CN110659507A - Safety processor - Google Patents

Safety processor Download PDF

Info

Publication number
CN110659507A
CN110659507A CN201910711733.9A CN201910711733A CN110659507A CN 110659507 A CN110659507 A CN 110659507A CN 201910711733 A CN201910711733 A CN 201910711733A CN 110659507 A CN110659507 A CN 110659507A
Authority
CN
China
Prior art keywords
processor
processor core
module
unit
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910711733.9A
Other languages
Chinese (zh)
Other versions
CN110659507B (en
Inventor
曹春春
柳会鹏
李虹阳
王州府
魏晓伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tianhongyi Network Technology Co Ltd
Beijing Duosi Security Chip Technology Co Ltd
Original Assignee
Beijing Tianhongyi Network Technology Co Ltd
Beijing Duosi Security Chip Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tianhongyi Network Technology Co Ltd, Beijing Duosi Security Chip Technology Co Ltd filed Critical Beijing Tianhongyi Network Technology Co Ltd
Priority to CN201910711733.9A priority Critical patent/CN110659507B/en
Publication of CN110659507A publication Critical patent/CN110659507A/en
Application granted granted Critical
Publication of CN110659507B publication Critical patent/CN110659507B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Hardware Redundancy (AREA)

Abstract

The invention discloses a security processor. The safety processor comprises a resource controller, a plurality of functional units and a switch configuration network thereof; the resource controller includes a reconfiguration module that dynamically or statically configures each of the functional components into at least two processor cores through control of switches of a switch configuration network. The functional components in the safety processor can realize dynamic or static reconfiguration, at least two processor cores are quickly formed, and the functions of the processor cores can be the same or different, so that the functions of the processor cores are heavier and mutually support, the design of redundancy and replaceability can improve the attack resistance, safety and reliability of the safety processor, and greatly improve the service processing capacity and level of the safety processor.

Description

Safety processor
Technical Field
The invention relates to the technical field of processor design and manufacture, in particular to a security processor capable of realizing enhanced anti-attack capability.
Background
The processor is a bottom hardware platform of all computer systems and information systems, at present, network attacks are becoming more and more normal, and as the information security level is improved, the security requirements on the processor are becoming more and more common.
The safety processor in the market mainly realizes the safety protection of the processor by software modes such as an encryption algorithm and the like, and the improvement on the internal hardware structure of the processor is not carried out, so that the safety requirement of the processor cannot be fully met.
Disclosure of Invention
In view of the above, the present invention has been developed to provide a secure processor that overcomes, or at least partially solves, the above-mentioned problems.
The invention provides a safety processor, which comprises a resource controller, a plurality of functional components and a switch configuration network thereof; the resource controller includes a reconfiguration module that can dynamically or statically configure the functional components to form at least two processor cores through control of switches of a switch configuration network.
Optionally, the functional components include any one or more of the following: the safety processor comprises an operation processing unit, a data processing unit, a storage unit, a detection unit, a monitoring unit, a password service unit, a logic operation unit, an instruction decoder, a counter, a register unit, a clock unit and a bus unit, wherein functional units in the safety processor are redundant after at least two processor cores are configured.
Optionally, a configuration file is disposed in the reconfiguration module, and the processor core may be at least one of: the device comprises a control processor core, an operation processor core and a data processor core. Optionally, the at least two processor cores include at least one control processor core, one arithmetic processor core, and one data processor core; alternatively, the first and second electrodes may be,
the at least two processor cores are at least three arithmetic processor cores, and each arithmetic processor core is configured to be allocated with different tasks, so that each arithmetic processor core can equally complete the allocated tasks; alternatively, the first and second electrodes may be,
the at least two processor cores are at least three arithmetic processor cores, and each arithmetic processor core is configured to execute the same processing task at the same time, so that the final result of the processing task can be determined according to the execution result of each arithmetic processor core.
Optionally, each processor core adopts a different instruction system.
Optionally, the resource controller further includes at least one of the following modules: the system comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
Optionally, the control processor core includes at least one of the following modules or components: the device comprises an initialization module, a detection component and a monitoring component.
Optionally, the arithmetic processor core includes at least one of the following modules or components: initialization module, operation processing part, password service part.
Optionally, the data processor core includes at least one of the following modules or components: initialization module, data processing part.
Optionally, the secure processor further includes an interface component, where the interface component includes a dedicated interface and a general interface, and the dedicated interface is connected to the resource controller and is configured to receive a primary configuration of the secure processor by an administrator; the general interface is connected with the functional component and is an input or output interface of information flow.
Therefore, the safety processor provided by the technical scheme of the invention comprises a resource controller, a plurality of functional units and a switch configuration network thereof; the resource controller includes a reconfiguration module that can dynamically or statically configure each of the functional units into at least two processor cores. The functional components in the safety processor can realize dynamic or static reconfiguration, at least two processor cores are quickly formed, and the functions of the processor cores can be the same or different, so that the functions of the processor cores are heavier and mutually support, the design of redundancy and replaceability can improve the attack resistance, safety and reliability of the safety processor, and greatly improve the service processing capacity and level of the safety processor.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 shows a schematic diagram of a secure processor according to one embodiment of the invention;
FIG. 2 is a schematic diagram illustrating a reconfiguration method for a secure processor according to an embodiment of the present invention;
fig. 3 shows a schematic block diagram of a secure processor according to another embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The invention discloses a logic protection structure of a safety processor, which realizes the protection function against network attack and the like mainly through the quick reconfiguration and the alternative design of redundancy of an internal hardware structure of the processor. The main concept of the present invention includes that the functional device in the secure processor can be configured into several processor cores through dynamic reconfiguration, and each processor core can implement the same or different functions, so that the logic structure can be diversified, dynamic and self-repairable, thereby implementing the security protection of the system. And furthermore, according to different processing task needs, diversified cooperation is realized through different preset work preset modes. The design of redundancy and recombination furthest ensures the efficacy of logic protection of the safety processor and improves the processing capacity and level of the safety processor. The decoder, the storage device, the bus, and other components are not limited in this embodiment.
Example 1
FIG. 1 shows a schematic block diagram of a secure processor 100 according to one embodiment of the invention; the secure processor 100 includes a resource controller 110 and a functional component group 120, where the functional component group 120 is provided with a plurality of functional components and switch configuration networks thereof; the resource controller 110 dynamically or statically configures each of the functional units into at least two processor cores (121, 122) by controlling the switches of the switch configuration network through a reconfiguration module therein, each of the processor cores (121, 122) executing decoded instructions corresponding to the configured functional unit.
The functional unit is a logic device combination capable of realizing specific functions, and comprises a switch configuration network consisting of a gate and a switch array. In this embodiment, a resource controller 110 is disposed in the secure processor, the resource controller 110 includes a reconfiguration module, and a configuration file or a reconfiguration rule is disposed in the reconfiguration module, so that hardware resources inside the processor can be reconfigured to form processor cores (IP cores) with different or the same functions. The resource controller 110 includes a plurality of functional modules and/or storage units, and the configuration file or the reconfiguration rule is stored in the storage unit of the reconfiguration module.
Preferably, the configuration file stores 0, 1 values representing the on or off of the switches of the switch configuration network. Different combinations are implemented by selecting or loading different configuration files to form different processor cores. The configuration file can be manufactured according to the requirements of designing the safety controller in the design and manufacturing stage; or the manager can carry out initialization injection through a special interface so as to complete presetting; or according to the processing requirement of the application program, carrying out dynamic and real-time adjustment according to an algorithm; or starting under the conditions of network attack or failure and the like, and realizing the recombination of the rest parts with the same function, so that the safety processor can keep normal operation.
In addition, the functional components can be recombined by setting a recombination rule file in the recombination configuration module and matching the recombination control unit. The recombination control unit receives a plurality of control instructions obtained by decoding an application program running in a processor, carries out macro processing on the control instructions according to a recombination rule to obtain macro control instructions, and selects a corresponding functional unit to execute a processor core of the macro control instructions according to the macro control instructions to realize the execution of the macro control instructions.
The functional units may be single higher logic level devices such as flip-flops, adders, shift registers, multipliers, or functional units with a certain function formed by combining the above multiple higher logic level devices, and the functions of each functional unit may be the same or different, and although the physical locations of the logic devices are not changed, they may be rearranged according to different configuration information or rearrangement rules, so as to form different functional units. The configuration information and the recombination rules may be preset in the design and manufacturing stage of the processor, may also be configured by an administrator in real time according to actual needs, and may also be dynamically adjusted according to rules or algorithms in the process of processing software application tasks, when encountering problems such as attacks or system failures.
In a preferred embodiment, the switches in the switch configuration network are controlled by a register set, and the connection or disconnection between the functional components can be realized by loading the data in the configuration file into the corresponding register set of the switch configuration network.
In this embodiment, the resource controller 110 dynamically or statically configures each functional unit into at least two processor cores according to the requirement of a processing task, such as a processor core 121 that may form a control class, a processor core 122 that may form an operation class, or a processor core 123 that may form a data processing class.
As can be seen from the above description, in the secure processor in the embodiment of the present invention, the functional components in the secure processor can implement dynamic or static reconfiguration, at least two processor cores are formed quickly, and the functions of the processor cores can be the same or different, so that the functions of the processor cores are biased and backup each other, and this design with redundancy and replaceability can improve the attack resistance, the security and the reliability of the secure processor, and greatly improve the service processing capability and level of the secure processor.
In some embodiments, further defined are classes of functional components, which may include, depending on the traffic handling needs of the security processor and the internal monitoring, detection and cryptographic service requirements: an arithmetic processing unit for performing mathematical operations such as addition, subtraction, multiplication, division, calculus and the like, and logical judgment; the data processing component receives data transmitted by the application program from the interface and is mainly used for analyzing, measuring, managing and the like of the data; the storage component is mainly used for temporarily storing data or information and comprises a random queue storage unit and a nonvolatile storage unit; the detection component is mainly used for checking and testing the safety processor and comprises logic detection, physical detection and application detection, wherein the logic detection comprises detecting whether random number generation is normal or not, detecting whether a cryptographic algorithm is correct or not, detecting whether stored data are consistent and complete or not, detecting whether a file is tampered or modified or not, the physical detection is used for energy detection and environment detection, the energy detection comprises detection on light, voltage, current and frequency, and the environment detection comprises detection on temperature, humidity, pressure and the like; the monitoring component is mainly used for monitoring and controlling the operation of each processor core, carrying out operations including alarming, marking, self-damage, self-recovery, self-destruction and the like on the safety processor according to a monitoring result, wherein the monitored content comprises whether random number generation is normal or not, whether a password algorithm is correct or not, whether a file or setting is tampered or modified or not, energy monitoring and environment monitoring; the password service component comprises services of providing a password algorithm, key management, a security protocol, a security policy and the like, wherein the password algorithm comprises a symmetric algorithm, an asymmetric algorithm and a hash algorithm, the key management comprises key generation, key distribution, key introduction, key derivation, key storage and key destruction, the security protocol comprises SSL, IPSEC and the like, and the security policy comprises an injection policy, a storage policy, an algorithm policy, a recombination policy, a key management policy, a self-recovery policy, an identity identification policy, a self-destruction policy, a random number generation policy and the like.
Of course, the functional units may also include a logical operation unit, an instruction decoder, a counter, a register unit, a clock unit, and a bus unit.
In order to prevent the normal operation even under attack or fault, the functional units with the same function in the functional unit group are at least 2 groups, so that the residual functional units are still used for subsequent adjustment and reconfiguration after the configuration is completed, and the specific number of the redundancy is not limited, and may be several, or may be dozens of hundreds of component redundancies according to the requirement of the computing equipment. Because the redundant functional units are arranged after the configuration is finished, when each processor core is attacked and broken down or other situations needing restarting, the previous processor core can be replaced by a newly generated same or similar processor core through dynamic reconfiguration, and therefore the safety performance of the safety processor is improved. In one embodiment, the processor core is any one or more of: the device comprises a control processor core, an operation processor core and a data processor core. The functions and the composition of each processor core are not particularly limited, wherein the control processor core is mainly used for controlling the progress of completing the processing tasks by other processor cores and coordinating the processed services, and the method also comprises the steps of detecting and monitoring each processor core, so that the tasks can be normally performed; the operation processor kernel mainly realizes the operation processing of processing tasks; the data processor core is mainly used for receiving data in the application program, analyzing and managing the data and the like.
In the case that there are more than 3 processor cores, which need to cooperate with each other to jointly complete the task of application processing, in an embodiment of the present invention, the reconfiguration module further includes a mode management unit, which defines the following preset modes: master-slave mode, equalization mode, or arbitration mode. Of course, the preset mode may be written into the boot memory unit by a program at the design and manufacturing stage of the secure processor, set by an administrator before the chip is used, or triggered by a tag of the application to be processed.
The functional components are configured to at least comprise a control processor core, an operation processor core and a data processor core by the reconfiguration module, and each processor core is distributed with different tasks to respectively realize system control, operation processing and data processing. The control processor core plays a role in leading and monitoring, the operation processor core mainly plays a role in logic or mathematical operation, and the data processor core is responsible for receiving data transmitted from an interface or a storage unit, analyzing and managing the data and the like. The number and types of the processor cores can be dynamically adjusted or configured according to the requirements of processing tasks. Alternatively, the first and second electrodes may be,
the functional components are configured into at least three operation processor cores by the reconfiguration module, different tasks are distributed to the operation processor cores, and the operation processor cores are used for completing the distributed tasks in a balanced manner; the above mode is mainly used for processing the situations of complex tasks or large data volume, and the type and number of the cores of the arithmetic processor are not particularly limited. Alternatively, the first and second electrodes may be,
the functional component is configured into at least three operation processor cores by the reconfiguration module, each operation processor core respectively and simultaneously completes the same processing task, and the final result of the processing task is judged according to the execution result of each processor core. For example, three arithmetic processor cores are arranged to select different algorithms to simultaneously perform a certain mathematical computation processing task, after a certain stage result is obtained, the result of which processor core is correct is judged, and then subsequent computation is performed according to the correct result. The internal logic devices of the operation processor cores in the arbitration mode can be different, the same task is realized according to different functional components, and then the result of which one or more operation processor cores is/are correct is judged according to the mode management unit, and finally the task is executed according to the correct result.
In a specific embodiment, each of the above modes may be a staged combination form for processing a certain application task, and according to the change and different stages of processing tasks, the different modes may be dynamically adjusted according to the cooperation of the mode management unit and the recombination control module, and monitoring, controlling, and feedback may also be implemented between the processor cores. The recombination mode and the working mode of each processor core can greatly improve the capability and the level of the safety processor for processing the service while ensuring the safety.
In a specific embodiment, each processor core can adopt different instruction systems according to different processing tasks, and the types of the instruction systems comprise CISC, RISC, EPIC, VLIW and the like. Different functional components and processor cores formed by the functional components have different instruction systems, and different instruction systems are dynamically allocated to the processor cores, so that the attack difficulty is further increased, and the attack deterrence is facilitated.
According to a specific embodiment, the secure processor further comprises a fixed support program, which is a software program written into the chip at the design and manufacturing stage of the secure processor, for connecting hardware and an application program, and specifically comprises a hardware interface driver module, a file management module, a secure support module, and a communication processing module. The fixed program may implement functions such as system cold start, program list and data list management, security control, program steering/measurement, core resource scheduling, connection communication, etc. For example, in the initialization phase, the fixed support program 130 may help each processor core complete the initialization task, and may also help to establish connections between components or modules in the secure processor, manage files, implement communication functions, and the like.
In one embodiment, the resource controller 110 defines the operation relationship of each processor core in the secure processor, and assigns the functional units in the functional unit group to each processor core, thereby completing the static configuration and dynamic reconfiguration of logic and instructions, and implementing personalized secure processor design, i.e., completing the coordination and directing of the operations of the entire resource on the secure processor. The resource controller further comprises modules for original injection, loading, resource self-recovery, reconfiguration, control feedback and the like, so that corresponding functions are realized.
The original injection refers to injecting a fixed support program into a storage unit in the safety processor, and the injected content comprises an initialization program, a loading program, a detection program and a monitoring program. Loading refers to a user or administrator installing or loading a program or data into the secure processor storage unit through the generic interface. The resource recovery comprises algorithm recovery, IP kernel resource recovery, interface recovery and random number component recovery; the algorithm recoverability is that when algorithm resource components in the security processor are damaged, the algorithm resource components can be recovered according to the configuration of the security strategy; the IP kernel resource can be recovered according to the configuration of the security strategy when the IP kernel resource in the security processor is damaged; the interface restorable is that when the interface component in the safety processor is damaged, the interface restorable can be restored according to the safety strategy configuration; the random number component can be recovered according to the configuration of the security strategy when the random number component in the security processor is damaged; the reconfiguration specifically comprises instruction reconfiguration, logic reconfiguration and structure reconfiguration, wherein the instruction reconfiguration is to configure an instruction set supported by the current safety processor according to an instruction configuration table and has individuation and safety characteristics; the logical reorganization is to make various combinations of the functional component resources in the safety processor and to change various connection modes to generate specific functions; the structure reorganization is to reorganize the hardware logic circuit into different circuit structures according to different application requirements, and realize different functions to adapt to different application requirements. The control feedback refers to control of each processor core and receiving feedback of each processor core during reconfiguration and execution of processing tasks.
In one embodiment, the control processor core is configured as an IP core including an initialization module, a detection component, and a monitoring component, where initialization refers to electrical initialization, specifically to static configuration of internal resources of the control processor core; detection refers to checking and testing the security processor, including logic detection, physical detection, and application detection; monitoring refers to monitoring and controlling, including alarming, marking, self-damaging, self-recovering and self-destroying. For example, by monitoring whether the static configuration file is tampered or not, operations such as alarming, marking, self-damage or self-recovery are executed; or monitoring the environment and energy states, and further executing alarm or self-destruction operation.
In one embodiment, the operation processor core mainly undertakes the operation of an application program of a chip user, and the main functional modules include initialization, operation processing and password service. The cryptographic service is mainly used for encrypting data transmitted in each processor core and the resource controller, and the difficulty of cracking the data when the data is attacked by a network is increased.
The measures of the security processor for information security according to the cryptographic service include the following aspects: 1) the confidentiality of data information is protected, the real content of the data is hidden in a ciphertext by the security processor through a password service, and the confidentiality of the data in the internal and external storage units of the chip and the confidentiality of bus communication information are ensured; 2) the integrity of data information is protected, the security processor is protected to use cryptographic service to carry out correctness and integrity authentication on the data information, the data forged by an attacker can be identified, the legality of instructions and data operated in the processor is ensured, the behavior of the processor is prevented from being analyzed by the attacker through tampering the data or the instructions, and the internal operation mechanism of the processor is known; 3) the independence of program encryption spaces is ensured, the security processor encrypts each program by using mutually independent keys, and the storage spaces are mutually independent, so that an attacker is prevented from acquiring instruction data of other program spaces by stealing the key of a certain program, and the robustness of security protection is improved. In addition, the method also comprises the following steps of protecting the information: the timeliness of the safety sensitive information is ensured, the safety information is isolated from the normal data information, the running reliability of the safety processor is ensured, the personalized service of the safety processor is realized, and the like.
In one embodiment, the data processor core is mainly responsible for data processing of the chip, including initialization, data processing components, which perform data reception, data parsing, data measurement, data management, and the like. The data measurement adopts a hash algorithm to perform hash calculation on a fixed support program, a hardware driver, system software, application software, corresponding configuration data and the like in the security processor, and the data management mainly refers to data receiving, data sending, data distribution (classified storage according to different attributes), data control, data destruction and the like.
In a specific embodiment, the system further comprises an interface component, wherein the interface component comprises a special interface and a general interface, the special interface is connected with the resource controller and is used for receiving the initial configuration of the security processor by an administrator, and the functions are forbidden after the initial configuration is used; the universal interface is connected with the functional component, is an input or output interface of information flow, and comprises a physical interface and a logical interface, such as a UART interface, an SPI interface, a USB interface, an SATA interface, an SD interface, a PCIE interface, an IDE interface, a UFS interface, a Thunderbolt interface, and the like.
Example 2
FIG. 2 is a diagram illustrating a reconfiguration method of a secure processor according to an embodiment of the present invention. The method comprises the following steps:
step S210, setting a resource controller and a plurality of functional units in a safety processor, wherein the plurality of functional units comprise a switch configuration network;
step S220, a reconfiguration module is arranged in the resource controller;
in step S230, the reconfiguration module dynamically or statically configures the functional units into at least two processor cores by controlling the switches of the switch configuration network.
According to the embodiment, the functional components in the secure processor can realize that the functional components can be efficiently recombined in real time, and the functions of the processor cores can be the same or different, so that the functions of the processor cores have bias and are mutually backed up, the design of redundancy and replaceability can improve the attack resistance, the safety and the reliability of the secure processor, and greatly improve the service processing capacity and the level of the secure processor.
In one embodiment, the functional component is any one or more of: the safety processor comprises an operation processing part, a data processing part, a storage part, a detection part, a monitoring part and a password service part, wherein the functional parts in the safety processor have redundancy after at least two processor cores are configured.
In one embodiment, the processor core is configured by using the configuration file of the reconfiguration module, and the processor core may be at least one of the following: the device comprises a control processor core, an operation processor core and a data processor core.
According to a specific embodiment, the reconfiguration module configures the functional component to include at least one control processor core, one arithmetic processor core and one data processor core, and each processor core is assigned with different tasks to respectively implement system control, arithmetic processing and data processing; alternatively, the first and second electrodes may be,
the functional components are configured into at least three operation processor cores by the reconfiguration module, different tasks are distributed to the operation processor cores, and the operation processor cores are used for completing the distributed tasks in a balanced manner; alternatively, the first and second electrodes may be,
the functional component is configured into at least three operation processor cores by the reconfiguration module, each operation processor core respectively and simultaneously completes the same processing task, and the final result of the processing task is judged according to the execution result of each processor core.
In one embodiment, the different decoders and controllers assigned to the processor cores implement different instruction architectures. The instruction system for dynamically configuring the processor cores further improves the difficulty of cracking the safety processor.
In one embodiment, according to the requirement of resource control of the secure processor, at least one module of the following is also provided at the resource controller: the system comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
In one embodiment, at least one of the following modules or components is provided in the control processor core, depending on the operational needs of the control processor core: the device comprises an initialization module, a detection component and a monitoring component.
In one embodiment, at least one of the following modules or components is provided in the arithmetic processor core: initialization module, operation processing part, password service part.
In one embodiment, at least one of the following modules or components is provided in a data processor core: initialization module, data processing part.
In one embodiment, the secure processor is further provided with an interface component, the interface component comprises a special interface and a general interface, and the special interface is used for connecting the resource controller and receiving the primary configuration of the secure processor by an administrator; and connecting the functional components by using a general interface, wherein the general interface is an input or output interface of the information flow.
The safety processor in the embodiment of the invention comprises a resource controller, a plurality of functional units and a switch configuration network thereof; the resource controller includes a reconfiguration module that can dynamically or statically configure each of the functional units into at least two processor cores. The functional components in the safety processor can realize dynamic or static reconfiguration, at least two processor cores are quickly formed, and the speed of processing services is improved; the redundant and replaceable design can improve the attack resistance, the safety and the reliability of the safety processor and greatly improve the service processing capacity and the level of the safety processor.
Example 3
This embodiment 3 provides a security processor in a master-slave mode, an equalization mode, or an arbitration mode, where the security processor includes a resource controller, a plurality of functional units, and a switch configuration network thereof; the resource controller includes a reconfiguration module that configures the functional units into at least three processor cores by controlling switches of a switch configuration network, and a mode management unit.
The safety processor can be configured in a master-slave mode, the functional components are configured to at least comprise a control processor core, an operation processor core and a data processor core by the recombination configuration module, and each processor core is distributed with different tasks to respectively realize system control, operation processing and data processing; alternatively, the first and second electrodes may be,
the safety processor can be configured in an equalizing mode, the functional component is configured into at least three operation processor cores by the recombination configuration module, different tasks are distributed to the operation processor cores, and the distributed tasks are finished by the operation processor cores in an equalizing mode; alternatively, the first and second electrodes may be,
the safety processor can be configured in an arbitration mode, the functional component is configured into at least three operation processor cores by the recombination configuration module, each operation processor core respectively and simultaneously completes the same processing task, and the final result of the processing task is judged according to the execution result of each processor core.
The number of the processor cores in each mode can be multiple, the types of the processor cores can be different or the same according to requirements, and the dynamic adjustment is carried out among the modes according to the characteristics of processing tasks.
When a certain application program task is processed according to the mode, the loading module of the resource controller receives the program and data of the application program, installs or loads the program and data into the storage system through the universal interface, completes the task allocation work, and then, in the application program task processing process, the corresponding program and data are automatically loaded by each processor core.
The functional components in the safety processor are configured into different modes, so that the service processing capacity and level of the safety processor can be greatly improved, different processor cores can be realized through dynamic configuration, the functions of the processor cores are heavier and mutually support, and the design of redundancy and replaceability can improve the attack resistance, safety and reliability of the safety processor.
According to a particular embodiment, the functional component is any one or more of the following: the safety processor comprises an operation processing unit, a data processing unit, a storage unit, a detection unit, a monitoring unit, a password service unit, a logic operation unit, an instruction decoder, a counter, a register unit, a clock unit and a bus unit, wherein functional units in the safety processor have redundancy after at least two processor cores are configured.
In a specific embodiment, the reconfiguration module includes a configuration file therein, and the processor core is at least one of: the device comprises a control processor core, an operation processor core and a data processor core.
In one embodiment, the processor cores employ different instruction architectures.
In one embodiment, the resource controller further comprises at least one of: the system comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
In one embodiment, the control processor core includes at least one of the following modules or components: the device comprises an initialization module, a detection component and a monitoring component.
In one embodiment, the arithmetic processor core includes at least one of the following modules or components: initialization module, operation processing part, password service part.
In one embodiment, the data processor core includes at least one module or component of: initialization module, data processing part.
Of course, each processor core is not limited to a particular module or component, and may be dynamically adjusted as desired.
According to a specific embodiment, the secure processor further comprises a fixed support program, the fixed support program specifically comprising at least one of the following modules: the device comprises a hardware interface driving module, a file management module, a safety supporting module and a communication processing module.
In one embodiment, the system further comprises an interface component, wherein the interface component comprises a special interface and a general interface, and the special interface is connected with the resource controller and is used for receiving the primary configuration of the security processor by an administrator; the general interface is connected with the functional component group and is an input or output interface of information flow.
Fig. 3 shows a schematic block diagram of a secure processor according to another embodiment of the present invention. The workflow of the secure processor in the master-slave mode is described in detail in this embodiment. Firstly, according to the dynamic indication of the processing task or the predetermined rule, the resource controller 110 controls the functional unit group 120 to realize resource allocation, the hardware resource in the processor is allocated to a plurality of processor cores, and the functional unit group 120 feeds back the recombination result to the resource controller 110; according to FIG. 2, each functional unit in the functional unit group 120 is statically or dynamically allocated to three processor cores (121,122,123) by a resource controller for use, and the three processor cores (121,122,123) are successfully allocated and the feedback result is verified; the control processor core 121 may monitor and control the arithmetic processor core 122 and the data processor core 123, and the arithmetic processor core 122 and the data processor core 123 perform result feedback on the control processor core 121; the arithmetic processor core 122 may also monitor and control the data processor core 123, and the data processor core 123 may perform result feedback on the arithmetic processor core. After the processing task of the application program arrives, a control instruction set of the task is obtained through a decoder, and then the control instruction set is distributed to the corresponding processor core for processing according to the characteristics of the instruction set and a preset mode by the resource controller 110, wherein the control processor is mainly responsible for monitoring and detecting tasks, the operation processor core is mainly responsible for operating the processing task, and the data processor core is mainly responsible for processing data, and a processing result is obtained through division of work and cooperation. For example, the reconfiguration process may include a macro processing process, where the instruction set is macro processed through a reconfiguration rule stored in a reconfiguration module in the resource controller 110 to obtain a macro control instruction including a plurality of control instructions, and the macro control instruction is distributed to a corresponding processor core, so as to implement execution of the macro control instruction.
In summary, the present invention provides a secure processor, which includes a resource controller, a plurality of functional units and a switch configuration network thereof; the resource controller includes a reconfiguration module that can dynamically or statically configure each of the functional units into at least two processor cores. The functional components in the safety processor can realize dynamic or static reconfiguration, at least two processor cores are quickly formed, and the speed of processing services is improved; because there are redundant functional units after the configuration is completed, when each processor core is attacked and paralyzed or needs to be restarted, it can be recombined and configured to form a new processor core with the same function, and the functions of the processor cores have bias and are mutually backed up, the redundancy and substitutable design can improve the attack resistance, safety and reliability of the safety processor, and greatly improve the service processing capability and level of the safety processor.
It should be noted that:
in the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (10)

1. A security processor, comprising a resource controller and a plurality of functional units and a switch configuration network thereof; the resource controller includes a reconfiguration module that can dynamically or statically configure the functional components to form at least two processor cores through control of switches of a switch configuration network.
2. The secure processor of claim 1, wherein the functional components include any one or more of: the safety processor comprises an operation processing unit, a data processing unit, a storage unit, a detection unit, a monitoring unit, a password service unit, a logic operation unit, an instruction decoder, a counter, a register unit, a clock unit and a bus unit, wherein functional units in the safety processor are redundant after at least two processor cores are configured.
3. The secure processor of claim 1, wherein a configuration file is disposed in the reconfiguration module, and the processor core may be at least one of: the device comprises a control processor core, an operation processor core and a data processor core.
4. The secure processor of any one of claims 1-3,
the at least two processor cores at least comprise a control processor core, an operation processor core and a data processor core; alternatively, the first and second electrodes may be,
the at least two processor cores are at least three arithmetic processor cores, and each arithmetic processor core is configured to be allocated with different tasks, so that each arithmetic processor core can equally complete the allocated tasks; alternatively, the first and second electrodes may be,
the at least two processor cores are at least three arithmetic processor cores, and each arithmetic processor core is configured to execute the same processing task at the same time, so that the final result of the processing task can be determined according to the execution result of each arithmetic processor core.
5. The secure processor of claim 1, wherein each processor core employs the same or different instruction architectures.
6. The secure processor of claim 1, wherein the resource controller further comprises at least one of: the system comprises an original injection module, a loading module, a resource self-recovery module and a control feedback module.
7. The secure processor of claim 3, wherein the control processor core comprises at least one of: the device comprises an initialization module, a detection component and a monitoring component.
8. The secure processor of claim 3, wherein the arithmetic processor core comprises at least one of: initialization module, operation processing part, password service part.
9. The secure processor of claim 3, wherein the data processor core comprises at least one of: initialization module, data processing part.
10. The secure processor of claim 1, further comprising an interface component, the interface component comprising a dedicated interface and a generic interface, the dedicated interface coupled to the resource controller for receiving a primary configuration of the secure processor by an administrator; the general interface is connected with the functional component and is an input or output interface of information flow.
CN201910711733.9A 2019-08-02 2019-08-02 Safety processor Active CN110659507B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910711733.9A CN110659507B (en) 2019-08-02 2019-08-02 Safety processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910711733.9A CN110659507B (en) 2019-08-02 2019-08-02 Safety processor

Publications (2)

Publication Number Publication Date
CN110659507A true CN110659507A (en) 2020-01-07
CN110659507B CN110659507B (en) 2023-02-21

Family

ID=69036951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910711733.9A Active CN110659507B (en) 2019-08-02 2019-08-02 Safety processor

Country Status (1)

Country Link
CN (1) CN110659507B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101996154A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 General processor supporting reconfigurable safety design
CN101996155A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 Processor supporting a plurality of command systems
CN105512088A (en) * 2015-11-27 2016-04-20 中国电子科技集团公司第三十八研究所 Processor architecture capable of being reconstructed and reconstruction method thereof
CN107358126A (en) * 2017-06-14 2017-11-17 北京天宏绎网络技术有限公司 A kind of processor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101996154A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 General processor supporting reconfigurable safety design
CN101996155A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 Processor supporting a plurality of command systems
CN105512088A (en) * 2015-11-27 2016-04-20 中国电子科技集团公司第三十八研究所 Processor architecture capable of being reconstructed and reconstruction method thereof
CN107358126A (en) * 2017-06-14 2017-11-17 北京天宏绎网络技术有限公司 A kind of processor

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
中国国家标准化管理委员会: "信息安全技术安全处理器技术规范", 《HTTPS://WWW.TC260.ORG.CN/FRONT/BZZQYJDETAIL.HTML?ID=201906251759324536&NORM_ID=20140414100927&RECODE_ID=34883》 *

Also Published As

Publication number Publication date
CN110659507B (en) 2023-02-21

Similar Documents

Publication Publication Date Title
EP3486824B1 (en) Determine malware using firmware
CN109840430B (en) Safety processing unit of PLC and bus arbitration method thereof
CN102763112B (en) From safety and the verification process equipment of external management
CN100447736C (en) Firmware interface runtime environment protection field
CN110334512B (en) Static measurement method and device of trusted computing platform based on dual-system architecture
US20240104213A1 (en) Securing node groups
CN103518359A (en) Method, device and network for achieving attack resistance of cloud computing
CN106936768B (en) White list network control system and method based on trusted chip
WO2015094160A1 (en) Firmware authentication
KR20210022915A (en) Hardware security module for verifying execution code, device having the same, and operating method thereof
CN110851188A (en) Domestic PLC trusted chain implementation device and method based on binary architecture
CN114116305A (en) BIOS firmware recovery method, system, terminal and storage medium based on PFR
CN109446847B (en) Configuration method of dual-system peripheral resources, terminal equipment and storage medium
CN110659507B (en) Safety processor
CN110597754B (en) Master-slave type safety processor
CN110597755B (en) Recombination configuration method of safety processor
CN110659073B (en) Arbitration type safety processor
CN110659079B (en) Balanced type safety processor
CN108694322B (en) Method for initializing a computerized system and computerized system
US20170178105A1 (en) Basic input/output system (bios) credential management
US11651089B2 (en) Terminating distributed trusted execution environment via self-isolation
CN115237673A (en) Data processing method and device, electronic equipment and storage medium
CN111353150B (en) Trusted boot method, trusted boot device, electronic equipment and readable storage medium
CN116208353A (en) Method, device, network card, chip system and server for verifying firmware
CN111131198B (en) Updating method and device for network security policy configuration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant