CN110659079B - Balanced type safety processor - Google Patents

Balanced type safety processor Download PDF

Info

Publication number
CN110659079B
CN110659079B CN201910711710.8A CN201910711710A CN110659079B CN 110659079 B CN110659079 B CN 110659079B CN 201910711710 A CN201910711710 A CN 201910711710A CN 110659079 B CN110659079 B CN 110659079B
Authority
CN
China
Prior art keywords
processor
component
module
functional components
configuration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910711710.8A
Other languages
Chinese (zh)
Other versions
CN110659079A (en
Inventor
曹春春
柳会鹏
李虹阳
王州府
魏晓伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tianhongyi Network Technology Co ltd
Beijing Duosi Security Chip Technology Co ltd
Original Assignee
Beijing Tianhongyi Network Technology Co ltd
Beijing Duosi Security Chip Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tianhongyi Network Technology Co ltd, Beijing Duosi Security Chip Technology Co ltd filed Critical Beijing Tianhongyi Network Technology Co ltd
Priority to CN201910711710.8A priority Critical patent/CN110659079B/en
Publication of CN110659079A publication Critical patent/CN110659079A/en
Application granted granted Critical
Publication of CN110659079B publication Critical patent/CN110659079B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses an equilibrium type safety processor. The safety processor comprises a resource controller, a plurality of functional components and a switch configuration network thereof; the resource controller comprises a reorganization configuration module, the reorganization configuration module further comprises a mode management unit, the reorganization configuration module configures the functional components into at least three operation processor cores through control of a switch configuration network, different tasks are distributed to the operation processor cores, and distributed tasks are uniformly completed by the operation processor cores. By configuring the functional components in the secure processor into at least three operation processor cores, which can be the same or different, so as to uniformly complete the processing tasks, the service processing capacity and level of the secure processor are greatly improved, and the secure processor can also realize different processor cores through configuration, the functions among the processor cores are biased and backup support each other, and the redundancy and alternative design can improve the attack resistance, the security and the reliability of the secure processor.

Description

Balanced type safety processor
Technical Field
The invention relates to the technical field of design and manufacture of processors, in particular to a balanced type security processor capable of realizing enhanced anti-attack capability.
Background
The processor is the bottom hardware platform of all computer systems and information systems, at present, network attacks are increasingly normalized, and along with the improvement of the information security level, the security requirement on the processor is also becoming more and more common.
The security processor existing in the market mainly realizes the security protection of the processor in a mode of software such as an encryption algorithm and the like, and the hardware structure inside the processor is not improved, so that the security requirement of the processor is not fully met.
Moreover, the current processor generally adopts a single-core structure, and how to realize the cooperative work of the multi-core processor is also a problem to be solved in the current processor field.
Disclosure of Invention
The present invention has been made in view of the above problems, and it is an object of the present invention to provide an balanced type security processor which overcomes or at least partially solves the above problems.
The invention provides an equilibrium type safety processor, which comprises a resource controller, a plurality of functional components and a switch configuration network thereof; the resource controller comprises a reorganization configuration module, the reorganization configuration module further comprises a mode management unit, the reorganization configuration module configures the functional components into at least three operation processor cores through control of a switch configuration network, different tasks are distributed to the operation processor cores, and distributed tasks are uniformly completed by the operation processor cores.
Optionally, the functional component is any one or more of the following: the system comprises an operation processing component, a data processing component, a storage component, a detection component, a monitoring component, a password service component, a logic operation unit, an instruction decoder, a counter, a register component, a clock component and a bus component, wherein functional components in the safety processor are redundant after the at least three operation processor cores are configured.
Optionally, a configuration file is provided in the reconfiguration module, and the functional component is configured dynamically or statically according to the configuration file, and the processor core may be any one of the following: control processor core, operation processor core. .
Optionally, the secure processor further includes a fixed support program, and the fixed support program specifically includes at least one module of the following: the system comprises a hardware interface driving module, a file management module, a security support module and a communication processing module.
Optionally, each of the processor cores employs a different instruction hierarchy.
Optionally, the resource controller further includes at least one of the following modules: the device comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
Optionally, the control processor core includes at least one of the following modules or components: the device comprises an initialization module, a detection component and a monitoring component.
Optionally, the operation processor core includes at least one of the following modules or components: the system comprises an initialization module, an operation processing part and a password service part.
Optionally, the data processor core includes at least one of the following modules or components: an initialization module and a data processing component.
Optionally, the system further comprises an interface component, wherein the interface component comprises a special interface and a general interface, and the special interface is connected with the resource controller and is used for receiving the initial configuration of the security processor by an administrator; the general interface is connected with the functional component and is an input or output interface of information flow.
As can be seen from the above, the security processor provided by the technical solution of the present invention includes a resource controller, a plurality of functional units and a switch configuration network thereof; the resource controller comprises a reorganization configuration module, the reorganization configuration module further comprises a mode management unit, the reorganization configuration module configures the functional components into at least three operation processor cores through control of a switch configuration network, different tasks are distributed to the operation processor cores, and distributed tasks are uniformly completed by the operation processor cores. By configuring the functional components in the secure processor into at least three operation processor cores, which can be the same or different, so as to uniformly complete the processing tasks, the service processing capacity and level of the secure processor are greatly improved, and the secure processor can realize different processor cores through configuration, the functions among the processor cores are biased and backup support for each other, and the redundancy and alternative design can improve the attack resistance, the safety and the reliability of the secure processor.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 shows a schematic diagram of a secure processor according to one embodiment of the invention;
FIG. 2 illustrates a diagram of a reconfiguration method of a secure processor according to one embodiment of the present invention;
fig. 3 shows a schematic structural diagram of a secure processor according to another embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The invention discloses a logic protection structure of a security processor, which mainly realizes the protection function of network attack and the like through the rapid recombination configuration of the internal hardware structure of the processor and the alternative design of redundancy. The main conception of the invention comprises that the functional devices in the safety processor can be configured into a plurality of processor cores through dynamic recombination, and each processor core can realize the same or different functions, so that the logic structure is diversified, dynamic and self-repairable, thereby realizing the safety protection of the system. Furthermore, according to different processing task requirements, diversified coordination is realized through different preset work preset modes. The design of redundancy and reconfigurability ensures the efficacy of logic protection of the safety processor to the maximum extent, and improves the processing capacity and level of the safety processor. Other components such as a decoder, a memory device, and a bus are not limited in this embodiment.
Example 1
FIG. 1 shows a schematic diagram of a secure processor 100 according to one embodiment of the invention; the secure processor 100 includes a resource controller 110 and a functional unit group 120, where a plurality of functional units and a switch configuration network thereof are disposed in the functional unit group 120; the resource controller 110 dynamically or statically configures each of the functional components into at least two processor cores (121, 122) through control of a switch configuration network by a reconfiguration module therein, each of the processor cores (121, 122) executing decoded instructions corresponding to the configured functional components.
The functional component is a logic device combination capable of realizing specific functions, and comprises a switch configuration network consisting of a gate and a switch array. In this embodiment, the resource controller 110 is disposed in the secure processor, where the resource controller 110 includes a reconfiguration module, and a configuration file or a reconfiguration rule is disposed in the module, so that the hardware resources in the processor can be reconfigured to form processor cores (IP cores) with different or the same functions. The resource controller 110 includes a plurality of functional modules and/or storage units, and the configuration files or the reorganization rules are stored in the storage units of the reorganization configuration module.
Preferably, the profile stores a 0,1 value representing the on or off of each switch of the switch configuration network. Different combinations are implemented by selecting or loading different configuration files to form different processor cores. The configuration file can be manufactured according to the requirements of the design safety controller in the design and manufacturing stage; the manager can also perform initialization injection through a special interface so as to finish the presetting; or dynamically and real-time adjusting according to the algorithm according to the processing requirement of the application program; or is started under the conditions of network attack or failure and the like, and the reorganization of the residual components with the same functions is realized, so that the safety processor can keep normal operation.
In addition, the recombination of the functional components can be realized by setting the cooperation of the recombination rule file and the recombination control unit in the recombination configuration module. The method comprises the steps that a reorganization control unit receives a plurality of control instructions obtained by decoding an running application program in a processor, macro processing is conducted on the control instructions according to reorganization rules, macro control instructions are obtained, and processor cores of corresponding functional components for executing the macro control instructions are selected according to the macro control instructions so as to achieve execution of the macro control instructions.
The functional components may be single devices with higher logic levels, such as flip-flops, adders, shift registers, multipliers, etc., or may be functional components with a certain function formed by combining the devices with multiple higher logic levels, where the functions of each functional component may be the same or different, and although the positions of the logic components are not physically changed, they may be rearranged according to different configuration information or rearrangement rules, so as to form different functional components. The configuration information and the reorganization rule can be preset by the processor in the design and manufacturing stage, can be configured in real time by an administrator according to actual needs, and can be dynamically adjusted according to rules or algorithms in the process of processing the tasks of the software application program and when the problems such as attack or system fault are encountered.
In a preferred embodiment, the switches in the switch configuration network are controlled by a register set, and the connection or disconnection between the functional components can be achieved by loading the data in the configuration file into the register set corresponding to the switch configuration network.
In this embodiment, the resource controller 110 dynamically or statically configures each of the functional units as at least two processor cores, such as the processor core 121 that may form a control class, the processor core 122 of an operation class, or the processor core 123 of a data processing class, according to the requirements of the processing task.
As can be seen from the foregoing, the functional units in the secure processor according to this embodiment of the present invention can implement dynamic or static reconfiguration, so as to quickly form at least two processor cores, and the functions of each of the processor cores may be the same or different, so that the functions of each processor core are biased and backed up, and the redundancy and alternative design can improve the attack resistance, security and reliability of the secure processor, and greatly improve the service processing capability and level of the secure processor.
In some embodiments, the kinds of functional components are further defined, and according to the business processing requirements of the security processor and the internal monitoring, detection and cryptographic service requirements, the kinds may include: an arithmetic processing unit for performing mathematical operations such as addition, subtraction, multiplication, division, calculus and logic judgment; the data processing component is used for receiving data transmitted by the application program from the interface and is mainly used for analyzing, measuring, managing and the like of the data; the storage component is mainly used for temporary storage of data or information and comprises a random queue storage unit and a nonvolatile storage unit; the detection component is mainly used for detecting and testing the safety processor and comprises logic detection, physical detection and application detection, wherein the logic detection comprises detection of whether random number generation is normal or not, detection of whether a cryptographic algorithm is correct or not, detection of whether stored data is consistent and complete or not, detection of whether a file is tampered or modified or not, the physical detection is used for energy detection and environment detection, the energy detection comprises detection of light, voltage, current and frequency, and the environment detection comprises detection of temperature, humidity, pressure and the like; the monitoring component is used for mainly monitoring and controlling the operation of each processor core, and carrying out operations including alarm, marking, self-damage, self-recovery, self-destruction and the like on the safety processor according to the monitoring result, wherein the monitored contents comprise whether random number generation is normal, whether a password algorithm is correct, whether a file or a setting is tampered or modified, energy monitoring and environment monitoring; the cryptographic service component comprises services for providing a cryptographic algorithm, a key management, a security protocol and a security policy, wherein the cryptographic algorithm comprises a symmetric algorithm, an asymmetric algorithm and a hash algorithm, the key management comprises key generation, key distribution, key import, key export, key storage and key destruction, the security policy comprises an injection policy, a storage policy, an algorithm policy, a recombination policy, a key management policy, a self-recovery policy, an identification policy, a self-destruction policy and a random number generation policy, and the security policy comprises SSL, IPSEC and the like.
Of course, the functional units may also include logic operation units, instruction decoders, counters, register units, clock units, bus units.
In order to prevent the functional components from still working normally when being attacked or encountering faults, the functional components with the same functions in the functional component groups are at least 2 groups, so that after the configuration is completed, the residual functional components are still used for subsequent adjustment and reconfiguration. Because the configuration is completed and the redundant functional components are arranged, when each processor core is attacked and paralyzed or other conditions needing restarting, the same or similar processor cores can be newly generated through dynamic reconfiguration to replace the previous processor cores, so that the safety performance of the safety processor is improved. In one embodiment, the processor core is any one or more of the following: control processor core, operation processor core, data processor core. The functions and the compositions of the processor cores are not particularly limited, wherein the control processor cores are mainly used for coordinating the progress of controlling the other processor cores to complete processing tasks, and also comprise the steps of detecting and monitoring the processor cores, so that the tasks can be normally performed; the inner core of the operation processor mainly realizes the operation processing of processing tasks; the data processor core is mainly used for receiving data in the application program, analyzing and managing the data, and the like.
In the case that more than 3 processor cores exist, the processor cores need to cooperate with each other to finish the task of application processing, in a specific embodiment of the present invention, the reconfiguration module further includes a mode management unit, which defines the following preset modes: master-slave mode, equalization mode or arbitration mode. Of course, the preset mode may be written into the guiding storage unit by a program in the design and manufacturing stage of the secure processor, or may be set by an administrator before the chip is used, or may be triggered by a tag of the application program to be processed.
The reorganization configuration module configures the functional components to at least comprise a control processor core, an operation processor core and a data processor core, wherein the processor cores are distributed with different tasks to respectively realize system control, operation processing and data processing. The control processor core plays a leading and monitoring role, the main role of the operation processor core is logic or mathematical operation, and the data processor core is responsible for receiving data transmitted from an interface or a storage unit, analyzing and managing the data, and the like. The number and variety of the processor cores can be dynamically adjusted or configured according to the requirements of processing tasks. Or alternatively, the process may be performed,
The reorganization configuration module configures the functional component into at least three operation processor cores, wherein each operation processor core is allocated with different tasks, and each operation processor core is used for uniformly completing the allocated tasks; the above mode is mainly used for processing the case of complex task or large data volume, and the type and number of the operation processor cores are not particularly limited. Or alternatively, the process may be performed,
the reconfiguration module configures the functional component into at least three operation processor cores, each operation processor core respectively and simultaneously completes the same processing task, and the final result of the processing task is determined according to the execution result of each processor core. For example, three operation processor cores are set to select different algorithms to perform a certain mathematical calculation processing task at the same time, after a result of a certain stage is obtained, which processor core is correct in result is judged, and then subsequent calculation is performed according to the correct result. The internal logic devices of the operation processor cores in the arbitration mode can be different, the same task is realized according to different functional components, and then the result of which operation processor core or cores is or are judged to be correct according to the mode management unit, and finally the task is executed according to the correct result.
In a specific embodiment, each mode may be a staged combination form for processing a certain application task, and according to the change and stage difference of the processing task, the different modes may be dynamically adjusted according to the cooperation of the mode management unit and the recombination control module, and monitoring, control and feedback may be further implemented between the processor cores. The recombination mode and the working mode of each processor kernel are outside the guarantee of safety, and the capability and the level of processing the service of the safety processor can be greatly improved.
In a specific embodiment, each processor core may employ different instruction systems according to different processing task requirements, and the types of instruction systems include CISC, RISC, EPIC, VLIW and the like. Because the instruction systems of the processor cores formed by the different functional components are different, and the different instruction systems are dynamically distributed to the processor cores, the difficulty of being attacked is further increased, and the attack deterrence is formed.
According to a specific embodiment, the secure processor further comprises a fixed supporting program, which is a software program written into the chip at the design and manufacturing stage of the secure processor, and is used for connecting hardware and application programs, and specifically comprises a hardware interface driving module, a file management module, a secure supporting module and a communication processing module. The fixed program may implement system cold start, program list and data list management, security control, program steering/metrics, core resource scheduling, connection communication, etc. For example, during an initialization phase, the fixed support program 130 may help each processor core complete an initialization task, and may also help establish connections between components or modules within the secure processor, manage files, implement communication functions, and the like.
In one embodiment, the resource controller 110 defines the operation relationship of each processor core in the secure processor, and distributes the functional components in the functional component group to each processor core, so as to complete the static configuration and dynamic reconfiguration of the logic and instructions, and realize the personalized secure processor design, i.e. complete the coordination and command of the operation of the whole resource in the secure processor. The resource controller specifically further comprises modules such as original injection, loading, resource self-recovery, reconfiguration, control feedback and the like, so that corresponding functions are realized.
The original injection refers to injecting a fixed supporting program into a storage unit in the safety processor, and the injected content comprises an initialization program, a loading program, a detection program and a monitoring program. Loading refers to a user or administrator installing or loading programs or data into the secure processor storage unit through a universal interface. Resource recovery includes algorithm recovery, IP kernel resource recovery, interface recovery, random number component recovery; the algorithm recovery is that when the algorithm resource component in the safety processor is damaged, the algorithm can be recovered according to the safety strategy configuration; the recovery of the IP core resources is that when the IP core resources in the security processor are damaged, the recovery can be carried out according to the security policy configuration; the interface can be recovered, namely when the interface part in the security processor is damaged, the interface can be recovered according to the security policy configuration; the random number component can be recovered, namely, when the random number component in the security processor is damaged, the random number component can be recovered according to the security policy configuration; the reconfiguration configuration specifically comprises instruction reconfiguration, logic reconfiguration and structure reconfiguration, wherein the instruction reconfiguration is to configure an instruction set supported by the current safety processor according to an instruction configuration table and has individuation and safety characteristics; the logic reorganization is to perform various combinations on the functional component resources in the safety processor, and change various connection modes to generate specific functions; the structure reorganization is that the hardware logic circuit reorganizes and forms different circuit structures according to different application demands, and different functions are realized to adapt to different application demands. The control feedback refers to control over each processor core and feedback received by each processor core during the process of reorganization configuration and processing task execution.
In one embodiment, the control processor core is configured as an IP core including an initialization module, a detection component, and a monitoring component, wherein initialization refers to electrical initialization, and specifically refers to static configuration of internal resources of the control processor core; detection refers to checking and testing a secure processor, including logical detection, physical detection, and application detection; monitoring refers to monitoring and control, including alarming, marking, self-damage, self-recovery and self-destruction. For example, whether the static configuration file is tampered or not is monitored, and then the operations such as alarming, marking, self-damage or self-recovery are executed; or the environment and the energy state are monitored, and then the alarm or the self-destruction operation is executed.
In one embodiment, the operation processor kernel mainly bears the running of the application program of the chip user, and the main functional modules comprise initialization, operation processing and password service. The cryptographic service is mainly used for encrypting data transmitted in each processor core and the resource controller, so that the difficulty of cracking the cryptographic service when the cryptographic service is attacked by the network is increased.
The measures of the security processor for information security according to the cryptographic service comprise the following aspects: 1) The confidentiality of data information is protected, the secure processor uses the password service to enable the real content of the data to be hidden in the password, and the confidentiality of the data in the internal and external storage units of the chip and the confidentiality of bus communication information are ensured; 2) The integrity of the data information is protected, the security processor is protected to carry out correctness and integrity authentication on the data information by using the password service, the data forged by an attacker can be identified, the legality of instructions and data running in the processor is ensured, the attacker is prevented from analyzing the behavior of the processor by tampering the data or the instructions, and the internal running mechanism of the processor is known; 3) The independence of the program encryption space is ensured, the safety processor encrypts each program by using mutually independent keys, and the storage spaces are mutually independent, so that an attacker is prevented from acquiring instruction data of other program spaces by stealing the key of one program, and the robustness of safety protection is improved. In addition, the method also comprises the following steps of protecting the information: the security information processing method and device can ensure timeliness of security sensitive information, isolate the security information from normal data information, ensure operation reliability of the security processor, realize personalized service of the security processor and the like.
In one embodiment, the data processor core is mainly responsible for data processing of the chip, including initialization, data processing components, which perform data reception, data parsing, data metrics, data management, and the like. The data measurement adopts a hash algorithm to perform hash calculation on a fixed supporting program, a hardware driver, system software, application software, corresponding configuration data and the like in the secure processor, and the data management mainly refers to data receiving, data sending, data distribution (classified storage according to different attributes), data control, data destruction and the like.
In a specific embodiment, the system further comprises an interface component, wherein the interface component comprises a special interface and a general interface, the special interface is connected with the resource controller and is used for receiving that an administrator carries out primary configuration on the security processor, and functions are forbidden after use; the universal interface is connected with the functional component and is an input or output interface of information flow, and comprises a physical interface and a logical interface, such as a UART interface, an SPI interface, a USB interface, a SATA interface, an SD interface, a PCIE interface, an IDE interface, a UFS interface, a Thunderbolt interface and the like.
Example 2
FIG. 2 illustrates a diagram of a reconfiguration method of a secure processor according to one embodiment of the present invention. The method comprises the following steps:
step S210, setting a resource controller and a plurality of functional components in a safety processor, wherein the plurality of functional components comprise a switch configuration network;
step S220, a reorganization configuration module is arranged in the resource controller;
in step S230, the reconfiguration module may dynamically or statically configure the functional components into at least two processor cores through control of the switches of the switch configuration network.
According to the embodiment, the functional components in the secure processor can realize that the recombination of the functional components can be realized in real time and efficiently, and the functions of the processor cores can be the same or different, so that the functions of the processor cores are biased and backup supported, and the redundancy and the alternative design can improve the attack resistance, the security and the reliability of the secure processor and greatly improve the service processing capacity and the service processing level of the secure processor.
In one embodiment, the functional component is any one or more of the following: the system comprises an operation processing component, a data processing component, a storage component, a detection component, a monitoring component and a password service component, wherein functional components in the secure processor are redundant after at least two processor cores are configured.
In one embodiment, the processor core is configured using a configuration file of the reorganization configuration module, and the processor core may be at least one of the following: control processor core, operation processor core, data processor core.
According to a specific embodiment, the reconfiguration module configures the functional units to at least include a control processor core, an operation processor core and a data processor core, where each processor core is allocated with different tasks to implement system control, operation processing and data processing respectively; or alternatively, the process may be performed,
the reorganization configuration module configures the functional component into at least three operation processor cores, wherein each operation processor core is allocated with different tasks, and each operation processor core is used for uniformly completing the allocated tasks; or alternatively, the process may be performed,
the reconfiguration module configures the functional component into at least three operation processor cores, each operation processor core respectively and simultaneously completes the same processing task, and the final result of the processing task is determined according to the execution result of each processor core.
In one embodiment, the different decoders and controllers assigned to each processor core implement different instruction sets. By the dynamic configuration of the instruction system of the processor kernel, the cracking difficulty of the safety processor is further improved.
In one embodiment, according to the requirements of the secure processor resource control, at least one of the following modules is further provided in the resource controller: the device comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
In one embodiment, at least one of the following modules or components is provided at the control processor core according to the operating requirements of the control processor core: the device comprises an initialization module, a detection component and a monitoring component.
In one embodiment, at least one of the following modules or components is provided in the arithmetic processor core: the system comprises an initialization module, an operation processing part and a password service part.
In one embodiment, at least one of the following modules or components is provided in the data processor core: an initialization module and a data processing component.
In one embodiment, the secure processor is further provided with an interface component, the interface component includes a dedicated interface and a general-purpose interface, and the dedicated interface is used for connecting the resource controller and is used for receiving an administrator to perform initial configuration on the secure processor; and connecting the functional components by using a general interface to be an input or output interface of the information flow.
The safety processor in the embodiment of the invention comprises a resource controller, a plurality of functional components and a switch configuration network thereof; the resource controller includes a reorganization configuration module that may dynamically or statically configure each of the functional components as at least two processor cores. The functional components in the secure processor can realize dynamic or static reconfiguration, at least two processor cores are formed rapidly, and the service processing speed is improved; the redundancy and the alternative design can improve the attack resistance, the safety and the reliability of the safety processor and greatly improve the service processing capacity and the level of the safety processor.
Example 3
The embodiment 3 provides a secure processor in a master-slave mode, an equalization mode or an arbitration mode, wherein the secure processor comprises a resource controller, a plurality of functional components and a switch configuration network thereof; the resource controller comprises a reorganization configuration module which configures the functional components into at least three processor cores through controlling the switches of the switch configuration network, and the reorganization configuration module further comprises a mode management unit.
The safety processor can be configured into a master-slave mode, the recombination configuration module configures the functional components to at least comprise a control processor core, an operation processor core and a data processor core, and each processor core is distributed with different tasks to respectively realize system control, operation processing and data processing; or alternatively, the process may be performed,
the safety processor can be further configured to be balanced, the reconfiguration module configures the functional component into at least three operation processor cores, each operation processor core is allocated with different tasks, and each operation processor core is used for completing the allocated tasks in a balanced mode; or alternatively, the process may be performed,
the secure processor may be further configured to arbitrate, where the reconfiguration module configures the functional unit to at least three operation processor cores, each of the operation processor cores respectively completes the same processing task at the same time, and a final result of the processing task is determined according to an execution result of each of the processor cores.
The number of the processor cores in each mode can be multiple, the types of the processor cores can be different or the same according to the needs, and the modes are dynamically adjusted according to the characteristics of processing tasks.
When a certain application program task is processed according to the mode, a loading module of the resource controller receives the program and data of the application program, installs or loads the program and data into a storage system through a universal interface, completes task allocation work, and then in the application program task processing process, each processor core automatically loads the corresponding program and data.
By configuring the functional components in the secure processor into different modes, the service processing capacity and level of the secure processor can be greatly improved, different processor cores can be realized through dynamic configuration, functions among the processor cores are respectively biased and supported by backup, and the redundancy and alternative design can improve the attack resistance, the security and the reliability of the secure processor.
According to a specific embodiment, the functional component is any one or more of the following: the system comprises an operation processing component, a data processing component, a storage component, a detection component, a monitoring component, a password service component, a logic operation unit, an instruction decoder, a counter, a register component, a clock component and a bus component, wherein functional components in the safety processor are redundant after at least two processor cores are configured.
In a specific embodiment, the reconfiguration module includes a configuration file therein, and the processor core is at least one of the following: control processor core, operation processor core, data processor core.
In one embodiment, the processor cores employ different instruction sets.
In one embodiment, the resource controller further comprises at least one of the following modules: the device comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
In one embodiment, the control processor core includes at least one of the following modules or components: the device comprises an initialization module, a detection component and a monitoring component.
In one embodiment, the operation processor core includes at least one of the following modules or components: the system comprises an initialization module, an operation processing part and a password service part.
In one embodiment, the data processor core includes at least one of the following modules or components: an initialization module and a data processing component.
Of course, each processor core is not limited to a particular module or component, and may be dynamically adjusted as desired.
According to a specific embodiment, the secure processor further comprises a fixed support program, which specifically comprises at least one of the following modules: the system comprises a hardware interface driving module, a file management module, a security support module and a communication processing module.
In one embodiment, the system further comprises an interface component, wherein the interface component comprises a special interface and a general interface, and the special interface is connected with the resource controller and is used for receiving the initial configuration of the security processor by an administrator; the general interface is connected with the functional component group and is an input or output interface of information flow.
Fig. 3 shows a schematic structural diagram of a secure processor according to another embodiment of the present invention. The workflow of the secure processor in master-slave mode is specifically described in this embodiment. Firstly, according to a dynamic instruction of a processing task or a predetermined rule, the resource controller 110 controls the functional component group 120 to realize resource allocation, hardware resources inside a processor are allocated into a plurality of processor cores, and the functional component group 120 feeds back a reorganization result of the resource controller 110; according to FIG. 2, each feature in the feature group 120 is statically or dynamically allocated by the resource controller to three processor cores (121, 122, 123) for use, and after the allocation of the three processor cores (121, 122, 123) is successful, the feedback result is verified; wherein, the control processor core 121 may monitor and control the operation processor core 122 and the data processor core 123, and the operation processor core 122 and the data processor core 123 perform result feedback to the control processor core 121; the processor core 122 may also monitor and control the data processor core 123, and the data processor core 123 may perform result feedback to the processor core. After the processing task of the application program arrives, a control instruction set of the task is obtained through a decoder, and then the control instruction set is distributed to a corresponding processor core for processing according to the characteristics of the instruction set and a preset mode by the resource controller 110, wherein the control processor is mainly responsible for monitoring and detecting the task, the operation processor core is mainly responsible for operation processing the task, and the data processor core is mainly responsible for processing data, and processing results are obtained through division cooperation. For example, the reconfiguration process may include a macro processing process, where the instruction set is macro processed according to a reconfiguration rule stored in a reconfiguration module in the resource controller 110, so as to obtain a macro control instruction including a plurality of control instructions, and the macro control instruction is allocated to a corresponding processor core, so as to implement execution of the macro control instruction.
In summary, the technical scheme of the invention provides a security processor, which comprises a resource controller, a plurality of functional components and a switch configuration network thereof; the resource controller includes a reorganization configuration module that may dynamically or statically configure each of the functional components as at least two processor cores. The functional components in the secure processor can realize dynamic or static reconfiguration, at least two processor cores are formed rapidly, and the service processing speed is improved; because the redundant functional components are also arranged after the configuration is completed, when each processor core is attacked and paralyzed or other conditions needing restarting, a new processor core with the same function can be formed through reconfiguration, and the functions among the processor cores are unbalanced and are backup supporting, the redundancy and the alternative design can improve the attack resistance, the safety and the reliability of the safety processor, and greatly improve the service processing capacity and the service processing level of the safety processor.
It should be noted that:
in the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names.

Claims (8)

1. The balanced safety processor is characterized by comprising a resource controller, a plurality of functional components and a switch configuration network thereof; the switch configuration network consists of a gating device and a switch array, the switches in the switch configuration network are controlled by a register group, and the connection or disconnection between the functional components is realized by loading the data in the configuration file into the register group corresponding to the switch configuration network; the resource controller comprises a reorganization configuration module, the reorganization configuration module further comprises a mode management unit, the reorganization configuration module configures the functional components into at least three operation processor cores through control of a switch configuration network, the operation processor cores are distributed with different tasks, and the operation processor cores are balanced to complete the distributed tasks;
the mode management unit defines a preset mode as follows: master-slave mode, equalization mode or arbitration mode; the preset mode is written into the guiding storage unit through a program in the design and manufacturing stage of the safety processor, or is set by a manager before the chip is used, or is triggered by a label of an application program to be processed;
The resource controller dynamically or statically configures each functional component into at least three processor cores through the control of the reconfiguration module to the switch of the switch configuration network, and each processor core executes the decoded instruction corresponding to the configured functional component; the method comprises the steps of dynamically distributing different instruction systems to each processor core, wherein the instruction systems of different functional components and processor cores formed by the functional components are different; further comprises: the recombination of the functional components is realized by setting recombination rules in a recombination configuration module and matching the recombination control unit; the method comprises the steps that a reorganization control unit receives a plurality of control instructions obtained by decoding an running application program in a processor, macro processing is carried out on the control instructions according to reorganization rules, macro control instructions are obtained, and processor cores of corresponding functional components for executing the macro control instructions are selected according to the macro control instructions so as to realize execution of the macro control instructions;
the configuration file stores 0,1 numerical values representing the connection or disconnection of each switch of the switch configuration network, and different combinations are realized by selecting or loading different configuration files so as to form different processor cores; the configuration file is used for carrying out dynamic and real-time adjustment according to an algorithm according to the processing requirement of an application program or starting under the condition of encountering a network attack or failure, so that the recombination of the residual processor cores with the same functional components is realized, and the same or similar processor cores are regenerated to replace the previous processor cores, so that the safety processor can keep normal work;
The functional component is a device with a higher logic level or a plurality of functional components with certain functions formed by combining the devices with the higher logic level; wherein, the functions of each functional component can be the same or different, the physical position of each functional component logic device is unchanged, and the functional components are recombined according to different configuration information or recombination rules, so as to form different functional components; the configuration information and the recombination rules are dynamically adjusted according to rules or algorithms when attack or system fault problems are encountered in the process of processing software application program tasks; the functional components include any one or more of the following: the system comprises an operation processing component, a data processing component, a storage component, a detection component, a monitoring component, a password service component, a logic operation unit, an instruction decoder, a counter, a register component, a clock component and a bus component, wherein functional components in the safety processor are redundant after at least three processor cores are configured.
2. The secure processor of claim 1, wherein the processor core is further any one of: a control processor core, an arithmetic processor core, and a data processor core.
3. The secure processor of any of claims 1-2, further comprising a fixed support program, the fixed support program comprising in particular at least one of the following modules: the system comprises a hardware interface driving module, a file management module, a security support module and a communication processing module.
4. The secure processor of claim 1, wherein the resource controller further comprises at least one of the following modules: the device comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
5. The secure processor of claim 2, wherein the control processor core comprises at least one of the following modules or components: the device comprises an initialization module, a detection component and a monitoring component.
6. The secure processor of claim 1, wherein the computing processor core comprises at least one of the following modules or components: the system comprises an initialization module, an operation processing part and a password service part.
7. The secure processor of claim 2, wherein the data processor core comprises at least one of the following modules or components: an initialization module and a data processing component.
8. The secure processor of claim 1, further comprising an interface component comprising a dedicated interface and a generic interface, the dedicated interface coupled to the resource controller for receiving an initial configuration of the secure processor by an administrator; the general interface is connected with the functional component and is an input or output interface of information flow.
CN201910711710.8A 2019-08-02 2019-08-02 Balanced type safety processor Active CN110659079B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910711710.8A CN110659079B (en) 2019-08-02 2019-08-02 Balanced type safety processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910711710.8A CN110659079B (en) 2019-08-02 2019-08-02 Balanced type safety processor

Publications (2)

Publication Number Publication Date
CN110659079A CN110659079A (en) 2020-01-07
CN110659079B true CN110659079B (en) 2023-08-01

Family

ID=69036878

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910711710.8A Active CN110659079B (en) 2019-08-02 2019-08-02 Balanced type safety processor

Country Status (1)

Country Link
CN (1) CN110659079B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101996154A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 General processor supporting reconfigurable safety design

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8868790B2 (en) * 2004-02-13 2014-10-21 Oracle International Corporation Processor-memory module performance acceleration in fabric-backplane enterprise servers
US10021558B2 (en) * 2016-03-29 2018-07-10 Qualcomm Incorporated System and methods for using embedded subscriber identity module (eSIM) provisioning processes to provide and activate device configuration packages on a wireless communication device
CN107729772B (en) * 2017-06-14 2020-12-22 北京多思科技工业园股份有限公司 Processor

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101996154A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 General processor supporting reconfigurable safety design

Also Published As

Publication number Publication date
CN110659079A (en) 2020-01-07

Similar Documents

Publication Publication Date Title
US11093258B2 (en) Method for trusted booting of PLC based on measurement mechanism
US11256797B2 (en) Remote attestation for multi-core processor
WO2018052625A1 (en) Technologies for secure boot provisioning and management of field-programmable gate array images
US8589672B2 (en) Method for securely merging multiple nodes having trusted platform modules
CN105122261A (en) Recovering from compromised system boot code
CN110799979B (en) Secure key storage for multi-core processors
CN110321713B (en) Dynamic measurement method and device of trusted computing platform based on dual-system architecture
CN110334512B (en) Static measurement method and device of trusted computing platform based on dual-system architecture
CN103518359A (en) Method, device and network for achieving attack resistance of cloud computing
CN110851188A (en) Domestic PLC trusted chain implementation device and method based on binary architecture
CN106936768B (en) White list network control system and method based on trusted chip
CN112955888A (en) Protecting a group of nodes
US10909516B2 (en) Basic input/output system (BIOS) credential management
KR20210022915A (en) Hardware security module for verifying execution code, device having the same, and operating method thereof
US20100293357A1 (en) Method and apparatus for providing platform independent secure domain
US20230342472A1 (en) Computer System, Trusted Function Component, and Running Method
CN110659079B (en) Balanced type safety processor
CN110659073B (en) Arbitration type safety processor
CN110597755B (en) Recombination configuration method of safety processor
CN110334509B (en) Method and device for constructing trusted computing platform of dual-system architecture
CN110597754B (en) Master-slave type safety processor
CN110659507B (en) Safety processor
US11734457B2 (en) Technology for controlling access to processor debug features
CN112307481B (en) System trusted starting method, electronic equipment and computer readable storage medium
CN112181860B (en) Controller with flash memory simulation function and control method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant