CN109992992B - Credible sensitive data protection method and system - Google Patents

Credible sensitive data protection method and system Download PDF

Info

Publication number
CN109992992B
CN109992992B CN201910073175.8A CN201910073175A CN109992992B CN 109992992 B CN109992992 B CN 109992992B CN 201910073175 A CN201910073175 A CN 201910073175A CN 109992992 B CN109992992 B CN 109992992B
Authority
CN
China
Prior art keywords
random access
memory
access memory
trusted application
internal random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910073175.8A
Other languages
Chinese (zh)
Other versions
CN109992992A (en
Inventor
荆继武
王跃武
雷灵光
周荃
李彦初
马超
王杰
林璟锵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Data Assurance and Communication Security Research Center of CAS
Original Assignee
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Data Assurance and Communication Security Research Center of CAS filed Critical Data Assurance and Communication Security Research Center of CAS
Priority to CN201910073175.8A priority Critical patent/CN109992992B/en
Publication of CN109992992A publication Critical patent/CN109992992A/en
Application granted granted Critical
Publication of CN109992992B publication Critical patent/CN109992992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a credible sensitive data protection method and a credible sensitive data protection system, which mainly comprise the following steps: a trusted application loading module; an internal random access memory management module; an internal random access memory control module. The core idea of the invention is that only sensitive data of trusted application is isolated to an Internal Random Access Memory (iRAM) dynamic security domain protected by TrustZone, and other data and codes are still placed in the Dynamic Random Access Memory (DRAM) security domain, so that the dynamic protection of the sensitive data is realized, the sensitive data can not be stolen or tampered by software attack and physical memory exposure attack, and the invention has the characteristics of strong security, universality, high efficiency, user friendliness and the like.

Description

Credible sensitive data protection method and system
Technical Field
The invention relates to a credible sensitive data protection method and system, and belongs to the field of mobile terminal safety.
Background
With the rapid development of the mobile internet and the increasing popularity of the mobile terminals, more and more sensitive tasks, such as mobile payment, data encryption/decryption, sending and receiving of sensitive mails and the like, are started to be executed on the mobile terminals, and many sensitive data are involved in the execution process of the tasks. An attacker can use various kernel vulnerabilities to implement software attack on the system, and the attacker can access and modify sensitive data in the system after the attacker obtains the Root authority.
To better protect sensitive data on mobile terminals, security solutions implementing system-level, software and hardware combinations must be designed. The TrustZone is a safety extension of the ARM processor, hardware resources such as a CPU, a memory, an I/O peripheral and the like are divided into a safety world and a common world to realize safety isolation, and a monitoring mode of the processor is introduced to realize switching between the two worlds. Sensitive data can be put into a secure world for use and storage by using the TrustZone, and an attacker in the ordinary world cannot steal the sensitive data even if the attacker takes the Root authority.
However, TrustZone cannot prevent sensitive data leakage caused by physical memory exposure attacks such as cold start attack and bus snooping attack. In a cold-start attack, since the dram still has data remaining in a short time after the system is powered off, an attacker can restart the device and let it boot the operating system controlled by the attacker to output the sensitive data remaining in the dram. In a bus snoop attack, an attacker uses a bus snoop tool on the memory bus to read data while waiting for the CPU to request sensitive data through the memory bus.
The internal random access memory can be used for preventing the physical memory from being exposed and attacked, because the internal random access memory clears all data after power is off and is positioned in the system chip, sensitive data cannot leave the system chip and cannot pass through any bus which can be monitored.
Disclosure of Invention
The problems solved by the invention are as follows: aiming at the use scene of sensitive data on a mobile terminal, a credible sensitive data protection method and a credible sensitive data protection system are provided, so that the sensitive data cannot be stolen or tampered by software attack and physical memory exposure attack, and the method has the characteristics of strong safety, universality, high efficiency, user friendliness and the like.
The technical solution of the invention is as follows:
in one aspect, the present invention provides a trusted sensitive data protection method, including the following steps:
1) loading the trusted application into the memory of the secure world from the shared memory of the secure world and the common world, and verifying the validity of the trusted application;
2) sensitive data of the trusted application is allocated to a security domain of the internal random access memory, and code and non-sensitive data of the trusted application are loaded to the security domain of the dynamic random access memory.
Further, before step 1), loading the trusted application from the file system to the shared memory, including:
a) the common application firstly sends out a request for executing the trusted application, and the secure world operating system returns a result to the common application when finding that the corresponding trusted application is not loaded in the memory;
b) and after receiving the result, the common application calls the trusted execution environment client to load the corresponding trusted application from the file system into the shared memory of the secure world and the common world.
Further, in step 1), the signature header information of the trusted application is read from the shared memory to verify the validity of the trusted application.
Further, step 2) comprises:
2.1) allocating memory space: allocating a physical memory space on an internal random access memory security domain for sensitive data of trusted application, and allocating a physical memory space on a dynamic random access memory security domain for codes of trusted application and non-sensitive data;
2.2) mapping the allocated memory space: establishing a mapping relation from a virtual address to a physical address for each allocated segment of physical memory space;
2.3) copying the trusted application and running: copying all PT _ LOAD sections and stack sections of the ELF file of the trusted application from the shared memory to the respectively allocated physical memory space, and then running the trusted application;
2.4) clearing the sensitive data, finishing the operation and returning to the common world: and before the trusted application is executed and returned to the common world, clearing the sensitive data on the internal random access memory security domain of the trusted application, deleting the use information of the corresponding memory block, then ending the operation of the trusted application, and returning the result to the common world.
In another aspect, the present invention provides a trusted sensitive data protection system, comprising: the device comprises a trusted application loading module, an internal random access memory management module and an internal random access memory control module. Wherein:
and the trusted application loading module is responsible for loading the trusted application into the memory of the secure world from the shared memory of the secure world and the common world, verifying the validity of the trusted application and then waiting for running. Normally, the entire trusted application would be loaded into the security domain of the dynamic random access memory, but would be threatened by a physical memory exposure attack. The trusted application loading module designed by the invention realizes a memory separation mechanism: distributing the sensitive data of the trusted application to a security domain of an Internal Random Access Memory (iRAM) which can resist physical Memory exposure attack; other portions of the trusted application are loaded into a security domain of a Dynamic Random Access Memory (DRAM). Therefore, the sensitive data of the trusted application is protected from being exposed and attacked by the physical memory under the condition of ensuring the normal operation of the trusted application. The sensitive data comprises a data section, a bss section, a stack section and a stack section, wherein the data section and the bss section are statically allocated by the trusted application, and the stack section are dynamically allocated.
And the internal random access memory management module is responsible for distributing and releasing the security domain physical memory space of the internal random access memory and managing the distributed security domain physical memory blocks. The internal random access memory management module manages usage information of the allocated iRAM secure memory blocks using a linked list structure. When the memory is allocated, searching unallocated memory spaces from a high address to a low address of a memory area by using a First-time adaptation (First) algorithm, allocating the unallocated memory spaces to a requester as long as a certain unallocated space is greater than or equal to an applied space, and inserting an entry storing the use information of the memory block into a linked list; when the memory is released, searching the linked list to find out the corresponding item, clearing the data in the block and deleting the item.
And the internal random access memory control module is responsible for starting TrustZone (trusted zone) protection of the internal random access memory when the secure world operating system is started and dynamically adjusting the size of the security domain of the internal random access memory. Normally, the internal random access memory is accessible by the general world, where sensitive data of trusted applications are stored vulnerable to software attacks. When the system is started, the internal random access memory control module isolates the internal random access memory into a part of secure area which can only be accessed by TrustZone, and ensures that the data of the secure area cannot be accessed by the ordinary world; when the system runs, the internal random access memory control module dynamically adjusts the size of the internal random access memory security domain according to the requirements of common application and trusted application, so that the simultaneous running of a plurality of trusted applications is supported while the application in the common world is not influenced.
Compared with the prior art, the invention has the beneficial effects that:
the credible sensitive data protection system and method can ensure that neither software attack nor physical memory exposure attack can steal or tamper sensitive data, have the advantages of strong safety, universality, high efficiency, transparency to users and the like, and are suitable for the use scene of sensitive data on the mobile terminal.
Drawings
Fig. 1 is a block diagram of a trusted sensitive data protection system according to the present invention.
Fig. 2 is an execution flow chart of a trusted sensitive data protection method provided by the present invention.
Fig. 3 is a graph comparing data amount that AES can encrypt per second with increasing amount of plaintext encrypted in a performance test experiment performed by a trusted application.
Fig. 4 is a comparison graph of the number of decryption operations that RSA can perform per second in a performance test experiment performed by a trusted application.
Fig. 5 is a graph comparing the number of packets per second that SHA256 can process in a trusted application execution performance test experiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. It should be noted that various changes and modifications can be made by those skilled in the art without departing from the spirit of the invention, and these changes and modifications are all within the scope of the invention.
Referring to fig. 1, an embodiment of the present invention provides a trusted sensitive data protection system, which includes: the device comprises a trusted application loading module, an internal random access memory management module and an internal random access memory control module. Wherein:
and the trusted application loading module is responsible for loading the trusted application into the memory of the secure world from the shared memory of the secure world and the common world, verifying the validity of the trusted application and then waiting for running. The trusted application loading module designed by the invention realizes a memory separation mechanism: distributing the sensitive data of the trusted application to a security domain of an internal random access memory which can resist physical memory exposure attacks; loading other portions of the trusted application to a security domain of the dynamic random access memory. Therefore, the sensitive data of the trusted application is protected from being exposed and attacked by the physical memory under the condition of ensuring the normal operation of the trusted application. In this example, the trusted application is aes _ perf (or current, create _ fail _ test, crypt, rpc _ test, sha _ perf, sims, storage2, storage _ benchmark). They are trusted applications in the xtest test set provided by the OP-TEE system in the secure world, and are used for performing comprehensive functional tests on the OP-TEE system. In this example, the trusted application load module divides the heap space from the.
And the internal random access memory management module is responsible for distributing and releasing the security domain physical memory space of the internal random access memory and managing the distributed security domain physical memory blocks. The internal random access memory management module manages usage information of the allocated iRAM secure memory blocks using a linked list structure. When the memory is allocated, searching unallocated memory spaces from a high address to a low address of a memory area by using a First-time adaptation (First) algorithm, allocating the unallocated memory spaces to a requester as long as a certain unallocated space is greater than or equal to an applied space, and inserting an entry storing the use information of the memory block into a linked list; when the memory is released, searching the linked list to find out the corresponding item, clearing the data in the block and deleting the item.
And the internal random access memory control module is responsible for starting TrustZone protection of the internal random access memory when the secure world operating system is started and dynamically adjusting the size of the security domain of the internal random access memory. When the system is started, the internal random access memory control module isolates the internal random access memory into a part of secure area which can only be accessed by TrustZone, and ensures that the data of the secure area cannot be accessed by the ordinary world; when the system runs, the internal random access memory control module dynamically adjusts the size of the internal random access memory security domain according to the requirements of common application and trusted application, so that the simultaneous running of a plurality of trusted applications is supported while the application in the common world is not influenced. In this example, the size of the internal random access memory is 256KB, with the lowest 20KB fixed for common world operating system use, the highest 32KB fixed for secure world operating system use, and the remaining 204KB dynamically allocated while the system is running.
Referring to fig. 2, an embodiment of the present invention provides a trusted sensitive data protection method, which is characterized by including the following steps:
(1) loading a trusted application from a file system to a shared memory: the common application firstly sends out a request for executing the trusted application, and the secure world operating system finds that the corresponding trusted application is not loaded in the memory, so that a result is returned to the common application. And after receiving the result, the common application calls the trusted execution environment client to load the corresponding trusted application from the file system into the shared memories of the secure world and the common world, and waits for the processing of the trusted application loading module.
(2) Verifying the validity of the trusted application: and the trusted application loading module reads the signature header information of the trusted application from the shared memory and verifies the validity of the trusted application. In this example, the trusted application loading module verifies the signature of the ELF file in the trusted application, and if the verification is passed, the ELF file is formally loaded.
(3) Allocating memory space for sensitive data of the trusted application: the trusted application loading module calls an internal random access memory management module to allocate a memory space for the sensitive data: the internal random access memory management module firstly calls an internal random access memory control module to adjust the size of the security domain of the internal random access memory; and then distributing physical memory space on the internal random access memory security domain to the data section, the bss section, the stack section and the stack section of the trusted application. In this example, the internal random access memory management module actually allocates physical memory space on the internal random access memory security domain to the data/. bss segment and the stack segment of the trusted application, because the trusted application loading module of this example divides the stack space from the bss segment by default.
(4) Allocating memory space for the code and non-sensitive data of the trusted application: the trusted application loading module allocates a physical memory space on a dynamic random access memory security domain for code and non-sensitive data of the trusted application. In this example, the code and non-sensitive data of the trusted application are the contents of the trusted application elf (executable and Linkable format) file except the data/. bss section in the PT _ LOAD section.
(5) Mapping the allocated memory space: and (4) the trusted application loading module establishes a mapping relation from a virtual address to a physical address for each segment of physical memory space distributed in the step (3) and the step (4).
(6) Copying the trusted application and running: and copying all PT _ LOAD sections and stack sections of the trusted application ELF file from the shared memory to the respectively allocated physical memory space, and then running the trusted application.
(7) Clearing sensitive data, finishing operation and returning to the common world: before the trusted application is executed and the system returns to the common world, the internal random access memory management module clears the sensitive data of the trusted application on the internal random access memory security domain and deletes the use information of the corresponding memory block. And then ending the running of the trusted application and returning the result to the common world.
Under the condition of the invention, the trusted application allocates a physical memory space on the security domain of the internal random access memory for sensitive data and allocates a physical memory space on the security domain of the dynamic random access memory for codes and non-sensitive data; whereas trusted applications typically allocate physical memory space on the dynamic random access memory security domain for all code and data. The experimental contents are the loading and execution performances of the credible application under the two conditions and are compared. To reduce experimental error, each test experiment was iterated 1000 times and then averaged to obtain the final experimental result.
(1) Trusted application load time test experiment: the experimental objects are aes _ perf, current, create _ fail _ test, encrypt, rpc _ test, sha _ perf, sims, storage2 and storage _ benchmark, which are all credible applications in xtest test set provided by the OP-TEE system in the secure world and are used for carrying out omnibearing functional test on the OP-TEE system. The test results are shown in table 1:
TABLE 1 test results
Load time in the case of the invention Load time in the usual case Performance impact of the invention
111.27ms 109.77ms 1.37%
(2) The trusted application performs a performance testing experiment: the experimental object is the corresponding TA of AES, RSA and SHA256 cryptographic algorithm. The working mode of the AES algorithm is an ECB mode, the key length is 128 bits, and the test is carried out by adopting encryption operation; the RSA algorithm follows the PKCS #1 standard, the key length is 2014 bits, and the decryption operation is adopted for testing; the input of SHA256 algorithm is processed by 512 bits in groups, and the output result length is 256 bits. The experimental results are shown in fig. 3, 4 and 5; white grid, dark grey represent the normal case and the case of the present invention, respectively. FIG. 3 shows the amount of data that can be encrypted by AES per second as the amount of plaintext is encrypted increases; FIG. 4 illustrates the number of decryption operations that RSA can perform per second; fig. 5 shows the number of packets per second that SHA256 can process.
The experiments show that the method only brings little performance overhead to the loading and execution of the trusted application, namely the method has little influence on the performance of the operating system in the safe world and can almost neglect the influence.
In the invention, the sensitive data of the trusted application is not limited to the statically allocated data/bss segment and the dynamically allocated stack segment and stack segment described in the above embodiments, and the content contained in the sensitive data can also be customized.
The above description is only an example of the present invention and should not be taken as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (8)

1. A method for trusted sensitive data protection, comprising the steps of:
1) loading the trusted application into the memory of the secure world from the shared memory of the secure world and the common world, and verifying the validity of the trusted application;
2) distributing sensitive data of the trusted application to a security domain of an internal random access memory iRAM (internal random access memory) by adopting a memory separation mechanism, and loading codes and non-sensitive data of the trusted application to a security domain of a dynamic random access memory DRAM (dynamic random access memory); the sensitive data comprises a data section and a bss section which are statically allocated by the trusted application, and a stack section which are dynamically allocated;
3) starting TrustZone protection of an internal random access memory when a secure world operating system is started, and dynamically adjusting the size of a security domain of the internal random access memory according to requirements, namely dynamically adjusting the size of the security domain of the internal random access memory according to the requirements of common applications and trusted applications, so that simultaneous operation of a plurality of trusted applications is supported while the application of the common world is not influenced;
wherein, step 2) includes:
2.1) allocating memory space: allocating a physical memory space on an internal random access memory security domain for sensitive data of trusted application, and allocating a physical memory space on a dynamic random access memory security domain for codes of trusted application and non-sensitive data;
2.2) mapping the allocated memory space: establishing a mapping relation from a virtual address to a physical address for each allocated segment of physical memory space;
2.3) copying the trusted application and running: copying all PT _ LOAD sections and stack sections of the ELF file of the trusted application from the shared memory to the respectively allocated physical memory space, and then running the trusted application;
2.4) clearing the sensitive data, finishing the operation and returning to the common world: and before the trusted application is executed and returned to the common world, clearing the sensitive data on the internal random access memory security domain of the trusted application, deleting the use information of the corresponding memory block, then ending the operation of the trusted application, and returning the result to the common world.
2. The method according to claim 1, wherein the usage information of the secure memory blocks of the allocated internal random access memory is managed using a linked list structure; after the memory space is distributed, inserting an item storing the use information of the memory block into the linked list; when the memory is released, searching the linked list to find out the corresponding item, clearing the data in the block and deleting the item.
3. The method of claim 1, wherein prior to step 1), loading the trusted application from the file system into the shared memory comprises:
a) the common application firstly sends out a request for executing the trusted application, and the secure world operating system returns a result to the common application when finding that the corresponding trusted application is not loaded in the memory;
b) and after receiving the result, the common application calls the trusted execution environment client to load the corresponding trusted application from the file system into the shared memory of the secure world and the common world.
4. The method of claim 1, wherein in step 1), the signature header information of the trusted application is read from the shared memory to verify the validity of the trusted application.
5. A trusted sensitive data protection system using the method of any one of claims 1 to 4, comprising:
the trusted application loading module is responsible for loading trusted applications into the memory of the secure world from the shared memory of the secure world and the common world and verifying the validity of the trusted applications; the trusted application loading module distributes the sensitive data of the trusted application to a security domain of an internal random access memory through a memory separation mechanism; loading code and non-sensitive data of a trusted application to a security domain of a dynamic random access memory;
the internal random access memory management module is responsible for distributing and releasing security domain physical memory space of the internal random access memory and managing the distributed security domain physical memory blocks;
and the internal random access memory control module is responsible for starting TrustZone protection of the internal random access memory when the secure world operating system is started, and dynamically adjusting the size of the security domain of the internal random access memory according to the requirement.
6. The system of claim 5, wherein the internal random access memory is on a system-on-a-chip with the central processing unit.
7. The system of claim 5, wherein the trusted application loading module, the internal random access memory management module, and the internal random access memory control module execute on a secure operating system of a secure world that employs a TrustZone trusted execution environment.
8. The system according to claim 5, wherein the internal random access memory management module manages usage information of the secure memory blocks of the allocated internal random access memory using a linked list structure; after the memory space is distributed, inserting an item storing the use information of the memory block into the linked list; when the memory is released, searching the linked list to find out the corresponding item, clearing the data in the block and deleting the item.
CN201910073175.8A 2019-01-25 2019-01-25 Credible sensitive data protection method and system Active CN109992992B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910073175.8A CN109992992B (en) 2019-01-25 2019-01-25 Credible sensitive data protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910073175.8A CN109992992B (en) 2019-01-25 2019-01-25 Credible sensitive data protection method and system

Publications (2)

Publication Number Publication Date
CN109992992A CN109992992A (en) 2019-07-09
CN109992992B true CN109992992B (en) 2021-07-13

Family

ID=67129857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910073175.8A Active CN109992992B (en) 2019-01-25 2019-01-25 Credible sensitive data protection method and system

Country Status (1)

Country Link
CN (1) CN109992992B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110750791B (en) * 2019-10-15 2022-04-19 首都师范大学 Method and system for guaranteeing physical attack resistance of trusted execution environment based on memory encryption
CN111858004A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 TEE expansion-based real-time application dynamic loading method and system for computer security world
CN112069506B (en) * 2020-09-16 2024-02-23 地平线(上海)人工智能技术有限公司 Safe starting method and device
CN112257059B (en) * 2020-10-12 2023-03-28 麒麟软件有限公司 Dynamic trusted file execution control method and system
CN113051572A (en) * 2020-12-10 2021-06-29 中国银联股份有限公司 Control method and device of trusted application, computer storage medium and terminal
CN117349841A (en) * 2022-06-27 2024-01-05 华为技术有限公司 Information processing method, chip, electronic device, and computer-readable storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8959311B2 (en) * 2006-08-25 2015-02-17 Texas Instruments Incorporated Methods and systems involving secure RAM
CN100504811C (en) * 2007-06-13 2009-06-24 中兴通讯股份有限公司 Method for detecting RAM leakage
CN105678191B (en) * 2016-03-02 2018-11-13 上海瓶钵信息科技有限公司 Method, terminal and the system of security of system are improved using SoC storage insides
CN106815494B (en) * 2016-12-28 2020-02-07 中软信息系统工程有限公司 Method for realizing application program safety certification based on CPU time-space isolation mechanism
CN107220189A (en) * 2017-03-14 2017-09-29 晨星半导体股份有限公司 Memory headroom is managed and memory access control method and device
CN107194284A (en) * 2017-06-22 2017-09-22 济南浪潮高新科技投资发展有限公司 A kind of method and system based on the user-isolated data of TrustZone

Also Published As

Publication number Publication date
CN109992992A (en) 2019-07-09

Similar Documents

Publication Publication Date Title
CN109992992B (en) Credible sensitive data protection method and system
Jang et al. Heterogeneous isolated execution for commodity gpus
Strackx et al. Efficient isolation of trusted subsystems in embedded systems
JP3363379B2 (en) Method and apparatus for protecting application data in a secure storage area
US9898624B2 (en) Multi-core processor based key protection method and system
JP5249399B2 (en) Method and apparatus for secure execution using secure memory partition
CN110348204B (en) Code protection system, authentication method, authentication device, chip and electronic equipment
US20110289294A1 (en) Information processing apparatus
US20180082057A1 (en) Access control
US20100058041A1 (en) Method and Apparatus for Secure Instantly-On Computer System
JP2009518742A (en) Method and apparatus for secure handling of data in a microcontroller
US8095802B2 (en) System and method for securely saving a program context to a shared memory
JP4975127B2 (en) Apparatus for providing tamper evidence to executable code stored on removable media
CN111190686A (en) System, apparatus, and method for integrity protection of tenant workloads in a multi-tenant computing environment
KR20100084180A (en) Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral
CN109086620B (en) Physical isolation dual-system construction method based on mobile storage medium
CN110750791B (en) Method and system for guaranteeing physical attack resistance of trusted execution environment based on memory encryption
Zhao et al. Minimal kernel: an operating system architecture for {TEE} to resist board level physical attacks
CN112182560B (en) Efficient isolation method, system and medium for Intel SGX interior
CN108959943B (en) Method, device, apparatus, storage medium and corresponding vehicle for managing an encryption key
CN113302613A (en) Bypass protection
Zhang et al. SoftME: A Software‐Based Memory Protection Approach for TEE System to Resist Physical Attacks
Zegzhda et al. Use of Intel SGX to ensure the confidentiality of data of cloud users
US9244863B2 (en) Computing device, with data protection
US11886350B2 (en) System memory context determination for integrity monitoring and related techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant