CN110998575B - 在支持受保护执行环境的处理器上执行可信应用的方法和设备 - Google Patents
在支持受保护执行环境的处理器上执行可信应用的方法和设备 Download PDFInfo
- Publication number
- CN110998575B CN110998575B CN201980003435.2A CN201980003435A CN110998575B CN 110998575 B CN110998575 B CN 110998575B CN 201980003435 A CN201980003435 A CN 201980003435A CN 110998575 B CN110998575 B CN 110998575B
- Authority
- CN
- China
- Prior art keywords
- processing unit
- logical processing
- enclave
- application
- exit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 113
- 238000012545 processing Methods 0.000 claims abstract description 476
- 230000004044 response Effects 0.000 claims description 8
- 230000001960 triggered effect Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 239000000872 buffer Substances 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010926 purge Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 238000013175 transesophageal echocardiography Methods 0.000 description 1
- 238000011282 treatment Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
- G06F9/30029—Logical and Boolean instructions, e.g. XOR, NOT
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (21)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/083466 WO2019120335A2 (en) | 2019-04-19 | 2019-04-19 | Methods and devices for executing trusted applications on processor with support for protected execution environments |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110998575A CN110998575A (zh) | 2020-04-10 |
CN110998575B true CN110998575B (zh) | 2024-04-16 |
Family
ID=66994186
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201980003435.2A Active CN110998575B (zh) | 2019-04-19 | 2019-04-19 | 在支持受保护执行环境的处理器上执行可信应用的方法和设备 |
Country Status (7)
Country | Link |
---|---|
US (2) | US10733285B1 (zh) |
EP (2) | EP3872662B1 (zh) |
CN (1) | CN110998575B (zh) |
ES (1) | ES2870823T3 (zh) |
PL (1) | PL3646216T3 (zh) |
SG (1) | SG11202000825YA (zh) |
WO (1) | WO2019120335A2 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111753311B (zh) * | 2020-08-28 | 2020-12-15 | 支付宝(杭州)信息技术有限公司 | 超线程场景下安全进入可信执行环境的方法及装置 |
CN112231652B (zh) * | 2020-10-28 | 2022-02-22 | 百度在线网络技术(北京)有限公司 | 可信环境远程验证方法、装置、设备、系统及介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102473224A (zh) * | 2009-12-22 | 2012-05-23 | 英特尔公司 | 提供安全应用执行的方法和装置 |
CN104484284A (zh) * | 2013-03-31 | 2015-04-01 | 英特尔公司 | 用于为安全飞地页面高速缓存提供高级分页能力的指令和逻辑 |
WO2017082966A1 (en) * | 2015-11-09 | 2017-05-18 | Intel IP Corporation | Integrated universal integrated circuit card on mobile computing environments |
CN106796638A (zh) * | 2014-09-25 | 2017-05-31 | 迈克菲股份有限公司 | 使用飞地认证进行数据验证 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7890771B2 (en) * | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
US8595510B2 (en) * | 2011-06-22 | 2013-11-26 | Media Patents, S.L. | Methods, apparatus and systems to improve security in computer systems |
US9747102B2 (en) * | 2012-12-28 | 2017-08-29 | Intel Corporation | Memory management in secure enclaves |
US9892284B2 (en) * | 2013-03-11 | 2018-02-13 | Lantiq Beteiligungs-GmbH & Co. KG | Trusted execution thread in an embedded multithreaded system |
US10121144B2 (en) * | 2013-11-04 | 2018-11-06 | Apple Inc. | Using biometric authentication for NFC-based payments |
US9749323B2 (en) * | 2015-03-27 | 2017-08-29 | Intel Corporation | Technologies for secure server access using a trusted license agent |
US20160350534A1 (en) * | 2015-05-29 | 2016-12-01 | Intel Corporation | System, apparatus and method for controlling multiple trusted execution environments in a system |
US9904805B2 (en) * | 2015-09-23 | 2018-02-27 | Intel Corporation | Cryptographic cache lines for a trusted execution environment |
US10180854B2 (en) * | 2016-09-28 | 2019-01-15 | Intel Corporation | Processor extensions to identify and avoid tracking conflicts between virtual machine monitor and guest virtual machine |
US10642972B2 (en) * | 2016-10-20 | 2020-05-05 | Intel Corporation | Extending packet processing to trusted programmable and fixed-function accelerators |
US10706143B2 (en) * | 2017-05-19 | 2020-07-07 | Intel Corporation | Techniques for secure-chip memory for trusted execution environments |
US10867092B2 (en) * | 2017-12-16 | 2020-12-15 | Intel Corporation | Avoiding asynchronous enclave exits based on requests to invalidate translation lookaside buffer entries |
US10970390B2 (en) * | 2018-02-15 | 2021-04-06 | Intel Corporation | Mechanism to prevent software side channels |
-
2019
- 2019-04-19 ES ES19732217T patent/ES2870823T3/es active Active
- 2019-04-19 SG SG11202000825YA patent/SG11202000825YA/en unknown
- 2019-04-19 EP EP21167804.0A patent/EP3872662B1/en active Active
- 2019-04-19 WO PCT/CN2019/083466 patent/WO2019120335A2/en unknown
- 2019-04-19 EP EP19732217.5A patent/EP3646216B1/en active Active
- 2019-04-19 PL PL19732217T patent/PL3646216T3/pl unknown
- 2019-04-19 CN CN201980003435.2A patent/CN110998575B/zh active Active
-
2020
- 2020-01-27 US US16/773,187 patent/US10733285B1/en active Active
- 2020-05-29 US US16/887,654 patent/US10867030B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102473224A (zh) * | 2009-12-22 | 2012-05-23 | 英特尔公司 | 提供安全应用执行的方法和装置 |
CN104484284A (zh) * | 2013-03-31 | 2015-04-01 | 英特尔公司 | 用于为安全飞地页面高速缓存提供高级分页能力的指令和逻辑 |
CN106796638A (zh) * | 2014-09-25 | 2017-05-31 | 迈克菲股份有限公司 | 使用飞地认证进行数据验证 |
WO2017082966A1 (en) * | 2015-11-09 | 2017-05-18 | Intel IP Corporation | Integrated universal integrated circuit card on mobile computing environments |
Non-Patent Citations (1)
Title |
---|
超线程及其实现技术分析;金惠芳;计算机工程;20051130;30(第23期);93-95 * |
Also Published As
Publication number | Publication date |
---|---|
WO2019120335A3 (en) | 2020-02-13 |
ES2870823T3 (es) | 2021-10-27 |
EP3872662A1 (en) | 2021-09-01 |
WO2019120335A2 (en) | 2019-06-27 |
US20200334354A1 (en) | 2020-10-22 |
PL3646216T3 (pl) | 2021-07-19 |
US10733285B1 (en) | 2020-08-04 |
US10867030B2 (en) | 2020-12-15 |
SG11202000825YA (en) | 2020-02-27 |
CN110998575A (zh) | 2020-04-10 |
EP3646216A2 (en) | 2020-05-06 |
EP3872662B1 (en) | 2024-08-14 |
EP3646216B1 (en) | 2021-04-14 |
EP3646216A4 (en) | 2020-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10831934B2 (en) | Management of authenticated variables | |
CN108463826B (zh) | 用于在环转变期间保护栈的处理器扩展 | |
US9633231B2 (en) | Hardware-protective data processing systems and methods using an application executing in a secure domain | |
US8782380B2 (en) | Fine-grained privilege escalation | |
US20070028074A1 (en) | Maintaining shadow page tables in a sequestered memory region | |
US20210081538A1 (en) | Early platform hardening technology for slimmer and faster boot | |
CN113139175A (zh) | 处理单元、电子设备以及安全控制方法 | |
US12099864B2 (en) | Formally verified trusted computing base with active security and policy enforcement | |
CN113569245A (zh) | 处理装置、嵌入式系统、片上系统以及安全控制方法 | |
CN110998575B (zh) | 在支持受保护执行环境的处理器上执行可信应用的方法和设备 | |
WO2023123850A1 (zh) | 一种固件可信根的实现方法、装置、设备和可读存储介质 | |
EP3123388B1 (en) | Virtualization based intra-block workload isolation | |
CN114065257A (zh) | 地址空间的保护方法、保护装置、设备和存储介质 | |
US10754967B1 (en) | Secure interrupt handling between security zones | |
Hategekimana et al. | Inheriting software security policies within hardware IP components | |
JP7569307B2 (ja) | 例外原因イベントをハンドリングするための装置及び方法 | |
US20190042797A1 (en) | Security Hardware Access Management | |
Yiu | The Next Steps in the Evoluation of Embedded Processors for the Smart Connected Era,” | |
CN108292339B (zh) | 系统管理模式特权架构 | |
KR102192328B1 (ko) | Sgx 상의 입력 채널을 보호하기 위한 고립된 인터럽트 핸들러를 포함하는 프로세서 및 인터럽트 처리 방법 | |
CN109190383B (zh) | 访问指令的处理方法、装置及设备 | |
KR20230127517A (ko) | 2개 이상의 시스템간 메모리 동기화 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200925 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200925 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
TA01 | Transfer of patent application right | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40028649 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240914 Address after: Guohao Times City # 20-01, 128 Meizhi Road, Singapore Patentee after: Ant Chain Technology Co.,Ltd. Country or region after: Singapore Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Innovative advanced technology Co.,Ltd. Country or region before: Cayman Islands |
|
TR01 | Transfer of patent right |