CN108733455B

CN108733455B - Container isolation enhancing system based on ARM TrustZone

Info

Publication number: CN108733455B
Application number: CN201810549087.6A
Authority: CN
Inventors: 夏虞斌; 华志超; 陈海波; 臧斌宁
Original assignee: Shanghai Jiaotong University
Current assignee: Shanghai Jiaotong University
Priority date: 2018-05-31
Filing date: 2018-05-31
Publication date: 2020-08-18
Anticipated expiration: 2038-05-31
Also published as: CN108733455A

Abstract

The invention provides a system for enhancing the isolation of a container based on ARM TrustZone, which comprises: the container management client runs on the client; the system comprises an untrusted operating system, an untrusted container management module and a trusted execution environment, wherein the untrusted operating system, the untrusted container management module and the trusted execution environment run in the common world of a server side; the system comprises a page table management module, a register protection module, a system call clamping module, a file system security enhancement module, an execution flow synchronization service security enhancement module, an interprocess communication service security enhancement module, a trusted container mirror image downloading module and a secure container starting module which run in a server-side secure world. The method safely runs the existing application program on a malicious operating system which is completely controlled by an attacker; enabling secure communication and control flow synchronization for different applications of different users within the container; the user does not need to make any modifications to the existing image.

Description

Container isolation enhancing system based on ARM TrustZone

Technical Field

The invention relates to the technical field of virtualization, in particular to a system for enhancing the isolation of a container based on ARM TrustZone.

Background

The virtualization technology can simulate a plurality of virtual computers on one physical computer, thereby improving the utilization rate of hardware and facilitating a plurality of users to share the same physical equipment. Containers are a lightweight virtualization technology. Different containers will share the same operating system kernel, but each container has its own independent file system, user space, process space, etc. Compared with the traditional virtualization technology, the container has the advantages of shorter starting time, faster performance and more convenient deployment method. Due to these significant advantages, containers are now widely used in the server field. Based on the container, the cloud server can quickly and conveniently create independent operating environments for each user. More and more users also choose to store own data into the cloud container, so that faster and more convenient user experience is obtained.

While having faster performance and a more convenient deployment method, the safety of the container is always suffering from the following problem. The same operating system kernel needs to be shared between different containers, and once the kernel is broken, the isolation between the containers is broken. Meanwhile, the operating system kernel always has thousands of bugs due to its huge code amount. In a cloud computing environment, once an attacker sinks the operating system kernel through one container, the attacker can manipulate all the containers in the cloud.

At present, the ARM architecture is gradually favored by the field of servers due to better energy utilization rate and higher cost performance. A range of processor chips based on the ARM architecture already exist on the market. A new security problem is introduced, and once the operating system in the ARM-based cloud server is broken, how to ensure the security of the user container, prevent an attacker from controlling the execution flow of the application in the user container, stealing sensitive data stored in the container by the user, and the like becomes a significant problem in the field.

Through search, the following results are found:

1. owen et al have designed and implemented a secure system InkTag using hardware virtualization technology, which can protect applications from attacks by untrusted operating system kernels. The InkTag provides an independent safe operation environment for each application, and prevents an operating system from directly accessing memory data in the safe operation environment, so that the data of an application program is protected from being stolen and a control flow is protected from being tampered. At the same time, for services that depend in part on the completion of the operating system, the InkTag will also check them.

However, InkTag, although preventing attacks of the operating system on a single application, is not suitable for use in a container environment. First, the system cannot directly boot an existing container mirror, so that it has the ability to protect the container. Secondly, the system does not consider the complex use environment of multiple users and multiple applications of the container, and cannot ensure the safety of communication, information sharing and authority control among different user applications in the container.

2. In order to protect the safety of the container, Arnautov et al design and implement a safe container protection system SCONE by using the SGX technology of Intel. The system protects each individual container process by using the trusted execution environment enclave provided by the SGX technology. Because hardware ensures that any software (including an operating system) outside the enclave cannot access the memory of the enclave and interfere with the execution flow inside the enclave, the SCONE can effectively protect the security of a container application and prevent the container application from being attacked by an untrusted operating system.

However, SCONE has two disadvantages: first, it can only support single application single process containers. That is, only one single-process application can be run in one container, which greatly limits the application scenarios of the container. Meanwhile, the SCONE does not consider the problem of how to safely cooperate with different applications in a multi-user and multi-application environment; second, SCONE requires modification of the original container image, and therefore cannot directly run the original image. This disadvantage prevents users from running millions of container images in the Docker warehouse, limiting the use scenarios of containers.

In summary, how to utilize the features of the architecture of the ARM platform itself to maintain any number of trusted execution environments for the container, how to provide services while relying on the untrusted operating system, prevent the trusted execution environments from attacking the container application, and how to be compatible with the existing container image becomes a problem to be solved in the art.

At present, no explanation or report of similar technologies to the invention is found, and similar data at home and abroad are not collected

Disclosure of Invention

In view of the above-mentioned disadvantages in the prior art, the present invention aims to provide a container isolation enhancement system based on ARM TrustZone. The system utilizes the characteristics of the self system structure of the ARM platform to maintain any plurality of trusted execution environments for the container; while relying on the untrusted operating system to provide services, the method can prevent the untrusted operating system from attacking the container application; can be compatible with existing container mirrors.

The invention is realized by the following technical scheme.

According to an aspect of the present invention, there is provided an ARM TrustZone-based container isolation enhancement system, including:

the container management client runs on the client;

the system comprises an untrusted operating system, an untrusted container management module and a trusted execution environment, wherein the untrusted operating system, the untrusted container management module and the trusted execution environment run in the common world of a server side;

the system comprises a page table management module, a register protection module, a system call clamping module, a file system security enhancement module, an execution flow synchronization service security enhancement module, an interprocess communication service security enhancement module, a trusted container mirror image downloading module and a secure container starting module which run in a server-side secure world;

wherein:

the container management client is connected with any number of containers in the common environment of the server and sends user instructions to the containers; each container runs in a trusted execution environment;

the untrusted operating system provides a running environment and required services for the application program of the container;

the untrusted container management module provides basic container management operations;

the page table management module, the register protection module and the system calling clamping module jointly complete maintenance of any number of trusted execution environments;

the file system security enhancement module, the execution flow synchronization service security enhancement module and the interprocess communication service security enhancement module jointly complete the enhancement of the security of the services of the untrusted operating system, and prevent the untrusted operating system from stealing container process privacy data and/or tampering container process control flow by providing malicious system services;

the trusted container mirror image downloading module and the secure container starting module jointly complete the provision of the secure container management function.

Preferably, none of the hardware resources in the trusted execution environment are directly accessible to the untrusted operating system.

Preferably, the page table management module manages all page tables of the entire untrusted operating system exclusively, and by controlling the page tables, the memory of the container process is protected, and the access of the untrusted operating system to the memory of the container process is limited.

Preferably, the page table management module searches all instructions for managing page tables in the untrusted operating system kernel, and replaces these with sending corresponding requests to the page table management module; the page table management module ensures that a physical memory page storing the page table is read only in the common world, and simultaneously ensures that a code of an untrusted operating system kernel is unwritable, so that exclusive management of the page table by the page table management module is realized.

Preferably, the register protection module ensures that the register information of the trusted execution environment cannot be directly accessed or modified by the untrusted operating system; the register protection module intercepts and captures switching between all user mode processes and a kernel of a kernel-mode untrusted operating system; in the switching process, the register protection module is responsible for completing register storage and recovery work of the trusted operating environment, so that the untrusted operating system cannot randomly tamper and/or steal register information of the trusted operating environment.

Preferably, the switching between the user-mode process and the kernel of the kernel-mode untrusted operating system includes the following steps:

all user states enter the operation of an untrusted operating system kernel, and are realized by processing the exception; processing all exceptions is done by an exception handling function stored in an exception vector table, the address of which is stored in a physical register; the register protection module replaces all instructions for modifying physical registers in the untrusted operating system with instructions for sending corresponding requests to the register protection module, and inserts a switching instruction (the instruction is an smc instruction which is a standard instruction in an ARM processor and can be switched to the secure world so as to enter the register protection module) into an exception handling function maintained by an exception vector table, so that all behaviors entering an untrusted operating system kernel are intercepted by the register protection module;

exiting from the kernel state to the user state, and completing by adopting an eret instruction; the register protection module ensures that no instruction exiting the kernel state exists in the kernel code of the untrusted operating system, and all exiting operations are forwarded to the register protection module to be completed, so that all operations exiting the kernel of the untrusted operating system can be intercepted.

Preferably, the system call holding module implants a specific instruction (the specific instruction is also called a specific hook, and refers to an smc instruction, and the specific instruction enters the secure world and thus enters the system call holding module) at the processing function for processing the exception triggered by the system call, and ensures that all the system calls are processed by the system call holding module.

Preferably, the file system security enhancement module ensures the privacy and integrity of the container application file system, and simultaneously ensures the access authority of the file system; wherein:

the file system security enhancement module intercepts file system access operations of all containers by using a system call clamping module, and encrypts all file write operations; meanwhile, all file reading operations are correspondingly decrypted, so that the privacy of the files is ensured;

the file system security enhancement module maintains a piece of metadata for each container file, wherein the metadata comprises a hash value and a version number of file contents; the hash value and the version number are updated every time the file is written, and the latest version number is recorded by the file system security enhancement module; when the container process reads the file, the file system security enhancement module returns the read content to the container process by verifying the hash value and the version number of the read content, so as to ensure the integrity of the file;

the file system security enhancement module intercepts system calls of users corresponding to all modification containers and tracks the corresponding users of the current process; meanwhile, additionally storing a piece of authority information in the metadata of each container file, and performing authority verification on all intercepted file access operations according to the authority information;

the trusted container mirror image downloading module automatically creates original data when downloading mirror images, and the file system security enhancement module modifies the automatically created original data according to system call called by a user to form metadata of each container file; these metadata are encrypted using an encryption key unique to each container; the encryption key is protected by the file system security enhancement module and is stored in the trusted storage medium before shutdown.

Preferably, the execution flow synchronization service security enhancing module analyzes the corresponding semantic meaning by intercepting the corresponding system call when the execution flow synchronization service synchronizes different processes, controls the execution flow of the container process, and avoids the execution flow from being tampered by the untrusted operating system.

Preferably, the inter-process communication service security enhancing module performs the following protection on the inter-process communication process according to the data transmission mode between the processes:

for direct data transfer, the interprocess communication service security enhancement module identifies all communication channels by intercepting system calls, generates a communication key for each communication channel, and encrypts these communication channels during communication;

for the data transmission mode of the shared memory, the interprocess communication service security enhancement module protects the shared memory by means of the page table management module; specifically, when the shared memory is established, the inter-process communication service security enhancement module informs the page table management module to help different container application processes to complete establishment of the shared memory; the page table management module ensures that any other process cannot map the physical memory page corresponding to the shared memory, thereby directly ensuring the safety of the inter-process communication service based on the shared memory.

Preferably, the trusted container mirror image downloading module is used for verifying the integrity of a downloaded container mirror image, and simultaneously, initializing the container mirror image to ensure that the file system security enhancement module works normally; the method specifically comprises the following steps:

establishing a trusted network connection encrypted by an SSL (secure socket layer) protocol between a trusted container mirror image downloading module and a mirror image warehouse, directly acquiring a container mirror image from the mirror image warehouse, and verifying the integrity of the mirror image by calculating a hash value; after the mirror image downloading is completed, the trusted container mirror image downloading module performs the following initialization operations on the mirror image:

generating a mirror image key unique to the mirror image, wherein the mirror image key is used for encrypting other keys in all the mirror images;

traversing all files in the mirror image, encrypting each file, calculating a hash value of the file content, and generating a metadata file; and the processed container mirror image is delivered to the untrusted container management module for storage.

Preferably, the secure container starting module is used for ensuring the security of the container when the container is started, ensuring that the container runs in a trusted execution environment correctly, and simultaneously establishing a trusted communication channel for the container and the container management client; the method specifically comprises the following steps:

when the container is started, the safety container starting module verifies the integrity of the starting mirror image and ensures that the started container application runs in a trusted execution environment; the secure container launch module will negotiate a communication key with the container management client and encrypt all inputs and outputs of the container application using the communication key.

Compared with the prior art, the invention has the following beneficial effects:

1. the invention can defend all attacks from applications outside the container.

By utilizing the trusted execution environment provided by the invention, the application program outside any container can not access the memory used by the application program inside the container, and the execution state of the application program inside the container is interfered. Therefore, the invention can protect the application in the container and the privacy of the user and is not damaged by the application outside the container.

2. The invention can defend all attacks from other containers.

The trusted execution environment of the invention also isolates the applications of different containers, and ensures that the applications in different containers cannot access the memory, control state and the like of other applications, thereby being capable of defending attacks from other containers.

3. The invention can defend all software attacks from an untrusted operating system.

The invention limits the direct access of the untrusted operating system to the container application memory, registers and the like, thereby preventing the untrusted operating system from directly attacking the container application (directly stealing memory data, tampering application control flow and the like).

Meanwhile, the invention checks all services depending on the untrusted operating system, and prevents the untrusted operating system from attacking the container application by providing malicious system services.

4. The invention can defend attacks from other user applications inside the container.

The invention checks the communication, file sharing and the like among different applications in the container. In addition to preventing attacks from other user applications within the container, it is also possible to prevent attacks that the in-container applications collude with the untrusted operating system and thereby launch on other user applications/data.

5. The invention provides a method for constructing a trusted execution environment by utilizing the structural characteristics of an ARM system, and can safely run the existing application program on a malicious operating system which is completely controlled by an attacker.

6. The invention utilizes the credible operation environment and combines the credible service mechanism provided by the invention, so that different applications of different users in the container can carry out safe communication and control flow synchronization.

7. The invention automatically protects the container mirror image from the Docker official warehouse without any modification of the existing mirror image by the user.

8. The invention provides a security enhancement scheme based on TrustZone technology for the existing multi-user and multi-process container environment, and effectively prevents an untrusted common world operating system from attacking the user container. The modules of the trusted execution environment, the secure file system and the like can also be used for enhancing the security of the user program in other environments.

Drawings

Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:

FIG. 1 is a system architecture diagram of one embodiment of the present invention;

FIG. 2 is a flowchart illustrating a trusted image download process according to an embodiment of the present invention;

FIG. 3 is a flow chart of the secure container activation according to an embodiment of the present invention;

FIG. 4 is a system call check flow diagram of a container process according to an embodiment of the invention;

FIG. 5 is a flow diagram of secure file system access according to an embodiment of the present invention;

FIG. 6 is a flow diagram of a secure control flow synchronization service usage of an embodiment of the present invention;

FIG. 7 is a flowchart illustrating the use of a secure interprocess communication service according to an embodiment of the invention.

Detailed Description

The following examples illustrate the invention in detail: the embodiment is implemented on the premise of the technical scheme of the invention, and a detailed implementation mode and a specific operation process are given. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.

Examples

The embodiment provides a container isolation enhancing system based on ARM TrustZone, which can effectively solve the problems encountered in the prior art, and comprises:

how to utilize the features of the ARM platform's own architecture to maintain any of a number of trusted execution environments for a container? The ARM TrustZone hardware technology provides only a single trusted execution environment called the "secure world". And the safety among containers cannot be improved by simply applying different containers in a 'safe world'. Therefore, how to utilize the "secure world" is crucial to providing an exclusive trusted execution environment for each container process.

How to prevent an attack on the container application while relying on the untrusted operating system to provide services? Application programs (including applications in containers) rely on system calls provided by the operating system to perform a number of functions (e.g., file access, network communications, etc.). For a multi-user, multi-application container environment, different applications will depend on the operating system for sharing files, synchronizing execution streams, inter-process communication, etc. An untrusted operating system may utilize these system services to steal private data in the container application or to manipulate the execution flow of the container application.

How to accommodate an existing container image? As a widely used technology, there are millions of container images on the internet, and users can conveniently download the images and start a container. With the most widely used Docker container management tool, in the official Docker warehouse, there have been nearly one million Docker container images. The container security system thus designed must be compatible with existing container images.

In order to prevent the untrusted operating system from directly accessing and tampering the memory data of the application program in the container, and controlling the instruction flow of the application program in the container, the embodiment will first create a trusted execution environment for each container application process. The TrustZone hardware technology of the ARM platform provides a trusted execution environment called a "secure world", an original common operation environment called a "common world", the "secure world" can access all hardware resources (memory, registers, external equipment and the like) of the "common world", and the "common world" cannot access the hardware resources of the "secure world". Based on a "secure world" provided by hardware, the embodiment first controls page table mapping in the "ordinary world" to prevent an untrusted operating system from accessing a memory of a container application; then, the embodiment clamps the switching between the container application and the untrusted operating system, thereby ensuring that the register of the container application and the control flow are not tampered. Through the above two methods, the present embodiment can provide an exclusive trusted execution environment for each container application.

Then, the embodiment also needs to prevent the untrusted operating system from maliciously manipulating the system service provided to the container application, so as to steal the user privacy in the container application and tamper the control flow of the container application. This embodiment mainly protects three types of system services:

a file system: the container application relies on file system services provided by the operating system. In this embodiment, all file system related services called by the container application are sandwiched, and files are encrypted and subjected to hash calculation, so that the privacy and integrity of the files inside the container are ensured. Meanwhile, the operating system may maliciously control the file access permission to reveal the privacy of the user, and the embodiment also performs permission examination on file access of all container applications.

Performing a stream synchronization service: the present embodiment contemplates a multi-user, multi-application complex container environment. In this environment, it is agreed that different applications inside the container need to rely on the services of the operating system for some cross-process execution flow synchronization operations. For example, IPC semaphores are used so that different application processes do not access a resource at the same time, causing data race (data race), resulting in unpredictable execution results. An untrusted operating system can interfere with the normal execution of applications in the container by controlling these execution stream synchronization services, and can even further steal private data of applications in the container. The embodiment will clamp and check the execution flow synchronization service called by the application in the container, including signal(s) sending and receiving, semaphore, file lock, etc., to ensure the correctness of their semantics.

Interprocess communication service: different processes in the same container can also communicate among application processes in the modes of pipelines (pipe), IPC message queues, IPC shared memory and the like. Because most existing applications consider the operating system to be trusted, they do not nearly encrypt interprocess communications. This means that a hacked operating system can easily steal or even tamper the content of any interprocess communication, thus stealing the data of the container process and holding the control flow of the container process. This embodiment will first clamp all interprocess communications. For the communication methods of 'message transmission' such as pipelines, IPC message queues and the like, the communication content is protected by a cryptography method. For the special communication mode of the shared memory, the embodiment ensures that only the legal memory sharing process can access the corresponding shared memory by controlling the page table, and the untrusted operating system cannot access any shared memory.

In addition to ensuring security of the container during operation, the present embodiment also needs to provide secure container management functions. The method comprises two processes of trusted container image downloading and secure container starting. Trusted container image download first ensures the integrity of the downloaded container image from the official image repository, while also performing some initialization work for the downloaded container image. The safety container starting process firstly verifies the identity and integrity of the starting container, and negotiates a communication key with a container management client of a user side to ensure that a user can safely control the self container after the container is started.

The technical solution of the present embodiment is further described in detail with reference to the accompanying drawings.

A specific system embodiment of the present invention is shown in fig. 1. The user terminal runs a container management client terminal for sending instructions to the container running on the server terminal. On the server side, the TrustZone security extension of ARM divides hardware into a common world and a secure world. The common world runs untrusted operating systems, untrusted container management modules, and any number of user containers. There may be multiple container processes in each container, each running in a trusted execution environment maintained by the present embodiment.

In the secure world, there are a number of modules that enhance security. The page table management module, the register protection module and the system calling clamping module are responsible for maintaining a plurality of trusted execution environments. The file system security enhancement module, the execution stream synchronization service security enhancement module and the interprocess communication service security enhancement module are used for enhancing the security of the service of the untrusted operating system and preventing the untrusted operating system from stealing container process privacy data and tampering container process control flow by providing malicious system service. The trusted container image download module and the secure container start module provide secure container management functions.

The specific implementation of each module in this embodiment will be described in detail below:

[ Container management client ]

And the container management application program runs on the user side and is used for connecting with the container of the server side and sending a user instruction to the container of the server side.

[ untrusted operating system ]

Managing hardware resources in the common world, and providing a running environment and required services for application programs. The module has more security holes due to the huge code amount of the module, so that the module is easy to attack.

[ untrusted Container management Module ]

The method is used for carrying out basic management operation on the container, such as checking the use condition of a CPU, starting the container and the like. Due to the untrusted operating system, the module is also vulnerable to attackers. Therefore, for two key operations of container image downloading and container starting, the security of the trusted container image downloading module and the security container starting module in the security world is enhanced.

[ trusted execution Environment ]

In the trusted execution environment maintained by this embodiment, hardware resources such as memory and registers of the environment are not directly accessible by the untrusted operating system.

[ Page Table management Module ]

When a processor (CPU) accesses memory, it needs to translate virtual memory addresses into physical memory addresses in order to read/write data from/to the physical memory. The page table is responsible for storing the mapping from the virtual memory to the physical memory, and the processor automatically completes the conversion from the virtual address to the physical address according to the mapping relation in the page table. Thus once the page table is controlled, it will also be able to control access to physical memory by any process (including the operating system). The page table management module of this embodiment first manages all the page tables of the entire system exclusively, and then protects the memory of the container process by controlling the page table, so as to restrict the untrusted operating system from accessing the memory of the container process.

In order to implement the exclusive page table control of the page table management module, the embodiment needs to limit the access of the untrusted operating system to the page table. On the ARM platform, management of page tables (enable certain page tables, close/open page table functions) needs to be implemented by some special instructions. In this embodiment, all the special instructions in the untrusted os kernel are searched first, and instead of the special instructions, corresponding requests are sent to the page table management module. The page table management module then ensures that the page table pages (the physical memory pages storing the page tables) are "read-only" to the general world, while ensuring that the code of the operating system kernel is "non-writable". To this end, the page table management module implements "exclusive" management of the page table. For all page table modification operations, the untrusted operating system must forward them to the page table management module for completion.

The page table management module may then modify the operating process audit for all page tables according to some security policy, such as: 1) executable code in all kernel states must be marked as "unwritable"; 2) any physical memory mapped to the trusted execution environment cannot be mapped to the operating system; 3) and different trusted execution environments can share the corresponding physical page only after the shared memory operation is completed through the inter-process communication service security enhancement module.

[ register protection Module ]

The register protection module needs to ensure that the untrusted operating system cannot directly access or modify register information of the trusted execution environment. First, the register protection module needs to intercept the switch between all user mode processes and the kernel of the untrusted operating system in kernel mode. And then, in the switching process, the register protection module is responsible for finishing register storage and recovery work of the trusted operating environment, so that the condition that the register information of the trusted operating environment cannot be tampered/stolen arbitrarily by the untrusted operating system is ensured.

For two different switching operations of entering and exiting the kernel of the untrusted operating system, the module adopts different interception methods. Firstly, under the ARM platform, the operation of all user modes entering the kernel of the untrusted operating system is realized by processing an exception (execution). The handling of all exceptions is done by an exception handling function stored in an exception vector table whose address is stored in a special physical register (VBAR). The register protection module first ensures that all instructions in the operating system that modify the physical registers are replaced with corresponding requests sent to the register protection module. And then, inserting a switching instruction (the switching instruction refers to the smc instruction and is a special instruction of the ARM processor) in an exception handling function maintained by the exception vector table, thereby ensuring that all behaviors entering an untrusted operating system kernel are intercepted by the register protection module.

The exit from the kernel mode to the user mode can be completed only by a few very limited instructions, and under the latest ARMv8 structure, an eret instruction is adopted for completion. The register protection module ensures that no instruction for exiting the kernel mode exists in the kernel code of the untrusted operating system, and all exiting operations must be forwarded to the register protection module to be completed. Thereby intercepting all operations exiting the untrusted operating system kernel.

[ SYSTEM-CALL MODULE ]

The application uses system services provided by the untrusted operating system through system calls, and in order to be able to audit these service processes, the system call holding module ensures that all system calls initiated by the trusted execution environment will be captured by the module first.

Under the ARM platform, the system call is implemented by a specific "svc" instruction, and the execution triggers a specific exception. The module will implant a special hook (the special hook refers to an smc instruction) at the exception handling function to ensure that all system calls will be handled by the system call holding module.

Note that the page table management module ensures that the code of the untrusted operating system cannot be modified, so the register protection module and the "hook" that the system call holding module implants in the exception handling function will not be tampered with by the untrusted operating system.

[ File System Security enhancement Module ]

This embodiment protects three types of system services, which are file systems and execute a set of inter-process communication services of the stream synchronization service. The file system security enhancement module is responsible for ensuring the privacy and integrity of the container application file system and simultaneously ensuring the access authority of the file system.

In order to ensure the privacy of the file, the module intercepts and captures the file system access operation of all containers by using a system call clamping module and encrypts all file write operations. And simultaneously, all file reading operations are decrypted correspondingly.

In order to ensure the integrity of the file, the module maintains a piece of metadata for each container file, wherein the metadata includes the hash value and the version number of the file content. Each write operation updates the hash value and version number and the module itself records the latest version number. When the container process reads the file, the module firstly verifies the hash value and the version number of the read content, and returns the read content to the container process after the verification is passed.

In order to verify the authority, the module firstly intercepts the system call of the users corresponding to all the modification containers and tracks the corresponding users of the current process. And then, the module additionally stores an authority information in the metadata of each file, and performs authority check on all intercepted file access operations according to the authority information.

The metadata used in the module is automatically created by the trusted container mirror image download module when the mirror image is downloaded. And meanwhile, the module modifies the metadata according to the system call called by the user. The metadata is encrypted using a container unique encryption key and stored on the hard disk. The encryption key used will be protected by the module and stored in a trusted storage medium (e.g., RPMB provided by ARM platform) before shutdown.

[ enforcement stream synchronization service security enhancement module ]

The execution flow synchronization service is used to synchronize execution flows between different processes, and mainly includes semaphores, locks, signals, and the like. The execution flow synchronization service security enhancement module analyzes the corresponding semanteme by intercepting the corresponding system call, thereby controlling the execution flow of the container process and ensuring that the execution flow is not tampered by an untrusted operating system.

For semaphores and locks, the module intercepts all corresponding system calls, including initialization, acquisition, and release of resources. For all the acquisition operations, once the resource does not meet the requirement (the semaphore is insufficient or the lock is occupied), the module organizes the current container process to continue execution, thereby ensuring the semantic correctness of the execution flow synchronization service.

For the special synchronous operation of the signals, the module intercepts all the signals inserted into the container process and checks the signals. Each signal needs to have a corresponding trigger event before it can be inserted into the container process.

[ INTER-PROCESS COMMUNICATION SERVICE SECURITY ENHANCEMENT MODULE ]

The data transmission mode between processes mainly includes two types, the first is direct data transmission, such as pipe (pipe) and message queue. For the communication mode, the module adopts an encryption mode for protection. First, the module identifies all communication channels by intercepting system calls, then generates a communication key for each channel, and encrypts the channels in the subsequent communication process.

The second communication method is shared memory, and different processes can map respective sections of virtual memory spaces to a same section of physical memory space through system call, so that communication is performed based on the shared memory. Unlike the interprocess communication method based on the communication channel, the shared memory only needs the help of the operating system when being established, and does not need the interference of the operating system when in communication. This means that it is difficult for the module to intercept the inter-process communication mode based on the shared memory.

Therefore, the module performs the protection of the shared memory by the page table management module. Specifically, when the shared memory is established, the module notifies the page table management module, thereby helping different container application processes to complete the establishment of the shared memory. The page table management module will then ensure that no other processes, including the operating system, can map the physical memory pages corresponding to the shared memory. Therefore, the safety of the interprocess communication service based on the shared memory is directly ensured.

Trusted container mirror image download module

After the security of the container during operation is ensured, the embodiment still needs to ensure the downloading of the container image and the security of the container during starting. The trusted container mirror image downloading module is used for verifying the integrity of the downloaded container mirror image and simultaneously carrying out initialization work on the container mirror image so as to ensure that the file system security enhancement module can work normally.

The module firstly establishes a trusted network connection encrypted by an SSL protocol with a mirror image warehouse, then directly acquires a container mirror image from the mirror image warehouse, and verifies the integrity of the mirror image by calculating a hash value. After the mirror image downloading is finished, the module carries out initialization operation on the mirror image. First, a mirror unique mirror key is generated, which is used to encrypt other keys within all mirrors. And traversing all files in the mirror image, encrypting each file, calculating the hash value of the file content, and generating a metadata file. The processed container mirror image is delivered to an untrusted container management module in the ordinary world for storage.

[ safety container Start Module ]

The secure container starting module is used for ensuring the security of the container during starting, ensuring that the container operates correctly in the trusted execution environment maintained in the embodiment, and simultaneously establishing a trusted communication channel for the container and the container management client of the user side.

When the container is started, the module firstly verifies the integrity of the starting mirror image, and ensures that the started container application runs in the trusted execution environment maintained by the embodiment. The module will then negotiate a communication key with the container management client and use that key to encrypt all inputs and outputs of the container application (the default inputs and outputs of the container application will be sent to the container management client)

The embodiment of the method of the invention is based on the ARM TrustZone-based container isolation enhancement system, and specifically comprises the following steps: the method comprises a trusted mirror image downloading flow, a safety container starting flow, a container process system calling checking flow, a safety file system access flow, a safety control flow synchronization service using flow and a safety interprocess communication service using flow.

[ trusted mirror download procedure ]

Step 1: and establishing a trusted download channel. The trusted container mirror image downloading module firstly establishes an SSL encryption channel with a remote mirror image warehouse to ensure the identity verification of the mirror image warehouse, the exchange of channel encryption keys and the like. And once the identity verification of the mirror image warehouse fails, the trusted mirror image downloading process is immediately ended.

Step 2: the container image is downloaded. And the trusted container mirror image downloading module finishes the downloading of the container mirror image through the previously established trusted downloading channel.

And step 3: and verifying the integrity of the image. The integrity of the image can be verified by calculating the hash value of the image and comparing it with the hash value of the image obtained from the image repository. If the completeness of the mirror image is damaged, the downloading process is immediately ended.

And 4, step 4: and encrypting the user file in the image. The trusted image downloading module firstly generates an encryption key-image key unique to the image. All files inside the mirror are then encrypted using the key.

And 5: file metadata is generated. Traversing each file in the mirror image, hashing the content of each file, and storing metadata such as a hash value, an initial version number, file authority and the like into a corresponding metadata file. And simultaneously, encrypting the metadata file by adopting a mirror image key. After the metadata generation is completed, the downloaded scene file carries out normal initialization work on the alternating current container management module. This part works as a general technology of the existing container management tool, and is not the innovative design of the present embodiment, and therefore will not be described in detail here.

[ safety Container Start-Up procedure ]

Step 1: a container initiation request is sent. The container management client sends a container start request to the secure container start module through an SSL channel. The request includes a start instruction, a start image ID, a start application name, container application parameters, and the like.

Step 2: the preparation work is started. The starting request is firstly forwarded to an untrusted container management module in the ordinary world, and the preparation work of starting is completed, and comprises the following steps: retrieving the boot container image, completing the initialization of the container namespace, and the like.

And step 3: the boot image is verified. After the preparation is completed, the untrusted container management module invokes a specific system call to launch the first application of the container. At this time, the secure container start module intercepts the system call and verifies the integrity of the file system to which the current container is hung. The container boot process will terminate immediately once the current container image does not correspond to the user-specified boot image, or the files within the image have been tampered with.

And 4, step 4: a communication key is negotiated. After the image is verified, the secure container start-up module negotiates a communication key with the container management client, and all interactions between the user and the container are encrypted using the key.

And 5: the container application is started. The secure container launch module will then run the container application in the trusted execution environment maintained by the present embodiment. This process includes page table initialization of the container application process, file system hang, application code loading, and so on.

Step 6: the container start is complete. Finally, the operating system will switch to the execution entry of the container application to start executing the container application. And the standard output of the container application is sent to the container management client through the trusted channel. The default application standard inputs are also obtained from the container management client through the trusted channel.

[ checking procedure for System Call of Container Process ]

Step 1: the process initiates a system call. The container process calls the system call by executing the "svc" instruction through standard library functions.

Step 2: the operating system traps exceptions. The instruction triggers a special exception that traps the operating system kernel. The kernel handles the exception through a specific exception handling function.

And step 3: and switching to an interception module. In the embodiment, a hook is implanted at an entry of an exception handling function of the untrusted operating system, so that the exception is ensured to be firstly switched to a system call interception module for processing.

And 4, step 4: and acquiring a system calling number. The system call uses a system call number to indicate the system function that the process wants to invoke. Under the ARM platform, the system call number is asserted in the "X8" register. The system call interception module acquires the system call number so as to determine the system call called by the process.

And 5: and acquiring a system calling parameter. And analyzing parameters transmitted by the system call according to different system calls, and analyzing the semanteme of the parameters.

Step 6: the system call is checked. After the specific system call semantics are obtained, a one-stage check can be performed on the system call. This phase includes checking whether the application has system call permissions and a record of this system call.

And 7: the kernel completes the system call. And after the first-stage check is finished, switching to the kernel of the untrusted operating system to perform normal processing of system call.

And 8: and switching to an interception module. When the untrusted operating system kernel completes the system call and returns to the container process, the return operation is first intercepted by the system call interception module.

And step 9: and acquiring a system call return value. And acquiring a specific return value of the system call by the interception module, and judging the system call type corresponding to the return value according to the information acquired in the previous step 4 and the step 5.

Step 10: the system call return value is checked. And checking whether the return value of the system call is legal or not according to different system call types.

Step 11: and returning to the application process. And after the checking is finished, returning to the application process, and finishing the system calling.

[ Security File System Access procedure ]

The file writing operation process comprises the following steps:

step 1: and initiating a file writing operation. And calling a system call by the container application process to perform file writing operation.

Step 2: system calls are intercepted. The system call interception module intercepts the write operation, and forwards the system call to the file system security enhancement module for processing.

And step 3: and (6) checking the access right. The file system security enhancement module firstly checks whether the current application process has the corresponding file access authority.

And 4, step 4: the write content is encrypted. The file system security enhancing module firstly obtains a file encryption key corresponding to the target file. And then encrypting the file content needing to be written by taking the block as granularity.

And 5: and updating the hash value. The file system security enhancement module calculates hash values of the written file contents with the block as strength, and updates the corresponding hash values in the corresponding metadata files.

Step 6: the version number is updated. And the file system security enhancement module updates the current latest file version number and writes the version number into the corresponding metadata file. Meanwhile, the file system security enhancement module itself will also save the version number.

And 7: the write operation is completed. After updating the corresponding metadata, writing the encrypted file content into the target file, and simultaneously returning the system calling operation to the user process.

File reading operation flow:

step 1: a file read request is initiated. And initiating a file read-removing system call by the container application process to perform file read operation.

Step 2: and (6) checking the access right. And the system call intercepting module intercepts the system call, records the system call, and forwards the call to the file system security enhancing module for checking the access authority.

And step 3: the encrypted file content is read. After the check is passed, the request is forwarded to the operating system for completion. And the untrusted operating system reads the encrypted file and returns the read ciphertext to the container application process.

And 4, step 4: system call returns are intercepted. The system call interception module intercepts the system call return and forwards the return to the file system security enhancement module for checking.

And 5: and decrypting the read content. The file system security enhancement module decrypts the read file ciphertext according to the key corresponding to the file.

Step 6: and verifying the hash value and the version number. And comparing the hash value of the decrypted file content with the hash value in the file metadata by using the metadata corresponding to the reading file of the file system security enhancement module. And simultaneously comparing whether the file version recorded in the file metadata is the same as the latest file version recorded by the file system security enhancement module.

And 7: the read operation is complete. And after the hash value and the version number are verified, returning the decrypted file original text to the application process, and finishing the file reading operation.

[ safe control flow synchronization service usage procedure ]

Step 0: a control flow synchronization object is created. The container application first creates a control flow synchronization object through a system call. And then, the control flow of different application processes is coordinated by performing acquisition/release operation on the object.

And (3) resource acquisition operation:

step 1: and acquiring the object resource. The application process initiates a control flow resource acquisition operation, which is completed by a special system call.

Step 2: the request is intercepted. The system call holding module intercepts the system call and forwards the system call to the execution flow synchronization service security enhancement module for processing.

And step 3: waiting for the object resource. The security enhancement module of the execution stream synchronization service maintains corresponding resource values (e.g. mutex lock, the maximum value of the corresponding resource is 1, and the semaphore is the initial value of the semaphore) for different control stream synchronization objects. For each resource acquisition operation, the module determines whether the current resource value is sufficient.

And 4, step 4: successfully acquire/wait. If the resource value is enough, the corresponding resource value is subtracted by the security enhancement module of the stream synchronization service, and the acquisition request is completed. If the current resources are not sufficient, the fetch operation will enter the wait queue until sufficient resources are available.

And 5: the acquisition operation is completed. And after the resources are successfully acquired, returning to the application process, and finishing the acquisition operation.

And (3) resource releasing operation:

step 1: and releasing the object resource. And the container application process initiates a resource release operation through system call.

Step 2: the request is intercepted. The operation is firstly intercepted by a system call interception module and forwarded to an execution flow synchronization service security enhancement module.

And step 3: the release operation is recorded. And the execution stream synchronization service security enhancement module records the release operation and releases the resource value corresponding to the object. At the same time, a waiting resource acquisition process is also selected, allowing it to continue with the resource acquisition operation.

And 4, step 4: the release operation is completed. And after releasing the resources, returning to the application process, and finishing the releasing operation.

[ safety inter-process communication service usage flow ]

Step 0: a communication channel is created. The container application first establishes a communication channel by making a system call. For the special communication mode of the shared memory, once the channel is established, the communication can be carried out between the applications without the following steps. For the communication methods such as pipe (pipe) and message queue (message queue), the following message sending and receiving processes still need to be performed.

Step 1: a channel key is created. After the communication channel is established, the interprocess communication service security enhancement module maintains a unique communication key for the channel.

And a message sending process:

step 2: and sending the message. The container application process sends the message through system call.

And step 3: the request is intercepted. And the system call interception module intercepts the system call and forwards the call to the interprocess communication service security enhancement module for processing.

And step 3: the message content is encrypted. And the interprocess communication service security enhancement module encrypts the communication content to be sent according to the key of the corresponding communication channel.

And 4, step 4: the sending operation is completed. And sending the encrypted message content by the untrusted operating system. And returning to the application process after the transmission is finished, and finishing the message transmission operation.

And (3) message receiving process:

step 2: the message is accepted. And the container application process receives the message content sent by other processes through system call.

And step 3: and receiving the message ciphertext. And utilizing the untrusted operating system to accept the message.

And 4, step 4: and intercepting the message return. After the message is received, the system call return operation is intercepted, and the return content is checked and processed by the interprocess communication service security enhancement module.

And 5: the message content is decrypted. The interprocess communication service security enhancement module decrypts the received message.

Step 6: the accept request is completed. And the content of the message after the secrete is uncovered is sent to an application process, and the message receiving process is completed.

The system for enhancing the isolation of the container based on the ARM TrustZone provided by the embodiment comprises:

1. all attacks from applications outside the container can be defended.

With the trusted execution environment provided by this embodiment, any application outside the container cannot access the memory used by the application inside the container, and the execution state of the application inside the container is disturbed. Therefore, the invention can protect the application in the container and the privacy of the user and is not damaged by the application outside the container.

2. All attacks from other containers can be defended.

The trusted execution environment also isolates the applications of different containers, and ensures that the applications in different containers cannot access the memories, control states and the like of other applications, so that attacks from other containers can be defended.

3. All software attacks from untrusted operating systems can be defended.

Direct access of the untrusted operating system to the container application memory, registers, etc. is restricted, thereby preventing direct attacks (directly stealing memory data, tampering application control flow, etc.) by the untrusted operating system to the container application.

Meanwhile, all services depending on the untrusted operating system are checked, and the untrusted operating system is prevented from attacking the container application by providing malicious system services.

4. Attacks from other user applications inside the container can be defended.

Communication, file sharing, etc. between different applications inside the container are examined. In addition to preventing attacks from other user applications within the container, it is also possible to prevent attacks that the in-container applications collude with the untrusted operating system and thereby launch on other user applications/data.

The technical scheme of the embodiment has the following beneficial effects:

1. by utilizing the structural characteristics of the ARM system, the method for constructing the trusted execution environment is provided, and the existing application program can be safely operated on a malicious operating system which is completely controlled by an attacker.

2. By utilizing the trusted operating environment and combining the trusted service mechanism provided by the invention, different applications of different users in the container can carry out safe communication and control flow synchronization.

3. The container images from the Docker official warehouse are automatically protected without any modification of existing images by the user.

In this embodiment:

with the ARM TrustZone technology, a trusted execution environment is created in the general world that cannot be accessed by the operating system.

By removing the critical instructions, the ordinary world operating system is restricted from executing the special privileged instructions, thereby achieving exclusive (exclusive) page table management.

Two different page table base address registers of the ARM system structure are utilized to isolate the virtual memory address space of the ordinary world untrusted operating system and the easy application process, and the ordinary world operating system is prevented from accessing the physical memory pages distributed to the container application process.

By using the TrustZone technology, the switching between all container application processes and the common world operating system is clamped, the context (registers and the like) of the container application processes is further protected, and the common world operating system is prevented from clamping the execution flow of the container application.

And the security of a file system used by the container application is ensured by utilizing the hardware characteristic.

And checking the access of all file systems by switching the application process of the holding container and the common world operating system, and encrypting and decrypting the reading and writing of the file. Meanwhile, the Hash tree ensures the integrity of the file content.

And the TrustZone is utilized to realize the control of the file access authority among different processes and different users in the container.

And the TrustZone technology is utilized to ensure the safety of control flow synchronization service and interprocess communication service among different container application processes.

And carrying out system call of a control flow synchronization service initiated by an application process in the container, and providing a safe and credible control flow synchronization service for the container by utilizing the TrustZone technology.

The interprocess communication service initiated by the application process in the container is held, encryption keys are bound for different communication channels, the safety of communication data is ensured, and meanwhile, the access authority control is carried out on the communication channels.

And the trusted container management service is realized by utilizing the TrustZone technology.

The automated container mirror image preprocessing method is compatible with the existing mirror image.

And identifying a container starting request initiated by a user by utilizing a TrustZone technology, and carrying out integrity verification on starting parameters of the container to ensure that the started container is consistent with the user request.

And creating a communication key for each separate container starting request, and protecting the safety of communication data between the application and the user in the container by holding a communication channel between the application and the user in the container.

And a TrustZone technology is utilized to maintain a single trusted execution environment for each container application process, so that the data such as the memory, the register and the like of the container application cannot be tampered by the common world operating system.

The trusted file system is realized by holding file system access operation initiated by application, encrypting/decrypting file read-write content and controlling file access authority in a container.

And the trusted interprocess communication service and the control flow synchronization service.

The safe container management service comprises the steps of automatically verifying the integrity of a downloaded container mirror image, automatically constructing a trusted container mirror image, verifying the integrity of container starting parameters, protecting the communication safety between a user and a container and the like.

Abbreviations and key terms are defined in this example:

a container: a lightweight virtualization technique. A user-defined execution environment can be quickly started using an interface provided by the operating system.

Docker: an open source container management tool that can help users manage container images and start, pause, manage containers.

Docker mirror image: the system mainly comprises a file system of a container, and the Docker can start the container according to the Docker mirror image.

Docker warehouse: and a container mirror image management platform, wherein a user can upload the container mirror image of the user to the warehouse and download the container mirror image shared by other users from the warehouse.

The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes and modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention.

Claims

1. A container isolation enhancement system based on ARM TrustZone is characterized by comprising:

the container management client runs on the client;

wherein:

2. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein none of the hardware resources in the trusted execution environment are directly accessible to the untrusted operating system.

3. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the page table management module manages all page tables of the entire untrusted operating system exclusively, protects the memory of the container process by controlling the page tables, and restricts the untrusted operating system from accessing the memory of the container process;

the page table management module searches all instructions for managing the page table in the kernel of the untrusted operating system and replaces the instructions with the instructions for sending corresponding requests to the page table management module; the page table management module ensures that a physical memory page storing the page table is read only in the common world, and simultaneously ensures that a code of an untrusted operating system kernel is unwritable, so that exclusive management of the page table by the page table management module is realized.

4. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the register protection module ensures that untrusted operating systems cannot directly access or modify register information of trusted execution environments; the register protection module intercepts and captures switching between all user mode processes and a kernel of a kernel-mode untrusted operating system; in the switching process, the register protection module is responsible for finishing register storage and recovery work of the trusted operating environment, so that the untrusted operating system can not randomly tamper and/or steal register information of the trusted operating environment;

the switching between the user mode process and the kernel of the kernel mode untrusted operating system comprises the following processes:

all user states enter the operation of an untrusted operating system kernel, and are realized by processing the exception; processing all exceptions is done by an exception handling function stored in an exception vector table, the address of which is stored in a physical register; the register protection module replaces all instructions for modifying the physical registers in the untrusted operating system with instructions for sending corresponding requests to the register protection module, and inserts a switching instruction in an exception handling function maintained by an exception vector table to ensure that all behaviors entering the untrusted operating system kernel are intercepted by the register protection module;

5. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the system call holding module implants a specific instruction at a processing function that handles exceptions triggered at the time of the system call, ensuring that all system calls are handled by the system call holding module.

6. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the file system security enhancement module ensures privacy and integrity of a container application file system, while ensuring access rights of the file system; wherein:

the trusted container mirror image downloading module automatically creates original data when downloading mirror images, and the file system security enhancement module modifies the automatically created original data according to a system called by a user to form metadata of each container file; these metadata are encrypted using an encryption key unique to each container; the encryption key is protected by the file system security enhancement module and is stored in the trusted storage medium before shutdown.

7. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the execution flow synchronization service security enhancement module analyzes corresponding semantics by intercepting corresponding system calls when the execution flow synchronization service synchronizes different processes, controls an execution flow of a container process, and prevents the execution flow from being tampered with by an untrusted operating system.

8. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the interprocess communication service security enhancement module performs the following protection on the interprocess communication process according to the data transmission mode between the processes:

9. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the trusted container mirror image downloading module is configured to verify the integrity of a downloaded container mirror image and initialize the container mirror image to ensure that the file system security enhancement module operates normally; the method specifically comprises the following steps:

10. The ARM TrustZone-based container isolation enhancement system of claim 1, wherein the secure container start module is configured to ensure security of the container when starting, ensure that the container operates correctly in a trusted execution environment, and establish a trusted communication channel for the container and a container management client; the method specifically comprises the following steps: