CN107832606A - Trust chain realization method and system based on SGX - Google Patents
Trust chain realization method and system based on SGX Download PDFInfo
- Publication number
- CN107832606A CN107832606A CN201710895862.9A CN201710895862A CN107832606A CN 107832606 A CN107832606 A CN 107832606A CN 201710895862 A CN201710895862 A CN 201710895862A CN 107832606 A CN107832606 A CN 107832606A
- Authority
- CN
- China
- Prior art keywords
- enclave
- sgx
- trust chain
- operational process
- code section
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Abstract
The present invention discloses a kind of trust chain realization method and system based on SGX, and it initially sets up the trust chain operational process based on SGX;In the running of the trust chain operational process based on SGX, set in the trust chain operational process based on SGX and trust chain part and enclave relation;According to the relation for trusting chain part and enclave, secure operating environment enclave is established for each activation member in SGX trust chain.It utilizes the security feature of enclave in SGX, has carried out Safe Transformation to traditional trust chain, trust chain part is placed into shielded enclave, protects it from disturbed or destroys, so as to establish secure operating environment for trust chain activation member.
Description
Technical field
The present invention relates to information security field, relates generally to the trust chain implementation method based on SGX.
Background technology
Trust computing is a kind of effective new technology of enhancement information system safety, and trust chain is the pass of trust computing
One of key technology.The trust chain that Trusted Computing Group TCG (Trusted Computing Group) is provided is defined as:CRTM→
BIOS→OS Loader→OS Components→Applications.Wherein, credible measurement root core CRTM (Core Root
Of Trust for Measurement) measurement BIOS (Basic Input and Output System) integrality, BIOS
Measure OS Loader (Operating System Loader) integrality, OS Loader measure the complete of OS Components
The integrality of whole property, is realized and platform is started to the integrity measurement of operating system, and measurement results are stored to credible platform
Platform configuration register PCR (Platform Configuration in module TPM (Trusted Platform Module)
Register) and in storage metrics logs SML (Stored Measurement Log), the integrality storage to platform is realized.
But TCG trust chain has only carried out integrity measurement when platform starts to activation member at present and integrality is deposited
Storage, is not protected to the running environment of activation member, and trust chain is subject to software and hardware attack when running.
The content of the invention
In view of this, it is necessary to provide it is a kind of can be trust chain activation member establish secure operating environment based on
SGX trust chain realization method and system.
The present invention provides a kind of trust chain implementation method based on SGX, and the trust chain implementation method based on SGX includes
Following steps:
S1, establish the trust chain operational process based on SGX;
S2, in the running of the trust chain operational process based on SGX, the trust chain operational process based on SGX is set
In the relation for trusting chain part and enclave;
Each activation member in trust chain that S3, the relation according to trust chain part and enclave are SGX is established
Secure operating environment enclave.
A kind of trust chain based on SGX realizes system, and the trust chain based on SGX realizes that system includes following functions mould
Block:
Flow establishes module, for establishing the trust chain operational process based on SGX;
Relation setup module, in the running of the trust chain operational process based on SGX, setting based on SGX's
Trust chain part and enclave relation in trust chain operational process;
Security context establishes module, for the relation according to trust chain part and enclave, in SGX trust chain
Each activation member establishes secure operating environment enclave.
Trust chain realization method and system of the present invention based on SGX, it utilizes the security feature of enclave in SGX,
Safe Transformation has been carried out to traditional trust chain, trust chain part has been placed into shielded enclave, has protected it from being disturbed
Or destroy, so as to establish secure operating environment for trust chain activation member.
Method provided by the invention mainly has following beneficial effect compared with prior art:
First, the code of trust chain part and data will not be attacked by Malware or hardware in enclave,
Franchise or non-privileged software can not all access enclave, and operating system or VMM (hypervisor) can not also influence
The code and data of trust chain in enclave.
Code segment and data segment in second, enclave are all complete or collected works or the subset of trust chain activation member, convenient to original
There is trust chain to be extended, original system is influenceed smaller.
Brief description of the drawings
Fig. 1 is the trust chain implementation method schematic diagram of the present invention based on SGX;
Fig. 2 is the FB(flow block) of the trust chain implementation method of the present invention based on SGX;
Fig. 3 is the sub-process block diagram of step S1 in Fig. 2;
Fig. 4 is the sub-process block diagram of step S2 in Fig. 2;
Fig. 5 is the sub-process block diagram of step S3 in Fig. 2;
Fig. 6 is the FB(flow block) that CRTM of the present invention establishes the first enclave;
Fig. 7 is the instance graph that CRTM of the present invention establishes the first enclave;
Fig. 8 is the FB(flow block) that BIOS of the present invention establishes the 2nd enclave;
Fig. 9 is the FB(flow block) that OS Loader of the present invention establish the 3rd enclave;
Figure 10 is the FB(flow block) that OS Kernel of the present invention establish the 4th enclave;
Figure 11 is the FB(flow block) that OS Components of the present invention establish the 5th enclave.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated, it will be appreciated that and the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
SGX (Software Guard Extensions) is that the new processor technology of Intel exploitations (has SGX characteristics
Processor all be referred to as SGX CPU), by calculating platform provide a believable space enclave, ensure crucial generation
The confidentiality and integrity of code and data.Enclave is a kind of Intel SGX CPU security feature, and enclave is by hardware
One section of region of memory of protection, code and data in enclave, operating system or VMM (hypervisor) also without
Method influences the code and data inside enclave.Enclave secure border only includes CPU and its own.What SGX was created
Enclave can be understood as a credible performing environment TEE (Trusted Execution Environment), and SGX CPU can
To run multiple enclaves, these enclaves can be performed concurrently.
The present invention utilizes the security feature of enclave in SGX to provide a kind of trust chain implementation method based on SGX, such as Fig. 1
Shown, Fig. 1 describes the relation for trusting chain part and enclave, illustrates to trust chain part itself or itself a part
Operate in the enclave by the protection of SGX CPU hardwares, according to the size and operation characteristic of each part, trust chain part
Between enclave, have plenty of complete corresponding relation (such as CRTM, OS Loader), have plenty of part corresponding relation (such as BIOS,
OS Kernel、OS Components)。
As shown in Fig. 2 the trust chain implementation method based on SGX comprises the following steps:
S1, establish the trust chain operational process based on SGX;
S2, in the running of the trust chain operational process based on SGX, the trust chain operational process based on SGX is set
In the relation for trusting chain part and enclave;
Each activation member in trust chain that S3, the relation according to trust chain part and enclave are SGX is established
Secure operating environment enclave.
Wherein, as shown in figure 3, the step S1 include it is following step by step:
S11, the trust chain operational process based on SGX is established to CRTM;
S12, the trust chain operational process based on SGX is established to BIOS;
S13, the trust chain operational process based on SGX is established to OS Loader;
S14, the trust chain operational process based on SGX is established to OS Kernel;
S15, the trust chain operational process based on SGX is established to OS Components.
Wherein, as shown in figure 4, the step S2 include it is following step by step:
S21, setting first code section and the first data segment are whole CRTM;
S22, the part of second code section and the second data segment for whole BIOS or BIOS is set;
S23, setting third generation code section and the 3rd data segment are whole OS Loader;
S24, the part of forth generation code section and the 4th data segment for whole OS Kernel or OS Kernel is set;
S25, the 5th code segment and the 5th data segment are set for whole OS Components' or OS Components
A part.
Wherein, as shown in figure 5, the step S3 include it is following step by step:
S31, according to the relation for trusting chain part and enclave, be that CRTM establishes the according to SGX trust chain operational process
One security context enclave;
S32, the relation according to trust chain part and enclave, are built by the trust chain operational process based on SGX for BIOS
Vertical second security context enclave;
S33, the relation according to trust chain part and enclave, are OS by the trust chain operational process based on SGX
Loader establishes the 3rd security context enclave;
S34, the relation according to trust chain part and enclave, are OS by the trust chain operational process based on SGX
Kernel establishes the 4th security context enclave;
S35, the relation according to trust chain part and enclave, are OS by the trust chain operational process based on SGX
Components establishes the 5th security context enclave.
As shown in fig. 6, platform electrifying startup, runs CRTM;
CRTM sends generation the first enclave requests to SGX CPU, and SGX CPU are that CRTM creates first in internal memory
Enclave, the first enclave include first code section and the first data segment, and it is whole to set first code section and the first data segment
Individual CRTM, CRTM give control the first code section in the first encalve, and first code section completes the integrality to BIOS
Measurement and integrality storage, first code section give BIOS control, exit enclave patterns, and SGX CPU remove first
enclave。
Specifically, as shown in fig. 7, CRTM establishes comprising the following steps that for the first enclave:
Step 1.CRTM sends the first enclave of instantiation request command ECREATE () to SGX CPU;
Step 2.SGX CPU establish the first enclave address area in internal memory, including base address and enclave
Size (represents) that SGX CPU establish enclave page caches (EPC), for depositing enclave control structures with ELRANGE
(SECS);
Step 3.CRTM sends the first enclave of instantiation request command EADD () to SGX CPU;
Step 4.SGX CPU are initialized to EPC mapping tables (EPCM), and EPCM cryptographic Hash is stored in into SECS, will
The idle EPC pages are set to the page that attribute is PT_REG or PT_TCS, from insincere memory copying 4KB contents to this EPC pages
Face;
Step 5.CRTM sends the first enclave request command EEXTEND () of instantiation to SGX CPU;
Step 6.SGX CPU carry out Hash operation to the EPC that attribute is PT_REG or PT_TCS;
Step 7.CRTM sends the first enclave request command EINT () of instantiation to SGX CPU;
Step 8.SGX CPU check EINITTOKEN tokens to determine enclave legitimacy;
Step 9.CRTM is transmitted into enclave mode request order EENTER () to SGX CPU;
Step 10.SGX CPU preserve context environmental, into enclave patterns;
Step 11. first code section carries out integrity measurement and integrality storage;
Step 12. first code section sends to SGX CPU and exits enclave mode request order EEXIT ();
Step 13.SGX CPU exit enclave patterns;
Step 14. first code section sends to SGX CPU and removes the first enclave page request order EREMOVE ();
Step 15.SGX CPU remove the EPC pages.
As shown in figure 8, BIOS sends generation the 2nd enclave requests to SGX CPU, SGX CPU are BIOS in internal memory
The 2nd enclave is created, the 2nd enclave includes second code section and the second data segment, sets second code section and the second number
According to the part that section is whole BIOS or BIOS, BIOS gives control the second code section in the 2nd encalve, and second
Code segment is completed to store OS Loader integrity measurement and integrality, and second code section gives BIOS or OS control
Loader, exits enclave patterns, and SGX CPU remove the 2nd enclave.
As shown in figure 9, OS Loader send generation the 3rd enclave requests to SGX CPU, SGX CPU are OS
Loader creates the 3rd enclave in internal memory, and the 3rd enclave includes third generation code section and the 3rd data segment, sets the 3rd
Code segment and the 3rd data segment are whole OS Loader, and OS Loader give control the third generation in the 3rd encalve
Code section, third generation code section are completed to store OS Kernel integrity measurement and integrality, and third generation code section gives control
OS Kernel, exit enclave patterns, and SGX CPU remove the 3rd enclave.
As shown in Figure 10, OS Kernel send generation the 4th enclave requests to SGX CPU, and SGX CPU are OS
Kernel creates the 4th enclave in internal memory, and the 4th enclave includes forth generation code section and the 4th data segment, sets the 4th
Code segment and the part that the 4th data segment is whole OS Kernel or OS Kernel, OS Kernel give control
Forth generation code section in 4th encalve, forth generation code section are completed to deposit OS Components integrity measurement and integrality
Storage, forth generation code section give OS Kernel or OS Components control, exit enclave patterns, and SGX CPU are removed
4th enclave.
As shown in figure 11, OS Components send generation the 5th enclave requests to SGX CPU, and SGX CPU are OS
Components creates the 5th enclave in internal memory, and the 5th enclave includes the 5th code segment and the 5th data segment, sets
5th code segment and the part that the 5th data segment is whole OS Components or OS Components, OS
Components gives control the 5th code segment in the 5th encalve, and the 5th code segment is completed to Applications
Integrity measurement and integrality storage, the 5th code segment gives OS Components or Applications control, moves back
Go out enclave patterns, SGX CPU remove the 5th enclave.
Realize that the present invention also provides a kind of trust chain based on SGX and realizes system according to the above-mentioned trust chain based on SGX,
The trust chain based on SGX realizes that system includes following functions module:
Flow establishes module, for establishing the trust chain operational process based on SGX;
Relation setup module, in the running of the trust chain operational process based on SGX, setting based on SGX's
Trust chain part and enclave relation in trust chain operational process;
Security context establishes module, for the relation according to trust chain part and enclave, in SGX trust chain
Each activation member establishes secure operating environment enclave.
Wherein, the flow, which establishes module, includes following functions unit:
First pass establishes unit, for establishing the trust chain operational process based on SGX to CRTM;
Second procedure establishes unit, for establishing the trust chain operational process based on SGX to BIOS;
3rd flow establishes unit, for establishing the trust chain operational process based on SGX to OS Loader;
4th flow establishes unit, for establishing the trust chain operational process based on SGX to OS Kernel;
5th flow establishes unit, for establishing the trust chain operational process based on SGX to OS Components.
Wherein, the relation setup module includes following functions unit:
First enclave relation setting units, for setting the code segment and data that whole CRTM is the first enclave
Section;
2nd enclave relation setting units, the part for setting whole BIOS or BIOS are the 2nd enclave
Code segment and data segment;
3rd enclave relation setting units, for set whole OS Loader be the 3rd enclave code segment and
Data segment;
4th enclave relation setting units, for setting whole OS Kernel or OS Kernel a part to be
4th enclave code segment and data segment;
5th enclave relation setting units, for setting whole OS Components or OS Components
A part is the 5th enclave code segment and data segment.
Wherein, the security context, which establishes module, includes following functions unit:
First security context establishes unit, for according to the relation for trusting chain part and the first enclave, by based on
SGX trust chain operational process makes CRTM establish the first security context enclave;
Second security context establishes unit, for according to the relation for trusting chain part and the 2nd enclave, by based on
SGX trust chain operational process makes BIOS establish the second security context enclave;
3rd security context establishes unit, for according to the relation for trusting chain part and the 3rd enclave, by based on
SGX trust chain operational process makes OS Loader establish the 3rd security context enclave;
4th security context establishes unit, for according to the relation for trusting chain part and the 4th enclave, by based on
SGX trust chain operational process makes OS Kernel establish the 4th security context enclave;
5th security context establishes unit, for according to the relation for trusting chain part and the 5th enclave, by based on
SGX trust chain operational process makes OS Components establish the 5th security context enclave.
Trust chain realization method and system of the present invention based on SGX, it utilizes the security feature of enclave in SGX,
Safe Transformation has been carried out to traditional trust chain, trust chain part has been placed into shielded enclave, has protected it from being disturbed
Or destroy, so as to establish secure operating environment for trust chain activation member.
Method provided by the invention mainly has following beneficial effect compared with prior art:
First, the code of trust chain part and data will not be attacked by Malware or hardware in enclave,
Franchise or non-privileged software can not all access enclave, and operating system or VMM (hypervisor) can not also influence
The code and data of trust chain in enclave.
Code segment and data segment in second, enclave are all complete or collected works or the subset of trust chain activation member, convenient to original
There is trust chain to be extended, original system is influenceed smaller.
Apparatus above embodiment is one-to-one, the simple part of device embodiment with embodiment of the method, real referring to method
Apply example.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be and other
The difference of embodiment, between each embodiment identical similar portion mutually referring to.
Professional further appreciates that, with reference to the unit of each example of the embodiments described herein description
And algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software, the composition and step of each example are generally described according to feature in the above description.This
A little functions are performed with hardware or software mode actually, application-specific and design constraint depending on technical scheme.Specially
Industry technical staff can realize described function using distinct methods to each specific application, but this realization is not
The scope of the present invention should be exceeded.
Directly it can be held with reference to the step of method or algorithm that the embodiments described herein describes with hardware, processor
Capable software module, or the two combination are implemented.Software module can be placed in random access memory, internal memory, read-only storage,
Institute is public in electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In the storage medium for any other forms known.
Embodiments of the invention are described above in conjunction with accompanying drawing, but the invention is not limited in above-mentioned specific
Embodiment, above-mentioned embodiment is only schematical, rather than restricted, one of ordinary skill in the art
Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make a lot
Form, these are belonged within the protection of the present invention.
Claims (10)
1. a kind of trust chain implementation method based on SGX, it is characterised in that the trust chain implementation method based on SGX includes
Following steps:
S1, establish the trust chain operational process based on SGX;
S2, in the running of the trust chain operational process based on SGX, set in the trust chain operational process based on SGX
Trust chain part and enclave relation;
S3, establish safe according to the relation for trusting chain part and enclave, each activation member in trust chain for being SGX
Running environment enclave.
2. the trust chain implementation method based on SGX according to claim 1, it is characterised in that the step S1 includes following
Step by step:
S11, the trust chain operational process based on SGX is established to CRTM;
S12, the trust chain operational process based on SGX is established to BIOS;
S13, the trust chain operational process based on SGX is established to OS Loader;
S14, the trust chain operational process based on SGX is established to OS Kernel;
S15, the trust chain operational process based on SGX is established to OS Components.
3. the trust chain implementation method based on SGX according to claim 2, it is characterised in that the step S1 includes following
Content:
S11, platform electrifying startup, run CRTM;
CRTM sends generation the first enclave requests to SGX CPU, and SGX CPU are that CRTM creates first in internal memory
Enclave, the first enclave include first code section and the first data segment;
First code section measures BIOS integrality, and the first data segment deposits the first metric;
First code section loads BIOS;
S12, BIOS send generation the 2nd enclave requests to SGX CPU, and SGX CPU are that BIOS creates second in internal memory
Enclave, the 2nd enclave include second code section and the second data segment;
Second code section measurement OS Loader integrality, the second data segment deposit the second metric;
Second code section or BIOS loading OS Loader;
S13, OS Loader send generation the 3rd enclave requests to SGX CPU, and SGX CPU are OS Loader in internal memory
The 3rd enclave is created, the 3rd enclave includes third generation code section and the 3rd data segment;
Third generation code section measurement OS Kernel integrality, the 3rd data segment deposit the 3rd metric;
Third generation code section loading OS Kernel;
S14, OS Kernel send generation the 4th enclave requests to SGX CPU, and SGX CPU are OS Kernel in internal memory
The 4th enclave is created, the 4th enclave includes forth generation code section and the 4th data segment;
Forth generation code section measurement OS Components integrality, the 4th data segment deposit fourth value;
Forth generation code section or OS Kernel loading OS Components;
S15, OS Components send generation the 5th enclave requests to SGX CPU, and SGX CPU are OS Components
The 5th enclave is created in internal memory, the 5th enclave includes the 5th code segment and the 5th data segment;
5th code segment measures Applications integrality, and the 5th data segment deposits the 5th metric;
5th code segment or OS Components loadings Applications.
4. the trust chain implementation method based on SGX according to claim 3, it is characterised in that the step S2 includes following
Step by step:
S21, setting first code section and the first data segment are whole CRTM;
S22, the part of second code section and the second data segment for whole BIOS or BIOS is set;
S23, setting third generation code section and the 3rd data segment are whole OS Loader;
S24, the part of forth generation code section and the 4th data segment for whole OS Kernel or OS Kernel is set;
S25, the 5th code segment and the 5th data segment are set for one of whole OS Components or OS Components
Point.
5. the trust chain implementation method based on SGX according to claim 4, it is characterised in that the step S3 includes following
Step by step:
S31, the relation according to trust chain part and enclave, it is that CRTM establishes the first peace according to SGX trust chain operational process
Full ambient engine enclave;
S32, according to the relation for trusting chain part and enclave, be that BIOS establishes the by the trust chain operational process based on SGX
Two security context enclave;
S33, the relation according to trust chain part and enclave, are OS Loader by the trust chain operational process based on SGX
Establish the 3rd security context enclave;
S34, the relation according to trust chain part and enclave, are OS Kernel by the trust chain operational process based on SGX
Establish the 4th security context enclave;
S35, the relation according to trust chain part and enclave, are OS by the trust chain operational process based on SGX
Components establishes the 5th security context enclave.
6. the trust chain implementation method based on SGX according to claim 5, it is characterised in that the step S3 includes following
Content:
S31, CRTM give control the first code section in the first encalve, and first code section is completed to the complete of BIOS
Property measurement and integrality storage, first code section gives BIOS control, exits enclave patterns, and SGX CPU remove first
enclave;
S32, BIOS give control the second code section in the 2nd encalve, and second code section is completed to OS Loader's
Integrity measurement and integrality storage, second code section give BIOS or OS Loader control, exit enclave patterns,
SGX CPU remove the 2nd enclave;
S33, OS Loader give control the third generation code section in the 3rd encalve, and third generation code section is completed to OS
Kernel integrity measurement and integrality storage, third generation code section give OS Kernel control, exit enclave moulds
Formula, SGX CPU remove the 3rd enclave;
S34, OS Kernel give control the forth generation code section in the 4th encalve, and forth generation code section is completed to OS
Components integrity measurement and integrality storage, forth generation code section give OS Kernel or OS control
Components, exits enclave patterns, and SGX CPU remove the 4th enclave;
S35, OS Components give control the 5th code segment in the 5th encalve, the completion pair of the 5th code segment
Applications integrity measurement and integrality storage, the 5th code segment control give OS Components or
Applications, exits enclave patterns, and SGX CPU remove the 5th enclave.
7. a kind of trust chain based on SGX realizes system, it is characterised in that the trust chain based on SGX realizes that system includes
Following functions module:
Flow establishes module, for establishing the trust chain operational process based on SGX;
Relation setup module, in the running of the trust chain operational process based on SGX, setting the trust based on SGX
Trust chain part and enclave relation in chain operational process;
Security context establishes module, each in the trust chain for being SGX for the relation according to trust chain part and enclave
Individual activation member establishes secure operating environment enclave.
8. the trust chain based on SGX realizes system according to claim 7, it is characterised in that the flow establishes module bag
Include following functions unit:
First pass establishes unit, for establishing the trust chain operational process based on SGX to CRTM;
Second procedure establishes unit, for establishing the trust chain operational process based on SGX to BIOS;
3rd flow establishes unit, for establishing the trust chain operational process based on SGX to OS Loader;
4th flow establishes unit, for establishing the trust chain operational process based on SGX to OS Kernel;
5th flow establishes unit, for establishing the trust chain operational process based on SGX to OS Components.
9. the trust chain based on SGX realizes system according to claim 8, it is characterised in that the relation setup module bag
Include following functions unit:
First enclave relation setting units, for setting the code segment and data segment that whole CRTM is the first enclave;
2nd enclave relation setting units, the generation that the part for setting whole BIOS or BIOS is the 2nd enclave
Code section and data segment;
3rd enclave relation setting units, for setting the code segment and data that whole OS Loader are the 3rd enclave
Section;
4th enclave relation setting units, the part for setting whole OS Kernel or OS Kernel are the 4th
Enclave code segment and data segment;
5th enclave relation setting units, for setting one of whole OS Components or OS Components
It is divided into the 5th enclave code segment and data segment.
10. the trust chain based on SGX realizes system according to claim 9, it is characterised in that the security context establishes mould
Block includes following functions unit:
First security context establishes unit, for the relation according to trust chain part and the first enclave, by based on SGX's
Trust chain operational process makes CRTM establish the first security context enclave;
Second security context establishes unit, for the relation according to trust chain part and the 2nd enclave, by based on SGX's
Trust chain operational process makes BIOS establish the second security context enclave;
3rd security context establishes unit, for the relation according to trust chain part and the 3rd enclave, by based on SGX's
Trust chain operational process makes OS Loader establish the 3rd security context enclave;
4th security context establishes unit, for the relation according to trust chain part and the 4th enclave, by based on SGX's
Trust chain operational process makes OS Kernel establish the 4th security context enclave;
5th security context establishes unit, for the relation according to trust chain part and the 5th enclave, by based on SGX's
Trust chain operational process makes OS Components establish the 5th security context enclave.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710895862.9A CN107832606B (en) | 2017-09-28 | 2017-09-28 | SGX-based trust chain implementation method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710895862.9A CN107832606B (en) | 2017-09-28 | 2017-09-28 | SGX-based trust chain implementation method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107832606A true CN107832606A (en) | 2018-03-23 |
CN107832606B CN107832606B (en) | 2020-05-19 |
Family
ID=61644030
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710895862.9A Active CN107832606B (en) | 2017-09-28 | 2017-09-28 | SGX-based trust chain implementation method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107832606B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109063471A (en) * | 2018-07-17 | 2018-12-21 | 广州大学 | A kind of guard method of SGX operation |
CN109561110A (en) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | A kind of cloud platform audit log guard method based on SGX |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104268486A (en) * | 2014-09-22 | 2015-01-07 | 中国船舶重工集团公司第七0九研究所 | Multilevel security trust chain construction method and structure |
US20150089502A1 (en) * | 2013-09-25 | 2015-03-26 | Privatecore, Inc. | Method and System for Providing Secure System Execution on Hardware Supporting Secure Application Execution |
CN105389513A (en) * | 2015-11-26 | 2016-03-09 | 华为技术有限公司 | Trusted execution method and apparatus for virtual trusted platform module (vTPM) |
-
2017
- 2017-09-28 CN CN201710895862.9A patent/CN107832606B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150089502A1 (en) * | 2013-09-25 | 2015-03-26 | Privatecore, Inc. | Method and System for Providing Secure System Execution on Hardware Supporting Secure Application Execution |
CN104268486A (en) * | 2014-09-22 | 2015-01-07 | 中国船舶重工集团公司第七0九研究所 | Multilevel security trust chain construction method and structure |
CN105389513A (en) * | 2015-11-26 | 2016-03-09 | 华为技术有限公司 | Trusted execution method and apparatus for virtual trusted platform module (vTPM) |
Non-Patent Citations (3)
Title |
---|
CHANGHO CHOI,ET AL: "S-OpenSGX: A system-level platform for exploring SGX enclave-based computing", 《COMPUTERS & SECURITY》 * |
徐明迪 等: "可信系统信任链研究综述", 《电子学报》 * |
徐明迪 等: "可信计算技术在嵌入式操作系统中的应用", 《武汉大学学报(理学版)》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109063471A (en) * | 2018-07-17 | 2018-12-21 | 广州大学 | A kind of guard method of SGX operation |
CN109561110A (en) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | A kind of cloud platform audit log guard method based on SGX |
CN109561110B (en) * | 2019-01-19 | 2021-06-04 | 北京工业大学 | Cloud platform audit log protection method based on SGX |
Also Published As
Publication number | Publication date |
---|---|
CN107832606B (en) | 2020-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Costan et al. | Sanctum: Minimal hardware extensions for strong software isolation | |
Zhang et al. | Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization | |
Ibrahim et al. | Trusted cloud computing architectures for infrastructure as a service: Survey and systematic literature review | |
JP4732513B2 (en) | Method and apparatus for providing a software-based security coprocessor | |
KR101378639B1 (en) | Security protection for memory content of processor main memory | |
Martin | The ten-page introduction to Trusted Computing | |
Vasudevan et al. | CARMA: A hardware tamper-resistant isolated execution environment on commodity x86 platforms | |
Demigha et al. | Hardware-based solutions for trusted cloud computing | |
CN107704308B (en) | Virtual platform vTPM management system, trust chain construction method and device, and storage medium | |
CN103347027A (en) | Trusted network connecting method and system | |
Kiperberg et al. | Remote attestation of software and execution-environment in modern machines | |
Olson et al. | Security implications of third-party accelerators | |
US20230297666A1 (en) | Preserving confidentiality of tenants in cloud environment when deploying security services | |
Yu et al. | A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority | |
CN107832606A (en) | Trust chain realization method and system based on SGX | |
US11886899B2 (en) | Privacy preserving introspection for trusted execution environments | |
Brunel et al. | Secbus, a software/hardware architecture for securing external memories | |
US20180181762A1 (en) | Techniques for persistent firmware transfer monitoring | |
CN111310173A (en) | Terminal virtual machine identity authentication method and system of trusted chip | |
JP6068325B2 (en) | Processor that provides secure application execution | |
Yu et al. | A cloud certificate authority architecture for virtual machines with trusted platform module | |
US11449601B2 (en) | Proof of code compliance and protected integrity using a trusted execution environment | |
US20220129593A1 (en) | Limited introspection for trusted execution environments | |
Zhang | Detection and mitigation of security threats in cloud computing | |
Johnson et al. | Parma: Confidential Containers via Attested Execution Policies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |