CN110851885B - Safety protection architecture system of embedded system - Google Patents

Safety protection architecture system of embedded system Download PDF

Info

Publication number
CN110851885B
CN110851885B CN201911084762.3A CN201911084762A CN110851885B CN 110851885 B CN110851885 B CN 110851885B CN 201911084762 A CN201911084762 A CN 201911084762A CN 110851885 B CN110851885 B CN 110851885B
Authority
CN
China
Prior art keywords
module
algorithm
security
trusted
architecture
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911084762.3A
Other languages
Chinese (zh)
Other versions
CN110851885A (en
Inventor
蒋欣欣
王颖
张杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201911084762.3A priority Critical patent/CN110851885B/en
Publication of CN110851885A publication Critical patent/CN110851885A/en
Application granted granted Critical
Publication of CN110851885B publication Critical patent/CN110851885B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an embedded system safety protection architecture system, which comprises: flash safe storage chip, RTC chip, SRAM and FPGA; the FPGA chip integrates a communication module, a PCIe IP interface, an embedded CPU and an algorithm module; the algorithm module provides three types of algorithm IP cores of SM2, SM3 and SM4 and is used for providing signature, signature verification, symmetric algorithm, hash operation and symmetric encryption and decryption password operation; PCIe IP interface, provide PCIe fast channel to the outside; the communication module comprises a management channel and an algorithm channel, wherein the management channel is used for realizing transmission management of the data packet in the signal channel; the algorithm channel distributes mutually independent logic resources and a cache area for the algorithm supported in the algorithm module in the FPGA so as to realize parallel execution of the algorithm.

Description

Safety protection architecture system of embedded system
Technical Field
The invention relates to the technical field of embedded systems, in particular to a safety protection architecture system for an embedded system.
Background
With the wide application of embedded systems in security important fields such as military, industry, aerospace and the like, more and more of the embedded systems are illegally invaded and destroyed, and the problems of important information data are stolen and the like have caused huge economic loss and even threaten national security. For system hardware, the security problems of hardware Trojan horse, side channel attack, hardware reverse engineering and the like exist; for system software, security problems such as code integrity attacks, application software attacks, private data theft attacks and the like exist. Therefore, how to secure the embedded system becomes a concern.
The importance of safety is currently known, and certain measures are taken for protection. For example, intel, microsoft, IBM and other leaders establish "trusted computing platform alliance (TCPA, trusted Computing Platform Alliance)", a general terminal hardware platform is constructed by adopting a "trusted computing" technology, and meanwhile, a trusted platform module TPM (Trusted Platform Module) is designed as a trust root of the whole computing platform, so as to achieve the purpose of enhancing the security of a computer. In terms of software, the concepts and technologies of a secure operating system, a multi-level security (MLS, multilevel Security), a security system model (BLP, bell & LaPadula) and the like provide effective methods and means for protecting system software.
Currently, most of researches on system safety focus on preventing damage caused by hardware failure and software errors, namely, paying attention to realizing the safety of the system. With networking and intellectualization of embedded systems, security intrusion and network attack become new attack forms, which threatens normal operation of the system. Therefore, protecting critical functions of the system and data from unauthorized access, use, tampering and leakage, as a premise for realizing the security, becomes a key issue for the design of the security protection architecture of the embedded system.
Disclosure of Invention
The invention discloses an embedded system safety protection architecture system which is used for solving the problems in the prior art.
The invention relates to an embedded system safety protection architecture system, which comprises: flash safe storage chip, RTC chip, SRAM and FPGA; the FPGA chip integrates a communication module, a PCIe IP interface, an embedded CPU and an algorithm module; the algorithm module provides three types of algorithm IP cores of SM2, SM3 and SM4 and is used for providing signature, signature verification, symmetric algorithm, hash operation and symmetric encryption and decryption password operation; PCIe IP interface, provide PCIe fast channel to the outside; the communication module comprises a management channel and an algorithm channel, wherein the management channel is used for realizing transmission management of the data packet in the signal channel; the algorithm channel distributes mutually independent logic resources and a cache area for the algorithm supported in the algorithm module in the FPGA so as to realize parallel execution of the algorithm.
An embodiment of the embedded system security architecture system according to the present invention further includes: a real time clock chip for providing a clock signal for system applications.
According to an embodiment of the embedded system security architecture system of the present invention, communication between the FPGA chip and the real-time clock chip is performed by using an I2C bus, and by extending GPIO pins of the FPGA chip.
According to one embodiment of the embedded system security protection architecture system, the Flash security storage chip comprises two types of chips, namely Norflash and Nandflash.
An embodiment of the embedded system security architecture system according to the present invention further includes: and the FPGA interface conversion component is used for fast communication between the safety control module and the main processor board.
According to an embodiment of the embedded system security architecture system of the present invention, the FPGA interface conversion unit uses PCI-E Hard IP to verify the sequential logic control during high-speed data exchange.
An embodiment of the embedded system security architecture system according to the present invention further includes: the trusted guide layer comprises a TCM module device driver, an identity authentication module, a key software and hardware measurement module and a reference value management module; the TCM module equipment driver is a component which communicates and interacts with the high-performance embedded security control module and other trusted service modules in the bootstrap program, and performs the functions of bottom bus access, trusted message protocol analysis processing and trusted computing service; the identity authentication module provides identity authentication based on a password, and verifies the user information by acquiring information of a login user and calling a user identity authentication interface of the TCM module; the key software and hardware measurement module comprises two parts, namely hardware integrity measurement and software integrity measurement; the reference value management module is a functional module for managing and configuring the reference value by a system administrator, and the collection, storage, updating and management of the reference value are carried out by calling a functional service interface provided by the TCM module driver.
According to an embodiment of the embedded system security architecture system of the present invention, the hardware measurement range includes a measurement hard disk serial number, a network card MAC address, a PCI device model, a peripheral expansion ROM execution code, etc., and the software integrity measurement content includes an operating system kernel, a TCM driver module, and a core file of a trusted access control module.
An embodiment of the embedded system security architecture system according to the present invention further includes: the system management partition is used for performing management operation on the life cycle and the safety health of the client partition; device service partition for providing specialized device services and uniform device deployment.
According to an embodiment of the embedded system security architecture system of the present invention, three types of algorithms, namely, asymmetric, symmetric, hash, etc., are respectively allocated in the FPGA to support parallel execution, so as to implement mutual independence of the algorithm and the algorithm channel.
Under the development trend of networking and intellectualization of an embedded system, aiming at the defects of the existing safety protection measures, an embedded system is taken as a research object, and an embedded system safety protection architecture system is designed. Based on the safety theory research of the embedded system, a complete embedded system safety protection architecture system is formed from a bottom safety protection hardware layer, a trusted guide layer, a safety operation system layer and an application layer, and method guide and technical support are provided for ensuring the safe operation of the system.
The trusted computing organization pays attention to the security characteristic during the computation, and proposes the idea of ensuring the computer security by taking the security chip TPM (Trusted Platform Module) as hardware security. China has developed TPM with independent intellectual property rights and expanded its functions to be called TCM. The TCM itself provides non-volatile storage, SHA-1 engine, key generator, random number generator, etc. The high performance security control module is designed to follow the TCM standard to ensure the security of the system hardware.
Drawings
FIG. 1 is a main flow chart of the method for constructing the embedded system security protection architecture system of the present invention;
FIG. 2 is a block diagram of a high performance security control module;
FIG. 3 is a diagram of a multiple class algorithm independent architecture.
Detailed Description
For the purposes of clarity, content, and advantages of the present invention, a detailed description of the embodiments of the present invention will be described in detail below with reference to the drawings and examples.
Fig. 1 is a main flow chart of a method for constructing an embedded system security protection architecture system of the present invention, fig. 2 is a structural diagram of a high performance security control module, and as shown in fig. 1 and fig. 2, the embedded system security protection architecture system provided by the present invention includes: flash safe storage chip, RTC chip, SRAM, and FPGA.
As shown in fig. 2, the FPGA chip integrates a communication module, a PCIe IP interface, an embedded CPU, and an algorithm module. The algorithm module provides three types of algorithm IP cores of SM2, SM3 and SM4 and is used for providing signature, signature verification, symmetric algorithm, hash operation and symmetric encryption and decryption password operation. And integrating PCIe IP cores to provide PCIe fast channels. The communication module includes a management channel and an algorithm channel. The management channel is used for realizing transmission management of the data packet in the signal channel; the algorithm channel distributes mutually independent logic resources and cache areas for different algorithms supported in the algorithm module in the FPGA so as to realize parallel execution of the algorithms. The embedded CPU is a core component of system operation and is a performance embodiment of the embedded system.
As shown in fig. 2, a soft core environment MicroBlaze is built to provide a platform environment for software operation; and trusted software is operated in the soft core to realize the access authentication, password resource management, integrity measurement, data encryption and decryption, safe storage of data, safe audit and other trusted services of the platform.
As shown in fig. 2, a real time clock chip (RTC chip) provides clock signals (year, month, day, time, minutes, seconds) for system applications. The method is characterized in that the FPGA chip interface expansion requirement is considered, and a clock chip in a serial communication mode is adopted for design. The communication between the FPGA chip and the real-time clock chip is realized by using an I2C bus mode and extending GPIO pins of the FPGA chip.
As shown in FIG. 2, the Flash security storage module is connected with the FPGA to realize the nonvolatile storage requirement. The Flash device comprises two types of Norflash and Nandflash, and specifically adopts Norflash to store an FPGA configuration file and a software start code.
As shown in fig. 2, in order to increase the running speed of the software in the FPGA, DDR memory particles are added outside the chip, and are used as an extended memory space for running the program.
As shown in FIG. 2, the main function of the FPGA interface conversion component is to provide PCIe lanes for fast communication between the security control module and the host processor board, with PCI-E Hard IP verification for sequential logic control during high speed data exchanges. Based on the design of the IP core, the object-oriented layer interface circuit can be flexibly designed according to the requirement, supports PCIe Gen 1×1, 2 and 4, has low power consumption and low integrated cost, and the highest PCIe communication rate can reach 2.5Gbps. The design is convenient for accessing specific functions, such as internal bus connection, DMA transmission realization and the like, is convenient for reuse of product development design, and is favorable for greatly improving product performance.
FIG. 3 is a diagram of a multiple-class algorithm independent architecture, as shown in FIGS. 1-3, where constructing a trusted boot layer includes:
the trusted boot layer provides driving support for various trusted calculations and trusted storages of the trusted boot program and mainly comprises a TCM module device driver, an identity authentication module, a key software and hardware measurement module, a reference value management module and the like.
(1) The TCM module equipment driver is a component which communicates and interacts with the high-performance embedded security control module and other trusted service modules in the bootstrap program, and performs a plurality of operations such as bottom bus access, trusted message protocol analysis processing, trusted computing service function encapsulation and the like.
(2) The identity authentication module provides identity authentication based on password, and the identity security of the login user is ensured by acquiring the information of the login user and calling a user identity authentication interface of the TCM module to verify the user information.
(3) The key software and hardware measurement module is a core module of the trusted bootstrap program and comprises two parts of hardware integrity measurement and software integrity measurement. The hardware measurement range comprises a measurement hard disk serial number, a network card MAC address, a PCI device model, a peripheral extension ROM execution code and the like, and the software integrity measurement content comprises core files such as an operating system kernel, a TCM driving module, a trusted access control module and the like.
(4) The reference value management module is a functional module for managing and configuring the reference value by a system administrator, and the collection, storage, updating and management of the reference value are carried out by calling a functional service interface provided by the TCM module driver.
The embedded system safety protection software platform comprises:
an embedded system security protection software platform is designed based on the idea of multiple independent security level (Multiple Independent Levels of Security, MILS) architecture.
(1) Trusted separation kernel
The trusted separation kernel is used as the basis of the MILS architecture, and has the basic functions of time and space isolation, provides multi-level security information isolation for an upper layer system, and establishes mutually isolated independent running environments for a plurality of tasks with different security levels on a processor.
The platform adopts an embedded virtualization technology to provide isolated execution and storage environments for applications and data with different security levels; adopting a BLP security model to carry out secure data communication management between client systems; the security of the trusted separation kernel is ensured by adopting a lightweight forced access control technology; establishing a comprehensive real-time scheduling mechanism design to ensure the real-time performance of the strong real-time task; and establishing a multi-level audit mechanism.
(2) Partitioned operating environment
The multiple separate execution environments provided by the framework, referred to as "partitions," are divided into different levels of security: core (TS), importance (S), general (C) and no (U) 4 levels are involved. Applications, middleware, and other software of different security levels run in the sequestered partition in user mode.
Each partition is assigned with a different security level according to the security level of the application, and each separate area can independently install and run applications with different security levels and operating systems thereof, which are called "clients". In the MILS architecture, multiple embedded OSs may run as "guest" OSs on top of a trusted separate kernel, and each "guest" OS runs in a separate execution environment, unaffected by other partitions.
On the basis of a trusted separation kernel, establishing a system management partition to manage the life cycle and the safety and health of a client partition; meanwhile, establishing a device service partition to provide special device service and uniform device deployment; in addition, a resource hierarchical management technology is provided for the safety critical tasks and the real-time critical tasks, and the safety/real-time performance of the high-safety/real-time critical tasks is ensured.
The security control module is represented as an exclusive device, and all access requests to the device are serialized at the device driver layer or higher, and only the service opportunities can be obtained according to a priority call policy or a first-come-first-serve policy. This approach will directly result in slow system start-up and slow application execution. The influence on the performance of the whole machine is very large, and the real-time requirement of an embedded system cannot be met. Aiming at the problem, the invention researches high-performance password service, and designs a multi-channel high-speed security control module based on FPGA, wherein various algorithms are mutually independent, management channels and algorithm channels are mutually independent, and various algorithm channels are mutually independent, from the design of the overall architecture of the module, as shown in figure 2. Wherein, three kinds of algorithms, namely, asymmetric, symmetric, hash and the like, are respectively allocated with logic resources and a cache region which are mutually independent to support parallel execution, so that the mutually independent algorithms and algorithm channels are realized, as shown in fig. 3 (corresponding to the red frame part in fig. 2). Because the asymmetric encryption algorithm occupies very much resources and consumes much CPU, the algorithm needs the FPGA to provide a soft core CPU and a storage RAM for the algorithm, and other algorithms can interact with the bus directly through the algorithm channel based on the strategy of FIFO (first-in-first-out service); under the mechanism, the three types of algorithms are provided with independent data buffers and processing engines, so that the problems of shared resources and competing resources do not exist, and the simultaneous processing of the upper layer application on the three types of password services can be accepted. The FPGA-based multichannel security control module independent parallel mechanism design can provide parallel execution capability for upper-layer password service requests, greatly improve the password operation processing capability of the module, reduce the influence of password operation on the performance of the whole machine, provide hardware-level security guarantee measures for an embedded system, minimize the influence of the embedded system on real-time performance, and meet the simultaneous requirements of users on security and real-time performance.
Aiming at the hardware protection of the embedded system, the invention designs a high-performance security control module based on the FPGA, and provides services such as trusted storage, measurement and the like for the security operation of a hardware platform. The mainstream cipher chip in the current market has the characteristics of fixed algorithm, fixed external communication interface and the like, and lacks flexibility and universality. Therefore, the high-performance security control module based on the FPGA is designed, the algorithm module and the communication module are integrated, so that flexible configuration and dynamic clipping of a cryptographic chip algorithm are supported, flexible configuration of an external communication interface is supported, and universal adaptability of the security control module is improved.
The invention designs a construction method of an embedded system safety protection architecture system. Firstly, establishing a theoretical foundation for system safety design through embedded system safety theory research; secondly, a security control hardware module based on FPGA, a trusted guide layer and a system security protection software platform based on MILS architecture are designed, and a complete set of embedded system security protection architecture system from theory to implementation and from bottom hardware to upper software is realized. The invention can effectively improve the safety protection capability of the embedded system and the safety of the system operation. The invention is simple and effective in realization and meets the application requirement.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.

Claims (10)

1. An embedded system security architecture comprising: flash safe storage chip, RTC chip, SRAM and FPGA;
the FPGA chip integrates a communication module, a PCIe IP interface, an embedded CPU and an algorithm module; the algorithm module provides three types of algorithm IP cores of SM2, SM3 and SM4 and is used for providing signature, signature verification, symmetric algorithm, hash operation and symmetric encryption and decryption password operation; PCIe IP interface, provide PCIe fast channel to the outside; the communication module comprises a management channel and an algorithm channel, wherein the management channel is used for realizing transmission management of the data packet in the signal channel; the algorithm channel distributes mutually independent logic resources and a cache area for the algorithm supported in the algorithm module in the FPGA so as to realize parallel execution of the algorithm;
the architecture further includes: based on the thought of multiple independent security level MILS architecture, designing an embedded system security protection software platform;
the trusted separation kernel is used as a basis of an MILS architecture, provides multistage security information isolation for an upper layer system, and establishes mutually isolated independent running environments for a plurality of tasks with different security levels on a processor;
the platform adopts an embedded virtualization technology to provide isolated execution and storage environments for applications and data with different security levels; adopting a BLP security model to carry out secure data communication management between client systems; the security of the trusted separation kernel is ensured by adopting a lightweight forced access control technology; establishing a comprehensive real-time scheduling mechanism design to ensure the real-time performance of the strong real-time task; establishing a multi-level audit mechanism;
the architecture provides a plurality of separate execution environments, called "partitions", which are separated into different security levels: core TS, important S, general C and not involving U4 levels; applications, middleware, and other software of different security levels run in isolated partitions in user mode;
different security levels are assigned to each partition according to the security level of the application, and each separated area is independently provided with and runs the application with different security levels and an operating system thereof, which are called as clients; in the MILS architecture, multiple embedded OSs run as "guest" OSs on top of a trusted separate kernel, and each "guest" OS runs in a separate execution environment, unaffected by other partitions;
on the basis of a trusted separation kernel, establishing a system management partition to manage the life cycle and the safety and health of a client partition; meanwhile, establishing a device service partition to provide special device service and uniform device deployment; in addition, a resource hierarchical management technology is provided for the safety critical tasks and the real-time critical tasks, and the safety/real-time performance of the high-safety/real-time critical tasks is ensured.
2. The embedded system security architecture system of claim 1, further comprising: a real time clock chip for providing a clock signal for system applications.
3. The embedded system security architecture system of claim 2, wherein the communication between the FPGA chip and the real-time clock chip is implemented by using I2C bus, and by extending GPIO pins of the FPGA chip.
4. The embedded system security architecture system of claim 1, wherein the Flash security memory chip comprises two types of chips, norFlash and NandFlash.
5. The embedded system security architecture system of claim 1, further comprising: and the FPGA interface conversion component is used for fast communication between the safety control module and the main processor board.
6. The embedded system security architecture of claim 5, wherein the FPGA interface conversion component employs sequential logic control during PCI-E Hard IP verification for high speed data exchange.
7. The embedded system security architecture system of claim 1, further comprising: the trusted guide layer comprises a TCM module device driver, an identity authentication module, a key software and hardware measurement module and a reference value management module;
the TCM module equipment driver is a component which communicates and interacts with the high-performance embedded security control module and other trusted service modules in the bootstrap program, and performs the functions of bottom bus access, trusted message protocol analysis processing and trusted computing service;
the identity authentication module provides identity authentication based on a password, and verifies the user information by acquiring information of a login user and calling a user identity authentication interface of the TCM module;
the key software and hardware measurement module comprises two parts, namely hardware integrity measurement and software integrity measurement;
the reference value management module is a functional module for managing and configuring the reference value by a system administrator, and the collection, storage, updating and management of the reference value are carried out by calling a functional service interface provided by the TCM module driver.
8. The embedded system security architecture of claim 7, wherein the hardware metrics include a metrics hard disk serial number, network card MAC address, PCI device model, peripheral expansion ROM execution code, and the software integrity metrics include a kernel file of the operating system kernel, TCM driver module, and trusted access control module.
9. The embedded system security architecture system of claim 7, further comprising: the trusted separation kernel provides multistage safety information grid force for the upper layer system, establishes independent running environments of mutual grid force for a plurality of tasks of a plurality of safety levels of the processor, and is used for managing and operating the life cycle and safety health of the client partition by the system management partition; device service partition for providing specialized device services and uniform device deployment.
10. The architecture of claim 7, wherein three types of algorithms, namely asymmetric, symmetric, hash, and the like, are respectively allocated with mutually independent logic resources and caches to support parallel execution, thereby realizing mutually independent algorithm and algorithm channels.
CN201911084762.3A 2019-11-08 2019-11-08 Safety protection architecture system of embedded system Active CN110851885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911084762.3A CN110851885B (en) 2019-11-08 2019-11-08 Safety protection architecture system of embedded system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911084762.3A CN110851885B (en) 2019-11-08 2019-11-08 Safety protection architecture system of embedded system

Publications (2)

Publication Number Publication Date
CN110851885A CN110851885A (en) 2020-02-28
CN110851885B true CN110851885B (en) 2023-09-26

Family

ID=69598696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911084762.3A Active CN110851885B (en) 2019-11-08 2019-11-08 Safety protection architecture system of embedded system

Country Status (1)

Country Link
CN (1) CN110851885B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111783165B (en) * 2020-06-29 2022-09-20 中国人民解放军战略支援部队信息工程大学 Safe and trusted system chip architecture based on hardware isolation calling mode
CN112711752A (en) * 2020-12-31 2021-04-27 上海磐御网络科技有限公司 Embedded equipment safety system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102819706A (en) * 2012-07-26 2012-12-12 重庆大学 Device and method for implementing credible embedded system on existing embedded equipment
WO2015149663A1 (en) * 2014-04-03 2015-10-08 国家电网公司 System and method for trapping network attack on embedded device in smart power grid
CN106933764A (en) * 2017-03-31 2017-07-07 山东超越数控电子有限公司 A kind of credible password module and its method of work based on domestic TCM chips

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102819706A (en) * 2012-07-26 2012-12-12 重庆大学 Device and method for implementing credible embedded system on existing embedded equipment
WO2015149663A1 (en) * 2014-04-03 2015-10-08 国家电网公司 System and method for trapping network attack on embedded device in smart power grid
CN106933764A (en) * 2017-03-31 2017-07-07 山东超越数控电子有限公司 A kind of credible password module and its method of work based on domestic TCM chips

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陶徐咏.基于PCIExpress的可信计算平台的硬件研究与设计.《中国优秀硕士学位论文全文数据库信息科技辑》.2010,第I 、5-55页. *

Also Published As

Publication number Publication date
CN110851885A (en) 2020-02-28

Similar Documents

Publication Publication Date Title
US20220091998A1 (en) Technologies for secure device configuration and management
US10169574B2 (en) Using trusted execution environments for security of code and data
US10171432B2 (en) Systems to implement security in computer systems
CN111158906B (en) Active immunity credible cloud system
US9898624B2 (en) Multi-core processor based key protection method and system
WO2009051471A2 (en) Trusted computer platform method and system without trust credential
WO2016107394A1 (en) Depth proof method of virtual machine, computing device and computer system
US11575672B2 (en) Secure accelerator device pairing for trusted accelerator-to-accelerator communication
CN110851885B (en) Safety protection architecture system of embedded system
EP3923535B1 (en) Method for data protection in a data processing cluster with policy-based partition
US9537738B2 (en) Reporting platform information using a secure agent
Yu et al. A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority
Real et al. Dynamic spatially isolated secure zones for NoC-based many-core accelerators
Xu et al. Virtualization of the encryption card for trust access in cloud computing
Yu et al. A cloud certificate authority architecture for virtual machines with trusted platform module
Cheng et al. A trusted cloud service platform architecture
US11025594B2 (en) Secret information distribution method and device
Real et al. Application deployment strategies for spatial isolation on many-core accelerators
Hong et al. A dual‐system trusted computing node construction method based on ARM multi‐core CPU architecture
Chu et al. Secure cryptography infrastructures in the cloud
Zhou et al. SmartNIC Security Isolation in the Cloud with S-NIC
Nolte et al. A Secure Workflow for Shared HPC Systems
Hao et al. Research on virtualization security technology in cloud computing environment
Jia et al. A Secure Virtual Machine Allocation Strategy Against Co-Resident Attacks
Ince et al. Token-based authentication and access delegation for HW-accelerated telco cloud solution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant