CN111241564A - Memory page exchange method and security processor - Google Patents
Memory page exchange method and security processor Download PDFInfo
- Publication number
- CN111241564A CN111241564A CN202010033821.0A CN202010033821A CN111241564A CN 111241564 A CN111241564 A CN 111241564A CN 202010033821 A CN202010033821 A CN 202010033821A CN 111241564 A CN111241564 A CN 111241564A
- Authority
- CN
- China
- Prior art keywords
- page
- memory page
- key
- operating system
- physical address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1009—Address translation using page tables, e.g. page table structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Abstract
The present disclosure provides a memory page exchange method, including: receiving a physical address and page attributes of a memory page to be exchanged from an operating system; encrypting the memory page by using a first key to generate encrypted content of the memory page; generating an information verification code of the memory page by using a second key, the page attribute and the encrypted content of the memory page; and sending the encrypted content of the memory page and the information verification code to the operating system. The present disclosure also provides a secure processor.
Description
The application is a divisional application of an invention patent application with the application date of 2017, 8 and 4, and the application number of 201710662088.7, and the invention name of an encryption method, an encryption device, a decryption method and a decryption device.
Technical Field
The present invention relates to the field of computer security, and in particular, to a memory page swapping method and a security processor.
Background
During the operation of the computer server system, for some reason, for example, the physical memory is insufficient, some pages (pages) in the memory need to be swapped out to Swap space (Swap), so that the physical pages are used by the virtual machine or other virtual machines.
When the Operating System (OS) of the server in the computer performs the Swap process, for example, in the Secure Encryption Virtualization (SEV) Encryption and Secure storage Encryption (SME) scheme of Advanced Micro Devices (AMD), when the physical page is swapped out of the Swap space, the physical page is not encrypted, that is, the content stored in the Swap space is not encrypted, and at this time, a hacker or a lawless person may steal the content stored in the Swap space, thereby resulting in capturing or leaking of confidential information.
Disclosure of Invention
The embodiment of the invention provides an encryption method, an encryption device, a decryption method and a decryption device, which are used for solving the problems that a page is stolen or leaked when the page is swapped out of a memory to a Swap space, and the page is incomplete when the page is swapped out of the Swap space to the memory.
In a first aspect, an encryption method is provided, which is applied to swap out a first page from a first space to a second space, and includes:
the encryption and decryption hardware receives a physical address and a page attribute PageAttribute of a first page sent by an Operating System (OS); generating a first random number after being triggered by the physical address and the PageAttribute; generating a first key and a second key according to a prestored swapprootkey and the first random number; encrypting the first page according to the first key to generate encrypted content of the first page; generating an information verification code MAC of the first page according to the second key, the first random number, the second random number, the initial vector IV, the encrypted content of the first page and the PageAttribute; the first random number, the second random number, the IV, the PageAttribute, the MAC and the encrypted content of the first page form encrypted auxiliary information encrypt _ facility _ info; sending the encrypt _ facility _ info to the OS.
In a possible implementation manner, when the OS is a Host OS, the physical address of the first page is a real physical address of the first page; or, when the OS is a Guest OS, the physical address of the first page is a virtual physical address of the first page.
In a possible implementation manner, when the Host OS swaps out the first page of the Guest OS from the first space to the second space, the receiving, by the encryption and decryption hardware, the physical address and the PageAttribute of the first page sent by the OS specifically includes: and the encryption and decryption hardware receives the real physical address of the first page, the virtual physical address of the first page, the pageAttribute of the first page and the VMID of the virtual machine tag sent by the Host OS.
In a possible implementation manner, after the encryption and decryption hardware receives the real physical address of the first page, the virtual physical address of the first page, the PageAttribute of the first page, and the VMID sent by the Host OS, the method further includes: after being triggered by the real physical address of the first page and the PageAttribute, the encryption and decryption hardware generates a first random number; verifying the virtual physical address of the first page and the VMID, inquiring a Page Frame Attribute Table (PFAT) prestored in a memory, and verifying the real physical address of the first page and the real physical address of the first page in the PFAT; and after the verification is passed, generating a first key and a second key according to the prestored SwapRootKey and the first random number.
In a second aspect, an encryption apparatus is provided, which is applied to swap out a first page from a first space to a second space, and comprises: the receiving unit is used for receiving the physical address and the PageAttribute of the first page sent by the OS; the generating unit is used for generating a first random number after being triggered by the physical address and the PageAttribute; the generating unit is further configured to generate a first key and a second key according to a prestored swapprootkey and the first random number; the encryption unit is used for encrypting the first page according to the first key to generate the encrypted content of the first page; the generating unit is further configured to generate an information verification code MAC of the first page according to the second key, the first random number, the second random number, the initial vector IV, the encrypted content of the first page, and the PageAttribute; the first random number, the second random number, the IV, the PageAttribute, the MAC and the encrypted content of the first page form encrypted auxiliary information encrypt _ facility _ info; a transmitting unit that transmits the encrypt _ facility _ info to the OS.
In a possible implementation manner, when the OS is a Host OS, the physical address of the first page is a real physical address of the first page; or, when the OS is a Guest OS, the physical address of the first page is a virtual physical address of the first page.
In a possible implementation manner, when the Host OS swaps out the first page of the Guest OS from the first space to the second space, the receiving unit is specifically configured to: and receiving the real physical address of the first page, the virtual physical address of the first page, the pageAttribute of the first page and the VMID of the virtual machine sent by the Host OS.
In one possible implementation, the apparatus further includes: a verification unit; the generating unit is further configured to generate a first random number after being triggered by the real physical address of the first page and the PageAttribute; the verification unit is configured to verify the virtual physical address of the first page and the VMID, query a page frame attribute table PFAT pre-stored in a memory, and verify the real physical address of the first page and the real physical address of the first page in the PFAT; the generating unit is further configured to generate a first key and a second key according to a prestored swapprootkey and the first random number after the verification passes.
In a third aspect, a decryption method is provided, where the method is applied to swap a first page from a second space into a first space, and the method includes: encryption and decryption hardware receives encrypt _ facility _ info sent by an OS; the encryption key comprises an encryption key, and a key; generating a first key and a second key according to a swapprootkey prestored in encryption and decryption hardware and the first random number; according to the second key and the MAC, carrying out integrity check on the first page; after the integrity check is passed, decrypting the encrypted content of the first page according to the first key to generate a first page; sending the first page to the OS.
In a fourth aspect, there is provided a decryption apparatus for swapping a first page from a second space into a first space, the apparatus comprising: a receiving unit, configured to receive encryption facility information encrypt _ facility _ info sent by an operating system OS; the encryption key comprises an encryption key, a key, a key; the generating unit is used for generating a first key and a second key according to a swapprootkey of an exchange page root prestored in encryption and decryption hardware and the first random number; the checking unit is used for carrying out integrity checking on the first page according to the second key and the MAC; the decryption unit is used for decrypting the encrypted content of the first page according to the first key after the integrity check is passed, and generating a first page; a sending unit configured to send the first page to the OS.
In a fifth aspect, a memory page swapping method is provided, including: receiving a physical address and page attributes of a memory page to be exchanged from an operating system; encrypting the memory page by using a first key to generate encrypted content of the memory page; generating an information verification code of the memory page by using a second key, the page attribute and the encrypted content of the memory page; and sending the encrypted content of the memory page and the information verification code to the operating system.
In one possible implementation, the method may further include: generating a page exchange root key and a first random number; and generating the first key and the second key according to the page exchange root key and the first random number.
In a possible implementation manner, the generating the information verification code of the memory page may specifically include: and generating an information verification code of the memory page by using a second key, a second random number, the page attribute and the encrypted content of the memory page.
In one possible implementation, the method may further include: and sending the encrypted auxiliary information comprising the first random number, the second random number, the page attribute, the encrypted content of the memory page and the information verification code to the operating system.
In one possible implementation, the method may further include: and enabling the operating system to update the page table and marking the corresponding memory page as available.
In a possible implementation manner, when the operating system is a host operating system and the memory page to be exchanged is a memory page used by the host operating system, the physical address may be a real physical address of the memory page; when the operating system is a guest operating system, the physical address may be a virtual physical address of the memory page.
In one possible implementation, when the operating system is a host operating system and the memory pages to be swapped are memory pages used by a guest operating system, the method may include: receiving, from the operating system, a real physical address of the memory page, a virtual physical address of the memory page, a page attribute of the memory page, and a virtual machine tag.
In one possible implementation, the method may further include: inquiring a page frame attribute table, verifying whether the virtual physical address of the memory page belongs to the virtual machine tag, and verifying whether the real physical address of the memory page is consistent with the real physical address of the memory page in the page frame attribute table; and generating the first key and the second key after the verification is passed.
In one possible implementation, the method may be performed by a secure processor.
In a sixth aspect, there is provided a secure processor comprising: the device comprises a receiving unit, a processing unit and a switching unit, wherein the receiving unit is used for receiving a physical address and page attributes of a memory page to be exchanged from an operating system; the generating unit is used for encrypting the memory page by using a first key and generating the encrypted content of the memory page; the generating unit is further configured to generate an information verification code of the memory page by using a second key, the page attribute, and the encrypted content of the memory page; and the sending unit is used for sending the encrypted content of the memory page and the information verification code to the operating system.
In a possible implementation manner, the generating unit may be further configured to generate a page exchange root key and a first random number, and to generate the first key and the second key according to the page exchange root key and the first random number.
In a possible implementation manner, the generating unit may be further configured to generate an information verification code of the memory page by using a second key, a second random number, the page attribute, and the encrypted content of the memory page.
In a possible implementation manner, the sending unit may be further configured to send, to the operating system, encrypted auxiliary information including the first random number, the second random number, the page attribute, the encrypted content of the memory page, and the information verification code.
In a possible implementation manner, when the operating system is a host operating system and the memory page to be exchanged is a memory page used by the host operating system, the physical address received by the receiving unit may be a real physical address of the memory page; when the operating system is a guest operating system, the physical address received by the receiving unit may be a virtual physical address of the memory page.
In a possible implementation, when the operating system is a host operating system and the memory page to be swapped is a memory page used by a guest operating system, the receiving unit may be configured to receive, from the operating system, a real physical address of the memory page, a virtual physical address of the memory page, a page attribute of the memory page, and a virtual machine tag.
In one possible implementation, the secure processor may further include: a verification unit, configured to query a page frame attribute table, verify whether a virtual physical address of the memory page belongs to the virtual machine tag, and verify whether a real physical address of the memory page is consistent with a real physical address of the memory page in the page frame attribute table; and the generating unit is further used for generating the first key and the second key after the verification is passed.
A seventh aspect provides a memory page swapping method, including: receiving encryption auxiliary information from an operating system, wherein the encryption auxiliary information comprises encrypted content of a memory page and an information verification code; generating a first key and a second key; carrying out integrity check on the memory page by using the second key and the information verification code; after the integrity check is passed, decrypting the encrypted memory of the memory page by using the first key to generate a decrypted memory page; and sending the decrypted memory page to the operating system.
In one possible implementation, the encryption side information may further include a first random number, and the method may further include: and generating the first key and the second key according to a pre-stored exchange page root key and the first random number.
In one possible implementation, the encryption side information may further include a second random number, and the method may further include: and checking the second random number, and sending the decrypted memory page after the verification is passed.
In one possible implementation, the method may further include: causing the operating system to update a page table.
In an eighth aspect, there is provided a secure processor comprising: the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving encryption auxiliary information from an operating system, and the encryption auxiliary information comprises encryption content and an information verification code of a memory page; a generation unit configured to generate a first key and a second key; the verification unit is used for carrying out integrity verification on the memory page by using the second key and the information verification code; the decryption unit is used for decrypting the encrypted memory of the memory page by using the first key after the integrity check is passed, and generating a decrypted memory page; and a sending unit, configured to send the decrypted memory page to the operating system.
In a possible implementation manner, the encryption auxiliary information may further include a first random number, and the generating unit may be further configured to generate the first key and the second key according to a pre-stored swap page root key and the first random number.
In a possible implementation manner, the encryption auxiliary information may further include a second random number, and the checking unit may be further configured to check the second random number; the sending unit may be further configured to send the decrypted memory page after the verification is passed.
Drawings
FIG. 1 is a schematic diagram of generating a SwapRootKey according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an encryption method according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an implementation manner of an encryption method according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating another implementation manner of an encryption method according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a further implementation manner of the encryption method according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating a decryption method according to a second embodiment of the present invention;
fig. 7 is an implementation manner diagram of an implementation manner diagram according to a second embodiment of the present invention;
fig. 8 is a schematic diagram illustrating another implementation manner of a decryption method according to a second embodiment of the present invention;
fig. 9 is a schematic diagram of another implementation manner of the decryption method according to the second embodiment of the present invention;
fig. 10 is a schematic structural diagram of an encryption apparatus according to a third embodiment of the present invention;
fig. 11 is a schematic structural diagram of a decryption device according to a fourth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be described below in conjunction with the drawings and the embodiments in the embodiments of the present invention.
Fig. 1 is a schematic diagram of generating a swap page root key (swapprootkey) according to an embodiment of the present invention. As shown in fig. 1, a one-time key, i.e., swapprootkey, is generated in the computer at the time of the computer's initial startup and stored in the encryption and decryption hardware, which may be a Secure Processor (Secure Processor), and is available only to the encryption and decryption hardware, and a new swapprootkey is generated each time the computer is restarted.
The encryption and decryption hardware provides an interface ENCRYPT _ FOR _ PAGE _ OUT, and can also be realized by directly providing special privilege level instructions by a computer.
Fig. 2 is a schematic flow chart of an encryption method according to an embodiment of the present invention. The execution main body of the method is encryption and decryption hardware. The method is applied to Swap out a first page from a first space to a second space, where the first space may be a memory, the second space may be a Swap space, for example, when the memory is not enough, some physical pages need to be temporarily swapped out to the Swap space, and the OS may be a Host operating system (Host OS), such as a virtual machine manager (Hypervisor), or a Guest operating system (Guest OS). As shown in fig. 2, the method comprises the steps of:
in step 210, the encryption and decryption hardware receives the physical address and the page attribute (PageAttribute) of the first page sent by the OS.
And after receiving the physical address and the PageAttribute, the encryption and decryption hardware generates a first random number.
And step 230, generating a first key and a second key according to the prestored SwapRootKey and the first random number.
In one possible implementation, when the OS is a Host OS, such as Hypervisor, the Hypervisor may Swap out the memory page used by itself to the Swap space. As shown in fig. 3, first, the Hypervisor obtains the physical address of the page to be swapped out, which is the real physical address of the page, for example, the real physical address of the first page. Then, the page table of the first page is queried to obtain the relevant information of the first page, i.e. PageAttribute, such as the read-write permission of the first page. And then, sending the physical address and the PageAttribute of the first page to encryption and decryption hardware.
And after the encryption and decryption hardware receives the physical address and the pageAttribute of the first page, randomly generating a first random number Key _ ID. And generating a first Key, namely a page encryption Key PageEncryptKey, and a second Key, namely a page integrity Key PageIntegrityKey, according to the prestored SwapRootKey and Key _ ID.
The Encryption and decryption hardware performs Encryption calculation, that is, the pageencrypt key performs Encryption calculation, for example, the Advanced Encryption Standard (AES) algorithm is used to perform Encryption calculation on the first page, so as to generate the encrypted content of the first page. Then, the encryption and decryption hardware performs integrity calculation, that is, the MAC of the first page is generated by using the second key, the first random number, the second random number, that is, the Unique Identifier (UID), the Unique Identifier (IV), the encrypted content of the first page, and the PageAttribute.
The first random number, the second random number, the IV, the PageAttribute, the MAC and the encrypted content of the first page form encrypt _ facility _ info. Finally, encrypt _ facility _ info is sent to Hypervisor.
The Hypervisor updates its page table, deletes the corresponding entry in the page table, i.e. deletes an entry in the page, such as mapping from a virtual address to a physical address, and marks the page as available.
In another possible implementation, when the OS is a Guest OS, the Guest OS may Swap out the memory pages used by itself to the Swap space. As shown in fig. 4, first, the Guest OS obtains the physical address of the page to be swapped out, and at this time, the physical address of the first page is the real physical address of the first page viewed by the Guest OS, but is the virtual physical address of the first page viewed by the Host OS. Then, the Guest OS queries its page table to get the PageAttribute for the first page. And then, sending the physical address and the PageAttribute of the first page to encryption and decryption hardware.
And after the encryption and decryption hardware receives the physical address and the pageAttribute of the first page, randomly generating a first random number Key _ ID. And generating the PageEncryptKey and the PageIntegrityKey according to the prestored SwapRootKey and Key _ ID. And the encryption and decryption hardware carries out encryption calculation and integrity calculation to generate the encrypted content of the first page and the MAC of the first page. Finally, encrypt _ facility _ info is sent to Guest OS.
The Guest OS updates its page table and deletes the corresponding entry in the page table, i.e. deletes an entry in the page, such as a virtual address to physical address mapping, and marks the page as available.
In yet another possible implementation, the Host OS, such as Hypervisor, is authorized to Swap out the memory pages used by guest OS to Swap space. First, the Hypervisor searches for a physical address of a page of Guest OS that can be swapped out (the physical address of the page appears to be a real physical address of the page in Guest OS and appears to be a virtual physical address of the page in hosto) such as a physical address of a first page according to some policy, wherein the policies can be swapped out according to frequency of page access, frequency is low, or can be swapped out according to time of page access, if the access time is early, and there is no access recently, etc. At this time, because it is possible that part of the information Hypervisor cannot obtain the PageAttribute of the first page according to different implementations, the Hypervisor may clear the information and the rest of the information is supplemented by hardware, or if the Hypervisor records the part of the information, the Hypervisor may provide the information, but the hardware needs to verify the part of the information. Then the Hypervisor checks the page table to obtain the real physical address of the first page, and finally sends the real physical address of the first page to be encrypted, the Virtual physical address of the first page, a Virtual Machine Identifier (VMID), a PageAttribute and the like to the encryption and decryption hardware together. The encryption and decryption hardware randomly generates a KEY _ ID, then queries a Page Frame Attribute Table (PFAT), and verifies whether the virtual physical address of the first Page belongs to the VMID, and whether the real physical address of the first Page is consistent with the input (i.e. the real physical address of the first Page in the PFAT). If the verification fails, an error is returned. If the verification is passed, generating PageEncryptKey and PageIntegratiyKey according to the SwapRootKey and Key _ ID, performing encryption calculation and integrity calculation, and updating the PFAT. Encrypt _ facility _ info is then sent to Hypervisor.
The Hypervisor deletes the table entry in the mapping table from the Guest OS physical address to the Host OS physical address maintained by the Hypervisor and marks that the physical page is available.
It should be noted that the encryption calculation and the integrity calculation described in the latter two implementation manners are the same as the processes in the first implementation manner, and are not described herein again.
Wherein, the second random number UID is used for preventing replay attack; the IV is specified by encryption and decryption hardware or generated randomly.
Therefore, when the page is swapped out from the memory to the Swap space, the integrity protection and encryption are carried out on the swapped out page, and further confidential content is prevented from being leaked or tampered.
Fig. 6 is a flowchart illustrating a decryption method according to a second embodiment of the present invention. The execution main body of the method is encryption and decryption hardware. The method is applied to Swap a first page into a first space from a second space, where the first space may be a memory and the second space may be a Swap space, and for example, when a page-missing interrupt occurs during running, some physical pages need to be swapped out to the memory. As shown in fig. 6, the method comprises the steps of:
in step 610, the encryption and decryption hardware receives encrypt _ facility _ info of the first page sent by the OS.
The encryption key comprises an encryption key, and a key.
And step 620, generating a first key and a second key according to the swapprootkey and the first random number pre-stored in the encryption and decryption hardware.
And step 640, after the integrity check is passed, decrypting the encrypted content of the first page according to the first key to generate a first page.
At step 650, the first page is sent to the OS.
In one possible implementation, when the OS is a Host OS, such as Hypervisor, Hypervisor may Swap out its page from the Swap space to memory. As shown in fig. 7, when the Hypervisor runs, a page fault interrupt occurs, the Hypervisor searches for a free physical page, finds a physical address of a page that needs to be swapped in to the memory from the Swap space according to a page fault linear address, for example, the page that needs to be swapped in to the memory is a first page, copies an encryption result of the first page to the free page, and finally sends encrypt _ fault _ info of the first page to the encryption and decryption hardware.
The encryption and decryption hardware calculates a first Key and a second Key by using the swapprootkey prestored therein and the Key _ ID prestored in the encrypt _ facility _ info, performs integrity check by using the second Key and the MAC, and then decrypts the encrypted content of the first page by using the first Key after the integrity check is passed. The UID is then checked and if the verification fails, an error result is returned. If the verification passes, the first page is returned. Finally, the encryption and decryption hardware sends the first page to the Hypervisor, and the Hypervisor updates the page table.
In another possible implementation, when the OS is Guest OS, the own page may be swapped from Swap space into memory. As shown in fig. 8, when Guest OS runs, a page fault interrupt occurs, the OS searches for a free physical page from the physical memory, finds a free physical page according to a page fault linear address, then searches for encrypt _ fault _ info of a page to be swapped into the memory from the Swap space, that is, encrypt _ fault _ info of the first page, copies the encrypt _ fault _ info to the free physical page, and finally sends the encrypt _ fault _ info to the encryption and decryption hardware.
The encryption and decryption hardware calculates a first Key and a second Key by using the Key _ ID and the SwapRootKey, integrity check is carried out by using the second Key and the MAC, then, after the integrity check is passed, the encrypted content of the first page is decrypted by using the first Key, then the UID is checked, and if the verification is not passed, an error result is returned. If the verification passes, the first page is returned. Finally, the encryption and decryption hardware sends the first page to the Guest OS, and the Guest OS updates the page table.
In yet another possible implementation, Hypervisor is authorized to Swap in pages from Swap space to memory that Guest OS needs to use. As shown in fig. 9, firstly, a page fault interrupt occurs during the running of Guest OS, and the Hypervisor captures the interrupt and obtains the physical page address of Guest OS, such as the physical address of the first page, which needs to be swapped in. Then, the Host OS searches for an idle physical page, and after finding, according to the Guest OS physical page address, an encryption result of a first page needing to be swapped out to the memory is searched from the Swap space and copied to the idle page. And finally, sending the page and the corresponding encrypt _ facility _ info to encryption and decryption hardware. The encryption and decryption hardware calculates PageIntegrityKey by using Key _ ID and SwapRootKey to carry out integrity check, calculates PageEncryptKey decryption, then checks UID, and returns an error result if verification fails. And if the verification is passed, updating the PFAT, recording information such as VMID and the like, and returning the first page to the Hypervisor.
After the Hypervisor receives the first page, updating a mapping table from the Guest OS physical page to the Host physical page, and marking the address of the physical page as available.
Therefore, when the page is switched into the memory from the Swap space, integrity check and decryption are performed, and integrity check and decryption of encrypted content are realized.
Fig. 10 is a schematic structural diagram of an encryption apparatus according to a third embodiment of the present invention. The apparatus 1000 is applied to swap out a first page from a first space to a second space, as shown in fig. 10, the apparatus 1000 includes: a receiving unit 1010, a generating unit 1020, an encrypting unit 1030, and a transmitting unit 1040.
A receiving unit 1010, configured to receive the physical address and PageAttribute of the first page sent by the OS.
A generating unit 1020, configured to generate a first random number after being triggered by the physical address and the PageAttribute.
The generating unit 1020 is further configured to generate a first key and a second key according to the prestored swapprootkey and the first random number.
An encrypting unit 1030, configured to encrypt the first page according to the first key, and generate encrypted content of the first page.
The generating unit 1020 is further configured to generate the MAC of the first page according to the second key, the first random number, the second random number, the IV, the encrypted content of the first page, and the PageAttribute; the first random number, the second random number, the IV, the PageAttribute, the MAC and the encrypted content of the first page form encrypt _ facility _ info.
A sending unit 1040, configured to send encrypt _ facility _ info to the OS.
When the OS is a Host OS, the physical address of the first page is the real physical address of the first page; alternatively, when the OS is a Guest OS, the physical address of the first page is a virtual physical address of the first page.
When the Host OS swaps the first page of the Guest OS from the first space to the second space, the receiving unit 1010 is specifically configured to: and receiving the real physical address of the first page, the virtual physical address of the first page, the PageAttribute of the first page and the VMID sent by the Host OS.
Wherein the apparatus further comprises: an authentication unit 1050.
The generating unit 1020 is further configured to generate a first random number after being triggered by the actual physical address of the first page and the PageAttribute.
The verifying unit 1050 is configured to verify the virtual physical address and the VMID of the first page, query a PFAT pre-stored in a memory, and verify the real physical address of the first page and the real physical address of the first page in the PFAT.
The generating unit 1020 is further configured to generate a first key and a second key according to the prestored swapprootkey and the first random number after the verification passes.
Fig. 11 is a schematic structural diagram of a decryption device according to a fourth embodiment of the present invention. The decryption apparatus 1100 is applied to swap a first page from a second space into a first space, and comprises: a receiving unit 1110, a generating unit 1120, a decrypting unit 1130, a verifying unit 1140 and a transmitting unit 1150.
A receiving unit 1110, configured to receive encrypt _ facility _ info sent by an OS; the encryption key comprises an encryption key, and a key.
The generating unit 1120 is configured to generate a first key and a second key according to a swapprootkey and a first random number, which are pre-stored in the encryption and decryption hardware.
A checking unit 1130, configured to perform integrity checking on the first page according to the second key and the MAC.
And a decryption unit 1140, configured to decrypt the encrypted content of the first page according to the first key after the integrity check passes, so as to generate the first page.
A transmitting unit 1150 for transmitting the first page to the OS.
The steps of a method or algorithm described in connection with the disclosure herein may be embodied in hardware or in software instructions executed by a processor. The software instructions may be comprised of corresponding software modules that may be stored in Random Access Memory (RAM), flash Memory, Read Only Memory (ROM), Erasable Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), registers, a hard disk, a removable disk, a compact disc read only Memory (CD-ROM), or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an ASIC. Additionally, the ASIC may reside in a core network interface device. Of course, the processor and the storage medium may reside as discrete components in a core network interface device.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (23)
1. A memory page swapping method comprises the following steps:
receiving a physical address and page attributes of a memory page to be exchanged from an operating system;
encrypting the memory page by using a first key to generate encrypted content of the memory page;
generating an information verification code of the memory page by using a second key, the page attribute and the encrypted content of the memory page; and
and sending the encrypted content of the memory page and the information verification code to the operating system.
2. The method of claim 1, further comprising: generating a page exchange root key and a first random number; and generating the first key and the second key according to the page exchange root key and the first random number.
3. The method according to claim 1, wherein the generating the information verification code of the memory page specifically includes: and generating an information verification code of the memory page by using a second key, a second random number, the page attribute and the encrypted content of the memory page.
4. The method of claim 1, further comprising: and sending the encrypted auxiliary information comprising the first random number, the second random number, the page attribute, the encrypted content of the memory page and the information verification code to the operating system.
5. The method of claim 1, further comprising: and enabling the operating system to update the page table and marking the corresponding memory page as available.
6. The method according to claim 1, wherein, when the operating system is a host operating system and the memory page to be swapped is a memory page used by the host operating system itself, the physical address is a real physical address of the memory page;
when the operating system is a guest operating system, the physical address is a virtual physical address of the memory page.
7. The method of claim 1, wherein when the operating system is a host operating system and the memory pages to be swapped are memory pages used by a guest operating system, the method comprises:
receiving, from the operating system, a real physical address of the memory page, a virtual physical address of the memory page, a page attribute of the memory page, and a virtual machine tag.
8. The method of claim 7, further comprising: inquiring a page frame attribute table, verifying whether the virtual physical address of the memory page belongs to the virtual machine tag, and verifying whether the real physical address of the memory page is consistent with the real physical address of the memory page in the page frame attribute table; and
and generating the first key and the second key after the verification is passed.
9. The method of any one of claims 1-8, the method being performed by a secure processor.
10. A secure processor, comprising:
the device comprises a receiving unit, a processing unit and a switching unit, wherein the receiving unit is used for receiving a physical address and page attributes of a memory page to be exchanged from an operating system;
the generating unit is used for encrypting the memory page by using a first key and generating the encrypted content of the memory page;
the generating unit is further configured to generate an information verification code of the memory page by using a second key, the page attribute, and the encrypted content of the memory page; and
and the sending unit is used for sending the encrypted content of the memory page and the information verification code to the operating system.
11. The secure processor of claim 10, the generation unit further to generate a page swap root key and a first random number, and to generate the first key and the second key from the page swap root key and the first random number.
12. The secure processor of claim 10, wherein the generating unit is further configured to generate an information verification code for the memory page using a second key, a second random number, the page attribute, and encrypted content of the memory page.
13. The security processor of claim 10, the sending unit further configured to send encrypted auxiliary information including the first nonce, the second nonce, the page attribute, encrypted content of the memory page, and the information authentication code to the operating system.
14. The security processor according to claim 10, wherein, when the operating system is a host operating system and the memory page to be swapped is a memory page used by the host operating system itself, the physical address received by the receiving unit is a real physical address of the memory page;
when the operating system is a guest operating system, the physical address received by the receiving unit is a virtual physical address of the memory page.
15. The security processor of claim 10, wherein when the operating system is a host operating system and the memory page to be swapped is a memory page used by a guest operating system, the receiving unit is to receive from the operating system a true physical address of the memory page, a virtual physical address of the memory page, a page attribute of the memory page, and a virtual machine tag.
16. The secure processor of claim 15, the secure processor further comprising:
a verification unit, configured to query a page frame attribute table, verify whether a virtual physical address of the memory page belongs to the virtual machine tag, and verify whether a real physical address of the memory page is consistent with a real physical address of the memory page in the page frame attribute table; and
the generating unit is further configured to generate the first key and the second key after the verification is passed.
17. A memory page swapping method comprises the following steps:
receiving encryption auxiliary information from an operating system, wherein the encryption auxiliary information comprises encrypted content of a memory page and an information verification code;
generating a first key and a second key;
carrying out integrity check on the memory page by using the second key and the information verification code;
after the integrity check is passed, decrypting the encrypted memory of the memory page by using the first key to generate a decrypted memory page; and
and sending the decrypted memory page to the operating system.
18. The method of claim 17, wherein the encrypted side information further includes a first random number, the method further comprising: and generating the first key and the second key according to a pre-stored exchange page root key and the first random number.
19. The method of claim 17, wherein the encrypted side information further includes a second random number, the method further comprising: and checking the second random number, and sending the decrypted memory page after the verification is passed.
20. The method of claim 17, the method further comprising: causing the operating system to update a page table.
21. A secure processor, comprising:
the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving encryption auxiliary information from an operating system, and the encryption auxiliary information comprises encryption content and an information verification code of a memory page;
a generation unit configured to generate a first key and a second key;
the verification unit is used for carrying out integrity verification on the memory page by using the second key and the information verification code;
the decryption unit is used for decrypting the encrypted memory of the memory page by using the first key after the integrity check is passed, and generating a decrypted memory page; and
and the sending unit is used for sending the decrypted memory page to the operating system.
22. The secure processor of claim 21, wherein the encryption side information further comprises a first random number, and the generating unit is further configured to generate the first key and the second key according to a pre-stored swap page root key and the first random number.
23. The secure processor of claim 21, wherein the cryptographic assistance information further comprises a second random number, the verification unit further to check the second random number; the sending unit is further configured to send the decrypted memory page after the verification is passed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010033821.0A CN111241564B (en) | 2017-08-04 | 2017-08-04 | Memory page exchange method and security processor |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710662088.7A CN107563207B (en) | 2017-08-04 | 2017-08-04 | Encryption method, device and decryption method, device |
| CN202010033821.0A CN111241564B (en) | 2017-08-04 | 2017-08-04 | Memory page exchange method and security processor |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710662088.7A Division CN107563207B (en) | 2017-08-04 | 2017-08-04 | Encryption method, device and decryption method, device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111241564A true CN111241564A (en) | 2020-06-05 |
| CN111241564B CN111241564B (en) | 2022-05-13 |
Family
ID=60974237
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710662088.7A Active CN107563207B (en) | 2017-08-04 | 2017-08-04 | Encryption method, device and decryption method, device |
| CN202010033821.0A Active CN111241564B (en) | 2017-08-04 | 2017-08-04 | Memory page exchange method and security processor |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710662088.7A Active CN107563207B (en) | 2017-08-04 | 2017-08-04 | Encryption method, device and decryption method, device |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN107563207B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022000223A1 (en) * | 2020-06-30 | 2022-01-06 | 浙江大学 | Kernel sensitive data protection method based on custom hardware security attribute |
| CN116108454A (en) * | 2023-04-06 | 2023-05-12 | 支付宝(杭州)信息技术有限公司 | Memory page management method and device |
| CN111967065B (en) * | 2020-08-17 | 2023-10-27 | 海光信息技术股份有限公司 | Data protection method, processor and electronic equipment |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109725983B (en) * | 2018-11-22 | 2021-07-27 | 海光信息技术股份有限公司 | Data exchange method, device, related equipment and system |
| CN109726566B (en) * | 2018-11-22 | 2021-03-09 | 成都海光集成电路设计有限公司 | Encryption system and encryption method based on secure memory encryption technology |
| CN109635610B (en) * | 2018-12-11 | 2021-08-24 | 北京智芯微电子科技有限公司 | RFID tag data reading and writing system and method |
| CN109670345A (en) * | 2018-12-21 | 2019-04-23 | 成都海光集成电路设计有限公司 | Guard method, accelerator module and the SOC chip of memory pages swapping in and out |
| US10936506B2 (en) * | 2019-02-22 | 2021-03-02 | Chengdu Haiguang Integrated Circuit Design Co., Ltd. | Method for tagging control information associated with a physical address, processing system and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6003117A (en) * | 1997-10-08 | 1999-12-14 | Vlsi Technology, Inc. | Secure memory management unit which utilizes a system processor to perform page swapping |
| US20070294496A1 (en) * | 2006-06-19 | 2007-12-20 | Texas Instruments Incorporated | Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices |
| US20080077767A1 (en) * | 2006-09-27 | 2008-03-27 | Khosravi Hormuzd M | Method and apparatus for secure page swapping in virtual memory systems |
| US20080201540A1 (en) * | 2007-02-16 | 2008-08-21 | Ravi Sahita | Preservation of integrity of data across a storage hierarchy |
| CN101403992A (en) * | 2008-07-18 | 2009-04-08 | 华为技术有限公司 | Method, apparatus and system for implementing remote internal memory exchange |
| CN102387152A (en) * | 2011-11-03 | 2012-03-21 | 北京锐安科技有限公司 | Preset-key-based symmetric encryption communication method |
| CN102625300A (en) * | 2011-01-28 | 2012-08-01 | 华为技术有限公司 | Generation method and device for key |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621801B (en) * | 2009-08-11 | 2012-11-28 | 华为终端有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN103139146A (en) * | 2011-11-24 | 2013-06-05 | 成绵广 | Authentication method |
-
2017
- 2017-08-04 CN CN201710662088.7A patent/CN107563207B/en active Active
- 2017-08-04 CN CN202010033821.0A patent/CN111241564B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6003117A (en) * | 1997-10-08 | 1999-12-14 | Vlsi Technology, Inc. | Secure memory management unit which utilizes a system processor to perform page swapping |
| US20070294496A1 (en) * | 2006-06-19 | 2007-12-20 | Texas Instruments Incorporated | Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices |
| US20080077767A1 (en) * | 2006-09-27 | 2008-03-27 | Khosravi Hormuzd M | Method and apparatus for secure page swapping in virtual memory systems |
| US20080201540A1 (en) * | 2007-02-16 | 2008-08-21 | Ravi Sahita | Preservation of integrity of data across a storage hierarchy |
| CN101403992A (en) * | 2008-07-18 | 2009-04-08 | 华为技术有限公司 | Method, apparatus and system for implementing remote internal memory exchange |
| CN102625300A (en) * | 2011-01-28 | 2012-08-01 | 华为技术有限公司 | Generation method and device for key |
| CN102387152A (en) * | 2011-11-03 | 2012-03-21 | 北京锐安科技有限公司 | Preset-key-based symmetric encryption communication method |
Non-Patent Citations (2)
| Title |
|---|
| J.R. CRANDALL等: "Minos: Control Data Attack Prevention Orthogonal to Memory Model", 《37TH INTERNATIONAL SYMPOSIUM ON MICROARCHITECTURE 》 * |
| 朱民等: "虚拟化软件栈安全研究", 《计算机学报》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022000223A1 (en) * | 2020-06-30 | 2022-01-06 | 浙江大学 | Kernel sensitive data protection method based on custom hardware security attribute |
| CN111967065B (en) * | 2020-08-17 | 2023-10-27 | 海光信息技术股份有限公司 | Data protection method, processor and electronic equipment |
| CN116108454A (en) * | 2023-04-06 | 2023-05-12 | 支付宝(杭州)信息技术有限公司 | Memory page management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111241564B (en) | 2022-05-13 |
| CN107563207A (en) | 2018-01-09 |
| CN107563207B (en) | 2019-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111241564B (en) | Memory page exchange method and security processor | |
| CN110968743B (en) | Data storage and data reading method and device for private data | |
| CN109858265B (en) | Encryption method, device and related equipment | |
| CN106790156B (en) | Intelligent device binding method and device | |
| WO2018050081A1 (en) | Device identity authentication method and apparatus, electric device, and storage medium | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| CN104392188A (en) | Security data storage method and system | |
| TW202109320A (en) | Trusted execution environment-based application activation method and apparatus | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| KR20050085678A (en) | Attestation using both fixed token and portable token | |
| CN112433817B (en) | Information configuration method, direct storage access method and related device | |
| CN110414248B (en) | Method for debugging microprocessor and microprocessor | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| KR20150045790A (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| CN109274646B (en) | Key management client server side method, system and medium based on KMIP protocol | |
| CN110334531B (en) | Virtual machine key management method, master node, system, storage medium and device | |
| JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
| US11706022B1 (en) | Method for trusted data decryption based on privacy-preserving computation | |
| CN111290884A (en) | Data backup method and device for cash register equipment | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN115994389A (en) | Hardware memory encryption system based on RISC-V architecture and application thereof | |
| CN116450281A (en) | Access processing method, virtual machine identifier configuration method, chip and computer equipment | |
| CN115600215A (en) | System startup method, system information processing method, device, equipment and medium thereof | |
| CN112926101B (en) | Disk partition encryption method, system, device and computer readable medium | |
| CN110858246B (en) | Authentication method and system of security code space, and registration method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 300000 industrial incubation-3-8, North 2-204, No. 18, Haitai West Road, Huayuan Industrial Zone, Binhai New Area, Tianjin Applicant after: Haiguang Information Technology Co.,Ltd. Address before: 300000 industrial incubation-3-8, North 2-204, No. 18, Haitai West Road, Huayuan Industrial Zone, Binhai New Area, Tianjin Applicant before: HAIGUANG INFORMATION TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |