CN108733455A - Vessel isolation based on ARM TrustZone enhances system - Google Patents
Vessel isolation based on ARM TrustZone enhances system Download PDFInfo
- Publication number
- CN108733455A CN108733455A CN201810549087.6A CN201810549087A CN108733455A CN 108733455 A CN108733455 A CN 108733455A CN 201810549087 A CN201810549087 A CN 201810549087A CN 108733455 A CN108733455 A CN 108733455A
- Authority
- CN
- China
- Prior art keywords
- container
- module
- file
- operating system
- insincere
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The vessel isolation based on ARM TrustZone that the present invention provides a kind of enhancing system, including:Run on the Container Management client of user terminal;Run on insincere operating system, insincere Container Management module and the credible performing environment in server end common world;Page table management module, register protection module, the system calling run in the server side security world seizes module, file system safe enhancing module on both sides by the arms, executes stream synchronous service safety enhancing module, Inter-Process Communication service safe enhancing module, credible container image download module and safety container starting module.The present invention is by existing application safe operation on the malicious operating system controlled completely by attacker;The different application of different user is enable in container to carry out safe communication synchronous with control stream;User to existing image without making any modification.
Description
Technical field
The present invention relates to technical field of virtualization, and in particular, to a kind of vessel isolation based on ARM TrustZone
Enhancing system.
Background technology
Virtualization technology can simulate multiple virtual machines on a physical computer, to promote the profit of hardware
With rate, facilitate same physical equipment of multiple users to share.Container is then a kind of virtualization technology of lightweight.Different containers
The same operating system nucleus will be shared, but each container is owned by oneself independent file system, user's space, process
Space etc..Compared to traditional virtualization technology, container possesses shorter startup time, faster performance and more easily
Dispositions method.Due to these notable advantages, container has been widely used in server field at present.Based on container, high in the clouds
Server can be quickly and conveniently that each user creates its independent running environment.And more and more users also select by
The data deposit of oneself is among the container in high in the clouds, to obtain more fast, easily user experience.
While possessing faster performance and more convenient dispositions method, the safety of container, which is endured to the fullest extent always, to denounce.Difference is held
It needs to share the same operating system nucleus between device, once the kernel is broken, the isolation between container will be broken
It is bad.At the same time, operating system nucleus always exists thousands of loophole quantity because of its huge size of code.In cloud meter
It calculates under environment, once attacker has captured operating system nucleus by a container, all containers in high in the clouds will be manipulated.
Currently, ARM frameworks are due to its preferable energy utilization rate, higher cost performance, just gradually by server field
Favor.A series of processor chips based on ARM architecture are had existed in the market.Have also been introduced therewith one it is new
How safety problem ensures the safety of user's container once the operating system in the cloud server based on ARM is broken,
It prevents that is applied in attacker's control user's container execute stream, steal the sensitive data etc. that user is stored in container, becomes
The significant problem that this field faces.
It is found by retrieval:
1, Owen et al. has designed and Implemented a security system InkTag using hardware virtualization technology, can protect and answer
With program, prevent it from being attacked by insincere operating system nucleus.InkTag provides an independent peace for each application
Full running environment prevents the internal storage data in the direct access safety running environment of operating system, to protect the number of application program
It is not tampered according to not being stolen, controlling stream.Meanwhile the service for partly depending on operating system completion, InkTag also will be right
It is checked.
But although InkTag prevents operating system for the attack of single application program, but it is not particularly suited for
Container environment.First, which can not directly initiate existing container mirror image so that it has the ability of protection container.Secondly, should
The complicated use environment that system is not also considered container multi-user itself, applied more can not ensure that different user is answered inside container
The safety of communication, shared information, permission control between.
2, in order to protect the safety of container, for Arnautov et al. using the SGX technologies of Intel, designing realizes one
The container protection system SCONE of safety.The system utilizes the credible performing environment enclave that SGX technologies provide, and protects each single
Only container process.Since hardware ensure that the software (including operating system) outside any enclave can not all access
The memory of encalve interferes the execution stream inside encalve, therefore SCONE can be effectively protected the peace of container application
Quan Xing prevents it from being attacked by insincere operating system.
But there are two disadvantages by SCONE:First, single container for applying one process can only be supported.That is, one
The application program that an one process can be only run in a container, significantly limits the application scenarios of container.SCONE simultaneously
Not the problem of not accounting under multi-user, more application environments, how cooperating safely between different application;Secondly, SCONE requirements
It modifies to original container mirror image, therefore cannot directly run original mirror image.This disadvantage makes user that can not run
Millions of container mirror images, limits the usage scenario of container in the warehouses Docker.
In conclusion the characteristics of how utilizing itself architecture of ARM platforms, any number of credible execution are safeguarded for container
How environment while relying on insincere operating system and providing service prevents it from being attacked container application, how to be compatible with
Existing container mirror image, becomes this field urgent problem to be solved.
Currently without the explanation or report for finding technology similar to the present invention, it is also not yet collected into data similar both at home and abroad
Invention content
Aiming at the above shortcomings existing in the prior art, the object of the present invention is to provide one kind being based on ARM TrustZone
Vessel isolation enhance system.The system utilize itself architecture of ARM platforms the characteristics of, for container safeguard it is any number of can
Believe performing environment;While relying on insincere operating system offer service, it can prevent it from attacking container application;Energy
Enough it is compatible with existing container mirror image.
The present invention is achieved by the following technical solutions.
According to an aspect of the invention, there is provided a kind of vessel isolation based on ARM TrustZone enhances system,
Including:
Run on the Container Management client of user terminal;
It the insincere operating system that runs in server end common world, insincere Container Management module and credible holds
Row environment;
Page table management module, register protection module, the system calling run in the server side security world seizes mould on both sides by the arms
Block, file system safe enhancing module execute stream synchronous service safety enhancing module, Inter-Process Communication service safe enhancing mould
Block, credible container image download module and safety container starting module;
Wherein:
Any number of container in the Container Management client and server conventional environment is attached, and to appearance
Device sends user instruction;Each container operates in a credible performing environment;
The insincere operating system provides running environment and required service for the application program of container;
The insincere Container Management module provides basic Container Management operation;
The page table management module, register protection module and system calling are seized module on both sides by the arms and are completed jointly to any amount
Credible performing environment maintenance;
The file system safe enhancing module executes stream synchronous service safety enhancing module and Inter-Process Communication service
Safety enhancing module completes the enhancing of the safety to insincere operating system service jointly, prevents insincere operating system from passing through
Rogue system service is provided, container process private data is stolen and/or distorts container process control stream;
The credible container image download module and safety container starting module complete the Container Management work(to safety jointly
The offer of energy.
Preferably, the hardware resource in the credible performing environment can not directly be accessed by insincere operating system.
Preferably, the page table management module monopolizes all page tables of the entire insincere operating system of formula management, passes through control
Page table processed protects the memory of container process, limits the memory of insincere operating system access container process.
Preferably, all instructions for managing page tables in the insincere operating system nucleus of page table management block search, and
These are replaced with to page table management module and sends corresponding requests;Page table management module ensures to store the physical memory page pair of page table
It is read-only in common world, while ensures that the code of insincere operating system nucleus is not writeable, realizes page table management module pair
The exclusive formula management of page table.
Preferably, the register protection module ensures that insincere operating system directly can not access or change credible execution
The register information of environment;Wherein, register protection module intercepts and captures the insincere operation system of all User space processes and kernel state
Switching between system kernel;In handoff procedure, the register that register protection module is responsible for completing credible running environment preserves
And resume work, to ensure that insincere operating system arbitrarily can not distort and/or steal the register of credible running environment
Information.
Preferably, the switching between the User space process and the insincere operating system nucleus of kernel state, including it is as follows
Process:
All User spaces enter the operation of insincere operating system nucleus, by being realized to abnormal processing;To all
Abnormal processing is completed by the abnormality processing function being stored in exception vector table, and the address of the exception vector table is deposited
Storage is in physical register;Register protection module replaces the instruction of all modifications physical register in insincere operating system
To send corresponding requests to register protection module, and a switching is inserted into the abnormality processing function that exception vector table is safeguarded
Instruction (instruction instructs for smc, is a stereotyped command in arm processor, allows hand over to safer world, thus into
Enter register protection module), it is ensured that all behaviors into insincere operating system nucleus will all be cut by register protection module
It obtains;
It is exited to User space by kernel state, is instructed and completed using eret;Register protection module ensures insincere operation system
It unites and any instruction for exiting kernel state is not present in kernel code, it is all to exit operation to be forwarded to register protection module complete
At so as to intercept and capture all operations for exiting insincere operating system nucleus.
Preferably, the system calling seizes the processing function that the exception that module is triggered when being called to system is handled on both sides by the arms
Place is implanted into a specific instruction, and (specific instruction is also referred to as specific hook, refers to a smc instruction, which will enter safety
The world seizes module on both sides by the arms hence into system calling), it is ensured that all systems are called seizes resume module on both sides by the arms by system calling.
Preferably, the file system safe enhancing module ensures the privacy and integrality of container application file system,
The access rights of file system are ensured simultaneously;Wherein:
The file system safe enhancing module seizes module on both sides by the arms using system calling, intercepts and captures the file system that all containers carry out
System access operation, and encrypt all file write operations;Meanwhile it for all File read operations, being solved accordingly
It is close, ensure the privacy of file;
The file system safe enhancing module is that each container file safeguards that a metadata, the metadata include
The cryptographic Hash of file content and version number;Cryptographic Hash and version number, and text can all be updated to each write operation of file
The newest version number of part system safety enhancing module self record;When container process carries out File read operation, file system
Cryptographic Hash and version number of the safety enhancing module by verification reading of content, are back to container process by reading of content, ensure
The integrality of file;
The file system safe enhancing module is intercepted and captured the system that all modifications container corresponds to user and is called, and tracking, which is worked as, advances
The correspondence user of journey;Meanwhile one authority information of additional storage in the metadata of each container file, and for intercepting and capturing
All Files access operation all carries out Authority Verification according to the authority information;
Credible container image download module automatically creates initial data when downloading mirror image, and file system safe enhances module
It is called according to the system that user is called, modifies to the initial data automatically created, form the member of each container file
Data;These metadata are encrypted using the unique encryption key of each container;The encryption key passes through file system
Safety enhancing block protection, and be stored in before being powered off among credible storage medium.
Preferably, execution stream synchronous service safety enhancing module by intercept and capture execute stream synchronous service synchronize it is different into
Corresponding system is called when journey, analyzes the corresponding meaning of one's words, and the execution stream of control container process avoids executing stream by insincere operation
System is distorted.
Preferably, Inter-Process Communication service safe enhances module, according to the data transfer mode between process, between process
Communication process protected as follows:
For direct data transfer mode, Inter-Process Communication service safe enhancing module is called by intercepting system, is known
Do not go out all communication channels, generates a communication key for each communication channel, and believe these communications in communication process
Road is encrypted;
For the data transfer mode of shared drive, Inter-Process Communication service safe enhances module by page table management mould
Block carries out the protection of shared drive;Specifically, when shared drive is established, Inter-Process Communication service safe enhancing module is informed
Page table management module helps different vessels application process to complete the foundation of shared drive;Page table management module ensures any other
Process cannot all hint obliquely at the corresponding physical memory page of shared drive, and then directly ensure the Inter-Process Communication based on shared drive
The safety of service.
Preferably, the integrality of credible container image download module download container mirror image to verify, at the same it is right
Container mirror image carries out initial work, it is ensured that above-mentioned file system safe enhancing module normal work;Specially:
Credible container image download module is connect with mirror image Warehouse Establishing using the encrypted trustable network of ssl protocol, directly
Container mirror image is obtained from mirror image warehouse, and by calculating cryptographic Hash, verifies the integrality of mirror image;Image download completes it
Afterwards, credible container image download module carries out following initialization operation to mirror image:
The unique mirror image key of a mirror image is generated, mirror image key is encrypting other keys in all mirror images;
The All Files in mirror image are traversed, each file are encrypted, and the cryptographic Hash of calculation document content, are generated
Meta data file;Container mirror image after treatment transfers to insincere Container Management module to be stored.
Preferably, the safety when safety container starting module is to ensure that container starts, it is ensured that container is correctly transported
Row builds trusted communications channel among credible performing environment, while for container and Container Management client;Specially:
When container starts, the verification of safety container starting module starts the integrality of mirror image, it is ensured that the container application fortune of startup
Row is among credible performing environment;Safety container starting module will negotiate a communication key with Container Management client, and
All input and output applied using the communication key encrypted container.
Compared with prior art, the present invention has following advantageous effect:
1, the present invention can defend all attacks applied from external container.
Using credible performing environment provided by the invention, the application program outside any vessel can not access inside container
Memory used in application program interferes the execution state of container internal applications.Appearance can be protected therefore, it is possible to the present invention
Device planted agent uses and privacy of user, is not encroached on by external container application.
2, the present invention can defend all attacks from other containers.
Equally the application of different vessels is isolated for the credible performing environment of the present invention, ensure that in different vessels
Using memory, the state of a control etc. that can not access other application, so as to defend the attack from other containers.
3, the present invention can defend all software attacks from insincere operating system.
The present invention limits direct access of the insincere operating system to container application memory, register etc., to prevent
The direct attack (directly steal internal storage data, distort application control stream etc.) that insincere operating system applies container.
Meanwhile the present invention checks all services dependent on insincere operating system, it is therefore prevented that insincere behaviour
Make system by providing rogue system service, container application is attacked.
4, the present invention can defend the attack from other users application inside container.
Communication of the present invention between the different application of container inside, file-sharing etc. are all checked.In addition to that can prevent
Except the attack that other users in container are applied, additionally it is possible to prevent application in container from colluding with insincere operating system, from
And to the attack of other users application/data initiation.
5, the present invention utilizes ARM architecture feature, it is proposed that a kind of construction method of credible performing environment can will show
There is safety operation of applied program on the malicious operating system controlled completely by attacker.
6, the present invention utilizes the credible trip environment of the foregoing description, in conjunction with trusted service mechanism proposed by the present invention so that
It is synchronous with control stream that the different application of different user in container can carry out safe communication.
7, container mirror image of the present invention automation protection from Docker officials warehouse, user is without appointing existing image
What is changed.
8, the present invention provides a peace based on TrustZone technologies for the container environment of existing multi-user, multi-process
Full enhanced scheme effectively prevent incredible common world operating system to attack user's container.It is mentioned in the present invention
The modules such as credible performing environment, secure file system, can also be used to carry out the user program under other environment enhances safely.
Description of the drawings
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is the system architecture diagram of one embodiment of the invention;
Fig. 2 is that the trusted mirror of one embodiment of the invention downloads flow chart;
Fig. 3 is the safety container Booting sequence figure of one embodiment of the invention;
Fig. 4 is that the container process system of one embodiment of the invention calls check process figure;
Fig. 5 is the secure file system browsing process figure of one embodiment of the invention;
Fig. 6 is the safe control flow synchronous service process for using figure of one embodiment of the invention;
Fig. 7 Communications service process for using figures between the security procedure of one embodiment of the invention.
Specific implementation mode
It elaborates below to the embodiment of the present invention:The present embodiment is carried out lower based on the technical solution of the present invention
Implement, gives detailed embodiment and specific operating process.It should be pointed out that those skilled in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention
Protect range.
Embodiment
A kind of vessel isolation enhancing system based on ARM TrustZone is present embodiments provided, which can have
Effect solves problem encountered in the prior art, including:
The characteristics of how utilizing itself architecture of ARM platforms safeguards any number of credible performing environments for container?ARM
TrustZone hardware technologies merely provide a single credible performing environment be known as " safer world ".And it is simple general
Different container application operations can not improve the safety between container in " safer world ".Therefore, " peace how is utilized
The whole world " is provided with exclusive credible performing environment for each container process with regard to most important.
How while relying on insincere operating system offer service, prevent it from attacking container application?Using
Program (including application in container) is called dependent on the system that operating system provides, and to complete various functions, (such as file is visited
It asks, network communication etc.).And the container environment for multi-user, more applied, wherein different application will also depend on operating system into
The communication etc. composed a piece of writing between the shared of part, the synchronization that executes stream, process.One incredible operating system is possibly also with these
System service, to steal the private data in container application, or the execution stream of manipulation container application.
How existing container mirror image is compatible with?Container has been subjected to widely applied technology as one, on internet
Through there is millions of container mirror images, user can easily download these mirror images and start a container of oneself.
For the most widely used Docker Container Managements tool, in the warehouses Docker of official, nearly 100 are had existed
Ten thousand Docker container mirror images.Therefore the vessel safety system of design allows for being compatible with existing container mirror image.
Insincere operating system directly accesses, distorts the internal storage data of application program in container, control container in order to prevent
The instruction stream of interior application program, the present embodiment will be that each container application process creates a credible performing environment first.ARM is flat
The TrustZone hardware technologies of platform provide a credible performing environment and are known as " safer world ", original common running environment
Referred to as " common world ", " safer world " are able to access that (memory, register, outside are set " common world " all hardware resources
It is standby etc.), and " common world " can not access the hardware resource of " safer world ".Based on " safer world " that hardware provides, this reality
It applies the page table that example is controlled first in " common world " to map, prevents the memory of insincere operating system access container application;Later,
The present embodiment seizes container on both sides by the arms using the switching between insincere operating system, to ensure the register of container application, control
Stream will not be tampered.By both the above method, the present embodiment can be provided for each container application one exclusively enjoy credible hold
Row environment.
Later, the present embodiment also needs to the system for preventing insincere operating system to be supplied to container to apply by malice manipulation
Service, to the control stream stolen the privacy of user in container application, distort container application.The present embodiment mainly protects three classes system
System service:
File system:Container application relies on the file system service that operating system provides.The present embodiment will seize container on both sides by the arms and answer
With the All Files system related service of calling, file is encrypted, Hash calculation, to ensure the hidden of container internal file
Private and integrality.At the same time, operating system may also control file access permission by malice, reveal privacy of user,
The file access applied to all containers is also carried out permission examination by the present embodiment.
Execute stream synchronous service:What the present embodiment considered is multi-user, the complicated container environment more applied.Under the environment,
Agree to the execution stream simultaneously operating that the different application inside container needs the service for relying on operating system to carry out some striding courses.Example
Such as utilizing IPC semaphores so that different application process will not access a resource simultaneously, cause data contention (data race),
To generate unpredictable implementing result.Incredible operating system can execute stream synchronous service by controlling these, from
And the normal execution applied in container is interfered, or even can further steal the private data of the application in container.The present embodiment
To seize on both sides by the arms and check in container applies called execution stream synchronous service, including signal (s ignal) to send and receive, signal
Amount, file lock etc. ensure the correctness of their meaning of one's words.
Inter-Process Communication service:Different processes in same container can also by pipeline (pipe), IPC message queues,
The modes such as IPC shared drives carry out the communication between application process.Since existing application thinks that operating system is credible mostly
, therefore its communication hardly between process is encrypted.This means that the operating system being broken can be easily
Steal, or even the content of any Inter-Process Communication is distorted, to steal the data of container process, seize the control of container process on both sides by the arms
Stream.The present embodiment will seize all Inter-Process Communications on both sides by the arms first.For the logical of pipeline, IPC message queues etc. " message transmission " class
Communication method just carries out the protection of Content of communciation with the method for cryptography.And this special communication modes for shared drive, this
For embodiment by controlling page table, the only legal memory sharing process of guarantee can access corresponding shared drive, insincere
Operating system will be unable to access any shared drive.
Other than safety when ensureing container operation, the present embodiment it is also required to provide safe container management function.
Start two processes including credible container image download and safety container.Credible container image download ensures first from official's mirror
As the integrality for the container mirror image that warehouse is downloaded, while also can be that the container mirror image downloaded carries out some initial works.Peace
Verification is started the identity and integrality of container by full container start-up course first, and with the Container Management client of user terminal
Negotiate a communication key, after ensureing that container starts, user is capable of the manipulation container of its own of safety.
The technical solution of the present embodiment is described in further detail below in conjunction with the accompanying drawings.
The particular system embodiment of the present invention is as shown in Figure 1.User terminal runs a Container Management client, to
The container for operating in server end sends instruction.And in server end, hardware is divided by the TrustZone security extensions of ARM
Common world and safer world.Insincere operating system, insincere Container Management module and arbitrary are run in common world
User's container of quantity.There may be multiple containers process in each container, each container process operates in this reality
Among the credible performing environment for applying example maintenance.
In safer world, then there is the module of many enhancing safeties.Page table management module, register protection module,
System calling seizes module on both sides by the arms and is responsible for safeguarding multiple credible performing environments.File system safe enhances module, executes stream synchronous service
Safety enhancing module, Inter-Process Communication service safe enhancing module are prevented to enhance the safety of insincere operating system service
Only insincere operating system steals container process private data, distorts container process control stream by providing rogue system service.
Credible container image download module and safety container starting module then provide safe container management function.
It will be apparent from the specific implementation of modules in the present embodiment below:
【Container Management client】
The Container Management application program for operating in user terminal, to be attached with the container of server end, to server
The container at end sends user instruction.
【Insincere operating system】
The hardware resource for managing common world, running environment and required service are provided for application program.The module by
In itself huge size of code, possess more security breaches, therefore is easier under attack.
【Insincere Container Management module】
It is operated to carry out basic management to container, such as checks cpu usage, start container etc..Due to operation
System it is insincere, this module is also easier to person under attack attack.Therefore two are started for container image download and container
Key operation carries out safety enhancing by the credible container image download module in safer world with safety container starting module.
【Credible performing environment】
The credible performing environment safeguarded by the present embodiment, the hardware resources such as memory, register of the environment are not
It can directly be accessed by insincere operating system.
【Page table management module】
It when processor (CPU) accesses memory, needs virtual memory address being translated as physical memory addresses, thus from object
Manage reading/writing data in memory.And page table is then responsible for mapping of the storage virtual memory to physical memory, processor is by automatic root
According to the mapping relations in page table, conversion of the virtual address to physical address is completed.Therefore once after control page table, also will
Control access of any process (including operating system) for physical memory.And the page table management module of the present embodiment is exclusive first
Management whole system all page tables, later by control page table, protect the memory of container process, limit incredible operation
System accesses the memory of container process.
In order to realize that page table management module monopolizes the page table control of formula, current embodiment require that limiting insincere operating system pair
The access of page table.On ARM platforms, the management (enabling certain page table, off/on page table function) of page table is needed by one
A little special instructions are realized.The present embodiment searches for all these special instructions in insincere operating system nucleus first, by it
It replaces with to page table management module and sends corresponding requests.Later, page table management module ensures page table page (in the physics of storage page table
Deposit page) it is " read-only " for common world, while ensuring that the code of operating system nucleus is " not writeable ".So far, page table management
Module realizes " exclusive formula " management to page table.Operation is changed for all page tables, insincere operating system must all incite somebody to action
It is forwarded to the completion of page table management module.
Later, page table management module can examine all page tables modification operation process according to some security strategies, such as:1) institute
It is not writeable to have the executable code of kernel state that must all mark ";2) any to be hinted obliquely to the physics in credible performing environment
It deposits, can not all be hinted obliquely to operating system;3) between different credible performing environments, only pass through " Inter-Process Communication service safe
After the shared drive operation that enhancing module " is completed, corresponding Physical Page can be shared.
【Register protection module】
Register protection module needs to ensure that insincere operating system directly can not access or change credible performing environment
Register information.First, register protection module needs to intercept and capture all User space processes and the insincere operating system of kernel state
Switching between kernel.Later in handoff procedure, register protection module will be responsible for completing the deposit of credible running environment
Device preserves and resumes work, to ensure that the deposit of credible running environment can not arbitrarily be distorted/stolen to insincere operating system
Device information.
For entering, exiting two different handover operations of insincere operating system nucleus, this module is cut using different
Obtain method.First, under ARM platforms, all User spaces enter the operation of insincere operating system nucleus by exception
(execption) processing is realized.To all abnormal processing by the abnormality processing function being stored in exception vector table
It completes, the address of the vector table is stored in a special physical register (VBAR).Register protection module is true first
It protects to replace with the instruction of all modifications physical register in operating system to register protection module and sends corresponding requests.It
Afterwards, a switching command is inserted into the abnormality processing function that exception vector table is safeguarded, and (switching command refers to smc instructions, is ARM
One special instruction of processor), ensure that all behaviors into insincere operating system nucleus all will be by register
Protection module is intercepted and captured.
It is exited to User space and can only be completed by the very limited instruction of several classes by kernel state, current newest ARMv8 structures
Under, it is completed using an eret instruction.Register protection module ensures that there is no any in insincere operating system nucleus code
Exit the instruction of kernel state, it is all to exit operation and be forwarded to the completion of register protection module.So as to intercept and capture all move back
Go out the operation of insincere operating system nucleus.
【System calling seizes module on both sides by the arms】
Application program calls the system service provided using insincere operating system by system, in order to these clothes
Business process is audited, and system calling seizes the system calling that module ensures that all credible performing environments are initiated on both sides by the arms all will be first by the module
Capture.
Under ARM platforms, system call by one specific " svc " instruction realization, the execution will trigger one it is specific
Exception.By a specific hook is implanted at the processing function of the exception, (the specific hook refers to that a smc refers to this module
Enable), it is ensured that all system calling will all be called by system seizes resume module on both sides by the arms.
Note that page table management module ensure that the code of insincere operating system can not be changed, therefore register is protected
Module and system calling are seized " hook " that module is implanted in abnormality processing function on both sides by the arms and be will be unable to by insincere operating system institute
It distorts.
【File system safe enhances module】
The present embodiment protects three classes system service, is file system respectively, executes stream synchronous service one and collects Inter-Process Communication
Service.File system safe enhancing module is responsible for ensureing the privacy and integrality of container application file system, ensures simultaneously
The access rights of file system.
In order to ensure that the privacy of file, this module seize module on both sides by the arms using system calling, the text that all containers carry out is intercepted and captured
Part system access operation, encrypts all file write operations.Simultaneously for all File read operations, can all carry out corresponding
Decryption.
In order to ensure the integrality of file, this module is that each container file maintains a metadata, wherein including just
The cryptographic Hash of file content and version number.Each write operation can all update cryptographic Hash and version number, and module itself
Record newest version number.When container process carries out File read operation, this module first verifies that the cryptographic Hash of reading of content
And version number, reading of content is back to container process again after being verified.
In order to carry out Authority Verification, this module is intercepted and captured the system that all modifications container corresponds to user and is called first, and tracking is worked as
The correspondence user of preceding process.Later, this module is by one authority information of additional storage in the metadata of each file, and right
In the All Files access operation of intercepting and capturing, scope check is all carried out according to the authority information.
The metadata used in this module is automatically created by credible container image download module when downloading mirror image.Simultaneously
This module also calls the system called according to user, modifies to these metadata.These metadata will use one
The unique encryption key of container is encrypted, and is stored among hard disk.Encryption key used will have this module protection, and
It is stored in before being powered off among credible storage medium (such as ARM platforms provide RPMB).
【Execute stream synchronous service safety enhancing module】
Stream synchronous service is executed to synchronize the execution stream between different processes, includes mainly semaphore, lock, signal etc.
Deng.Execute stream synchronous service safety enhancing module and called by intercepting and capturing correspondence system, analyze the corresponding meaning of one's words, to control container into
The execution stream of journey, it is ensured that it is not distorted by incredible operating system.
For semaphore, Yi Jisuo, this module will be intercepted and captured all corresponding systems and be called, including initialization, acquisition, release
Resource.All acquisitions are operated, once resource is unsatisfactory for requiring (semaphore is insufficient or lock is just occupied), this module will
Tissue current container process continues to execute, to ensure to execute the meaning of one's words correctness of stream synchronous service.
And this special simultaneously operating for signal, this module will intercept and capture all signals for being inserted into container process, and
It is checked.After each signal has been required for corresponding trigger event, can just it be inserted into container process.
【Inter-Process Communication service safe enhances module】
For data transfer mode mainly by two classes, the first is direct data transfer between process, as pipeline (pipe) with
And message queue.For this kind of communication modes, this module is protected using encrypted mode.First, this module passes through interception
System is called, and identifies all communication channels, generates a communication key later for each channel, and in communication later
These channels are encrypted in journey.
Second of communication modes is shared drive, and different processes can be called by system, allow respective one section it is virtual
Memory headroom maps to one section of identical physical memory space, to be communicated based on the shared drive.With based on communicate letter
The Inter-Process Communication method in road is different, and shared drive only just needs the help of operating system when establishing, and is not necessarily in communication
The interference of operating system.This also means that this module is difficult to intercept the Inter-Process Communication mode based on shared drive.
Therefore, this module carries out the protection of shared drive by page table management module.Specifically, it is built in shared drive
Immediately, this module can inform page table management module, to help different vessels application process to complete the foundation of shared drive.It
Afterwards, page table management module will ensure that any other process, including operating system, cannot all hint obliquely at the corresponding physics of the shared drive
Page.To directly ensure that the safety of the Inter-Process Communication service based on shared drive.
【Credible container image download module】
After safety when ensure that container operation, the present embodiment still needs to ensure container image download and container
Safety when startup.The integrality of credible container image download module download container mirror image to verify, while to container
Mirror image carries out initial work, it is ensured that above-mentioned file system safe enhancing module can work normally.
This module is risen with mirror image Warehouse Establishing connect using the encrypted trustable network of ssl protocol first, later directly from mirror
As obtaining container mirror image in warehouse, and by calculating cryptographic Hash, verify the integrality of mirror image.After image download is completed, this
Module carries out initialization operation to mirror image.First, the unique mirror image key of a mirror image is generated, mirror image key is all to encrypt
Other keys in mirror image.Later, the All Files in mirror image are traversed, each file are encrypted, and in calculation document
The cryptographic Hash of appearance generates meta data file.Container mirror image after treatment will transfer to the insincere Container Management of common world
Module is stored.
【Safety container starting module】
Safety when safety container starting module is to ensure that container starts, it is ensured that container correctly operates in the present embodiment
Among the credible performing environment safeguarded, while building a trusted communications for the Container Management client of container and user terminal and leading to
Road.
When container starts, this module starts the integrality of mirror image by first verifying that, it is ensured that the container application operation of startup exists
Among the credible performing environment that the present embodiment is safeguarded.Later, this module will negotiate a communication key with Container Management client,
And (the acquiescence input and output of container application will be sent to container for all input and output applied using the key encrypted container
Management client)
The embodiment of the method for the present invention enhances system, specifically based on the above-mentioned vessel isolation based on ARM TrustZone
Including:Trusted mirror downloads flow, safety container Booting sequence, and container process system calls check process, secure file system
Communications service process for using between browsing process, safe control flow synchronous service process for using and security procedure.
【Trusted mirror downloads flow】
Step 1:Establish credible download channel.Credible container image download module is carried out with the mirror image warehouse of distal end first
The foundation of SSL encryption channel ensures the authentication in mirror image warehouse, the exchange etc. of single channel encryption key.Once mirror image warehouse
Authentication failure, then trusted mirror download flow be immediately finished.
Step 2:Download container mirror image.Credible container image download module is complete by the credible download channel established before
At the download of container mirror image.
Step 3:Verify mirror image integrality.By calculating the cryptographic Hash of mirror image, with the mirror image Hash obtained from mirror image warehouse
Value compares, so as to verify the integrality of mirror image.If the mirror image property completed wrecks, this lower current-carrying will be immediately finished
Journey.
Step 4:User file in cryptographic image.Trusted mirror download module firstly generate a mirror image uniquely encrypt it is close
Key --- mirror image key.It is encrypted later using the All Files inside the key pair mirror image.
Step 5:Generate file metadata.Each file in mirror image is traversed, Hash is carried out to its content, and by Hash
The metadata such as value, initial version number, file permission are stored in corresponding meta data file.Meanwhile using mirror image key pair metadata
File is encrypted.After completing metadata generation, the scene file of download is normal first by exchange Container Management module progress
Beginning chemical industry is made.Part work is the general technology of existing Container Management tool, is not belonging to the innovative design of the present embodiment, therefore
It is not described here in detail.
【Safety container Booting sequence】
Step 1:It sends container and starts request.Container Management client starts mould by a SSL channel to safety container
Block sends a container and starts request.The request includes enabled instruction, starts mirror image ID, starts application name, container application parameter
Deng.
Step 2:Start preparation.Start the insincere Container Management mould that request is forwarded to first in common world
Block completes the preparation started, including:Retrieval starts container mirror image, completes container NameSpace initialization etc..
Step 3:Verification starts mirror image.After completing preparation, insincere Container Management module will call one
Specific system is called, and first application of container is started.Safety container starting module can intercept and capture system calling, verification at this time
The integrality of the hung over file system of current container.Once the startup mirror image that current container mirror image is formulated with user is not inconsistent, or
File in mirror image is distorted, and container start-up course will terminate immediately.
Step 4:Negotiation communication key.After verifying mirror image, safety container starting module can be assisted with Container Management client
One communication key of quotient, later all interactions between user and container can be all encrypted using the key.
Step 5:Start container application.Container application operation can be safeguarded in the present embodiment after safety container starting module
Credible performing environment among.The process includes the page table initialization of container application process, file system is hung over, application code adds
Carry etc..
Step 6:Container start completion.Finally, operating system will switch to the execution entrance of container application, start to execute appearance
Device application.And the standard output of container application all will be sent to Container Management client by trusted channel.And the application given tacit consent to
Standard input is obtained from container management client by trusted channel.
【Container process system calls check process】
Step 1:Process is initiated system and is called.Container process passes through execution " svc " instruction calls system by standard library function
System calls.
Step 2:Operating system catchs the exception.The instruction can trigger the exception of a characteristic, which will sink into operation system
System kernel.Kernel handles the exception by a specific abnormality processing function.
Step 3:Switch to interception module.The present embodiment is implanted into the abnormality processing function inlet of insincere operating system
One " hook ", it is ensured that the exception can switch to System call interception module and be handled first.
Step 4:Obtain system call number.System is called is indicate the desired calling of process using a system call number
System function.Under ARM platforms, system call number is gone out in presence " X8 " register.System call interception module is by this is obtained
System call number, so that it is determined that the system that process is called is called.
Step 5:Obtain system call parameter.It is called according to different system, resolution system calls incoming parameter, analysis ginseng
Several meaning of one's words.
Step 6:Inspection system is called.After obtaining the specific system calling meaning of one's words, the stage that carries out can be called to system
It checks.Whether the stage includes checking application with record system calling permission and called to this subsystem.
Step 7:Kernel is completed system and is called.After one stage checked, insincere operating system nucleus is switched to, into
The normal processing that row system is called.
Step 8:Switch to interception module.System is completed when insincere operating system nucleus to call, when returning to container process,
The return operates first by System call interception module intercepts.
Step 9:Acquisition system calls return value.The specific return value that system is called is obtained after interception module, according to it
The information that preceding step 4 and step 5 obtain, judges the corresponding system call type of this return value.
Step 10:Inspection system calls return value.According to different system call types, the return value that system is called is checked
It is whether legal.
Step 11:Return to application process.After having checked, application process is returned to, this subsystem, which calls, to be completed.
【Secure file system browsing process】
File write operation flow:
Step 1:Initiate file write operation.Container application process calling system calls, and carries out file write operation.
Step 2:Interception system calls.System call interception module intercepts and captures the secondary write operation, and this subsystem is called
File system safe enhancing module is forwarded to first to be handled.
Step 3:Access authoritychecking.File system safe enhancing module first check for current application process whether have pair
The file access permission answered.
Step 4:Content is write in encryption.It is close that file system safe enhancing module obtains the corresponding file encryption of file destination first
Key.Later using block as granularity, it would be desirable to which the file content of write-in is encrypted.
Step 5:Update cryptographic Hash.File system safe enhances the Kazakhstan that module calculates the file content of write-in using block as dynamics
Uncommon value, and in corresponding meta data file, update corresponding cryptographic Hash.
Step 6:More new version number.File system safe enhances the current newest fileversion number of module update, and will
Version number is written in corresponding meta data file.Meanwhile file system safe enhancing module itself will also preserve the version number.
Step 7:Complete write operation.After having updated corresponding metadata, encrypted file content is written into target text
Part, while this subsystem call operation is back to consumer process.
File read operation flow:
Step 1:Initiate file read request.Container application process initiates file and read apparatus is gone to call, and carries out file read operation.
Step 2:Access authoritychecking.System calls interception module to intercept system calling, and minute book subsystem calls, and
And this calling is forwarded to file system safe enhancing module and is accessed the inspection of permission.
Step 3:Read encryption file content.After inspection passes through, operating system completion is forwarded the request to.Insincere operation
System is read out encrypted file, and the ciphertext after reading is back to container application process.
Step 4:Interception system, which calls, to be returned.System call interception module intercepts and captures the system and calls return, and this is returned
Revolution is sent to file system safe enhancing module and is checked.
Step 5:Decrypt reading of content.File system safe enhances module first according to the corresponding key of file, and decryption is read
The file cipher text taken.
Step 6:Verify cryptographic Hash and version number.File system safe enhances the corresponding metadata of module reading matter file, than
It is whether identical compared with the cryptographic Hash in the cryptographic Hash and file metadata of file content after decryption.Remember in comparison document metadata simultaneously
Whether the FileVersion of record is identical as the latest document version of file system safe enhancing module record.
Step 7:Read operation is completed.After cryptographic Hash is verified with version number, the document text after decryption will be returned
It is back in application process, this File read operation is completed.
【Safe control flow synchronous service process for using】
Step 0:Create control stream synchronization object.Container application is called by system first, creates control stream synchronization object.
Later by carrying out obtaining/discharging operation to the object, to coordinate the control stream of different application process.
Resource acquisition operates:
Step 1:Obtain object resource.Application process initiates control stream resource acquisition operation, and the operation is special by one
System call complete.
Step 2:Intercept and capture request.System calling seizes module on both sides by the arms and intercepts and captures system calling, and forwards it to execution stream and synchronize
Service safe enhancing module is handled.
Step 3:Wait for object resource.It can be that different control stream synchronize pair to execute stream stream synchronous service safety enhancing module
As safeguarding that (such as mutual exclusion lock, corresponding resource maximum value is exactly 1, and semaphore, the value are exactly semaphore for corresponding resource value
Initial value).Each resource acquisition is operated, which judges whether current resource value is enough.
Step 4:Success acquisition/waiting.If resource value is enough, executes stream synchronous service safety enhancing module and subtract
Corresponding resource value completes acquisition request.If Current resource is insufficient, acquisition operation will enter waiting list, directly
To possessing enough resources.
Step 5:It completes to obtain operation.After obtaining resource success, application process will be returned to, acquisition operation is completed.
Resource release operations:
Step 1:Releasing object resource.Container application process is called by system, initiates resource release operations.
Step 2:Intercept and capture request.The operation is forwarded to execution stream and synchronizes first by System call interception module intercepts
Service safe enhances module.
Step 3:Record release operation.This release operation will be recorded by executing stream synchronous service safety enhancing module, and disease is released
Put the corresponding resource value of the object.Meanwhile will also a resource acquisition process waited for be selected, allow it to continue to provide
Source obtains operation.
Step 4:Complete release operation.After discharging resource, application process will be returned to, this release operation is completed.
【Communications service process for using between security procedure】
Step 0:Create communication port.Container application called by system, has initially set up a communication port.It is right
The step of this special communication modes in shared drive, channel can be communicated using once establishing, is not necessarily to later.
And for pipeline (pipe) and message queue (message queue) these communication modes, still need to the message hair after carrying out
It send, receive flow.
Step 1:Create channel key.After the foundation for completing communication port, Inter-Process Communication service safe enhancing module is
Safeguard a unique communication key in the channel.
Message transmitting process:
Step 2:Send message.Container application process is called by system, sends message.
Step 3:Intercept and capture request.System call interception module intercepts system calling, and the calling is forwarded to process
Between Communications service safety enhancing module handled.
Step 3:Encrypt message content.Inter-Process Communication service safe enhances key of the module according to corresponding communication channel,
Encryption needs the Content of Communication sent.
Step 4:It completes to send operation.Encrypted message content transfers to insincere operating system to be sent.It has sent
At rear return application process, this message sends operation and completes.
Message reception process:
Step 2:Received message.Container application process is called by system, receives the message content of other processes transmission.
Step 3:Received message ciphertext.Using insincere operating system, the receiving of message is carried out.
Step 4:Intercepting messages return.After the completion of message receives, interception system, which calls, returns to operation, and by interprocess communication
Service safe enhancing module carries out inspection processing to the returned content.
Step 5:Decrypt message content.The message received is decrypted in interprocess communication service safe enhancing module.
Step 6:Completion receives request.Message content after exposition is sent to application process, this message reception process
It completes.
Vessel isolation provided in this embodiment based on ARM TrustZone enhances system:
1, all attacks applied from external container can be defendd.
Using credible performing environment provided in this embodiment, the application program outside any vessel can not access in container
Memory used in portion's application program interferes the execution state of container internal applications.It can be protected therefore, it is possible to the present invention
Container planted agent uses and privacy of user, is not encroached on by external container application.
2, all attacks from other containers can be defendd.
Equally the application of different vessels is isolated for credible performing environment, ensure that the application in different vessels can not
Memory, the state of a control etc. for accessing other application, so as to defend the attack from other containers.
3, all software attacks from insincere operating system can be defendd.
Direct access of the insincere operating system to container application memory, register etc. is limited, it is insincere to prevent
The direct attack (directly steal internal storage data, distort application control stream etc.) that operating system applies container.
Meanwhile all services dependent on insincere operating system are checked, it is therefore prevented that insincere operating system
By providing rogue system service, container application is attacked.
4, the attack from other users application inside container can be defendd.
Between the communication the different application of container inside, file-sharing etc. is all checked.In addition to that can prevent from appearance
Except the attack that other users are applied in device, additionally it is possible to prevent application in container from colluding with insincere operating system, to it
The attack that his user's application/data are initiated.
The technical solution of the present embodiment brings following advantageous effect:
1. utilizing ARM architecture feature, it is proposed that a kind of construction method of credible performing environment, it can be by existing application
Program safety operates on the malicious operating system controlled completely by attacker.
2. using the credible trip environment of the foregoing description, in conjunction with trusted service mechanism proposed by the present invention so that in container
Different user different application can carry out safe communication with control stream it is synchronous.
3. container mirror image of the automation protection from Docker officials warehouse, user to existing image without doing any repair
Change.
In the present embodiment:
Using ARM TrustZone technologies, being created in common world can not be by the credible performing environment of operating system access.
By removing key instruction, limitation common world operating system executes special privileged instruction, to realize exclusive formula
The page table management of (exclusive formula).
The insincere behaviour of common world is isolated in the two different page table base address registers carried using ARM architecture
Make the virtual memory address space of system and easy application process, prevents common world operating system access from being assigned to container and answer
With the physical memory page of process.
Using TrustZone technologies, the switching between all container application processes and common world operating system is seized on both sides by the arms, and
Further the context of container application process (register etc.) is protected, prevents common world operating system from seizing container on both sides by the arms and answers
Execution stream.
Using hardware feature, ensure that container applies the safety of used file system.
By seizing the switching between container application process and common world operating system on both sides by the arms, the visit of All Files system is checked
It asks, encryption and decryption is carried out to the read-write of file.Hash tree ensures the integrality of file content simultaneously.
Using TrustZone, the file access permission control between different processes, different user in container is realized.
Using TrustZone technologies, ensure control stream synchronous service, Inter-Process Communication clothes between different vessels application process
The safety of business.
It seizes the control stream synchronization service system that application process is initiated in container on both sides by the arms to call, is to hold using TrustZone technologies
Device provides safe and reliable control and flows synchronous service.
It seizes the Inter-Process Communication service that application process is initiated in container on both sides by the arms, encryption key is bound for different communication ports,
Ensure the safety of communication data, while accessing permission control to communication channel.
The believable container management service realized using TrustZone technologies.
The container mirror image preprocess method of automation, compatible existing image.
Start request using TrustZone technologies identification Client-initiated container, the start-up parameter of container is carried out complete
Property verification, it is ensured that it is consistent to be activated container and user request.
Start request for each independent container and create communication key, by seizing on both sides by the arms in container using the communication between user
Channel protects the safety of communication data between the two.
It is that each container application process safeguards an individual credible performing environment using TrustZone technologies, protects container
The data such as memory, the register of application can not be distorted by common world operating system.
The realization of trusted file, including seize the file system access operation using initiation, encryption/decryption file reading on both sides by the arms
Write content, file access permission in control container.
Communications service and control stream synchronous service between trusted process.
Safety container management service, including automatic Verification download container mirror image integrality, automation structure it is credible
Communication security protection etc. between container mirror image, verification container start-up parameter integrality and user and container.
Abbreviation and Key Term definition in the present embodiment:
Container:A kind of virtualization technology of lightweight.The interface provided using operating system, can quickly start a use
The running environment that family defines.
Docker:One Container Management tool increased income, can help user management container mirror image and start, suspend,
Manage container.
Docker mirror images:The main file system for including a container, Docker can be according to Docker image startings one
A container.
The warehouses Docker:The container mirror image of oneself can be uploaded to the warehouse by one container mirror image management platform, user,
Also the container mirror image that other users are shared can be downloaded from warehouse.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring the substantive content of the present invention.
Claims (10)
1. a kind of vessel isolation based on ARM TrustZone enhances system, which is characterized in that including:
Run on the Container Management client of user terminal;
Run on insincere operating system, insincere Container Management module and the credible execution ring in server end common world
Border;
Page table management module, register protection module, the system calling run in the server side security world seizes module, text on both sides by the arms
Part system safety enhancing module, execution flow synchronous service safety enhancing module, Inter-Process Communication service safe enhances module, credible
Container image download module and safety container starting module;
Wherein:
Any number of container in the Container Management client and server conventional environment is attached, and is sent out to container
Send user instruction;Each container operates in a credible performing environment;
The insincere operating system provides running environment and required service for the application program of container;
The insincere Container Management module provides basic Container Management operation;
The page table management module, register protection module and system calling seize on both sides by the arms module jointly complete to it is any number of can
Believe the maintenance of performing environment;
The file system safe enhancing module executes stream synchronous service safety enhancing module and Inter-Process Communication service safe
The enhancing for enhancing the safety that module is completed jointly to insincere operating system service, prevents insincere operating system from passing through offer
Rogue system service steals container process private data and/or distorts container process control stream;
The credible container image download module and safety container starting module are completed jointly to the container management function of safety
It provides.
2. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
State the hardware resource in credible performing environment cannot directly be accessed by insincere operating system.
3. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
State all page tables that page table management module monopolizes the entire insincere operating system of formula management, by controlling page table, protection container into
The memory of journey limits the memory of insincere operating system access container process;
The instruction of all management page tables in the insincere operating system nucleus of page table management block search, and these are replaced with
Corresponding requests are sent to page table management module;Page table management module ensures that the physical memory page for storing page table is for common world
It is read-only, while ensuring that the code of insincere operating system nucleus is not writeable, realize exclusive formula of the page table management module to page table
Management.
4. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
It states register protection module and ensures that insincere operating system directly can not access or change the register information of credible performing environment;
Wherein, register protection module intercepts and captures the switching between all User space processes and the insincere operating system nucleus of kernel state;
In handoff procedure, the register that register protection module is responsible for completing credible running environment preserves and resumes work, to
Ensure that insincere operating system arbitrarily can not distort and/or steal the register information of credible running environment;
Switching between the User space process and the insincere operating system nucleus of kernel state, comprises the following processes:
All User spaces enter the operation of insincere operating system nucleus, by being realized to abnormal processing;To all exceptions
Processing completed by the abnormality processing function that is stored in exception vector table, the address of the exception vector table is stored in
In physical register;Register protection module by the instruction of all modifications physical register in insincere operating system replace with to
Register protection module sends corresponding requests, and is inserted into a switching in the abnormality processing function that exception vector table is safeguarded and refers to
It enables, it is ensured that all behaviors into insincere operating system nucleus will all be intercepted and captured by register protection module;
It is exited to User space by kernel state, is instructed and completed using eret;Register protection module ensures in insincere operating system
In core code be not present any instruction for exiting kernel state, it is all exit operation be forwarded to register protection module completion, from
And all operations for exiting insincere operating system nucleus can be intercepted and captured.
5. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
It states system calling and seizes one specific finger of implantation at the processing function that the exception that module is triggered when being called to system is handled on both sides by the arms
It enables, it is ensured that all systems are called seizes resume module on both sides by the arms by system calling.
6. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
It states file system safe enhancing module and ensures the privacy and integrality of container application file system, while ensuring file system
Access rights;Wherein:
The file system safe enhancing module seizes module on both sides by the arms using system calling, intercepts and captures the file system that all containers carry out and visits
It asks operation, and encrypts all file write operations;Meanwhile for all File read operations, being decrypted accordingly, it protects
Demonstrate,prove the privacy of file;
The file system safe enhancing module is that each container file safeguards a metadata, and the metadata includes file
The cryptographic Hash of content and version number;Cryptographic Hash and version number, and file system can all be updated to each write operation of file
The newest version number of safety enhancing module self record of uniting;When container process carries out File read operation, file system safe
Enhance cryptographic Hash and version number of the module by verification reading of content, reading of content is back to container process, ensures file
Integrality;
The file system safe enhancing module is intercepted and captured the system that all modifications container corresponds to user and is called, and current process is tracked
Corresponding user;Meanwhile one authority information of additional storage in the metadata of each container file, and for all of intercepting and capturing
File access operation all carries out Authority Verification according to the authority information;
Credible container image download module automatically creates initial data when downloading mirror image, file system safe enhance module according to
The system that user is called is called, and is modified to the initial data automatically created, is formed the metadata of each container file;
These metadata are encrypted using the unique encryption key of each container;The encryption key is increased by file system safe
Strong module protection, and be stored in before being powered off among credible storage medium.
7. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
It states execution stream synchronous service safety enhancing module and executes corresponding system tune when stream synchronous service synchronizes different processes by intercepting and capturing
With analyzing the corresponding meaning of one's words, the execution stream of control container process is avoided executing stream and be distorted by insincere operating system.
8. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that into
Communications service safety enhancing module between journey, according to the data transfer mode between process, the communication process between process carries out such as
Lower protection:
For direct data transfer mode, Inter-Process Communication service safe enhancing module is called by intercepting system, is identified
All communication channels, for each communication channel generate a communication key, and in communication process to these communication channels into
Row encryption;
For the data transfer mode of shared drive, Inter-Process Communication service safe enhances module by page table management module, into
The protection of row shared drive;Specifically, when shared drive is established, Inter-Process Communication service safe enhancing module informs page table pipe
Module is managed, different vessels application process is helped to complete the foundation of shared drive;Page table management module ensures any other process, all
The corresponding physical memory page of shared drive cannot be hinted obliquely at, and then directly ensures the peace of the Inter-Process Communication service based on shared drive
Quan Xing.
9. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
The integrality of credible container image download module download container mirror image to verify is stated, while container mirror image is initialized
Work, it is ensured that above-mentioned file system safe enhancing module normal work;Specially:
Credible container image download module is connect with mirror image Warehouse Establishing using the encrypted trustable network of ssl protocol, directly from mirror
As obtaining container mirror image in warehouse, and by calculating cryptographic Hash, verify the integrality of mirror image;It, can after image download is completed
Believe that container image download module carries out following initialization operation to mirror image:
The unique mirror image key of a mirror image is generated, mirror image key is encrypting other keys in all mirror images;
The All Files in mirror image are traversed, each file are encrypted, and the cryptographic Hash of calculation document content, first number is generated
According to file;Container mirror image after treatment transfers to insincere Container Management module to be stored.
10. the vessel isolation according to claim 1 based on ARM TrustZone enhances system, which is characterized in that institute
State safety container starting module to ensure container start when safety, it is ensured that container correctly operate in credible performing environment it
In, while building trusted communications channel for container and Container Management client;Specially:
When container starts, the verification of safety container starting module starts the integrality of mirror image, it is ensured that the container application operation of startup exists
Among credible performing environment;Safety container starting module will negotiate a communication key with Container Management client, and use
All input and output of communication key encrypted container application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810549087.6A CN108733455B (en) | 2018-05-31 | 2018-05-31 | Container isolation enhancing system based on ARM TrustZone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810549087.6A CN108733455B (en) | 2018-05-31 | 2018-05-31 | Container isolation enhancing system based on ARM TrustZone |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108733455A true CN108733455A (en) | 2018-11-02 |
CN108733455B CN108733455B (en) | 2020-08-18 |
Family
ID=63931522
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810549087.6A Active CN108733455B (en) | 2018-05-31 | 2018-05-31 | Container isolation enhancing system based on ARM TrustZone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108733455B (en) |
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109491776A (en) * | 2018-11-06 | 2019-03-19 | 北京百度网讯科技有限公司 | Task method of combination and system |
CN109508225A (en) * | 2018-11-15 | 2019-03-22 | 珠海市知安全科技有限公司 | A kind of application container system under windows operating system |
CN109522754A (en) * | 2018-11-28 | 2019-03-26 | 中国科学院信息工程研究所 | A kind of credible isolation environment core control method of mobile terminal |
CN109800596A (en) * | 2018-12-27 | 2019-05-24 | 余炀 | A kind of personal data safety management system |
CN110069921A (en) * | 2019-04-12 | 2019-07-30 | 中国科学院信息工程研究所 | A kind of trusted software authority checking system and method towards container platform |
CN110413382A (en) * | 2019-08-06 | 2019-11-05 | 山东超越数控电子股份有限公司 | A kind of method, equipment and the readable medium of the resource dynamic adjustment of Docker container |
CN110427274A (en) * | 2019-07-16 | 2019-11-08 | 阿里巴巴集团控股有限公司 | Data transmission method and device in TEE system |
CN110825489A (en) * | 2019-10-21 | 2020-02-21 | 网易(杭州)网络有限公司 | Application method and device of android simulator and terminal equipment |
CN111124956A (en) * | 2019-11-22 | 2020-05-08 | 海光信息技术有限公司 | Container protection method, processor, operating system and computer equipment |
CN111177701A (en) * | 2019-12-11 | 2020-05-19 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
CN111382445A (en) * | 2020-03-03 | 2020-07-07 | 首都师范大学 | Method for providing trusted service by using trusted execution environment system |
CN111382131A (en) * | 2018-12-27 | 2020-07-07 | 浙江大学 | Data processing method, device and storage medium |
CN111400726A (en) * | 2019-01-03 | 2020-07-10 | 阿里巴巴集团控股有限公司 | Data processing method, device, equipment and machine readable medium |
CN111581654A (en) * | 2020-05-08 | 2020-08-25 | 苏州深信达网络科技有限公司 | Method for amplifying performance of encryption chip |
CN111651778A (en) * | 2020-05-26 | 2020-09-11 | 上海交通大学 | Physical memory isolation method based on RISC-V instruction architecture |
CN111859428A (en) * | 2020-07-22 | 2020-10-30 | 成都安恒信息技术有限公司 | Containerization-based secret key storage method and system |
CN112256396A (en) * | 2020-10-23 | 2021-01-22 | 海光信息技术股份有限公司 | Memory management method and system, security processing device and data processing device |
US11003785B2 (en) | 2019-07-16 | 2021-05-11 | Advanced New Technologies Co., Ltd. | Data transmission method and apparatus in tee systems |
CN113296887A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method and device for starting safety container |
CN113391880A (en) * | 2021-06-21 | 2021-09-14 | 西安超越申泰信息科技有限公司 | Trusted mirror image transmission method for layered double hash verification |
EP3907637A1 (en) * | 2020-05-05 | 2021-11-10 | Siemens Aktiengesellschaft | Method and device for securely starting a container instance |
CN113703924A (en) * | 2021-09-22 | 2021-11-26 | 上海交通大学 | Safe virtual machine system design method and system based on trusted execution environment |
CN113792276A (en) * | 2021-11-11 | 2021-12-14 | 麒麟软件有限公司 | Operating system user identity authentication method and system based on dual-architecture |
CN114035886A (en) * | 2021-09-28 | 2022-02-11 | 中国科学院信息工程研究所 | Container security reinforcement system and method for kernel data |
CN114048502A (en) * | 2021-10-15 | 2022-02-15 | 中国科学院信息工程研究所 | Lightweight trusted channel and communication control method thereof |
WO2023103697A1 (en) * | 2021-12-10 | 2023-06-15 | 华为技术有限公司 | Communication method in computer system, and related product |
WO2023133990A1 (en) * | 2022-01-13 | 2023-07-20 | 南京翼辉信息技术有限公司 | Design method for implementing lightweight secure container on the basis of embedded real-time operating system |
CN117076002A (en) * | 2023-09-28 | 2023-11-17 | 飞腾信息技术有限公司 | Safe starting method and related device |
CN117573275A (en) * | 2023-11-14 | 2024-02-20 | 中电云计算技术有限公司 | Trusted container application security read-write method and system based on TrustZone |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
US20130191823A1 (en) * | 2011-07-25 | 2013-07-25 | Jason A. Davidson | Dynamic feature enhancement in client server applications and high volume server deployment with dynamic app store integration |
CN107819875A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | User specially enjoys method of servicing and device under a kind of cloud platform |
-
2018
- 2018-05-31 CN CN201810549087.6A patent/CN108733455B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130191823A1 (en) * | 2011-07-25 | 2013-07-25 | Jason A. Davidson | Dynamic feature enhancement in client server applications and high volume server deployment with dynamic app store integration |
CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
CN107819875A (en) * | 2017-11-27 | 2018-03-20 | 深信服科技股份有限公司 | User specially enjoys method of servicing and device under a kind of cloud platform |
Non-Patent Citations (2)
Title |
---|
ZHICHAOHUA ETL: "vTZ: Virtualizing ARM TrustZone", 《THIS PAPER IS INCLUDED IN THE PROCEEDINGS OF THE 》 * |
夏虞斌等: "基于 TrustZone 技术的安全移动远程控制系统", 《计算机工程》 * |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109491776B (en) * | 2018-11-06 | 2022-05-31 | 北京百度网讯科技有限公司 | Task arranging method and system |
CN109491776A (en) * | 2018-11-06 | 2019-03-19 | 北京百度网讯科技有限公司 | Task method of combination and system |
CN109508225A (en) * | 2018-11-15 | 2019-03-22 | 珠海市知安全科技有限公司 | A kind of application container system under windows operating system |
CN109522754A (en) * | 2018-11-28 | 2019-03-26 | 中国科学院信息工程研究所 | A kind of credible isolation environment core control method of mobile terminal |
CN109522754B (en) * | 2018-11-28 | 2021-11-19 | 中国科学院信息工程研究所 | Core control method for trusted isolation environment of mobile terminal |
CN109800596A (en) * | 2018-12-27 | 2019-05-24 | 余炀 | A kind of personal data safety management system |
CN109800596B (en) * | 2018-12-27 | 2023-01-31 | 余炀 | Personal data safety management system |
CN111382131B (en) * | 2018-12-27 | 2023-05-09 | 浙江大学 | Data processing method, device and storage medium |
CN111382131A (en) * | 2018-12-27 | 2020-07-07 | 浙江大学 | Data processing method, device and storage medium |
CN111400726A (en) * | 2019-01-03 | 2020-07-10 | 阿里巴巴集团控股有限公司 | Data processing method, device, equipment and machine readable medium |
CN110069921A (en) * | 2019-04-12 | 2019-07-30 | 中国科学院信息工程研究所 | A kind of trusted software authority checking system and method towards container platform |
CN110069921B (en) * | 2019-04-12 | 2021-01-01 | 中国科学院信息工程研究所 | Container platform-oriented trusted software authorization verification system and method |
CN110427274A (en) * | 2019-07-16 | 2019-11-08 | 阿里巴巴集团控股有限公司 | Data transmission method and device in TEE system |
US11250145B2 (en) | 2019-07-16 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Data transmission method and apparatus in tee systems |
US11003785B2 (en) | 2019-07-16 | 2021-05-11 | Advanced New Technologies Co., Ltd. | Data transmission method and apparatus in tee systems |
CN110413382A (en) * | 2019-08-06 | 2019-11-05 | 山东超越数控电子股份有限公司 | A kind of method, equipment and the readable medium of the resource dynamic adjustment of Docker container |
CN110825489A (en) * | 2019-10-21 | 2020-02-21 | 网易(杭州)网络有限公司 | Application method and device of android simulator and terminal equipment |
CN111124956A (en) * | 2019-11-22 | 2020-05-08 | 海光信息技术有限公司 | Container protection method, processor, operating system and computer equipment |
CN111177701A (en) * | 2019-12-11 | 2020-05-19 | 北京握奇智能科技有限公司 | Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip |
CN111382445A (en) * | 2020-03-03 | 2020-07-07 | 首都师范大学 | Method for providing trusted service by using trusted execution environment system |
WO2021224062A1 (en) * | 2020-05-05 | 2021-11-11 | Siemens Aktiengesellschaft | Method and device for securely starting up a container instance |
EP3907637A1 (en) * | 2020-05-05 | 2021-11-10 | Siemens Aktiengesellschaft | Method and device for securely starting a container instance |
CN111581654A (en) * | 2020-05-08 | 2020-08-25 | 苏州深信达网络科技有限公司 | Method for amplifying performance of encryption chip |
CN111581654B (en) * | 2020-05-08 | 2023-10-24 | 苏州深信达网络科技有限公司 | Method for amplifying performance of encryption chip |
CN111651778B (en) * | 2020-05-26 | 2023-05-05 | 上海交通大学 | Physical memory isolation method based on RISC-V instruction architecture |
CN111651778A (en) * | 2020-05-26 | 2020-09-11 | 上海交通大学 | Physical memory isolation method based on RISC-V instruction architecture |
CN111859428B (en) * | 2020-07-22 | 2022-07-19 | 成都安恒信息技术有限公司 | Containerization-based secret key storage method and system |
CN111859428A (en) * | 2020-07-22 | 2020-10-30 | 成都安恒信息技术有限公司 | Containerization-based secret key storage method and system |
CN112256396A (en) * | 2020-10-23 | 2021-01-22 | 海光信息技术股份有限公司 | Memory management method and system, security processing device and data processing device |
CN113296887B (en) * | 2021-03-31 | 2023-12-08 | 阿里巴巴(中国)有限公司 | Method and device for starting safety container |
CN113296887A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method and device for starting safety container |
CN113391880A (en) * | 2021-06-21 | 2021-09-14 | 西安超越申泰信息科技有限公司 | Trusted mirror image transmission method for layered double hash verification |
CN113703924A (en) * | 2021-09-22 | 2021-11-26 | 上海交通大学 | Safe virtual machine system design method and system based on trusted execution environment |
CN114035886A (en) * | 2021-09-28 | 2022-02-11 | 中国科学院信息工程研究所 | Container security reinforcement system and method for kernel data |
CN114035886B (en) * | 2021-09-28 | 2023-10-03 | 中国科学院信息工程研究所 | Container security reinforcement system and method for kernel data |
CN114048502A (en) * | 2021-10-15 | 2022-02-15 | 中国科学院信息工程研究所 | Lightweight trusted channel and communication control method thereof |
CN114048502B (en) * | 2021-10-15 | 2023-08-15 | 中国科学院信息工程研究所 | Lightweight trusted channel and communication control method thereof |
CN113792276A (en) * | 2021-11-11 | 2021-12-14 | 麒麟软件有限公司 | Operating system user identity authentication method and system based on dual-architecture |
WO2023103697A1 (en) * | 2021-12-10 | 2023-06-15 | 华为技术有限公司 | Communication method in computer system, and related product |
WO2023133990A1 (en) * | 2022-01-13 | 2023-07-20 | 南京翼辉信息技术有限公司 | Design method for implementing lightweight secure container on the basis of embedded real-time operating system |
CN117076002A (en) * | 2023-09-28 | 2023-11-17 | 飞腾信息技术有限公司 | Safe starting method and related device |
CN117076002B (en) * | 2023-09-28 | 2024-01-02 | 飞腾信息技术有限公司 | Safe starting method and related device |
CN117573275A (en) * | 2023-11-14 | 2024-02-20 | 中电云计算技术有限公司 | Trusted container application security read-write method and system based on TrustZone |
Also Published As
Publication number | Publication date |
---|---|
CN108733455B (en) | 2020-08-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108733455A (en) | Vessel isolation based on ARM TrustZone enhances system | |
US11531732B2 (en) | Systems and methods for providing identity assurance for decentralized applications | |
ES2827007T3 (en) | System and procedures for decrypting network traffic in a virtualized environment | |
Dai et al. | SBLWT: A secure blockchain lightweight wallet based on trustzone | |
EP3496329A1 (en) | Method and system of preserving privacy for usage of lightweight blockchain clients | |
US7865876B2 (en) | Multiple trusted computing environments | |
Xia et al. | TinMan: Eliminating confidential mobile data exposure with security oriented offloading | |
CN105184164A (en) | Data processing method | |
Chen et al. | {MAGE}: Mutual attestation for a group of enclaves without trusted third parties | |
CN108595983A (en) | A kind of hardware structure and application context integrity measurement method based on hardware security isolated execution environment | |
Zhao et al. | vSGX: virtualizing SGX enclaves on AMD SEV | |
Suciu et al. | Horizontal privilege escalation in trusted applications | |
Lapid et al. | Navigating the samsung trustzone and cache-attacks on the keymaster trustlet | |
Dai et al. | Trustzone-based secure lightweight wallet for hyperledger fabric | |
Coppola et al. | Automation for industry 4.0 by using secure lorawan edge gateways | |
EP2863329A1 (en) | Establishing physical locality between secure execution environments | |
Will et al. | Intel software guard extensions applications: A survey | |
Rabimba et al. | Lessons learned from blockchain applications of trusted execution environments and implications for future research | |
Jiang et al. | An effective authentication for client application using ARM trustzone | |
Jakkamsetti et al. | Scalable private signaling | |
Bhudia et al. | RansomClave: ransomware key management using SGX | |
WO2016159883A1 (en) | Extracting information from a data set in a distributed computing environment | |
Muller et al. | TZ4Fabric: Executing Smart Contracts with ARM TrustZone:(Practical Experience Report) | |
Kaladharan et al. | An encryption technique to thwart android binder exploits | |
Seshadri | A software primitive for externally-verifiable untampered execution and its applications to securing computing systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |