CN108733455A

CN108733455A - Vessel isolation based on ARM TrustZone enhances system

Info

Publication number: CN108733455A
Application number: CN201810549087.6A
Authority: CN
Inventors: 夏虞斌; 华志超; 陈海波; 臧斌宁
Original assignee: Shanghai Jiaotong University
Current assignee: Shanghai Jiaotong University
Priority date: 2018-05-31
Filing date: 2018-05-31
Publication date: 2018-11-02
Anticipated expiration: 2038-05-31
Also published as: CN108733455B

Abstract

The vessel isolation based on ARM TrustZone that the present invention provides a kind of enhancing system, including：Run on the Container Management client of user terminal；Run on insincere operating system, insincere Container Management module and the credible performing environment in server end common world；Page table management module, register protection module, the system calling run in the server side security world seizes module, file system safe enhancing module on both sides by the arms, executes stream synchronous service safety enhancing module, Inter-Process Communication service safe enhancing module, credible container image download module and safety container starting module.The present invention is by existing application safe operation on the malicious operating system controlled completely by attacker；The different application of different user is enable in container to carry out safe communication synchronous with control stream；User to existing image without making any modification.

Description

Vessel isolation based on ARM TrustZone enhances system

Technical field

The present invention relates to technical field of virtualization, and in particular, to a kind of vessel isolation based on ARM TrustZone Enhancing system.

Background technology

Virtualization technology can simulate multiple virtual machines on a physical computer, to promote the profit of hardware With rate, facilitate same physical equipment of multiple users to share.Container is then a kind of virtualization technology of lightweight.Different containers The same operating system nucleus will be shared, but each container is owned by oneself independent file system, user's space, process Space etc..Compared to traditional virtualization technology, container possesses shorter startup time, faster performance and more easily Dispositions method.Due to these notable advantages, container has been widely used in server field at present.Based on container, high in the clouds Server can be quickly and conveniently that each user creates its independent running environment.And more and more users also select by The data deposit of oneself is among the container in high in the clouds, to obtain more fast, easily user experience.

While possessing faster performance and more convenient dispositions method, the safety of container, which is endured to the fullest extent always, to denounce.Difference is held It needs to share the same operating system nucleus between device, once the kernel is broken, the isolation between container will be broken It is bad.At the same time, operating system nucleus always exists thousands of loophole quantity because of its huge size of code.In cloud meter It calculates under environment, once attacker has captured operating system nucleus by a container, all containers in high in the clouds will be manipulated.

Currently, ARM frameworks are due to its preferable energy utilization rate, higher cost performance, just gradually by server field Favor.A series of processor chips based on ARM architecture are had existed in the market.Have also been introduced therewith one it is new How safety problem ensures the safety of user's container once the operating system in the cloud server based on ARM is broken, It prevents that is applied in attacker's control user's container execute stream, steal the sensitive data etc. that user is stored in container, becomes The significant problem that this field faces.

It is found by retrieval：

1, Owen et al. has designed and Implemented a security system InkTag using hardware virtualization technology, can protect and answer With program, prevent it from being attacked by insincere operating system nucleus.InkTag provides an independent peace for each application Full running environment prevents the internal storage data in the direct access safety running environment of operating system, to protect the number of application program It is not tampered according to not being stolen, controlling stream.Meanwhile the service for partly depending on operating system completion, InkTag also will be right It is checked.

But although InkTag prevents operating system for the attack of single application program, but it is not particularly suited for Container environment.First, which can not directly initiate existing container mirror image so that it has the ability of protection container.Secondly, should The complicated use environment that system is not also considered container multi-user itself, applied more can not ensure that different user is answered inside container The safety of communication, shared information, permission control between.

2, in order to protect the safety of container, for Arnautov et al. using the SGX technologies of Intel, designing realizes one The container protection system SCONE of safety.The system utilizes the credible performing environment enclave that SGX technologies provide, and protects each single Only container process.Since hardware ensure that the software (including operating system) outside any enclave can not all access The memory of encalve interferes the execution stream inside encalve, therefore SCONE can be effectively protected the peace of container application Quan Xing prevents it from being attacked by insincere operating system.

But there are two disadvantages by SCONE：First, single container for applying one process can only be supported.That is, one The application program that an one process can be only run in a container, significantly limits the application scenarios of container.SCONE simultaneously Not the problem of not accounting under multi-user, more application environments, how cooperating safely between different application；Secondly, SCONE requirements It modifies to original container mirror image, therefore cannot directly run original mirror image.This disadvantage makes user that can not run Millions of container mirror images, limits the usage scenario of container in the warehouses Docker.

In conclusion the characteristics of how utilizing itself architecture of ARM platforms, any number of credible execution are safeguarded for container How environment while relying on insincere operating system and providing service prevents it from being attacked container application, how to be compatible with Existing container mirror image, becomes this field urgent problem to be solved.

Currently without the explanation or report for finding technology similar to the present invention, it is also not yet collected into data similar both at home and abroad

Invention content

Aiming at the above shortcomings existing in the prior art, the object of the present invention is to provide one kind being based on ARM TrustZone Vessel isolation enhance system.The system utilize itself architecture of ARM platforms the characteristics of, for container safeguard it is any number of can Believe performing environment；While relying on insincere operating system offer service, it can prevent it from attacking container application；Energy Enough it is compatible with existing container mirror image.

The present invention is achieved by the following technical solutions.

According to an aspect of the invention, there is provided a kind of vessel isolation based on ARM TrustZone enhances system, Including：

Run on the Container Management client of user terminal；

It the insincere operating system that runs in server end common world, insincere Container Management module and credible holds Row environment；

Page table management module, register protection module, the system calling run in the server side security world seizes mould on both sides by the arms Block, file system safe enhancing module execute stream synchronous service safety enhancing module, Inter-Process Communication service safe enhancing mould Block, credible container image download module and safety container starting module；

Wherein：

Any number of container in the Container Management client and server conventional environment is attached, and to appearance Device sends user instruction；Each container operates in a credible performing environment；

The insincere operating system provides running environment and required service for the application program of container；

The insincere Container Management module provides basic Container Management operation；

The page table management module, register protection module and system calling are seized module on both sides by the arms and are completed jointly to any amount Credible performing environment maintenance；

The file system safe enhancing module executes stream synchronous service safety enhancing module and Inter-Process Communication service Safety enhancing module completes the enhancing of the safety to insincere operating system service jointly, prevents insincere operating system from passing through Rogue system service is provided, container process private data is stolen and/or distorts container process control stream；

The credible container image download module and safety container starting module complete the Container Management work(to safety jointly The offer of energy.

Preferably, the hardware resource in the credible performing environment can not directly be accessed by insincere operating system.

Preferably, the page table management module monopolizes all page tables of the entire insincere operating system of formula management, passes through control Page table processed protects the memory of container process, limits the memory of insincere operating system access container process.

Preferably, all instructions for managing page tables in the insincere operating system nucleus of page table management block search, and These are replaced with to page table management module and sends corresponding requests；Page table management module ensures to store the physical memory page pair of page table It is read-only in common world, while ensures that the code of insincere operating system nucleus is not writeable, realizes page table management module pair The exclusive formula management of page table.

Preferably, the register protection module ensures that insincere operating system directly can not access or change credible execution The register information of environment；Wherein, register protection module intercepts and captures the insincere operation system of all User space processes and kernel state Switching between system kernel；In handoff procedure, the register that register protection module is responsible for completing credible running environment preserves And resume work, to ensure that insincere operating system arbitrarily can not distort and/or steal the register of credible running environment Information.

Preferably, the switching between the User space process and the insincere operating system nucleus of kernel state, including it is as follows Process：

All User spaces enter the operation of insincere operating system nucleus, by being realized to abnormal processing；To all Abnormal processing is completed by the abnormality processing function being stored in exception vector table, and the address of the exception vector table is deposited Storage is in physical register；Register protection module replaces the instruction of all modifications physical register in insincere operating system To send corresponding requests to register protection module, and a switching is inserted into the abnormality processing function that exception vector table is safeguarded Instruction (instruction instructs for smc, is a stereotyped command in arm processor, allows hand over to safer world, thus into Enter register protection module), it is ensured that all behaviors into insincere operating system nucleus will all be cut by register protection module It obtains；

It is exited to User space by kernel state, is instructed and completed using eret；Register protection module ensures insincere operation system It unites and any instruction for exiting kernel state is not present in kernel code, it is all to exit operation to be forwarded to register protection module complete At so as to intercept and capture all operations for exiting insincere operating system nucleus.

Preferably, the system calling seizes the processing function that the exception that module is triggered when being called to system is handled on both sides by the arms Place is implanted into a specific instruction, and (specific instruction is also referred to as specific hook, refers to a smc instruction, which will enter safety The world seizes module on both sides by the arms hence into system calling), it is ensured that all systems are called seizes resume module on both sides by the arms by system calling.

Preferably, the file system safe enhancing module ensures the privacy and integrality of container application file system, The access rights of file system are ensured simultaneously；Wherein：

The file system safe enhancing module seizes module on both sides by the arms using system calling, intercepts and captures the file system that all containers carry out System access operation, and encrypt all file write operations；Meanwhile it for all File read operations, being solved accordingly It is close, ensure the privacy of file；

The file system safe enhancing module is that each container file safeguards that a metadata, the metadata include The cryptographic Hash of file content and version number；Cryptographic Hash and version number, and text can all be updated to each write operation of file The newest version number of part system safety enhancing module self record；When container process carries out File read operation, file system Cryptographic Hash and version number of the safety enhancing module by verification reading of content, are back to container process by reading of content, ensure The integrality of file；

The file system safe enhancing module is intercepted and captured the system that all modifications container corresponds to user and is called, and tracking, which is worked as, advances The correspondence user of journey；Meanwhile one authority information of additional storage in the metadata of each container file, and for intercepting and capturing All Files access operation all carries out Authority Verification according to the authority information；

Credible container image download module automatically creates initial data when downloading mirror image, and file system safe enhances module It is called according to the system that user is called, modifies to the initial data automatically created, form the member of each container file Data；These metadata are encrypted using the unique encryption key of each container；The encryption key passes through file system Safety enhancing block protection, and be stored in before being powered off among credible storage medium.

Preferably, execution stream synchronous service safety enhancing module by intercept and capture execute stream synchronous service synchronize it is different into Corresponding system is called when journey, analyzes the corresponding meaning of one's words, and the execution stream of control container process avoids executing stream by insincere operation System is distorted.

Preferably, Inter-Process Communication service safe enhances module, according to the data transfer mode between process, between process Communication process protected as follows：

For direct data transfer mode, Inter-Process Communication service safe enhancing module is called by intercepting system, is known Do not go out all communication channels, generates a communication key for each communication channel, and believe these communications in communication process Road is encrypted；

For the data transfer mode of shared drive, Inter-Process Communication service safe enhances module by page table management mould Block carries out the protection of shared drive；Specifically, when shared drive is established, Inter-Process Communication service safe enhancing module is informed Page table management module helps different vessels application process to complete the foundation of shared drive；Page table management module ensures any other Process cannot all hint obliquely at the corresponding physical memory page of shared drive, and then directly ensure the Inter-Process Communication based on shared drive The safety of service.

Preferably, the integrality of credible container image download module download container mirror image to verify, at the same it is right Container mirror image carries out initial work, it is ensured that above-mentioned file system safe enhancing module normal work；Specially：

Credible container image download module is connect with mirror image Warehouse Establishing using the encrypted trustable network of ssl protocol, directly Container mirror image is obtained from mirror image warehouse, and by calculating cryptographic Hash, verifies the integrality of mirror image；Image download completes it Afterwards, credible container image download module carries out following initialization operation to mirror image：

The unique mirror image key of a mirror image is generated, mirror image key is encrypting other keys in all mirror images；

The All Files in mirror image are traversed, each file are encrypted, and the cryptographic Hash of calculation document content, are generated Meta data file；Container mirror image after treatment transfers to insincere Container Management module to be stored.

Preferably, the safety when safety container starting module is to ensure that container starts, it is ensured that container is correctly transported Row builds trusted communications channel among credible performing environment, while for container and Container Management client；Specially：

When container starts, the verification of safety container starting module starts the integrality of mirror image, it is ensured that the container application fortune of startup Row is among credible performing environment；Safety container starting module will negotiate a communication key with Container Management client, and All input and output applied using the communication key encrypted container.

Compared with prior art, the present invention has following advantageous effect：

1, the present invention can defend all attacks applied from external container.

Using credible performing environment provided by the invention, the application program outside any vessel can not access inside container Memory used in application program interferes the execution state of container internal applications.Appearance can be protected therefore, it is possible to the present invention Device planted agent uses and privacy of user, is not encroached on by external container application.

2, the present invention can defend all attacks from other containers.

Equally the application of different vessels is isolated for the credible performing environment of the present invention, ensure that in different vessels Using memory, the state of a control etc. that can not access other application, so as to defend the attack from other containers.

3, the present invention can defend all software attacks from insincere operating system.

The present invention limits direct access of the insincere operating system to container application memory, register etc., to prevent The direct attack (directly steal internal storage data, distort application control stream etc.) that insincere operating system applies container.

Meanwhile the present invention checks all services dependent on insincere operating system, it is therefore prevented that insincere behaviour Make system by providing rogue system service, container application is attacked.

4, the present invention can defend the attack from other users application inside container.

Communication of the present invention between the different application of container inside, file-sharing etc. are all checked.In addition to that can prevent Except the attack that other users in container are applied, additionally it is possible to prevent application in container from colluding with insincere operating system, from And to the attack of other users application/data initiation.

5, the present invention utilizes ARM architecture feature, it is proposed that a kind of construction method of credible performing environment can will show There is safety operation of applied program on the malicious operating system controlled completely by attacker.

6, the present invention utilizes the credible trip environment of the foregoing description, in conjunction with trusted service mechanism proposed by the present invention so that It is synchronous with control stream that the different application of different user in container can carry out safe communication.

7, container mirror image of the present invention automation protection from Docker officials warehouse, user is without appointing existing image What is changed.

8, the present invention provides a peace based on TrustZone technologies for the container environment of existing multi-user, multi-process Full enhanced scheme effectively prevent incredible common world operating system to attack user's container.It is mentioned in the present invention The modules such as credible performing environment, secure file system, can also be used to carry out the user program under other environment enhances safely.

Description of the drawings

Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention, Objects and advantages will become more apparent upon：

Fig. 1 is the system architecture diagram of one embodiment of the invention；

Fig. 2 is that the trusted mirror of one embodiment of the invention downloads flow chart；

Fig. 3 is the safety container Booting sequence figure of one embodiment of the invention；

Fig. 4 is that the container process system of one embodiment of the invention calls check process figure；

Fig. 5 is the secure file system browsing process figure of one embodiment of the invention；

Fig. 6 is the safe control flow synchronous service process for using figure of one embodiment of the invention；

Fig. 7 Communications service process for using figures between the security procedure of one embodiment of the invention.

Specific implementation mode

It elaborates below to the embodiment of the present invention：The present embodiment is carried out lower based on the technical solution of the present invention Implement, gives detailed embodiment and specific operating process.It should be pointed out that those skilled in the art For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention Protect range.

Embodiment

A kind of vessel isolation enhancing system based on ARM TrustZone is present embodiments provided, which can have Effect solves problem encountered in the prior art, including：

The characteristics of how utilizing itself architecture of ARM platforms safeguards any number of credible performing environments for container？ARM TrustZone hardware technologies merely provide a single credible performing environment be known as " safer world ".And it is simple general Different container application operations can not improve the safety between container in " safer world ".Therefore, " peace how is utilized The whole world " is provided with exclusive credible performing environment for each container process with regard to most important.

How while relying on insincere operating system offer service, prevent it from attacking container application？Using Program (including application in container) is called dependent on the system that operating system provides, and to complete various functions, (such as file is visited It asks, network communication etc.).And the container environment for multi-user, more applied, wherein different application will also depend on operating system into The communication etc. composed a piece of writing between the shared of part, the synchronization that executes stream, process.One incredible operating system is possibly also with these System service, to steal the private data in container application, or the execution stream of manipulation container application.

How existing container mirror image is compatible with？Container has been subjected to widely applied technology as one, on internet Through there is millions of container mirror images, user can easily download these mirror images and start a container of oneself. For the most widely used Docker Container Managements tool, in the warehouses Docker of official, nearly 100 are had existed Ten thousand Docker container mirror images.Therefore the vessel safety system of design allows for being compatible with existing container mirror image.

Insincere operating system directly accesses, distorts the internal storage data of application program in container, control container in order to prevent The instruction stream of interior application program, the present embodiment will be that each container application process creates a credible performing environment first.ARM is flat The TrustZone hardware technologies of platform provide a credible performing environment and are known as " safer world ", original common running environment Referred to as " common world ", " safer world " are able to access that (memory, register, outside are set " common world " all hardware resources It is standby etc.), and " common world " can not access the hardware resource of " safer world ".Based on " safer world " that hardware provides, this reality It applies the page table that example is controlled first in " common world " to map, prevents the memory of insincere operating system access container application；Later, The present embodiment seizes container on both sides by the arms using the switching between insincere operating system, to ensure the register of container application, control Stream will not be tampered.By both the above method, the present embodiment can be provided for each container application one exclusively enjoy credible hold Row environment.

Later, the present embodiment also needs to the system for preventing insincere operating system to be supplied to container to apply by malice manipulation Service, to the control stream stolen the privacy of user in container application, distort container application.The present embodiment mainly protects three classes system System service：

File system：Container application relies on the file system service that operating system provides.The present embodiment will seize container on both sides by the arms and answer With the All Files system related service of calling, file is encrypted, Hash calculation, to ensure the hidden of container internal file Private and integrality.At the same time, operating system may also control file access permission by malice, reveal privacy of user, The file access applied to all containers is also carried out permission examination by the present embodiment.

Execute stream synchronous service：What the present embodiment considered is multi-user, the complicated container environment more applied.Under the environment, Agree to the execution stream simultaneously operating that the different application inside container needs the service for relying on operating system to carry out some striding courses.Example Such as utilizing IPC semaphores so that different application process will not access a resource simultaneously, cause data contention (data race), To generate unpredictable implementing result.Incredible operating system can execute stream synchronous service by controlling these, from And the normal execution applied in container is interfered, or even can further steal the private data of the application in container.The present embodiment To seize on both sides by the arms and check in container applies called execution stream synchronous service, including signal (s ignal) to send and receive, signal Amount, file lock etc. ensure the correctness of their meaning of one's words.

Inter-Process Communication service：Different processes in same container can also by pipeline (pipe), IPC message queues, The modes such as IPC shared drives carry out the communication between application process.Since existing application thinks that operating system is credible mostly , therefore its communication hardly between process is encrypted.This means that the operating system being broken can be easily Steal, or even the content of any Inter-Process Communication is distorted, to steal the data of container process, seize the control of container process on both sides by the arms Stream.The present embodiment will seize all Inter-Process Communications on both sides by the arms first.For the logical of pipeline, IPC message queues etc. " message transmission " class Communication method just carries out the protection of Content of communciation with the method for cryptography.And this special communication modes for shared drive, this For embodiment by controlling page table, the only legal memory sharing process of guarantee can access corresponding shared drive, insincere Operating system will be unable to access any shared drive.

Other than safety when ensureing container operation, the present embodiment it is also required to provide safe container management function. Start two processes including credible container image download and safety container.Credible container image download ensures first from official's mirror As the integrality for the container mirror image that warehouse is downloaded, while also can be that the container mirror image downloaded carries out some initial works.Peace Verification is started the identity and integrality of container by full container start-up course first, and with the Container Management client of user terminal Negotiate a communication key, after ensureing that container starts, user is capable of the manipulation container of its own of safety.

The technical solution of the present embodiment is described in further detail below in conjunction with the accompanying drawings.

The particular system embodiment of the present invention is as shown in Figure 1.User terminal runs a Container Management client, to The container for operating in server end sends instruction.And in server end, hardware is divided by the TrustZone security extensions of ARM Common world and safer world.Insincere operating system, insincere Container Management module and arbitrary are run in common world User's container of quantity.There may be multiple containers process in each container, each container process operates in this reality Among the credible performing environment for applying example maintenance.

In safer world, then there is the module of many enhancing safeties.Page table management module, register protection module, System calling seizes module on both sides by the arms and is responsible for safeguarding multiple credible performing environments.File system safe enhances module, executes stream synchronous service Safety enhancing module, Inter-Process Communication service safe enhancing module are prevented to enhance the safety of insincere operating system service Only insincere operating system steals container process private data, distorts container process control stream by providing rogue system service. Credible container image download module and safety container starting module then provide safe container management function.

It will be apparent from the specific implementation of modules in the present embodiment below：

【Container Management client】

The Container Management application program for operating in user terminal, to be attached with the container of server end, to server The container at end sends user instruction.

【Insincere operating system】

The hardware resource for managing common world, running environment and required service are provided for application program.The module by In itself huge size of code, possess more security breaches, therefore is easier under attack.

【Insincere Container Management module】

It is operated to carry out basic management to container, such as checks cpu usage, start container etc..Due to operation System it is insincere, this module is also easier to person under attack attack.Therefore two are started for container image download and container Key operation carries out safety enhancing by the credible container image download module in safer world with safety container starting module.

【Credible performing environment】

The credible performing environment safeguarded by the present embodiment, the hardware resources such as memory, register of the environment are not It can directly be accessed by insincere operating system.

【Page table management module】

It when processor (CPU) accesses memory, needs virtual memory address being translated as physical memory addresses, thus from object Manage reading/writing data in memory.And page table is then responsible for mapping of the storage virtual memory to physical memory, processor is by automatic root According to the mapping relations in page table, conversion of the virtual address to physical address is completed.Therefore once after control page table, also will Control access of any process (including operating system) for physical memory.And the page table management module of the present embodiment is exclusive first Management whole system all page tables, later by control page table, protect the memory of container process, limit incredible operation System accesses the memory of container process.

In order to realize that page table management module monopolizes the page table control of formula, current embodiment require that limiting insincere operating system pair The access of page table.On ARM platforms, the management (enabling certain page table, off/on page table function) of page table is needed by one A little special instructions are realized.The present embodiment searches for all these special instructions in insincere operating system nucleus first, by it It replaces with to page table management module and sends corresponding requests.Later, page table management module ensures page table page (in the physics of storage page table Deposit page) it is " read-only " for common world, while ensuring that the code of operating system nucleus is " not writeable ".So far, page table management Module realizes " exclusive formula " management to page table.Operation is changed for all page tables, insincere operating system must all incite somebody to action It is forwarded to the completion of page table management module.

Later, page table management module can examine all page tables modification operation process according to some security strategies, such as：1) institute It is not writeable to have the executable code of kernel state that must all mark "；2) any to be hinted obliquely to the physics in credible performing environment It deposits, can not all be hinted obliquely to operating system；3) between different credible performing environments, only pass through " Inter-Process Communication service safe After the shared drive operation that enhancing module " is completed, corresponding Physical Page can be shared.

【Register protection module】

Register protection module needs to ensure that insincere operating system directly can not access or change credible performing environment Register information.First, register protection module needs to intercept and capture all User space processes and the insincere operating system of kernel state Switching between kernel.Later in handoff procedure, register protection module will be responsible for completing the deposit of credible running environment Device preserves and resumes work, to ensure that the deposit of credible running environment can not arbitrarily be distorted/stolen to insincere operating system Device information.

For entering, exiting two different handover operations of insincere operating system nucleus, this module is cut using different Obtain method.First, under ARM platforms, all User spaces enter the operation of insincere operating system nucleus by exception (execption) processing is realized.To all abnormal processing by the abnormality processing function being stored in exception vector table It completes, the address of the vector table is stored in a special physical register (VBAR).Register protection module is true first It protects to replace with the instruction of all modifications physical register in operating system to register protection module and sends corresponding requests.It Afterwards, a switching command is inserted into the abnormality processing function that exception vector table is safeguarded, and (switching command refers to smc instructions, is ARM One special instruction of processor), ensure that all behaviors into insincere operating system nucleus all will be by register Protection module is intercepted and captured.

It is exited to User space and can only be completed by the very limited instruction of several classes by kernel state, current newest ARMv8 structures Under, it is completed using an eret instruction.Register protection module ensures that there is no any in insincere operating system nucleus code Exit the instruction of kernel state, it is all to exit operation and be forwarded to the completion of register protection module.So as to intercept and capture all move back Go out the operation of insincere operating system nucleus.

【System calling seizes module on both sides by the arms】

Application program calls the system service provided using insincere operating system by system, in order to these clothes Business process is audited, and system calling seizes the system calling that module ensures that all credible performing environments are initiated on both sides by the arms all will be first by the module Capture.

Under ARM platforms, system call by one specific " svc " instruction realization, the execution will trigger one it is specific Exception.By a specific hook is implanted at the processing function of the exception, (the specific hook refers to that a smc refers to this module Enable), it is ensured that all system calling will all be called by system seizes resume module on both sides by the arms.

Note that page table management module ensure that the code of insincere operating system can not be changed, therefore register is protected Module and system calling are seized " hook " that module is implanted in abnormality processing function on both sides by the arms and be will be unable to by insincere operating system institute It distorts.

【File system safe enhances module】

The present embodiment protects three classes system service, is file system respectively, executes stream synchronous service one and collects Inter-Process Communication Service.File system safe enhancing module is responsible for ensureing the privacy and integrality of container application file system, ensures simultaneously The access rights of file system.

In order to ensure that the privacy of file, this module seize module on both sides by the arms using system calling, the text that all containers carry out is intercepted and captured Part system access operation, encrypts all file write operations.Simultaneously for all File read operations, can all carry out corresponding Decryption.

In order to ensure the integrality of file, this module is that each container file maintains a metadata, wherein including just The cryptographic Hash of file content and version number.Each write operation can all update cryptographic Hash and version number, and module itself Record newest version number.When container process carries out File read operation, this module first verifies that the cryptographic Hash of reading of content And version number, reading of content is back to container process again after being verified.

In order to carry out Authority Verification, this module is intercepted and captured the system that all modifications container corresponds to user and is called first, and tracking is worked as The correspondence user of preceding process.Later, this module is by one authority information of additional storage in the metadata of each file, and right In the All Files access operation of intercepting and capturing, scope check is all carried out according to the authority information.

The metadata used in this module is automatically created by credible container image download module when downloading mirror image.Simultaneously This module also calls the system called according to user, modifies to these metadata.These metadata will use one The unique encryption key of container is encrypted, and is stored among hard disk.Encryption key used will have this module protection, and It is stored in before being powered off among credible storage medium (such as ARM platforms provide RPMB).

【Execute stream synchronous service safety enhancing module】

Stream synchronous service is executed to synchronize the execution stream between different processes, includes mainly semaphore, lock, signal etc. Deng.Execute stream synchronous service safety enhancing module and called by intercepting and capturing correspondence system, analyze the corresponding meaning of one's words, to control container into The execution stream of journey, it is ensured that it is not distorted by incredible operating system.

For semaphore, Yi Jisuo, this module will be intercepted and captured all corresponding systems and be called, including initialization, acquisition, release Resource.All acquisitions are operated, once resource is unsatisfactory for requiring (semaphore is insufficient or lock is just occupied), this module will Tissue current container process continues to execute, to ensure to execute the meaning of one's words correctness of stream synchronous service.

And this special simultaneously operating for signal, this module will intercept and capture all signals for being inserted into container process, and It is checked.After each signal has been required for corresponding trigger event, can just it be inserted into container process.

【Inter-Process Communication service safe enhances module】

For data transfer mode mainly by two classes, the first is direct data transfer between process, as pipeline (pipe) with And message queue.For this kind of communication modes, this module is protected using encrypted mode.First, this module passes through interception System is called, and identifies all communication channels, generates a communication key later for each channel, and in communication later These channels are encrypted in journey.

Second of communication modes is shared drive, and different processes can be called by system, allow respective one section it is virtual Memory headroom maps to one section of identical physical memory space, to be communicated based on the shared drive.With based on communicate letter The Inter-Process Communication method in road is different, and shared drive only just needs the help of operating system when establishing, and is not necessarily in communication The interference of operating system.This also means that this module is difficult to intercept the Inter-Process Communication mode based on shared drive.

Therefore, this module carries out the protection of shared drive by page table management module.Specifically, it is built in shared drive Immediately, this module can inform page table management module, to help different vessels application process to complete the foundation of shared drive.It Afterwards, page table management module will ensure that any other process, including operating system, cannot all hint obliquely at the corresponding physics of the shared drive Page.To directly ensure that the safety of the Inter-Process Communication service based on shared drive.

【Credible container image download module】

After safety when ensure that container operation, the present embodiment still needs to ensure container image download and container Safety when startup.The integrality of credible container image download module download container mirror image to verify, while to container Mirror image carries out initial work, it is ensured that above-mentioned file system safe enhancing module can work normally.

This module is risen with mirror image Warehouse Establishing connect using the encrypted trustable network of ssl protocol first, later directly from mirror As obtaining container mirror image in warehouse, and by calculating cryptographic Hash, verify the integrality of mirror image.After image download is completed, this Module carries out initialization operation to mirror image.First, the unique mirror image key of a mirror image is generated, mirror image key is all to encrypt Other keys in mirror image.Later, the All Files in mirror image are traversed, each file are encrypted, and in calculation document The cryptographic Hash of appearance generates meta data file.Container mirror image after treatment will transfer to the insincere Container Management of common world Module is stored.

【Safety container starting module】

Safety when safety container starting module is to ensure that container starts, it is ensured that container correctly operates in the present embodiment Among the credible performing environment safeguarded, while building a trusted communications for the Container Management client of container and user terminal and leading to Road.

When container starts, this module starts the integrality of mirror image by first verifying that, it is ensured that the container application operation of startup exists Among the credible performing environment that the present embodiment is safeguarded.Later, this module will negotiate a communication key with Container Management client, And (the acquiescence input and output of container application will be sent to container for all input and output applied using the key encrypted container Management client)

The embodiment of the method for the present invention enhances system, specifically based on the above-mentioned vessel isolation based on ARM TrustZone Including：Trusted mirror downloads flow, safety container Booting sequence, and container process system calls check process, secure file system Communications service process for using between browsing process, safe control flow synchronous service process for using and security procedure.

【Trusted mirror downloads flow】

Step 1：Establish credible download channel.Credible container image download module is carried out with the mirror image warehouse of distal end first The foundation of SSL encryption channel ensures the authentication in mirror image warehouse, the exchange etc. of single channel encryption key.Once mirror image warehouse Authentication failure, then trusted mirror download flow be immediately finished.

Step 2：Download container mirror image.Credible container image download module is complete by the credible download channel established before At the download of container mirror image.

Step 3：Verify mirror image integrality.By calculating the cryptographic Hash of mirror image, with the mirror image Hash obtained from mirror image warehouse Value compares, so as to verify the integrality of mirror image.If the mirror image property completed wrecks, this lower current-carrying will be immediately finished Journey.

Step 4：User file in cryptographic image.Trusted mirror download module firstly generate a mirror image uniquely encrypt it is close Key --- mirror image key.It is encrypted later using the All Files inside the key pair mirror image.

Step 5：Generate file metadata.Each file in mirror image is traversed, Hash is carried out to its content, and by Hash The metadata such as value, initial version number, file permission are stored in corresponding meta data file.Meanwhile using mirror image key pair metadata File is encrypted.After completing metadata generation, the scene file of download is normal first by exchange Container Management module progress Beginning chemical industry is made.Part work is the general technology of existing Container Management tool, is not belonging to the innovative design of the present embodiment, therefore It is not described here in detail.

【Safety container Booting sequence】

Step 1：It sends container and starts request.Container Management client starts mould by a SSL channel to safety container Block sends a container and starts request.The request includes enabled instruction, starts mirror image ID, starts application name, container application parameter Deng.

Step 2：Start preparation.Start the insincere Container Management mould that request is forwarded to first in common world Block completes the preparation started, including：Retrieval starts container mirror image, completes container NameSpace initialization etc..

Step 3：Verification starts mirror image.After completing preparation, insincere Container Management module will call one Specific system is called, and first application of container is started.Safety container starting module can intercept and capture system calling, verification at this time The integrality of the hung over file system of current container.Once the startup mirror image that current container mirror image is formulated with user is not inconsistent, or File in mirror image is distorted, and container start-up course will terminate immediately.

Step 4：Negotiation communication key.After verifying mirror image, safety container starting module can be assisted with Container Management client One communication key of quotient, later all interactions between user and container can be all encrypted using the key.

Step 5：Start container application.Container application operation can be safeguarded in the present embodiment after safety container starting module Credible performing environment among.The process includes the page table initialization of container application process, file system is hung over, application code adds Carry etc..

Step 6：Container start completion.Finally, operating system will switch to the execution entrance of container application, start to execute appearance Device application.And the standard output of container application all will be sent to Container Management client by trusted channel.And the application given tacit consent to Standard input is obtained from container management client by trusted channel.

【Container process system calls check process】

Step 1：Process is initiated system and is called.Container process passes through execution " svc " instruction calls system by standard library function System calls.

Step 2：Operating system catchs the exception.The instruction can trigger the exception of a characteristic, which will sink into operation system System kernel.Kernel handles the exception by a specific abnormality processing function.

Step 3：Switch to interception module.The present embodiment is implanted into the abnormality processing function inlet of insincere operating system One " hook ", it is ensured that the exception can switch to System call interception module and be handled first.

Step 4：Obtain system call number.System is called is indicate the desired calling of process using a system call number System function.Under ARM platforms, system call number is gone out in presence " X8 " register.System call interception module is by this is obtained System call number, so that it is determined that the system that process is called is called.

Step 5：Obtain system call parameter.It is called according to different system, resolution system calls incoming parameter, analysis ginseng Several meaning of one's words.

Step 6：Inspection system is called.After obtaining the specific system calling meaning of one's words, the stage that carries out can be called to system It checks.Whether the stage includes checking application with record system calling permission and called to this subsystem.

Step 7：Kernel is completed system and is called.After one stage checked, insincere operating system nucleus is switched to, into The normal processing that row system is called.

Step 8：Switch to interception module.System is completed when insincere operating system nucleus to call, when returning to container process, The return operates first by System call interception module intercepts.

Step 9：Acquisition system calls return value.The specific return value that system is called is obtained after interception module, according to it The information that preceding step 4 and step 5 obtain, judges the corresponding system call type of this return value.

Step 10：Inspection system calls return value.According to different system call types, the return value that system is called is checked It is whether legal.

Step 11：Return to application process.After having checked, application process is returned to, this subsystem, which calls, to be completed.

【Secure file system browsing process】

File write operation flow：

Step 1：Initiate file write operation.Container application process calling system calls, and carries out file write operation.

Step 2：Interception system calls.System call interception module intercepts and captures the secondary write operation, and this subsystem is called File system safe enhancing module is forwarded to first to be handled.

Step 3：Access authoritychecking.File system safe enhancing module first check for current application process whether have pair The file access permission answered.

Step 4：Content is write in encryption.It is close that file system safe enhancing module obtains the corresponding file encryption of file destination first Key.Later using block as granularity, it would be desirable to which the file content of write-in is encrypted.

Step 5：Update cryptographic Hash.File system safe enhances the Kazakhstan that module calculates the file content of write-in using block as dynamics Uncommon value, and in corresponding meta data file, update corresponding cryptographic Hash.

Step 6：More new version number.File system safe enhances the current newest fileversion number of module update, and will Version number is written in corresponding meta data file.Meanwhile file system safe enhancing module itself will also preserve the version number.

Step 7：Complete write operation.After having updated corresponding metadata, encrypted file content is written into target text Part, while this subsystem call operation is back to consumer process.

File read operation flow：

Step 1：Initiate file read request.Container application process initiates file and read apparatus is gone to call, and carries out file read operation.

Step 2：Access authoritychecking.System calls interception module to intercept system calling, and minute book subsystem calls, and And this calling is forwarded to file system safe enhancing module and is accessed the inspection of permission.

Step 3：Read encryption file content.After inspection passes through, operating system completion is forwarded the request to.Insincere operation System is read out encrypted file, and the ciphertext after reading is back to container application process.

Step 4：Interception system, which calls, to be returned.System call interception module intercepts and captures the system and calls return, and this is returned Revolution is sent to file system safe enhancing module and is checked.

Step 5：Decrypt reading of content.File system safe enhances module first according to the corresponding key of file, and decryption is read The file cipher text taken.

Step 6：Verify cryptographic Hash and version number.File system safe enhances the corresponding metadata of module reading matter file, than It is whether identical compared with the cryptographic Hash in the cryptographic Hash and file metadata of file content after decryption.Remember in comparison document metadata simultaneously Whether the FileVersion of record is identical as the latest document version of file system safe enhancing module record.

Step 7：Read operation is completed.After cryptographic Hash is verified with version number, the document text after decryption will be returned It is back in application process, this File read operation is completed.

【Safe control flow synchronous service process for using】

Step 0：Create control stream synchronization object.Container application is called by system first, creates control stream synchronization object. Later by carrying out obtaining/discharging operation to the object, to coordinate the control stream of different application process.

Resource acquisition operates：

Step 1：Obtain object resource.Application process initiates control stream resource acquisition operation, and the operation is special by one System call complete.

Step 2：Intercept and capture request.System calling seizes module on both sides by the arms and intercepts and captures system calling, and forwards it to execution stream and synchronize Service safe enhancing module is handled.

Step 3：Wait for object resource.It can be that different control stream synchronize pair to execute stream stream synchronous service safety enhancing module As safeguarding that (such as mutual exclusion lock, corresponding resource maximum value is exactly 1, and semaphore, the value are exactly semaphore for corresponding resource value Initial value).Each resource acquisition is operated, which judges whether current resource value is enough.

Step 4：Success acquisition/waiting.If resource value is enough, executes stream synchronous service safety enhancing module and subtract Corresponding resource value completes acquisition request.If Current resource is insufficient, acquisition operation will enter waiting list, directly To possessing enough resources.

Step 5：It completes to obtain operation.After obtaining resource success, application process will be returned to, acquisition operation is completed.

Resource release operations：

Step 1：Releasing object resource.Container application process is called by system, initiates resource release operations.

Step 2：Intercept and capture request.The operation is forwarded to execution stream and synchronizes first by System call interception module intercepts Service safe enhances module.

Step 3：Record release operation.This release operation will be recorded by executing stream synchronous service safety enhancing module, and disease is released Put the corresponding resource value of the object.Meanwhile will also a resource acquisition process waited for be selected, allow it to continue to provide Source obtains operation.

Step 4：Complete release operation.After discharging resource, application process will be returned to, this release operation is completed.

【Communications service process for using between security procedure】

Step 0：Create communication port.Container application called by system, has initially set up a communication port.It is right The step of this special communication modes in shared drive, channel can be communicated using once establishing, is not necessarily to later. And for pipeline (pipe) and message queue (message queue) these communication modes, still need to the message hair after carrying out It send, receive flow.

Step 1：Create channel key.After the foundation for completing communication port, Inter-Process Communication service safe enhancing module is Safeguard a unique communication key in the channel.

Message transmitting process：

Step 2：Send message.Container application process is called by system, sends message.

Step 3：Intercept and capture request.System call interception module intercepts system calling, and the calling is forwarded to process Between Communications service safety enhancing module handled.

Step 3：Encrypt message content.Inter-Process Communication service safe enhances key of the module according to corresponding communication channel, Encryption needs the Content of Communication sent.

Step 4：It completes to send operation.Encrypted message content transfers to insincere operating system to be sent.It has sent At rear return application process, this message sends operation and completes.

Message reception process：

Step 2：Received message.Container application process is called by system, receives the message content of other processes transmission.

Step 3：Received message ciphertext.Using insincere operating system, the receiving of message is carried out.

Step 4：Intercepting messages return.After the completion of message receives, interception system, which calls, returns to operation, and by interprocess communication Service safe enhancing module carries out inspection processing to the returned content.

Step 5：Decrypt message content.The message received is decrypted in interprocess communication service safe enhancing module.

Step 6：Completion receives request.Message content after exposition is sent to application process, this message reception process It completes.

Vessel isolation provided in this embodiment based on ARM TrustZone enhances system：

1, all attacks applied from external container can be defendd.

Using credible performing environment provided in this embodiment, the application program outside any vessel can not access in container Memory used in portion's application program interferes the execution state of container internal applications.It can be protected therefore, it is possible to the present invention Container planted agent uses and privacy of user, is not encroached on by external container application.

2, all attacks from other containers can be defendd.

Equally the application of different vessels is isolated for credible performing environment, ensure that the application in different vessels can not Memory, the state of a control etc. for accessing other application, so as to defend the attack from other containers.

3, all software attacks from insincere operating system can be defendd.

Direct access of the insincere operating system to container application memory, register etc. is limited, it is insincere to prevent The direct attack (directly steal internal storage data, distort application control stream etc.) that operating system applies container.

Meanwhile all services dependent on insincere operating system are checked, it is therefore prevented that insincere operating system By providing rogue system service, container application is attacked.

4, the attack from other users application inside container can be defendd.

Between the communication the different application of container inside, file-sharing etc. is all checked.In addition to that can prevent from appearance Except the attack that other users are applied in device, additionally it is possible to prevent application in container from colluding with insincere operating system, to it The attack that his user's application/data are initiated.

The technical solution of the present embodiment brings following advantageous effect：

1. utilizing ARM architecture feature, it is proposed that a kind of construction method of credible performing environment, it can be by existing application Program safety operates on the malicious operating system controlled completely by attacker.

2. using the credible trip environment of the foregoing description, in conjunction with trusted service mechanism proposed by the present invention so that in container Different user different application can carry out safe communication with control stream it is synchronous.

3. container mirror image of the automation protection from Docker officials warehouse, user to existing image without doing any repair Change.

In the present embodiment：

Using ARM TrustZone technologies, being created in common world can not be by the credible performing environment of operating system access.

By removing key instruction, limitation common world operating system executes special privileged instruction, to realize exclusive formula The page table management of (exclusive formula).

The insincere behaviour of common world is isolated in the two different page table base address registers carried using ARM architecture Make the virtual memory address space of system and easy application process, prevents common world operating system access from being assigned to container and answer With the physical memory page of process.

Using TrustZone technologies, the switching between all container application processes and common world operating system is seized on both sides by the arms, and Further the context of container application process (register etc.) is protected, prevents common world operating system from seizing container on both sides by the arms and answers Execution stream.

Using hardware feature, ensure that container applies the safety of used file system.

By seizing the switching between container application process and common world operating system on both sides by the arms, the visit of All Files system is checked It asks, encryption and decryption is carried out to the read-write of file.Hash tree ensures the integrality of file content simultaneously.

Using TrustZone, the file access permission control between different processes, different user in container is realized.

Using TrustZone technologies, ensure control stream synchronous service, Inter-Process Communication clothes between different vessels application process The safety of business.

It seizes the control stream synchronization service system that application process is initiated in container on both sides by the arms to call, is to hold using TrustZone technologies Device provides safe and reliable control and flows synchronous service.

It seizes the Inter-Process Communication service that application process is initiated in container on both sides by the arms, encryption key is bound for different communication ports, Ensure the safety of communication data, while accessing permission control to communication channel.

The believable container management service realized using TrustZone technologies.

The container mirror image preprocess method of automation, compatible existing image.

Start request using TrustZone technologies identification Client-initiated container, the start-up parameter of container is carried out complete Property verification, it is ensured that it is consistent to be activated container and user request.

Start request for each independent container and create communication key, by seizing on both sides by the arms in container using the communication between user Channel protects the safety of communication data between the two.

It is that each container application process safeguards an individual credible performing environment using TrustZone technologies, protects container The data such as memory, the register of application can not be distorted by common world operating system.

The realization of trusted file, including seize the file system access operation using initiation, encryption/decryption file reading on both sides by the arms Write content, file access permission in control container.

Communications service and control stream synchronous service between trusted process.

Safety container management service, including automatic Verification download container mirror image integrality, automation structure it is credible Communication security protection etc. between container mirror image, verification container start-up parameter integrality and user and container.

Abbreviation and Key Term definition in the present embodiment：

Container：A kind of virtualization technology of lightweight.The interface provided using operating system, can quickly start a use The running environment that family defines.

Docker：One Container Management tool increased income, can help user management container mirror image and start, suspend, Manage container.

Docker mirror images：The main file system for including a container, Docker can be according to Docker image startings one A container.

The warehouses Docker：The container mirror image of oneself can be uploaded to the warehouse by one container mirror image management platform, user, Also the container mirror image that other users are shared can be downloaded from warehouse.

Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow Ring the substantive content of the present invention.

Claims

1. a kind of vessel isolation based on ARM TrustZone enhances system, which is characterized in that including：

Run on the Container Management client of user terminal；

Run on insincere operating system, insincere Container Management module and the credible execution ring in server end common world Border；

Page table management module, register protection module, the system calling run in the server side security world seizes module, text on both sides by the arms Part system safety enhancing module, execution flow synchronous service safety enhancing module, Inter-Process Communication service safe enhances module, credible Container image download module and safety container starting module；

Wherein：

Any number of container in the Container Management client and server conventional environment is attached, and is sent out to container Send user instruction；Each container operates in a credible performing environment；

The page table management module, register protection module and system calling seize on both sides by the arms module jointly complete to it is any number of can Believe the maintenance of performing environment；

The file system safe enhancing module executes stream synchronous service safety enhancing module and Inter-Process Communication service safe The enhancing for enhancing the safety that module is completed jointly to insincere operating system service, prevents insincere operating system from passing through offer Rogue system service steals container process private data and/or distorts container process control stream；

The credible container image download module and safety container starting module are completed jointly to the container management function of safety It provides.

2. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute State the hardware resource in credible performing environment cannot directly be accessed by insincere operating system.

3. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute State all page tables that page table management module monopolizes the entire insincere operating system of formula management, by controlling page table, protection container into The memory of journey limits the memory of insincere operating system access container process；

The instruction of all management page tables in the insincere operating system nucleus of page table management block search, and these are replaced with Corresponding requests are sent to page table management module；Page table management module ensures that the physical memory page for storing page table is for common world It is read-only, while ensuring that the code of insincere operating system nucleus is not writeable, realize exclusive formula of the page table management module to page table Management.

4. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute It states register protection module and ensures that insincere operating system directly can not access or change the register information of credible performing environment； Wherein, register protection module intercepts and captures the switching between all User space processes and the insincere operating system nucleus of kernel state； In handoff procedure, the register that register protection module is responsible for completing credible running environment preserves and resumes work, to Ensure that insincere operating system arbitrarily can not distort and/or steal the register information of credible running environment；

Switching between the User space process and the insincere operating system nucleus of kernel state, comprises the following processes：

All User spaces enter the operation of insincere operating system nucleus, by being realized to abnormal processing；To all exceptions Processing completed by the abnormality processing function that is stored in exception vector table, the address of the exception vector table is stored in In physical register；Register protection module by the instruction of all modifications physical register in insincere operating system replace with to Register protection module sends corresponding requests, and is inserted into a switching in the abnormality processing function that exception vector table is safeguarded and refers to It enables, it is ensured that all behaviors into insincere operating system nucleus will all be intercepted and captured by register protection module；

It is exited to User space by kernel state, is instructed and completed using eret；Register protection module ensures in insincere operating system In core code be not present any instruction for exiting kernel state, it is all exit operation be forwarded to register protection module completion, from And all operations for exiting insincere operating system nucleus can be intercepted and captured.

5. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute It states system calling and seizes one specific finger of implantation at the processing function that the exception that module is triggered when being called to system is handled on both sides by the arms It enables, it is ensured that all systems are called seizes resume module on both sides by the arms by system calling.

6. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute It states file system safe enhancing module and ensures the privacy and integrality of container application file system, while ensuring file system Access rights；Wherein：

The file system safe enhancing module seizes module on both sides by the arms using system calling, intercepts and captures the file system that all containers carry out and visits It asks operation, and encrypts all file write operations；Meanwhile for all File read operations, being decrypted accordingly, it protects Demonstrate,prove the privacy of file；

The file system safe enhancing module is that each container file safeguards a metadata, and the metadata includes file The cryptographic Hash of content and version number；Cryptographic Hash and version number, and file system can all be updated to each write operation of file The newest version number of safety enhancing module self record of uniting；When container process carries out File read operation, file system safe Enhance cryptographic Hash and version number of the module by verification reading of content, reading of content is back to container process, ensures file Integrality；

The file system safe enhancing module is intercepted and captured the system that all modifications container corresponds to user and is called, and current process is tracked Corresponding user；Meanwhile one authority information of additional storage in the metadata of each container file, and for all of intercepting and capturing File access operation all carries out Authority Verification according to the authority information；

Credible container image download module automatically creates initial data when downloading mirror image, file system safe enhance module according to The system that user is called is called, and is modified to the initial data automatically created, is formed the metadata of each container file； These metadata are encrypted using the unique encryption key of each container；The encryption key is increased by file system safe Strong module protection, and be stored in before being powered off among credible storage medium.

7. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute It states execution stream synchronous service safety enhancing module and executes corresponding system tune when stream synchronous service synchronizes different processes by intercepting and capturing With analyzing the corresponding meaning of one's words, the execution stream of control container process is avoided executing stream and be distorted by insincere operating system.

8. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that into Communications service safety enhancing module between journey, according to the data transfer mode between process, the communication process between process carries out such as Lower protection：

For direct data transfer mode, Inter-Process Communication service safe enhancing module is called by intercepting system, is identified All communication channels, for each communication channel generate a communication key, and in communication process to these communication channels into Row encryption；

For the data transfer mode of shared drive, Inter-Process Communication service safe enhances module by page table management module, into The protection of row shared drive；Specifically, when shared drive is established, Inter-Process Communication service safe enhancing module informs page table pipe Module is managed, different vessels application process is helped to complete the foundation of shared drive；Page table management module ensures any other process, all The corresponding physical memory page of shared drive cannot be hinted obliquely at, and then directly ensures the peace of the Inter-Process Communication service based on shared drive Quan Xing.

9. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute The integrality of credible container image download module download container mirror image to verify is stated, while container mirror image is initialized Work, it is ensured that above-mentioned file system safe enhancing module normal work；Specially：

Credible container image download module is connect with mirror image Warehouse Establishing using the encrypted trustable network of ssl protocol, directly from mirror As obtaining container mirror image in warehouse, and by calculating cryptographic Hash, verify the integrality of mirror image；It, can after image download is completed Believe that container image download module carries out following initialization operation to mirror image：

The All Files in mirror image are traversed, each file are encrypted, and the cryptographic Hash of calculation document content, first number is generated According to file；Container mirror image after treatment transfers to insincere Container Management module to be stored.

10. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute State safety container starting module to ensure container start when safety, it is ensured that container correctly operate in credible performing environment it In, while building trusted communications channel for container and Container Management client；Specially：

When container starts, the verification of safety container starting module starts the integrality of mirror image, it is ensured that the container application operation of startup exists Among credible performing environment；Safety container starting module will negotiate a communication key with Container Management client, and use All input and output of communication key encrypted container application.