CN109117625A - The determination method and device of AI software systems safe condition - Google Patents

The determination method and device of AI software systems safe condition Download PDF

Info

Publication number
CN109117625A
CN109117625A CN201710481711.9A CN201710481711A CN109117625A CN 109117625 A CN109117625 A CN 109117625A CN 201710481711 A CN201710481711 A CN 201710481711A CN 109117625 A CN109117625 A CN 109117625A
Authority
CN
China
Prior art keywords
target object
module
real time
digest value
software systems
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710481711.9A
Other languages
Chinese (zh)
Other versions
CN109117625B (en
Inventor
张建永
孙少杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201710481711.9A priority Critical patent/CN109117625B/en
Priority to PCT/CN2018/092027 priority patent/WO2018233638A1/en
Publication of CN109117625A publication Critical patent/CN109117625A/en
Application granted granted Critical
Publication of CN109117625B publication Critical patent/CN109117625B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of determination method and devices of AI software systems safe condition, belong to field of artificial intelligence.The described method includes: the monitoring agent module in AI software systems determines the first digest value of target object; and the first digest value is reported to real time monitoring service module; safety certification is carried out to the target object by real time monitoring service module, safeguard protection is carried out to the target object to realize.It is executed since target object is placed in REE, is conducive to the deployment Relatively centralized of the software frame of the software systems, to be conducive to the hardware and software platform of the AI software systems.In addition, executing relative to critical piece to be placed in TEE, the critical piece for being placed in REE can make full use of the computing resource abundant of the side REE, to realize while guaranteeing critical piece computing capability, carry out safeguard protection to the critical piece.

Description

The determination method and device of AI software systems safe condition
Technical field
This application involves artificial intelligence (Article Intelligence, AI) technical field, in particular to a kind of AI is soft The determination method and device of part system safe condition.
Background technique
Operating system in terminal provides platform for the operation of application software at the terminal namely application software passes through deployment Module on operating system is at all levels realizes the function of the application software, wherein at all levels by operating system is deployed in On the system of module composition be known as the software systems of the application software, such as AI software systems.It should be noted that AI software exists The processing of individual subscriber private data is generally involved in operational process, but the running environment of operating system is predominantly opened at present The rich running environment (Rich executing environment, REE) for putting formula, leads to be deployed in the AI software in operating system The critical piece of system is in the threat for carrying out that Malware may be faced during data processing, therefore, in practical application It need to determine the safe condition of the critical piece in AI software systems, namely determine the safe condition of AI software systems, in order to Safeguard protection is carried out to AI software systems.
For REE bring safety problem, global platform tissue (Global Platform, GP) proposes a kind of credible fortune Row environment (Trusted executing environment, TEE), namely there are two kinds of parallel operations on an operating system Environment, the TEE of open REE and relative close type.The signature and Kazakhstan by TEE are needed due to the program executed in TEE Uncommon (Hash) verification, therefore the available safeguard protection of program executed in TEE.So in the related technology, by AI software system Critical piece in system, which is placed in TEE, to be executed, and other component is then placed in REE and executes, to pass through the key executed in TEE Property component check results determine the safe conditions of the AI software systems, to realize the safeguard protection to AI software systems.Example Such as, it includes that AI frame is answered that Fig. 1, which is one of the relevant technologies the AI software systems based on AI software frame, the AI software systems, With protocol interface (Application Programming Interface, API), model and critical data file, AI frame Main body, hardware abstraction layer (Hardware Abstraction Layer, HAL), algorithm Support Library and central processing unit (Central Processing Unit, CPU), image processing unit (Graphic Processing Unit, GPU), number Signal processor (digital signal processing, DSP) etc. calculates accelerating engine.Wherein, model and critical data text Part and AI chassis body are the critical piece of the AI software systems, therefore can be by model and critical data file and AI frame Frame body is placed in TEE and executes, and other component is then placed in REE and executes, to realize to the AI software system based on AI software frame The safeguard protection of system.It is executed however, the critical piece in AI software systems is placed in TEE, and other component is still placed in It is executed in REE, leads to the deployment relative distribution for constituting the software frame of the AI software systems.
Summary of the invention
In order to solve the software frame of AI software systems when carrying out safeguard protection to AI software systems in the related technology The problem of disposing relative distribution, this application provides a kind of determination method and devices of AI software systems safe condition.The skill Art scheme is as follows:
In a first aspect, providing a kind of determination method of AI software systems safe condition, which comprises
Monitoring agent module in the AI software systems determines that first of the target object in the AI software systems plucks It is worth, first digest value is used to indicate the secure authenticated information of the target object, wherein dispose the AI software systems Operating system running environment include richness running environment REE and credible running environment TEE, the target object and the monitoring Proxy module is placed in the REE, and the target object is more in the operating system to be deployed in the AI software systems The module of any pending safety certification in a module;
First digest value is reported to the real time monitoring service in the AI software systems by the monitoring agent module Module, the real time monitoring service module are placed in the TEE;
The real time monitoring service module receives first digest value;
The real time monitoring service module carries out safety certification according to first digest value, to the target object to obtain To authentication result, the authentication result is used to indicate the safe condition of the target object.
In this application, the target object of pending safety certification is placed in REE, passes through the monitoring generation being placed in REE Reason module and the real time monitoring service module being placed in TEE carry out safety certification to target object, to carry out to the target object Protection, namely realize and the AI software systems are protected.It is executed since target object is placed in REE, is not influencing safety While, be conducive to the deployment Relatively centralized of the software frame of the software systems.
Optionally, the real time monitoring service module carries out safety to the target object according to first digest value Certification is to obtain authentication result, comprising:
The real time monitoring service module is retrieved as described from the Secure Key Storage Module in the AI software systems The second preset digest value of target object, the Secure Key Storage Module are placed in the TEE;
Judge whether first digest value and second digest value one are shown to obtain authentication result;
If first digest value is consistent with second digest value, the authentication result is logical for the safety certification Cross state;
If first digest value and second digest value are inconsistent, the authentication result is the safety certification Do not pass through state.
Specifically, in this application, real time monitoring service module carries out safety certification to target object, is supervised by judgement The first digest value of target object that control proxy module reports with for the second preset digest value of target object it is whether consistent come it is real Existing.
Optionally, the real time monitoring service module is obtained from the Secure Key Storage Module in the AI software systems Before the second preset digest value of the target object, further includes:
It is preset that the real time monitoring service module is retrieved as the target object from the Secure Key Storage Module Digital certificate;
Whether the real time monitoring service module verifies the digital certificate according to the check information in the digital certificate It is legal;
When the digital certificate is legal, the real time monitoring service module triggering, which is executed from the security key, stores mould The operation of the second preset digest value of the target object is retrieved as in block.
In addition, in order to further reinforce the safety of target object, real time monitoring service module is judging monitoring agent First digest value of the target object that module reports with for the second preset digest value of target object it is whether consistent before, Ke Yixian Legitimacy for the preset digital certificate of target object is verified.
Optionally, the method also includes:
It is stored with multiple digital certificates in the Secure Key Storage Module, the monitoring agent module is by described first When digest value is reported to the real time monitoring service module, the mark of the digital certificate is also reported to the real time monitoring and is taken Business module;
Correspondingly, the real time monitoring service module is retrieved as the target object from the Secure Key Storage Module Preset digital certificate, comprising:
The real time monitoring service module obtains institute from multiple digital certificates that the Secure Key Storage Module stores State the corresponding digital certificate of mark.
When being stored with multiple digital certificates in Secure Key Storage Module, for the ease of monitoring service module in real time from peace It is accurately obtained the digital certificate preset for target object in full cipher key storage block, monitoring agent module is by the number of target object The mark of word certificate is also reported to real time monitoring service module, in order to monitor service module in real time according to the number of the target object The mark of word certificate is retrieved as the preset digital certificate of the target object.
Optionally, the real time monitoring service module carries out safety to the target object according to first digest value After certification is to obtain authentication result, further includes:
When the authentication result is that the safety certification does not pass through state, the real time monitoring service module is to the AI Trusted user interface TUI in software systems sends alarm request, and the TUI is placed in the TEE;
The TUI receives the alarm request;
The TUI display alarm information, the warning message are used to indicate to the user that the safety certification of the target object Do not pass through.
Further, the safe condition for understanding the AI software systems in time for the ease of user, when safety certification does not pass through When, real time monitoring server module sends alarm request to TUI, so that user understands mesh by the warning message that the TUI is shown Mark the safe condition of object.
Optionally, the real time monitoring service module carries out safety to the target object according to first digest value After certification is to obtain authentication result, further includes:
The authentication result is sent to the monitoring agent module by the real time monitoring service module.
Further, real time monitoring service module can also recognize this after determining the authentication result of target object Card result feeds back to the monitoring agent module being placed in REE.
Optionally, after the authentication result is sent to the monitoring agent module by the real time monitoring service module, Further include:
When the authentication result is that the safety certification does not pass through state, the monitoring agent module is to default control mould Block, which is sent, terminates request, the process for terminating request and being used to indicate target object described in the default control end-of-module, institute Stating default control module is to be deployed in the operating system and be not belonging to the module of the AI software systems.
Further, monitoring agent module, can after the authentication result for receiving real time monitoring server module feedback With according to the authentication result, execution is correspondingly operated, to carry out safeguard protection to target object.
Optionally, the method also includes:
The monitoring agent module obtains the digital certificate of the target object after upgrading, the number from cloud server Certificate includes the cloud server to the digital signature and digest value after target object upgrading;
The digital certificate of target object after the upgrading is sent to AI software system by the monitoring agent module Secure Key Storage Module in system;
The digital certificate of the stored target object is replaced with the upgrading by the Secure Key Storage Module The digital certificate of target object afterwards.
Since the data of the target object after upgrading may change, at this point, Secure Key Storage Module can lead to It crosses the above method to be updated the digital certificate of the target object of storage, to avoid subsequent real time monitoring service module according to liter The digest value of target object before grade carries out safety certification, and safety certification is caused not pass through.
Optionally, the target object includes the model and critical data file in the AI software systems.
Specifically, for AI software system deployment operating system modules, wherein model and critical data file It is easier to face the threat of Malware, it therefore, in this application, can be by the model and critical data in AI software systems File is as target object, to realize the safeguard protection to model and critical data file in the AI software systems.
Second aspect provides a kind of determining device of AI software systems safe condition, the safe shape of AI software systems The determining device of state has the function of realizing the determination method behavior of AI software systems safe condition in above-mentioned first aspect.It is described The determining device of AI software systems safe condition includes at least one module, at least one module is for realizing above-mentioned first party The determination method of AI software systems safe condition provided by face.
The third aspect provides a kind of determining device of AI software systems safe condition, the safe shape of AI software systems It include processor and memory in the structure of the determining device of state, the memory supports the safe shape of AI software systems for storing The determining device of state executes the program of the determination method of AI software systems safe condition provided by above-mentioned first aspect, Yi Jicun Storage is for realizing data involved in the determination method of AI software systems safe condition provided by above-mentioned first aspect.The place Reason device is configurable for executing the program stored in the memory.The operating device of the storage equipment can also include logical Believe bus, the communication bus is for establishing connection between the processor and memory.
Fourth aspect provides a kind of computer readable storage medium, is stored in the computer readable storage medium Instruction, when run on a computer, so that computer executes AI software systems safe condition described in above-mentioned first aspect Determination method.
5th aspect, provides a kind of computer program product comprising instruction, when run on a computer, so that Computer executes the determination method of AI software systems safe condition described in above-mentioned first aspect.
In above-mentioned second aspect, the third aspect, fourth aspect and the 5th aspect technical effect obtained and first aspect The technical effect that corresponding technological means obtains is approximate, repeats no more herein.
Technical solution provided by the present application has the benefit that
In this application, the monitoring agent module in AI software systems determines the first digest value of target object, and by One digest value is reported to real time monitoring service module, carries out safety certification to the target object by real time monitoring service module, with It realizes and safeguard protection is carried out to the target object.It is executed since target object is placed in REE, while not influencing safety, Be conducive to the deployment Relatively centralized of the software frame of the software systems.
Detailed description of the invention
Fig. 1 is a kind of AI software systems schematic diagram based on AI software frame that the relevant technologies provide;
Fig. 2 is a kind of platform architecture signal of operating system based on Trustzone technology provided in an embodiment of the present invention Figure;
Fig. 3 is a kind of AI software systems schematic diagram provided in an embodiment of the present invention;
Fig. 4 is a kind of Intelligent Dynamic behavior guard system schematic diagram provided in an embodiment of the present invention;
Fig. 5 is a kind of determination device block diagram of AI software systems safe condition provided in an embodiment of the present invention.
Fig. 6 is a kind of determination method flow diagram of AI software systems safe condition provided in an embodiment of the present invention;
Fig. 7 is the determination method flow diagram of another kind AI software systems safe condition provided in an embodiment of the present invention;
Fig. 8 is a kind of terminal structure schematic diagram provided in an embodiment of the present invention.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application embodiment party Formula is described in further detail.
Before carrying out detailed explanation to the embodiment of the present invention, first to the present embodiments relate to name progress It illustrates.
Digest value refers to and calculates specified data according to preset function that this can be represented by, which obtaining, specifies data unique Property value, obtained value is digest value of the specified data.When this specifies data to change, by the specified number after variation Calculating is re-started according to by the preset function, the digest value of the specified data after being changed, the specified number after changing at this time According to digest value will be inconsistent with the digest value of the specified data before variation, therefore, digest value can serve to indicate that the specified number According to secure authenticated information, namely specify by this digest value of data, that is, can determine whether the specified data are modified.Its In, which can be default hash function, also data will be specified to calculate according to default hash function, obtained Hash Value is known as the digest value of the specified data.
Digital certificate refers to the volume of data that communicating pair identity information is used to indicate in internet communication, number card Book is usually to be promulgated by authoritative institution's such as certificate granting center (Certificate Authority, CA).For example, software is opened Quotient is sent out after developing a new software, the center CA is that the software promulgates a digital certificate, to indicate the identity of the software Information.
Digital signature is referred to and is encrypted the digest value of specified data using the private key of unsymmetrical key centering, is encrypted Information later is the digital signature of the specified data, and the equipment for receiving the digital signature can use the asymmetric key pair In public key the digital signature is decrypted, to obtain the digest value of the specified data.
Safety certification refers to a kind of method for determining the safe condition of specified object, usually carries out to specified object Safety certification, that is, verifying whether the specified corresponding data of object were modified or tampered with.Specifically, verifying can be passed through Whether corresponding data are consistent when the specified corresponding data of object initially issue the specified object with software developer is realized, Namely the integrality of object is specified to realize the safety certification for specifying object to this by verifying this.
It is worth noting that, in this application, dispose the operating system of the AI software systems running environment include REE and TEE, therefore, before being illustrated to AI software systems provided in an embodiment of the present invention, first to running environment include REE and The platform architecture of the operating system of TEE is introduced.
It include the platform architecture of the operating system of REE and TEE, ARM (Advanced RISC for running environment Machines) company provides a kind of trusted area (TrustZone) technology, the operation which is used for as terminal System provides the platform architecture that a kind of running environment includes REE and TEE.
Fig. 2 is that the platform architecture 200 of the operating system provided in an embodiment of the present invention based on TrustZone technology is illustrated Figure.As shown in Fig. 2, the platform architecture 200 for being somebody's turn to do the operating system based on TrustZone technology includes safer world (Secure World) and the non-security world (Normal World), wherein the corresponding running environment of safer world is TEE, the non-security world Corresponding running environment is REE.By in operating system hardware and software resource be divided into secure resources and common resources, and will peace Wholly-owned source is placed in safer world, and common resources are placed in the non-security world.
The framework of AI software systems provided in an embodiment of the present invention is described in detail below.It should be noted that portion The operating system for affixing one's name to AI software systems provided in an embodiment of the present invention is operating system shown in Fig. 2, that is, the embodiment of the present invention The AI software systems of offer are the software systems based on TrustZone technology.
As shown in figure 3, the AI software systems 300 include the non-security world and safer world, the operation ring in the non-security world Border is REE, the left-sided system of Fig. 3.The running environment of safer world is TEE, the right-sided system in corresponding diagram 3.The non-security world In be deployed with AI frame API, model and critical data file, AI chassis body, HAL layers, algorithm Support Library, the first inner nuclear layer (Kernel) and monitoring agent module (monitor agent).Real time monitoring service module is deployed in safer world API and the second inner nuclear layer (Trust OS inside (Real-time monitor service), trusted user interface (TUI), TEE kernel).That is, the running environment for disposing the operating system of the AI software systems includes REE and TEE, and monitoring agent module It is placed in REE, real time monitoring service module is placed in TEE, and TUI is also placed in TEE.
Wherein, the corresponding virtual unit (Virtual such as universal cpu, GPU and DSP is deployed in the first inner nuclear layer Devices) and first communicates drive module (Communication driver), is deployed with the second communication in the second inner nuclear layer Drive module and Secure Key Storage Module (Key storage).Modules in first inner nuclear layer and the second inner nuclear layer are all It is drive software module.First communication drive module and the second communication drive module are for realizing the non-security world and safer world Between communication, be for any one component that the non-security world includes, if the component be intended to and safer world in component into Row communication need to be realized by the first communication drive module and the second communication drive module.
It should be noted that AI frame API, model and the critical data file, the AI frame that are deployed in the non-security world Corresponding component in the software systems of main body, HAL layers, algorithm Support Library and the first inner nuclear layer and the relevant technologies shown in FIG. 1 It is identical, that is, will include that each component is placed in REE in AI software systems shown in FIG. 1 in embodiments of the present invention In.That is, AI software systems shown in Fig. 3 can not change the AI software systems relative to AI software systems shown in FIG. 1 Software frame deployment, only on the basis of AI software systems shown in Fig. 1, increased newly monitoring agent module, in real time prison Control service module, Secure Key Storage Module, the communication drive module of TUI and first and the second communication drive module.
Due to will include that each component is placed in REE in AI software systems shown in FIG. 1, it need to be to shown in Fig. 1 AI software systems in critical piece carry out safeguard protection, in order to it is subsequent convenient for explanation, will be disposed in the AI software systems Any module that need to carry out safety certification in multiple modules on an operating system is known as target object, and target object is placed in In REE.
Wherein, carrying out safeguard protection to target object is by the monitoring agent module being deployed in the non-security world and portion It is deployed on the real time monitoring service module in safer world to realize, that is, monitoring agent module and real time monitoring service module For carrying out safeguard protection to target object.Specifically, by monitoring agent module and real time monitoring service module to the target The embodiment that the realization process that object carries out safeguard protection will be given below is described in detail, and is not detailed Jie first herein It continues.
In addition, the TUI being deployed in safer world is used for the safe condition of displaying target object.It is deployed in safer world Secure Key Storage Module for store to target object progress safety certification needed for information, such as the abstract of target object Value.API between the non-security world and safer world for carrying out communicating to provide connecing inside the TEE being deployed in safer world Mouthful.
As shown in figure 3, executed relative to the critical piece in AI software systems is placed in TEE in the related technology, this The deployment Relatively centralized of the software frame for the AI software systems that inventive embodiments provide, to be conducive to the platform of the AI software systems Change.In addition, being executed relative to the critical piece in AI software systems is placed in TEE in the related technology, the embodiment of the present invention It may be implemented that the critical piece is placed in REE while carrying out safeguard protection to the critical piece and execute, such as by AI Chassis body is placed in REE and executes, and in order to which pass AI chassis body makes full use of the computing resource abundant of the side REE, avoids AI chassis body is placed in the computing capability in TEE and influencing the AI chassis body, with realization in guarantee computing capability and favorably While hardware and software platform deploymentization, guarantee the safety of the AI software systems.
For example, the embodiment of the present invention is based on above-mentioned AI shown in Fig. 3 when the AI software is Intelligent Dynamic behavior securing software Software systems additionally provide a kind of Intelligent Dynamic behavior guard system, and following embodiments, which will protect the Intelligent Dynamic behavior, is The framework of system is described in detail.
Fig. 4 is a kind of schematic diagram of Intelligent Dynamic behavior guard system 400 provided in an embodiment of the present invention, as shown in figure 4, The Intelligent Dynamic behavior guard system equally includes the non-security world and safer world, and the running environment in the non-security world is REE, The running environment of safer world is TEE.Application framework (Application is deployed in the non-security world Framework), run-time library (Runtime libraries), browser engine (WEBKIT), viewer (Observer), mould Type file (Model File), class libraries and binary file (Bin&lib files), analyzer (Analyzer), monitoring agent Module and the first inner nuclear layer.Real time monitoring service module, TUI, TEE inside API and the second inner nuclear layer are deployed in safer world.
Wherein, it is disposed in the first inner nuclear layer in module and AI software systems shown in Fig. 3 disposed in the first inner nuclear layer Module it is identical, be no longer described in detail herein.In the module and AI software systems shown in Fig. 3 disposed in second inner nuclear layer The module disposed in two inner nuclear layers is identical, is equally no longer described in detail herein.
It should be noted that being deployed in the application framework in the non-security world, run-time library, browser engine (WEBKIT), viewer, model file, class libraries and binary file, analyzer and the first inner nuclear layer and existing Intelligent Dynamic Corresponding component is identical in behavior guard system, and the function of can refer to the relevant technologies about correlation module describes.That is, In the embodiment of the present invention, it will include that each component is placed in REE in existing Intelligent Dynamic behavior guard system, then exist On the basis of existing Intelligent Dynamic behavior guard system, monitoring agent module, real time monitoring service module, security key are increased newly Memory module, TUI, the first communication drive module and the second communication drive module, to any being deployed in the non-security world Component carries out safeguard protection.
That is, the target object can be class libraries and binary system text in Intelligent Dynamic behavior guard system shown in Fig. 4 Any of part and model file can also include the class libraries and binary file and model file simultaneously.
It wherein, can in such a way that Intelligent Dynamic behavior guard system shown in Fig. 4 carries out safeguard protection to target object In a manner of with reference to safeguard protection is carried out to target object by AI software systems shown in Fig. 3, no longer it is described in detail herein.
Based on AI software systems shown in Fig. 3 and Intelligent Dynamic behavior guard system shown in Fig. 4, the embodiment of the present invention A kind of determining device 500 of AI software systems safe condition is provided, as shown in figure 5, the AI software systems safe condition is really Determining device 500 includes monitoring agent module 501, monitors service module 502, TUI503 and Secure Key Storage Module 504 in real time, These modules respectively correspond the respective modules in Fig. 3 or Fig. 4.Therefore, it is in Fig. 3 or Fig. 4 that the device 500 of Fig. 5, which can be equivalent to, A part of software systems.
Wherein, monitoring agent module 501 is above-mentioned AI software systems shown in Fig. 3 or above-mentioned Intelligent Dynamic shown in Fig. 4 Monitoring agent module in behavior guard system.Monitor in real time service module 502 be above-mentioned AI software systems shown in Fig. 3 or on State the real time monitoring service module in Intelligent Dynamic behavior guard system shown in Fig. 4.TUI503 is above-mentioned AI shown in Fig. 3 TUI in software systems or above-mentioned Intelligent Dynamic behavior guard system shown in Fig. 4.Secure Key Storage Module 504 is above-mentioned AI software systems shown in Fig. 3 or the Secure Key Storage Module in above-mentioned Intelligent Dynamic behavior guard system shown in Fig. 4.
Specifically, monitoring agent module 501, real time monitoring service module 502, TUI503 and Secure Key Storage Module 504 for execute in following embodiments corresponding step namely monitoring agent module 501, real time monitoring service module 502, TUI503 and Secure Key Storage Module 504 are mentioned by the step of the correspondence in the following embodiments of execution for the embodiment of the present invention For a kind of determination method of AI software systems safe condition.So servicing at this monitoring agent module 501, real time monitoring The function of module 502, TUI503 and Secure Key Storage Module 504 does not elaborate first.
It should be noted that the determining device of the AI software systems safe condition is carrying out AI software systems safe condition When determining, only the example of the division of the above functional modules, in practical application, it can according to need and by above-mentioned function It can distribute and be completed by different functional modules, to complete corresponding function.In addition, the AI software systems safe condition determines dress It sets and belongs to same design with the determination embodiment of the method for following A I software systems safe condition, specific implementation process is as described below Embodiment of the method, which is not described herein again.
Next AI software systems safe condition is carried out to the determining device of AI software systems safe condition shown in fig. 5 Determination process is described in detail.That is, the determination method for the AI software systems safe condition that following embodiments provide be based on The method of the determining device of AI software systems safe condition shown in Fig. 5.
It should be noted that in embodiments of the present invention, real time monitoring service module carries out safety certification to target object It can be realized by following two mode, first is that directly carrying out safety to target object according to the first digest value of the target object Certification, second is that being carried out simultaneously according to the first digest value of target object and for the preset digital certificate of target object to target object Safety certification.Next embodiment will respectively be described in detail both of these case.
Fig. 6 is that method is determined the embodiment of the invention provides a kind of AI software systems safe condition, and this method is applied to Fig. 5 Shown in AI software systems safe condition determining device 500, and this method is for monitoring the direct basis of service module 502 in real time First digest value of the target object carries out target object in the scene of safety certification, and referring to Fig. 6, this method includes following step Suddenly.
Monitoring agent module 501 in step 601:AI software systems determines the of the target object in the AI software systems One digest value.
Wherein, the first digest value is used to indicate the secure authenticated information of target object, that is, can be with by the first digest value Judge whether target object is modified.In addition, target object, which refers to, disposes on an operating system multiple in AI software systems The module of any pending safety certification in module.
In one possible implementation, determine that the implementation of the first digest value of target object can be with are as follows: monitoring Proxy module 501 determines the data of target object, and carries out Hash meter according to data of the default hash function to the target object It calculates, obtains the cryptographic Hash of the target object, the cryptographic Hash of the target object is determined as to the first digest value of the target object.
It should be noted that in embodiments of the present invention, monitoring agent module 501 can also determine by other means should The digest value of target object, as long as guaranteeing that obtained digest value can be used for judging whether target object is modified.
In addition, monitoring agent module 501 determines that the opportunity of the first digest value of target object can be divided into following two kinds of feelings Condition.
(1) in order to avoid monitoring agent module 501 determines that the data of target object lead to the data that need to be handled excessively in real time Huge, monitoring agent module 501 can periodically determine the data of target object, namely periodically determine the of target object One digest value namely monitoring agent module 501 determine the data of target object every predetermined period.The preset period of time is pre- The time cycle being first arranged.
(2) monitoring agent module 501 determines target object when receiving the safety certification instruction for target object First digest value.Wherein, predetermined registration operation triggering namely user can be passed through by user for the safety certification instruction of target object The safety certification to target object can be actively initiated by predetermined registration operation.In addition, should refer to for the safety certification of target object Order can also detecting the corresponding AI application software of the AI software systems, there are touchings when service exception by monitoring agent module 501 Hair, can also be by the triggering when detecting that the corresponding AI application software of the AI software systems is upgraded of monitoring agent module 501.
It should be noted that for AI software systems shown in Fig. 3, the model being deployed in the non-security world and crucial number According to the critical piece that file is usually in the AI software systems, therefore mesh can be set by the model and critical data file Mark object.Certainly, in embodiments of the present invention, which may be the other component in the AI software systems, herein It is not specifically limited.
Specifically, for Intelligent Dynamic behavior guard system shown in Fig. 4, which can be class libraries and binary system At least one of file and model file.
Step 602: the first digest value is reported to the real time monitoring service in the AI software systems by monitoring agent module 501 Module 502.
Since the program executed in TEE need to carry out safety certification, in order to determine the safe condition of the target object, First digest value can be reported to and set after determining the first digest value of the target object by monitoring agent module 501 Real time monitoring service module 502 in TEE is recognized in order to monitor service module 502 in real time to target object progress safety Card.
Specifically, as shown in Figure 3 or Figure 4, monitoring agent module 501 is driven by being deployed in the first communication in the first inner nuclear layer First digest value is reported to real time monitoring service by dynamic model block and the second communication drive module being deployed in the second inner nuclear layer Module 502.
In addition, monitoring agent module 501 is when being reported to real time monitoring service module 502 for the first digest value, it can be with The mark of the target object is reported to real time monitoring service module 502.Wherein, monitoring agent module 501 is by the target object Mark be reported to real time monitoring service module 502 realization process and monitoring agent module 501 first digest value is reported to The realization process for monitoring service module 502 in real time is essentially identical.
Step 603: real time monitoring service module 502 receives first digest value.
It monitors service module 502 in real time and receives the first digest value that API is sent inside TEE, realize monitoring agent module 501 First digest value of target object is reported to real time monitoring service module 502.
When the mark of the target object is reported to real time monitoring service module 502 by monitoring agent module 501, supervise in real time Control service module 502 also receives the mark for the target object that API is sent inside TEE.
When monitoring service module 502 in real time and receiving first digest value, real time monitoring service module 502 according to this One digest value carries out safety certification to target object to obtain authentication result, which is used to indicate the peace of target object Total state.Specifically, real time monitoring service module 502 carries out safety certification to the target object can be led to obtaining authentication result Following step 604 is crossed to realize.
Step 604: real time monitoring service module 502 is obtained from the Secure Key Storage Module 504 in AI software systems For the second preset digest value of target object, judge whether the first digest value and the second digest value one are shown to obtain authentication result.
Judge the first digest value and the second digest value whether one show to obtain authentication result after, if the first digest value Consistent with the second digest value, then the authentication result is that safety certification passes through state;If the first digest value and the second digest value are not Unanimously, then the authentication result is that safety certification does not pass through state.That is, judging whether the first digest value and the second digest value are consistent To obtain authentication result, be specifically as follows: if the first digest value and the second digest value are consistent, which is that safety is recognized Card is by state, namely determines that the AI software systems are safe condition;If the first digest value and the second digest value are inconsistent, The authentication result is that safety certification does not pass through state, namely determines that the AI software systems are unsafe condition.
Wherein, real time monitoring service module 502 can record the certification using Boolean variable after obtaining authentication result As a result, that is, when the authentication result is that safety certification passes through state, recording the authentication result is 1, when the authentication result is peace When full certification does not pass through state, recording the authentication result is 0.
In addition, it is the digest value of target object configuration that the second digest value, which is in advance in Secure Key Storage Module 504, I.e. second digest value is the digest value preset for target object.
It should be noted that being that the second preset digest value of target object is generally stored inside the number preset for target object In certificate, also the as preset digital certificate of target object includes second digest value preset for target object.
It is worth noting that, after the corresponding AI application software of the AI software systems is installed for the first time, due to software development Quotient may upgrade the AI application software, and during upgrading the AI application software, the data of the target object may It is modified, therefore, in order to avoid subsequent real time monitoring service module 502 is pacified still according to the information of the target object before upgrading Full certification, and safety certification is caused not pass through, which need to be updated the information of the target object of storage.
When second digest value preset for target object stores in the digital certificate of target object, the AI software systems It need to can be with to the realization process that the information of the target object of storage is updated are as follows: monitoring agent module 501 is from cloud server The digital certificate of the target object after upgrading is obtained, which includes that the cloud server upgrades it to the target object Digital signature and digest value namely the digital certificate afterwards is to be demonstrate,proved according to the number that the data of the target object after upgrading determine Book.The digital certificate of target object after the upgrading is sent to the safety in the AI software systems by monitoring agent module 501 Cipher key storage block 504.The digital certificate of the stored target object is replaced with the liter by Secure Key Storage Module 504 The digital certificate of target object after grade.
Optionally, real time monitoring service module 502 can also pass through execution after carrying out safety certification to target object Corresponding strategy carries out safeguard protection to target object, specifically, carries out safety to target object by executing corresponding strategy Protection can be realized by following step 605 and/or step 606.
Step 605: real time monitoring service module 502 carries out safe guarantor to target object by the TUI503 of AI software systems Shield.
Specifically, when the authentication result is that safety certification does not pass through state, service module 502 is monitored in real time to AI software TUI503 in system sends alarm request, and TUI503 receives the alarm request and display alarm information, which is used for Indicate to the user that the safety certification of the target object does not pass through.
Certainly, which directly can also be sent to TUI503 by real time monitoring service module 502.When TUI503 connects When receiving the authentication result, corresponding operation is executed according to the authentication result.That is, when the authentication result is that safety certification is not led to When crossing state, TUI503 shows the warning message;When the authentication result is that safety certification passes through state, the certification knot is shown Fruit, so that it is safe condition that user, which understands current target object,.
In addition, TUI503 when receiving the authentication result, can also show the authentication result using default mark.? That is, the authentication result is shown using the first default mark, when certification is tied when the authentication result is that safety certification does not pass through state When fruit is that safety certification passes through state, which is shown using the second default mark.For example, when the authentication result is safety It when certification does not pass through state, is identified using red light and shows the authentication result, when authentication result is that safety certification passes through state, adopted It is identified with green light and shows the authentication result.
It should be noted that being supervised in real time when real time monitoring service module 502 records the authentication result using Boolean variable Control service module 502 is to use the authentication result of Boolean variable record to the authentication result that TUI503 is sent.That is, working as TUI503 When receiving the authentication result that real time monitoring service module 502 is sent, when the authentication result is 1, TUI503 determines the certification It as a result is safety certification by state, when the authentication result is 0, TUI503 determines that the authentication result is that safety certification does not pass through State.
Step 606: real time monitoring service module 502 is by the monitoring agent module 501 of AI software systems to target object Carry out safeguard protection.
Service module 502 is monitored in real time after obtaining the authentication result, real time monitoring service module 502 can recognize this Card result is sent to monitoring agent module 501, namely real time monitoring service module 502 by being deployed in second in the second inner nuclear layer The authentication result is sent to monitoring agent by communication drive module and the first communication drive module being deployed in the first inner nuclear layer Module 501.
Monitoring agent module 501 is when receiving the authentication result that real time monitoring service module 502 is fed back, when the certification knot When fruit is that safety certification does not pass through state, monitoring agent module 501 can carry out safety to the target object by predetermined registration operation Protection.Wherein, which can be with are as follows: monitoring agent module 501 sends to default control module and terminates request, which asks The process for being used to indicate the default control end-of-module target object is sought, which is to be deployed in the operating system In and be not belonging to the modules of the AI software systems.When default control module receives termination request, current goal pair is terminated The process of elephant, to carry out safeguard protection to the target object.
In addition, the operation for unloading the target object can also be performed when default control module receives termination request, To carry out safeguard protection to the target object.
Explanation is also needed, it is real when real time monitoring service module 502 records the authentication result using Boolean variable When monitoring service module 502 to the authentication result that monitoring agent module 501 is fed back be also using Boolean variable record certification knot Fruit.
In embodiments of the present invention, the monitoring agent module 501 in AI software systems determines the first abstract of target object Value, and the first digest value is reported to real time monitoring service module 502, by real time monitoring service module 502 to the target object Safety certification is carried out, safeguard protection is carried out to the target object to realize.It is executed since target object is placed in REE, in not shadow While ringing safety, be conducive to the deployment Relatively centralized of the software frame of the software systems, to be conducive to the AI software systems Hardware and software platform.In addition, being executed relative to the critical piece in AI software systems is placed in TEE in the related technology, the present invention Embodiment may be implemented that the critical piece is placed in REE while carrying out safeguard protection to the critical piece and execute, Such as AI chassis body is placed in REE and is executed, in order to which the AI chassis body makes full use of the computing resource abundant of the side REE, Avoid for AI chassis body being placed in the computing capability in TEE and influencing the AI chassis body, with realize guarantee computing capability and While being conducive to hardware and software platform deploymentization, guarantee the safety of the AI software systems.
Fig. 7 is that the embodiment of the invention provides another AI software systems safe conditions to determine that method, this method are applied to The determining device of AI software systems safe condition shown in Fig. 5, and this method is for monitoring service module 502 in real time according to mesh Mark object the first digest value and be the preset digital certificate of target object to target object carry out safety certification scene in, ginseng See Fig. 7, this approach includes the following steps.
Monitoring agent module 501 in step 701:AI software systems determines the of the target object in the AI software systems One digest value.
Wherein, the realization process of step 701 can refer to the realization process of step 601 shown in fig. 6, herein no longer in detail It illustrates.
Step 702: the first digest value is reported to the real time monitoring service in the AI software systems by monitoring agent module 501 Module 502.
Wherein, the realization process of step 702 can refer to the realization process of step 602 shown in fig. 6, herein no longer in detail It illustrates.
Step 703: real time monitoring service module 502 receives first digest value.
Wherein, the realization process of step 703 can refer to the realization process of step 603 shown in fig. 6, herein no longer in detail It illustrates.
When monitoring service module 502 in real time and receiving first digest value, real time monitoring service module 502 according to this One digest value carries out safety certification to target object to obtain authentication result, which again indicates that target object Safe condition.Specifically, real time monitoring service module 502 can to obtain authentication result to target object progress safety certification To be realized by following step 704.
Step 704: it is preset that real time monitoring service module 502 is retrieved as target object from Secure Key Storage Module 504 Digital certificate, whether and it is legal according to the check information in the digital certificate to verify the digital certificate.
That is, real time monitoring service module 502 is judging whether the first digest value and the second digest value one are shown and recognized Before demonstrate,proving result, need first to verify the digital certificate of target object, in the case where the digital certificate of target object is legal, Safety certification is carried out to target object to obtain authentication result by following step 705 again.
Wherein, the check information in digital certificate mainly includes root public key (root public key) and digital signature, this When, service module 502 is monitored in real time according to the check information in the digital certificate verifies the whether legal realization of the digital certificate Process can be with are as follows: and real time monitoring service module 502 judges whether root public key in check information and digital signature are legal respectively, when When monitoring the determining root public key of service module 502 and the legal digital signature in real time, it is determined that preset for the target object Digital certificate is legal.
Wherein, real time monitoring service module 502 judges that the whether legal realization process of the root public key in check information can be with Are as follows: real time monitoring service module 502 determines the cryptographic Hash of the root public key of the digital certificate of target object, and judges the target object Digital certificate root public key cryptographic Hash it is whether consistent with the cryptographic Hash of pre-stored root public key.If the target object The cryptographic Hash of the root public key of digital certificate and the cryptographic Hash of the pre-stored root public key are inconsistent, it is determined that the root public key does not conform to Method.If the cryptographic Hash of the cryptographic Hash of the root public key of the digital certificate of the target object of the determination and the pre-stored root public key Unanimously, it is determined that the root public key is legal.
Real time monitoring service module 502 judges that the whether legal realization process of the digital signature in check information can be with are as follows: According to for the root public key in the preset digital certificate of target object, sign test is carried out to the digital signature in the digital certificate.When testing When label pass through, determine that the digital signature in the digital certificate is legal;When sign test is obstructed out-of-date, the number in the digital certificate is determined It signs illegal.Wherein, according to the root public key in digital certificate, carrying out sign test to the digital signature in the digital certificate can join Examine Public Key Infrastructure (Public Key Infrastructure, PKI) certificate sign test technology, the embodiment of the present invention is herein not It is described in detail.
Wherein, pre-stored root public key be generally stored inside terminal one-time write (One Time Programming, OTP) in equipment.OTP device is a kind of one-time write equipment for storing root public key, in any support clean boot OTP device is both provided in terminal.
It is worth noting that, software developer is usually the preset digital certificate of an application software in practical application, But there may be multiple objects for needing to carry out safeguard protection in an application software, are the preset number of target object therefore There may be the digest value preset for other objects in word certificate, and in order to divide into the preset digest value of different objects, software is opened Hair quotient is that each object is provided with corresponding mark, namely in digital certificate, is stored with and multiple needs to carry out safeguard protection Object mark and the digest value preset for each object.Wherein, the mark of object is used for the unique identification object, such as should The mark of object can for object 1, object 2, object 3 ..., object n.
For example, table 1 is a kind of format of digital certificate provided in an embodiment of the present invention.As shown in table 1, the digital certificate packet The software version number (software version) of the corresponding AI application software of the AI software systems is included, the root of the digital certificate is public Key, multiple marks for needing the object for carrying out safeguard protection and the Hash preset for each object for needing to carry out safeguard protection Value, to the length of each information in multiple information such as the digital signature of the digital certificate and multiple information.
Table 1
At this point, real time monitoring service module 502 is retrieved as preset the of target object from Secure Key Storage Module 504 The realization process of two digest value can be, according to the mark of the target object received, determine and be somebody's turn to do from the digital certificate The corresponding digest value of the mark of target object, and determining digest value is determined to the second digest value of the target object.
In addition, when being stored with multiple digital certificates in Secure Key Storage Module 504, for the ease of real time monitoring service Module 502 is accurately retrieved as the preset digital certificate of the target object, monitoring agent module 501 from multiple digital certificate When the first digest value is reported to real time monitoring service module 502, the mark of the digital certificate is also reported to real time monitoring Service module 502.Service module 502 is monitored in real time in the mark for receiving the digital certificate, from Secure Key Storage Module The corresponding digital certificate of the mark is obtained in multiple digital certificates of 504 storages.Wherein, digital certificate herein is for the target The preset digital certificate of object, mark are for the mark of the preset digital certificate of the target object.
That is, being stored in Secure Key Storage Module 504 for each digital certificate in multiple digital certificate The corresponding relationship of the mark of the digital certificate and the digital certificate, when real time monitoring service module 502 receives as target object When the mark of preset digital certificate, according to the corresponding relationship and the mark received, available is that target object is preset Digital certificate.
It is also noteworthy that the AI software systems need to be updated the information of the target object of storage namely right The digital certificate of the target object of storage is updated.The realization that wherein digital certificate of the target object of storage is updated Process can no longer be described in detail herein with reference to the step 604 in Fig. 6.
Step 705: when the digital certificate is legal, the real time monitoring service module 502 is from the safety in AI software systems It is retrieved as the second preset digest value of target object in cipher key storage block 504, judges the first digest value and the second digest value is No one shows to obtain authentication result.
Wherein, the realization process of step 705 can refer to the realization process of step 604 shown in fig. 6, herein no longer in detail It illustrates.
That is, in embodiments of the present invention, real time monitoring service module 502 is obtained from Secure Key Storage Module 504 For the preset digital certificate of target object, monitoring service module 502 in real time should according to the check information verification in the digital certificate Whether digital certificate is legal, and when the digital certificate is legal, the real time monitoring service module 502 triggering is executed in above-mentioned Fig. 6 The operation of step 604.
Similarly, real time monitoring service module 502 can also pass through execution after carrying out safety certification to target object Corresponding strategy carries out safeguard protection to target object, specifically, carries out safety to target object by executing corresponding strategy Protection can be realized by following step 706 and/or step 707.
Step 706: real time monitoring service module 502 carries out safe guarantor to target object by the TUI503 of AI software systems Shield.
Wherein, the realization process of step 706 can refer to the realization process of step 605 shown in fig. 6, herein no longer in detail It illustrates.
Step 707: real time monitoring service module 502 is by the monitoring agent module 501 of AI software systems to target object Carry out safeguard protection.
Wherein, the realization process of step 707 can refer to the realization process of step 606 shown in fig. 6, herein no longer in detail It illustrates.
In embodiments of the present invention, the monitoring agent module 501 in AI software systems determines the first abstract of target object Value, and the first digest value is reported to real time monitoring service module 502, by real time monitoring service module 502 to the target object Safety certification is carried out, safeguard protection is carried out to the target object to realize.It is executed since target object is placed in REE, in not shadow While ringing safety, be conducive to the deployment Relatively centralized of the software frame of the software systems, to be conducive to the AI software systems Hardware and software platform.In addition, being executed relative to the critical piece in AI software systems is placed in TEE in the related technology, the present invention Embodiment may be implemented that the critical piece is placed in REE while carrying out safeguard protection to the critical piece and execute, Such as AI chassis body is placed in REE and is executed, in order to which pass AI chassis body makes full use of the calculating abundant of the side REE to provide Source avoids for AI chassis body being placed in the computing capability in TEE and influencing the AI chassis body, is guaranteeing computing capability to realize While with hardware and software platform deploymentization is conducive to, guarantee the safety of the AI software systems.
The application also provides one in addition to providing AI software systems and Intelligent Dynamic behavior guard system in above-described embodiment Terminal is planted, is deployed with operating system shown in Fig. 2 and AI software systems shown in Fig. 3 or intelligence shown in Fig. 4 in the terminal Dynamic behaviour guard system, so that the terminal can execute the determination of above-mentioned Fig. 6 or AI software systems safe condition shown in Fig. 7 Method.
Fig. 8 is 800 structural schematic diagram of a kind of terminal provided in an embodiment of the present invention.AI software systems shown in Fig. 3 and Fig. 4 institute The Intelligent Dynamic behavior guard system shown can be realized by terminal 800 shown in Fig. 8.Referring to Fig. 8, which includes at least One processor 801, communication bus 802, memory 803 and at least one communication interface 804.
Processor 801 can be a CPU, microprocessor, application-specific integrated circuit (application-specific Integrated circuit, ASIC), or it is one or more for controlling the integrated circuit of application scheme program execution.
Communication bus 802 may include an access, and information is transmitted between said modules.
Memory 803 can be read-only memory (read-only memory, ROM) or can store static information and instruction Other types of static storage device, random access memory (random access memory, RAM)) or can store The other types of dynamic memory of information and instruction, is also possible to Electrically Erasable Programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), CD-ROM (Compact Disc Read-Only Memory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, laser disc, light Dish, Digital Versatile Disc, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can be used in carry or Store have instruction or data structure form desired program code and can by any other medium of computer access, but It is without being limited thereto.Memory 803, which can be, to be individually present, and is connected by communication bus 802 with processor 801.Memory 803 It can be integrated with processor 801.
Communication interface 804, using the device of any transceiver one kind, for other equipment or communication, such as Ethernet, wireless access network (RAN), WLAN (Wireless Local Area Networks, WLAN) etc..
In the concrete realization, as one embodiment, processor 801 may include one or more CPU, for example, Fig. 3 or The corresponding CPU of virtual unit in Fig. 4, also may include GPU or DSP etc..
Above-mentioned terminal can be a general purpose computing device either dedicated computing machine equipment.It is implementing In, computer equipment can be desktop computer, portable computer, network server, palm PC (Personal Digital Assistant, PDA), cell phone, tablet computer, wireless terminal device, communication equipment or embedded device.The present invention is real Apply the unlimited type for determining computer equipment of example.
Wherein, memory 803 is used to store the program generation for executing the application above method or software systems example scheme Code, and executed by processor 801.The device or AI software systems that embodiment is previously mentioned before the program code can be formed. For example, memory 803 is used for as in AI software systems shown in Fig. 3 or Intelligent Dynamic behavior guard system shown in Fig. 4 The equal modules of Secure Key Storage Module 504 provide storage region.Processor 801 is used to execute to store in memory 803 Program code.It may include one or more software modules for example as described in Figure 5 in the program code.AI shown in Fig. 3 Software systems or Intelligent Dynamic behavior guard system shown in Fig. 4 can pass through the program in processor 801 and memory 803 One or more software modules in code, to determine the safe condition of corresponding software systems.
In the above-described embodiments, all or part of AI software systems can be real in the form of a computer program product It is existing.The computer program product includes one or more computer instructions.Load and execute on computers the computer When instruction, entirely or partly generate according to process or function described in the embodiment of the present invention.The computer can be general Computer, special purpose computer, computer network or other programmable devices.The computer instruction, which can store, to be calculated In machine readable storage medium storing program for executing, or from a computer readable storage medium to another computer readable storage medium transmit, For example, the computer instruction can from a web-site, computer, server or data center by it is wired (such as: it is same Shaft cable, optical fiber, digital subscriber line (Digital Subscriber Line, DSL)) or wireless (such as: it is infrared, wireless, micro- Wave etc.) mode transmitted to another web-site, computer, server or data center.The computer-readable storage Medium can be any usable medium that computer can access or include the integrated service of one or more usable mediums The data storage devices such as device, data center.The usable medium can be magnetic medium (such as: floppy disk, hard disk, tape), light Medium (such as: digital versatile disc (Digital Versatile Disc, DVD)) or semiconductor medium (such as: solid-state Hard disk (Solid State Disk, SSD)) etc..
The above is embodiment provided by the present application, all in spirit herein and original not to limit the application Within then, any modification, equivalent replacement, improvement and so on be should be included within the scope of protection of this application.

Claims (18)

1. a kind of determination method of artificial intelligence AI software systems safe condition, which is characterized in that the described method includes:
Monitoring agent module in the AI software systems determines the first digest value of the target object in the AI software systems, First digest value is used to indicate the secure authenticated information of the target object, wherein disposes the behaviour of the AI software systems The running environment for making system includes richness running environment REE and credible running environment TEE, the target object and the monitoring agent Module is placed in the REE, and the target object is the multiple moulds being deployed in the operating system in the AI software systems The module of any pending safety certification in block;
First digest value is reported to the real time monitoring service module in the AI software systems by the monitoring agent module, The real time monitoring service module is placed in the TEE;
The real time monitoring service module receives first digest value;
The real time monitoring service module carries out safety certification according to first digest value, to the target object to be recognized Card is as a result, the authentication result is used to indicate the safe condition of the target object.
2. the method as described in claim 1, which is characterized in that the real time monitoring service module is according to first abstract Value carries out safety certification to the target object to obtain authentication result, comprising:
The real time monitoring service module is retrieved as the target from the Secure Key Storage Module in the AI software systems The second preset digest value of object, the Secure Key Storage Module are placed in the TEE;
Judge whether first digest value and second digest value one are shown to obtain authentication result;
If first digest value is consistent with second digest value, the authentication result is that the safety certification passes through shape State;
If first digest value and second digest value are inconsistent, the authentication result is that the safety certification is not led to Cross state.
3. method according to claim 2, which is characterized in that the real time monitoring service module is from the AI software systems Secure Key Storage Module in be retrieved as before the second preset digest value of the target object, further includes:
The real time monitoring service module is retrieved as the preset number of the target object from the Secure Key Storage Module Certificate;
Whether the real time monitoring service module is legal according to the check information verification digital certificate in the digital certificate;
When the digital certificate is legal, the real time monitoring service module triggering is executed from the Secure Key Storage Module It is retrieved as the operation of the second preset digest value of the target object.
4. method as claimed in claim 3, which is characterized in that the method also includes:
Multiple digital certificates are stored in the Secure Key Storage Module, the monitoring agent module is made a summary by described first When value is reported to the real time monitoring service module, the mark of the digital certificate is also reported to the real time monitoring and services mould Block;
Correspondingly, it is preset to be retrieved as the target object from the Secure Key Storage Module for the real time monitoring service module Digital certificate, comprising:
The real time monitoring service module obtains the mark from multiple digital certificates that the Secure Key Storage Module stores Know corresponding digital certificate.
5. the method as described in Claims 1-4 is any, which is characterized in that the real time monitoring service module is according to described One digest value, after carrying out safety certification to the target object to obtain authentication result, further includes:
When the authentication result is that the safety certification does not pass through state, the real time monitoring service module is to the AI software Trusted user interface TUI in system sends alarm request, and the TUI is placed in the TEE;
The TUI receives the alarm request;
The TUI display alarm information, the warning message is for indicating to the user that the safety certification of the target object is not led to It crosses.
6. method as claimed in claim 1 to 5, which is characterized in that the real time monitoring service module is according to described One digest value, after carrying out safety certification to the target object to obtain authentication result, further includes:
The authentication result is sent to the monitoring agent module by the real time monitoring service module.
7. method as claimed in claim 6, which is characterized in that the real time monitoring service module sends the authentication result After the monitoring agent module, further includes:
When the authentication result is that the safety certification does not pass through state, the monitoring agent module is sent out to default control module It makes arrangements for his funeral and only requests, the process for terminating request and being used to indicate target object described in the default control end-of-module is described pre- If control module is to be deployed in the operating system and be not belonging to the module of the AI software systems.
8. the method as described in claim 1 to 7 is any, which is characterized in that the method also includes:
The monitoring agent module obtains the digital certificate of the target object after upgrading, the digital certificate from cloud server Including the cloud server to the digital signature and digest value after target object upgrading;
The digital certificate of target object after the upgrading is sent in the AI software systems by the monitoring agent module Secure Key Storage Module;
The Secure Key Storage Module replaces with the digital certificate of the stored target object after the upgrading The digital certificate of target object.
9. method as described in any of the claims 1 to 8, which is characterized in that the target object includes the AI software systems In model and critical data file.
10. a kind of determining device of artificial intelligence AI software systems safe condition, which is characterized in that described device includes: monitoring Proxy module and real time monitoring service module;
The monitoring agent module, for determining the first digest value of the target object in the AI software systems, and will be described First digest value is reported to the real time monitoring service module, and first digest value is used to indicate the safety of the target object Authentication information, wherein the running environment for disposing the operating system of the AI software systems includes richness running environment REE and credible fortune Row environment TEE, the target object and the monitoring agent module are placed in the REE, and the target object is that the AI is soft The module of any pending safety certification in multiple modules in the operating system, the real-time prison are deployed in part system Control service module is placed in the TEE;
The real time monitoring service module, for receiving first digest value, and according to first digest value, to the mesh It marks object and carries out safety certification to obtain authentication result, the authentication result is used to indicate the safe condition of the target object.
11. device as claimed in claim 10, which is characterized in that the real time monitoring service module is specifically used for:
The second preset digest value of the target object is retrieved as from the Secure Key Storage Module in the AI software systems, The Secure Key Storage Module is placed in the TEE;
Judge whether first digest value and second digest value one are shown to obtain authentication result;
If first digest value is consistent with second digest value, the authentication result is that the safety certification passes through shape State;
If first digest value and second digest value are inconsistent, the authentication result is that the safety certification is not led to Cross state.
12. device as claimed in claim 11, which is characterized in that the real time monitoring service module is also used to:
The preset digital certificate of the target object is retrieved as from the Secure Key Storage Module;
It is whether legal that the digital certificate is verified according to the check information in the digital certificate;
When the digital certificate is legal, it is pre- that triggering execution is retrieved as the target object from the Secure Key Storage Module The operation for the second digest value set.
13. device as claimed in claim 12, which is characterized in that
It is stored with multiple digital certificates in the Secure Key Storage Module, the monitoring agent module is also used to will be described When first digest value is reported to the real time monitoring service module, the mark of the digital certificate is also reported to the real-time prison Control service module;
Correspondingly, the real time monitoring service module, is specifically used for: the multiple numbers stored from the Secure Key Storage Module The corresponding digital certificate of the mark is obtained in certificate.
14. the device as described in claim 10 to 13 is any, which is characterized in that
The real time monitoring service module is also used to when the authentication result is that the safety certification does not pass through state, to institute The trusted user interface TUI stated in AI software systems sends alarm request, and the TUI is placed in the TEE;
The TUI, for receiving the alarm request, display alarm information, the warning message is used to indicate to the user that described The safety certification of target object does not pass through.
15. the device as described in claim 10 to 14 is any, which is characterized in that the real time monitoring service module is also used to The authentication result is sent to the monitoring agent module.
16. device as claimed in claim 6, which is characterized in that the monitoring agent module is also used to:
When the authentication result is that the safety certification does not pass through state, is sent to default control module and terminate request, it is described The process that request is used to indicate target object described in the default control end-of-module is terminated, the default control module is deployment In the operating system and it is not belonging to the modules of the AI software systems.
17. the device as described in claim 10 to 16 is any, which is characterized in that the monitoring agent module is also used to:
The digital certificate of the target object after upgrading is obtained from cloud server, the digital certificate includes the cloud service Device is to the digital signature and digest value after target object upgrading;
The digital certificate of target object after the upgrading is sent to the storage mould of the security key in the AI software systems Block;
Correspondingly, the Secure Key Storage Module, for the digital certificate of the stored target object to be replaced with institute State the digital certificate of the target object after upgrading.
18. the device as described in claim 10 to 17 is any, which is characterized in that the target object includes AI software system Model and critical data file in system.
CN201710481711.9A 2017-06-22 2017-06-22 Method and device for determining safety state of AI software system Active CN109117625B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710481711.9A CN109117625B (en) 2017-06-22 2017-06-22 Method and device for determining safety state of AI software system
PCT/CN2018/092027 WO2018233638A1 (en) 2017-06-22 2018-06-20 Method and apparatus for determining security state of ai software system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710481711.9A CN109117625B (en) 2017-06-22 2017-06-22 Method and device for determining safety state of AI software system

Publications (2)

Publication Number Publication Date
CN109117625A true CN109117625A (en) 2019-01-01
CN109117625B CN109117625B (en) 2020-11-06

Family

ID=64732802

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710481711.9A Active CN109117625B (en) 2017-06-22 2017-06-22 Method and device for determining safety state of AI software system

Country Status (2)

Country Link
CN (1) CN109117625B (en)
WO (1) WO2018233638A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949986A (en) * 2020-02-19 2020-11-17 华控清交信息科技(北京)有限公司 Service processing method, system and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11947444B2 (en) * 2020-11-06 2024-04-02 International Business Machines Corporation Sharing insights between pre and post deployment to enhance cloud workload security

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2746981A1 (en) * 2012-12-19 2014-06-25 ST-Ericsson SA Trusted execution environment access control rules derivation
CN105468969A (en) * 2015-11-19 2016-04-06 中科创达软件股份有限公司 Method and system for promoting security of antivirus application program
CN105653978A (en) * 2015-12-29 2016-06-08 北京握奇智能科技有限公司 Method and system for improving TEE command execution speed
CN105656890A (en) * 2015-12-30 2016-06-08 深圳数字电视国家工程实验室股份有限公司 FIDO (Fast Identity Online) authenticator, system and method based on TEE (Trusted Execution Environment) and wireless confirmation
US20160379212A1 (en) * 2015-06-26 2016-12-29 Intel Corporation System, apparatus and method for performing cryptographic operations in a trusted execution environment
CN106547618A (en) * 2016-10-19 2017-03-29 沈阳微可信科技有限公司 Communication system and electronic equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101729960B1 (en) * 2013-10-21 2017-04-25 한국전자통신연구원 Method and Apparatus for authenticating and managing an application using trusted platform module
CN105608344A (en) * 2014-10-31 2016-05-25 江苏威盾网络科技有限公司 Application program safety management system and method
WO2017039241A1 (en) * 2015-08-28 2017-03-09 Samsung Electronics Co., Ltd. Payment information processing method and apparatus of electronic device
CN105447406B (en) * 2015-11-10 2018-10-19 华为技术有限公司 A kind of method and apparatus for accessing memory space
US11100227B2 (en) * 2015-11-25 2021-08-24 Huawei Technologies Co., Ltd. Security indication information configuration method and device
CN106603487B (en) * 2016-11-04 2020-05-19 中软信息系统工程有限公司 Method for improving security of TLS protocol processing based on CPU space-time isolation mechanism

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2746981A1 (en) * 2012-12-19 2014-06-25 ST-Ericsson SA Trusted execution environment access control rules derivation
US20160379212A1 (en) * 2015-06-26 2016-12-29 Intel Corporation System, apparatus and method for performing cryptographic operations in a trusted execution environment
CN105468969A (en) * 2015-11-19 2016-04-06 中科创达软件股份有限公司 Method and system for promoting security of antivirus application program
CN105653978A (en) * 2015-12-29 2016-06-08 北京握奇智能科技有限公司 Method and system for improving TEE command execution speed
CN105656890A (en) * 2015-12-30 2016-06-08 深圳数字电视国家工程实验室股份有限公司 FIDO (Fast Identity Online) authenticator, system and method based on TEE (Trusted Execution Environment) and wireless confirmation
CN106547618A (en) * 2016-10-19 2017-03-29 沈阳微可信科技有限公司 Communication system and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949986A (en) * 2020-02-19 2020-11-17 华控清交信息科技(北京)有限公司 Service processing method, system and storage medium
CN111949986B (en) * 2020-02-19 2023-10-03 华控清交信息科技(北京)有限公司 Service processing method, system and storage medium

Also Published As

Publication number Publication date
WO2018233638A1 (en) 2018-12-27
CN109117625B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
EP3479282B1 (en) Targeted secure software deployment
CN108762887B (en) Trust root for measurement of virtual machines
CN108399329B (en) Method for improving security of trusted application program
CN104715183B (en) A kind of trust authentication method and apparatus during virtual machine operation
EP3637297A1 (en) Securing firmware
CN108351937A (en) Computing device
WO2016074506A1 (en) Method and network device for authenticating application program integrity
CN105718807B (en) Android system and its authentic authentication system based on soft TCM and credible software stack and method
WO2011102087A1 (en) Information processing device, information processing system, software routine execution method, and remote attestation method
EP3382537A1 (en) Verifying that usage of virtual network function (vnf) by a plurality of compute nodes comply with allowed usage rights
KR20080008361A (en) Method and apparatus for providing software-based security coprocessors
US11252193B2 (en) Attestation service for enforcing payload security policies in a data center
WO2009051471A2 (en) Trusted computer platform method and system without trust credential
CN109960903A (en) A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
EP3217310A1 (en) Hypervisor-based attestation of virtual environments
WO2022271373A1 (en) Secure computing mechanism
CN109117625A (en) The determination method and device of AI software systems safe condition
CN113448681B (en) Registration method, equipment and storage medium of virtual machine monitor public key
WO2023160705A1 (en) Component authentication method and apparatus
Khan et al. A protocol for preventing insider attacks in untrusted infrastructure-as-a-service clouds
CN111310173A (en) Terminal virtual machine identity authentication method and system of trusted chip
Park et al. TGVisor: A tiny hypervisor-based trusted geolocation framework for mobile cloud clients
CN107995230A (en) A kind of method for down loading and terminal
CN115021995B (en) Multi-channel login method, device, equipment and storage medium
Qin et al. RIPTE: runtime integrity protection based on trusted execution for IoT device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant