if the not attribute information, safety value C, if for example, structural information is empty in the attribute information of IP kernel
Lack, then the safety value of structural information is defined as C, if structural information not vacancy, the safety value of structural information is B.
After target property information is obtained, target category can be determined based on the corresponding relation of above-mentioned attribute information and safety value
Property information safety value, and then using target property information safety value, based on safety classification set in advance rule determine mesh
Mark the level of security of IP kernel.
In the present embodiment, using the safety value of target property information, determined based on safety classification set in advance rule
The implementation of the level of security of Target IP core has a variety of.
, can be (i.e. especially heavy by the first kind attribute information in multiclass attribute information in a kind of possible implementation
The attribute information wanted) in each attribute information safety value, Target IP core is determined based on binary hierarchical set in advance rule
Level of security.Wherein, binary hierarchical rule is by classification that the security classification of Target IP core is two-stage rule.
Further, the safety value of each attribute information in the first kind attribute information in multiclass attribute information, base are passed through
Determine that the implementation process of the level of security of Target IP core can include in the first safety classification set in advance rule:Judge first
The safety value for whether having at least one attribute information in generic attribute information is the first safety value, and has at least one attribute information
Safety value be the second safety value, if it is, determine Target IP core rank be indicate target core be dangerous IP kernel level
Not, the rank for otherwise determining Target IP core is the rank that instruction Target IP core is safe IP kernel.Wherein, the first attribute information is present
The attribute information table that at least one safety value is the attribute information of the first safety value and at least one safety value is the second safety value
The worst attribute information of at least one security and the attribute of at least one security time difference in bright first kind attribute information be present
Information.
Exemplary, the rank of Target IP core includes two-stage, respectively firsts and seconds, and one-level represents Target IP core for not
Safe IP kernel, two level represent that Target IP core is safe IP kernel, and first kind attribute information includes the safe level of Target IP core supplier
Not, the acquisition channel of Target IP core, the application field of Target IP core, the first safety value is E, and the second safety value is D:
Assuming that the safety value of the level of security of Target IP core supplier is B, the safety value of the acquisition channel of Target IP core is
D, the safety value of the application field of Target IP core is E, due to the safety value of an attribute information in first kind attribute information be present
It is E for the first safety value, and the safety value that an attribute information be present is that the second safety value is D, then can determine that Target IP core
Level of security is one-level, i.e., Target IP core is dangerous IP kernel.Assuming that the safety value of the level of security of Target IP core supplier is
B, the safety value of the acquisition channel of Target IP core is C, and the safety value of the application field of Target IP core is A, then can determine that Target IP
The level of security of core is two level, i.e., Target IP core is safe IP kernel.Assuming that the safety value of the level of security of Target IP core supplier
For B, the safety value of the acquisition channel of Target IP core is E, and the application field of Target IP core is C, then can determine that the peace of Target IP core
Full rank is two level, i.e., Target IP core is safe IP kernel.I.e. when going out in the safety value of Target IP core first kind attribute information simultaneously
During existing D and E, Target IP core is dangerous IP kernel, and otherwise Target IP core is safe IP kernel.
In alternatively possible implementation, each attribute in all kinds of attribute informations in multiclass attribute information can be passed through
The safety value of information determines the level of security of Target IP core based on polynary classification rule set in advance.Wherein, polynary classifier
It is multiple level of securitys to be then used for the security classification of Target IP core.
First kind attribute information (special important attribute information), the second generic attribute information are equally included with multiclass attribute information
Exemplified by (important attribute information) and the 3rd generic attribute information (general property information), illustrate to pass through each generic in multiclass attribute information
Property information in each attribute information safety value based on the second safety classification set in advance rule determine Target IP core peace
The specific implementation process of full rank:
When the safety value of at least one attribute information in first kind attribute information is the first safety value, Target IP is determined
The level of security of core is the rank that instruction Target IP core is highly dangerous IP kernel;
When the safety value of each attribute information in first kind attribute information is not the first safety value, and the first generic attribute
When the safety value of at least two attribute informations in information is the second safety value, the level of security for determining Target IP core is instruction
Target IP core is more dangerous IP kernel rank;
When the safety value of each attribute information in first kind attribute information is not the first safety value, and the first generic attribute
When only having the safety value of an attribute information to be the second safety value in information, or, when each in first kind attribute information
The safety value of attribute information is not the first safety value nor the second safety value, and has at least in the second generic attribute information
When the safety value of one attribute information is the first safety value or the second safety value, the level of security for determining Target IP core is instruction mesh
Mark the rank that IP kernel is potentially unsafe IP kernel;
When the safety value of each attribute information in the first attribute information and the second generic attribute information is not the first safety value,
It is not the second safety value, and there are not more than two in the first attribute information, the second generic attribute information and the 3rd attribute information yet
When the safety value of attribute information is three preset value, the level of security for determining Target IP core is that instruction Target IP core is possible safety
The rank of IP kernel;
When the safety value of each attribute information in the first attribute information, the second attribute information and the 3rd attribute information is not
First safety value and be not the second safety value, when not also being three preset values, determines the level of security of Target IP core to refer to
Show the rank that Target IP core is safe IP kernel.
Wherein, the safety value of attribute information is that the first safety value shows that attribute information is the worst attribute information of security,
Attribute information is the attribute information that the second safety value shows that attribute information is security time difference, and attribute information is that the 3rd total head shows
Attribute information is the attribute information of the difference of security the 3rd.
Exemplary, Target IP core is divided into Pyatyi for the rank of safe IP kernel, respectively one-level, two level, three-level, level Four and
Pyatyi, one-level represent that Target IP core is highly dangerous IP kernel, and two level represents that Target IP core is more dangerous IP kernel, and three-level represents
Target IP core is potentially unsafe IP kernel, and level Four represents Target IP core as possible safe IP kernel, and Pyatyi shows Target IP core for peace
The level of security of full IP kernel, i.e. Target IP core is higher to show that Target IP core is safer, conversely, the level of security of Target IP core is lower
Show that Target IP core is more dangerous.
The first safety value is set as E, the second safety value is D, and the 3rd preset value is C:
If the safety value of at least one attribute information in first kind attribute information (special important attribute information) is E,
The level of security that then can determine that Target IP core is one-level, i.e., Target IP core is highly dangerous IP kernel.
If the safety value of each attribute information is not E in first kind attribute information (special important attribute information), and
The safety value for having at least two attribute informations is D, then the level of security that can determine that Target IP core is two level, i.e., Target IP core be compared with
Dangerous IP kernel.
If the safety value of each attribute information is not E in first kind attribute information (special important attribute information), and
The safety value of only one attribute information is D, then the level of security that can determine that Target IP core is three-level, i.e., Target IP core is possible
Dangerous IP kernel.
It is if each in first kind attribute information (special important attribute information) and the second generic attribute information (important information)
The safety value of attribute information is not E, is not D yet, also, first kind attribute information (special important attribute information), second
There is the attribute letter of not more than two in generic attribute information (important attribute information) and the 3rd generic attribute information (general property information)
The safety value of breath is C, then the level of security that can determine that Target IP core is level Four, i.e., Target IP core is possible safe IP kernel.
If first kind attribute information (special important attribute information), the second generic attribute information (important attribute information) and
The safety value of each attribute information is not E in three generic attribute information (general property information), is not D, is not C yet, then mesh
The rank for marking IP kernel is Pyatyi, i.e., Target IP core is safe IP kernel.
Determination IP kernel safe level method for distinguishing provided in an embodiment of the present invention is entered by taking three specific IP kernels as an example below
Row explanation:
1、DW_apb_uart
The each attribute information and its corresponding safety value of this IP kernel of DW_apb_uart are as shown in the table:
The safety value situation of all kinds of attribute informations of IP kernel is in upper table:The safety value of special important attribute information is A, B, C,
Safety value A, B, B, C, B of important attribute information, the safety value of general property information is B, B, B, B, B, due to especially important category
Property information and the second generic attribute information safety value in be not E, be not D, and few in the safety value of all properties information yet
In two C, then the level of security that can determine that the IP kernel is 4 grades, and the IP kernel is possible safe IP kernel.
2nd, 128-AES AMBA slave IP kernels
The each attribute information and its corresponding safety value of this IP kernel of 128-AES AMBA slave are as shown in the table:
The safety value situation of all kinds of attribute informations of IP kernel is in upper table:The safety value of special important attribute information is A, A, E,
Safety value B, C, B, E, B of important attribute information, the safety value of general property information is B, B, B, B, B, due to especially important category
Property information in have an attribute information safety value be E, therefore can determine that the IP kernel level of security be 1 grade, the IP kernel for height
Spend dangerous IP kernel.
3、USB2.0IP
USB2.0IP each attribute information and its corresponding safety value is as shown in the table:
The safety value situation of all kinds of attribute informations of IP kernel is in upper table:The safety value of special important attribute information be respectively D,
D, C, the safety value of important attribute information are respectively C, C, B, D, B, and the safety value of general property information is respectively C, C, B, C, C,
Because the safety value of each attribute information in special important attribute information and important attribute information is not E, also, especially important
There is the safety value of two attribute informations in attribute information to be D, then the level of security that can determine that the IP kernel is two level, the i.e. IP
Core is more dangerous IP kernel.
Corresponding with the above method, the embodiment of the present invention additionally provides a kind of device for determining IP kernel level of security, please join
Fig. 2 is read, shows the structural representation of the device, the device can include:Attribute information acquisition module 201, safety value determine
Module 202 and level of security determining module 203.Wherein:
Attribute information acquisition module 201, for obtaining the target property information of Target IP core.
Wherein, target property information includes multiclass attribute information, and multiclass attribute information presses the shadow to Target IP core security
The degree height of sound divides, and all kinds of attribute informations are different to the influence degree of Target IP core security in multiclass attribute information.
Safety value determining module 202, for attribute information and the corresponding relation of safety value based on IP kernel set in advance
It is determined that the safety value of the target property information obtained with attribute information acquisition module 201.
Level of security determining module 203, for the safety of the target property information determined using safety value determining module 202
Value, the level of security of Target IP core is determined based on safety classification set in advance rule.
The device provided by the invention for determining IP kernel level of security, obtains Target IP by attribute information acquisition module first
The target property information of core, then by attribute information of the safety value determining module based on IP kernel set in advance and pair of safety value
The safety value determined with target property information should be related to, the safety of target property information is finally utilized by level of security determining module
Value, the level of security of the Target IP core is determined based on safety classification set in advance rule.It is provided in an embodiment of the present invention true
Determining the device of IP kernel level of security can assess the security of IP kernel, and by the security evaluation to IP kernel, can improve has
The safety and reliability of the information computing system of IP kernel.
In the device for the determination IP kernel level of security that above-described embodiment provides, level of security determining module can include:The
One determining module or the second determining module.
First determining module, for the peace by each attribute information in the first kind attribute information in multiclass attribute information
Total head, the level of security of Target IP core is determined based on binary hierarchical set in advance rule.Wherein, binary hierarchical rule is used to incite somebody to action
The security classification of Target IP core is two level of securitys.
Wherein, first kind attribute information is to the influence degree highest category of Target IP core security in multiclass attribute information
Property information.
Second determining module, for the safety by each attribute information in all kinds of attribute informations in multiclass attribute information
It is worth the level of security that Target IP core is determined based on polynary classification rule set in advance.Wherein, polynary classification rule is used for mesh
The security classification of mark IP kernel is multiple level of securitys, multiple level of security more than two level of securitys.
Further, the first determining module includes:Judging submodule and determination sub-module.Wherein:
Judging submodule, for the safety value that judges whether to have at least one attribute information in first kind attribute information for
One safety value, and the safety value for having at least one attribute information is the second safety value.
Determination sub-module, for judging there is at least one attribute information in first kind attribute information when judging submodule
Safety value is the first safety value, and when having the safety value of at least one attribute information to be the second safety value, determines Target IP core
Rank be indicate target core be dangerous IP kernel rank, otherwise determine Target IP core rank be instruction Target IP core be peace
The rank of full IP kernel.Wherein, there is the attribute information and at least that at least one safety value is the first safety value in the first attribute information
One safety value shows to have at least one security in first kind attribute information worst for the attribute information of the second safety value
The attribute information of attribute information and at least one security time difference.
In a kind of possible implementation, multiclass attribute information can include:First kind attribute information, the second generic attribute
Information and the 3rd generic attribute information, first kind attribute information are believed higher than the second generic attribute the influence degree of Target IP core security
Breath, the second generic attribute information are higher than the 3rd generic attribute information to the influence degree of Target IP core security.
Then the second determining module can include the first determination sub-module, the second determination sub-module, the 3rd determination sub-module and
4th determination sub-module.Wherein:
First determination sub-module, for being when the safety value of at least one attribute information in the first kind attribute information
During the first safety value, the level of security for determining the Target IP core is first level.
Second determination sub-module, for being not described when the safety value of each attribute information in first kind attribute information
First safety value, and when the safety value of at least two attribute informations in first kind attribute information is the second safety value, it is determined that
The level of security of Target IP core is second level.
3rd determination sub-module, for being not first when the safety value of each attribute information in first kind attribute information
Safety value, and there was only the safety value of an attribute information in the first kind attribute information when being the second safety value, or, work as the first kind
The safety value of each attribute information in attribute information is not the first safety value nor the second safety value, and the second generic attribute
When thering is the safety value of at least one attribute information to be the first safety value or the second safety value in information, the safety of Target IP core is determined
Rank is third level.
4th determination sub-module, for when each attribute information in first kind attribute information and the second generic attribute information
Safety value is not the first safety value, is not the second safety value yet, and the first attribute information, the second generic attribute information and the 3rd
When thering is the safety value of the attribute information of not more than two to be three preset values in attribute information, the level of security of Target IP core is determined
For fourth level;
5th determination sub-module, for when each category in the first attribute information, the second attribute information and the 3rd attribute information
The safety value of property information is not the first safety value, be not the second safety value, when not being three preset values yet, determines target
The level of security of IP kernel is fifth level.
Wherein, the security highest of fifth level instruction Target IP core, fourth level, third level, second level and the
Security indicated by one rank gradually reduces.
Wherein, first kind attribute information can include the acquisition channel of Target IP core, supplier's safe level of Target IP core
Other and Target IP core application field, the second generic attribute information include the friendship of the degree of conformity, Target IP core of Target IP core and standard
The mode of operation of creditor side, the function information of Target IP core and Target IP core, the 3rd generic attribute information are the target category of Target IP core
Attribute information in property information in addition to the second generic attribute information and the 3rd generic attribute information.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be and other
The difference of embodiment, between each embodiment identical similar portion mutually referring to.
In several embodiments provided herein, it should be understood that disclosed method, apparatus and equipment, can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Division, only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The mutual coupling discussed or direct-coupling or communication connection can be by some communication interfaces, between device or unit
Coupling or communication connection are connect, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.In addition, each functional unit in each embodiment of the present invention can be integrated in it is in a processing unit or each
Unit is individually physically present, can also two or more units it is integrated in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
The foregoing description of the disclosed embodiments, professional and technical personnel in the field are enable to realize or using the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (10)
1. one kind determines IP kernel safe level method for distinguishing, it is characterised in that methods described includes:
The target property information of Target IP core is obtained, the target property information includes multiclass attribute information, more generic attributes
All kinds of attribute informations are different to the influence degree of the Target IP core security in information;
The corresponding relation of attribute information and safety value based on IP kernel set in advance determines the peace with the target property information
Total head;
Using the safety value of the target property information, the Target IP core is determined based on safety classification set in advance rule
Level of security.
2. according to the method for claim 1, it is characterised in that the safety value using the target property information, base
The level of security of the Target IP core is determined in safety classification set in advance rule, including:
By the safety value of each attribute information in the first kind attribute information in the multiclass attribute information, based on presetting
Binary hierarchical rule determine the level of security of the Target IP core, the first kind attribute information is preset to the target
The influence degree highest attribute information of IP kernel security, the binary hierarchical rule is by the level of security of the Target IP core
It is divided into the classification rule of two-stage;
Or it is based on setting in advance by the safety value of each attribute information in all kinds of attribute informations in the multiclass attribute information
Fixed polynary classification rule determines the level of security of the Target IP core, and the polynary classification rule is by the Target IP core
Security classification is multistage classification rule, and the multistage is more than two-stage.
3. according to the method for claim 2, it is characterised in that first generic by the multiclass attribute information
Property information in each attribute information safety value, the safety of the Target IP core is determined based on binary hierarchical set in advance rule
Rank, including:
The safety value for judging whether to have at least one attribute information in the first kind attribute information has for the first safety value
The safety value of at least one attribute information is the second safety value, wherein, the safety value of attribute information is the first safety value table
The bright attribute information is the worst attribute information of security, and attribute information is that second safety value shows the attribute information
For the attribute information of security time difference;
If it is, the rank for determining the Target IP core is the rank that the instruction target core is dangerous IP kernel;
If it is not, then the rank for determining the Target IP core is the rank that the instruction Target IP core is safe IP kernel.
4. according to the method for claim 2, it is characterised in that the multiclass attribute information includes:First kind attribute information,
Second generic attribute information and the 3rd generic attribute information, influence journey of the first kind attribute information to the Target IP core security
Degree is higher than the second generic attribute information, and the second generic attribute information is higher than to the influence degree of the Target IP core security
The 3rd generic attribute information;
The then safety value of each attribute information by all kinds of attribute informations in the multiclass attribute information, based on advance
The polynary classification rule of setting determines the level of security of the Target IP core, including:
When the safety value of at least one attribute information in the first kind attribute information is the first safety value, the mesh is determined
The level of security for marking IP kernel is first level;
When the safety value of each attribute information in the first kind attribute information is not first safety value, and described
When the safety value of at least two attribute informations in a kind of attribute information is the second safety value, the peace of the Target IP core is determined
Full rank is second level;
When the safety value of each attribute information in the first kind attribute information is not the first safety value, and the first kind
When only having the safety value of an attribute information to be the second safety value in attribute information, or, when each in first kind attribute information
The safety value of individual attribute information is not the first safety value nor the second safety value, and have in the second generic attribute information to
When the safety value of a few attribute information is the first safety value or the second safety value, the level of security for determining the Target IP core is
Third level;
When the safety value of each attribute information in the first kind attribute information and the second generic attribute information is not
One safety value, it is not the second safety value, and first attribute information, the second generic attribute information and the described 3rd belong to yet
When thering is the safety value of the attribute information of not more than two to be three preset values in property information, the safe level of the Target IP core is determined
Wei not fourth level;
When the safety of each attribute information in first attribute information, second attribute information and the 3rd attribute information
Value is not the first safety value, be not the second safety value, when not being three preset values yet, determines the peace of the Target IP core
Full rank is fifth level;
Wherein, the safety value of attribute information is that first safety value shows that the attribute information is the worst attribute letter of security
Breath, attribute information are the attribute information that second safety value shows that the attribute information is security time difference, and attribute information is
3rd total head shows attribute information of the attribute information for the difference of security the 3rd, and the fifth level indicates the target
The security highest of IP kernel, indicated by the fourth level, the third level, the second level and the first level
Security gradually reduces.
5. according to the method for claim 4, it is characterised in that the first kind attribute information includes:The Target IP core
Obtain channel, supplier's level of security of the Target IP core and the application field of the Target IP core;
The second generic attribute information includes:The degree of conformity of the Target IP core and standard, the delivery item of the Target IP core, institute
State the function information of Target IP core and the mode of operation of the Target IP core;
The 3rd generic attribute information is to remove the second generic attribute information and the 3rd generic in the target property information
Attribute information outside property information.
6. a kind of device for determining IP kernel level of security, it is characterised in that described device includes:Attribute information acquisition module, peace
Total head determining module and level of security determining module;
The attribute information acquisition module, for obtaining the target property information of Target IP core, the target property information includes
Multiclass attribute information, in the multiclass attribute information all kinds of attribute informations to the influence degree of the Target IP core security not
Together;
The safety value determining module, determined for the corresponding relation of the attribute information based on IP kernel set in advance and safety value
The safety value of the target property information obtained with the attribute information acquisition module;
The level of security determining module, for the peace of the target property information determined using the safety value determining module
Total head, the level of security of the Target IP core is determined based on safety classification set in advance rule.
7. device according to claim 6, it is characterised in that the level of security determining module includes:First determines mould
Block or the second determining module;
First determining module, for passing through each attribute information in the first kind attribute information in the multiclass attribute information
Safety value, the level of security of the Target IP core is determined based on binary hierarchical set in advance rule, wherein, the first kind
Attribute information be to the influence degree highest attribute information of the Target IP core security in the multiclass attribute information, it is described
Binary hierarchical rule is by classification that the security classification of the Target IP core is two-stage rule;
Second determining module, for passing through each attribute information in all kinds of attribute informations in the multiclass attribute information
Safety value determines the level of security of the Target IP core based on polynary classification rule set in advance, and the polynary classification rule is
It is multistage classification rule by the security classification of the Target IP core, the multistage is more than two-stage.
8. device according to claim 7, it is characterised in that first determining module includes:Judging submodule and really
Stator modules;
The judging submodule, for the safety value for judging whether to have at least one attribute information in the first kind attribute information
For the first safety value, and the safety value for having at least one attribute information is the second safety value, wherein, the safety value of attribute information
Show that the attribute information is the worst attribute information of security for first safety value, attribute information is the described second safety
Value shows attribute information of the attribute information for security time difference;
The determination sub-module, for judging there is at least one category in the first kind attribute information when the judging submodule
The safety value of property information is the first safety value, and when thering is the safety value of at least one attribute information to be the second safety value, it is determined that
The rank of the Target IP core is the rank that the instruction target core is dangerous IP kernel, otherwise determines the level of the Target IP core
The rank that the Target IP core is safe IP kernel Wei not indicated.
9. device according to claim 7, it is characterised in that the multiclass attribute information includes:First kind attribute information,
Second generic attribute information and the 3rd generic attribute information, influence journey of the first kind attribute information to the Target IP core security
Degree is higher than the second generic attribute information, and the second generic attribute information is higher than to the influence degree of the Target IP core security
The 3rd generic attribute information;
Then second determining module includes:First determination sub-module, the second determination sub-module, the 3rd determination sub-module and the 4th
Determination sub-module;
First determination sub-module, for being when the safety value of at least one attribute information in the first kind attribute information
During the first safety value, the level of security for determining the Target IP core is first level;
Second determination sub-module, for not being when the safety value of each attribute information in the first kind attribute information
First safety value, and the safety value of at least two attribute informations in the first kind attribute information is the second safety value
When, the level of security for determining the Target IP core is second level;
3rd determination sub-module, for not being when the safety value of each attribute information in the first kind attribute information
First safety value, and there was only the safety value of an attribute information in the first kind attribute information when being the second safety value, or,
When the safety value of each attribute information in first kind attribute information is not the first safety value nor the second safety value, and institute
State when thering is the safety value of at least one attribute information to be the first safety value or the second safety value in the second generic attribute information, determine institute
The level of security for stating Target IP core is third level;
4th determination sub-module, for when each category in the first kind attribute information and the second generic attribute information
The safety value of property information is not the first safety value, is not the second safety value yet, and first attribute information, described second
When thering is the safety value of the attribute information of not more than two to be three preset values in generic attribute information and the 3rd attribute information, really
The level of security of the fixed Target IP core is fourth level;
5th determination sub-module, for when first attribute information, second attribute information and the 3rd attribute
In information the safety value of each attribute information be not the first safety value, be not the second safety value, not also to be the 3rd default
During value, the level of security for determining the Target IP core is fifth level;
Wherein, the safety value of attribute information is that first safety value shows that the attribute information is the worst attribute letter of security
Breath, attribute information are the attribute information that second safety value shows that the attribute information is security time difference, and attribute information is
3rd total head shows attribute information of the attribute information for the difference of security the 3rd, and the fifth level indicates the target
The security highest of IP kernel, indicated by the fourth level, the third level, the second level and the first level
Security gradually reduces.
10. device according to claim 9, it is characterised in that the first kind attribute information includes:The Target IP core
Obtain channel, supplier's level of security of the Target IP core and the application field of the Target IP core;
The second generic attribute information includes:The degree of conformity of the Target IP core and standard, the delivery item of the Target IP core, institute
State the function information of Target IP core and the mode of operation of the Target IP core;
The 3rd generic attribute information is to remove the second generic attribute information and the 3rd generic in the target property information
Attribute information outside property information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610446930.9A CN107526969B (en) | 2016-06-20 | 2016-06-20 | Method and device for determining IP (Internet protocol) core security level |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610446930.9A CN107526969B (en) | 2016-06-20 | 2016-06-20 | Method and device for determining IP (Internet protocol) core security level |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107526969A true CN107526969A (en) | 2017-12-29 |
CN107526969B CN107526969B (en) | 2020-11-03 |
Family
ID=60734648
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610446930.9A Active CN107526969B (en) | 2016-06-20 | 2016-06-20 | Method and device for determining IP (Internet protocol) core security level |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107526969B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110069374A (en) * | 2019-04-28 | 2019-07-30 | 中国科学院微电子研究所 | A kind of method for testing security and device |
CN111880768A (en) * | 2020-07-23 | 2020-11-03 | 北京计算机技术及应用研究所 | IP core code level security requirement description method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101763453A (en) * | 2010-01-22 | 2010-06-30 | 工业和信息化部软件与集成电路促进中心 | Standardized IP core evaluating method and system |
CN102110220A (en) * | 2011-02-14 | 2011-06-29 | 宇龙计算机通信科技(深圳)有限公司 | Application program monitoring method and device |
US20120036509A1 (en) * | 2010-08-06 | 2012-02-09 | Sonics, Inc | Apparatus and methods to concurrently perform per-thread as well as per-tag memory access scheduling within a thread and across two or more threads |
CN103117853A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Account input and authentication method of safe storing device |
CN104767876A (en) * | 2015-03-03 | 2015-07-08 | 中国联合网络通信集团有限公司 | Safety software processing method and user terminal |
-
2016
- 2016-06-20 CN CN201610446930.9A patent/CN107526969B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101763453A (en) * | 2010-01-22 | 2010-06-30 | 工业和信息化部软件与集成电路促进中心 | Standardized IP core evaluating method and system |
US20120036509A1 (en) * | 2010-08-06 | 2012-02-09 | Sonics, Inc | Apparatus and methods to concurrently perform per-thread as well as per-tag memory access scheduling within a thread and across two or more threads |
CN102110220A (en) * | 2011-02-14 | 2011-06-29 | 宇龙计算机通信科技(深圳)有限公司 | Application program monitoring method and device |
CN103117853A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Account input and authentication method of safe storing device |
CN104767876A (en) * | 2015-03-03 | 2015-07-08 | 中国联合网络通信集团有限公司 | Safety software processing method and user terminal |
Non-Patent Citations (1)
Title |
---|
陈涛: "数字软核IP质量评测平台的研究与设计", 《中国优秀硕士论文全文数据库 信息科技辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110069374A (en) * | 2019-04-28 | 2019-07-30 | 中国科学院微电子研究所 | A kind of method for testing security and device |
CN111880768A (en) * | 2020-07-23 | 2020-11-03 | 北京计算机技术及应用研究所 | IP core code level security requirement description method |
Also Published As
Publication number | Publication date |
---|---|
CN107526969B (en) | 2020-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yanisky-Ravid et al. | Equality and privacy by design: A new model of artificial intelligence data transparency via auditing, certification, and safe harbor regimes | |
US10860742B2 (en) | Privacy risk information display | |
Wright | The future of facial recognition is not fully known: Developing privacy and security regulatory mechanisms for facial recognition in the retail sector | |
TW202009760A (en) | Identity information identification method and device | |
US10691822B1 (en) | Policy validation management | |
US20150006399A1 (en) | Social Media Based Identity Verification | |
CN108711101A (en) | A kind of loan transaction method, apparatus, system and electronic equipment | |
Breaux et al. | Legally “reasonable” security requirements: A 10-year FTC retrospective | |
US20230281583A1 (en) | Systems and Methods for the Facilitation of Blockchains | |
CN110009297A (en) | A kind of fiduciary qualification signal auditing method, device and equipment | |
CN112700250B (en) | Identity authentication method, device and system in financial scene | |
KR20160091188A (en) | Method and system for personal information management in estimating credit rating of person to person banking using analysis of big data | |
TW202040385A (en) | System for using device identification to identify via telecommunication server and method thereof | |
US20210012026A1 (en) | Tokenization system for customer data in audio or video | |
CN107038377B (en) | Website authentication method and device and website credit granting method and device | |
CN107526969A (en) | A kind of method and device for determining IP kernel level of security | |
Deypir et al. | Instance based security risk value estimation for Android applications | |
CN110008986A (en) | The recognition methods of batch risk case, device and electronic equipment | |
US9992181B2 (en) | Method and system for authenticating a user based on location data | |
CN106897880A (en) | A kind of account methods of risk assessment and equipment | |
KR101879266B1 (en) | a System for verifing unidentifiable Personal Information | |
CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
US20210192054A1 (en) | Use of word embeddings to locate sensitive text in computer programming scripts | |
KR102282144B1 (en) | Prediction system for enterprise value | |
Zhang et al. | Understanding Privacy Over-collection in WeChat Sub-app Ecosystem |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |