CN112256390B - Measurement management method and related equipment - Google Patents

Measurement management method and related equipment Download PDF

Info

Publication number
CN112256390B
CN112256390B CN202011138070.5A CN202011138070A CN112256390B CN 112256390 B CN112256390 B CN 112256390B CN 202011138070 A CN202011138070 A CN 202011138070A CN 112256390 B CN112256390 B CN 112256390B
Authority
CN
China
Prior art keywords
measurement
command
program
metric
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011138070.5A
Other languages
Chinese (zh)
Other versions
CN112256390A (en
Inventor
陈善
应志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haiguang Information Technology Co Ltd
Original Assignee
Haiguang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haiguang Information Technology Co Ltd filed Critical Haiguang Information Technology Co Ltd
Priority to CN202011138070.5A priority Critical patent/CN112256390B/en
Publication of CN112256390A publication Critical patent/CN112256390A/en
Application granted granted Critical
Publication of CN112256390B publication Critical patent/CN112256390B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a measurement management method and related equipment, wherein the measurement management method acquires a sampling command for sampling a measurement reference value of a program after the program is loaded, and the sampling command comprises a code start-stop address corresponding to the code of the program; and measuring codes in the code start-stop addresses in response to the sampling command, setting a measured measurement value as a measurement reference value of the program to measure whether the program is abnormal or not based on the measurement reference value, thereby setting the measurement reference value corresponding to the program in real time, realizing measurement of the program without being limited to a measurement target with the measurement reference value set in advance, and being flexible and convenient to use.

Description

Measurement management method and related equipment
Technical Field
The embodiment of the invention relates to the technical field of trusted measurement, in particular to a measurement management method and related equipment.
Background
The measurement is a key technology widely used in trusted computing, and can be used for judging whether the state of the program is abnormal or not, specifically, whether the state of the program is abnormal or not can be judged based on the uniqueness of the characteristic value by extracting the characteristic value of the program as a measurement reference value.
Metrics can be divided into static metrics and dynamic metrics, the static metrics being performed when a program (including a system program and an application program) is loaded to ensure security when the program is started; the dynamic measurement is to measure the program periodically and continuously during the running process of the program so as to ensure the safety of the program during the running process.
However, in the existing measurement method, the system needs to be customized, specifically, a program which can be measured is selected in advance as a measurement target, a measurement reference value of the measurement target is calculated, and the calculated measurement reference value is preset in a body for implementing measurement, so that the program is measured in the subsequent measurement process.
Obviously, the measurement method in the prior art can only be suitable for measuring the program with the preset measurement reference value in the customized system, and is inconvenient to use.
Disclosure of Invention
In view of this, the embodiment of the invention provides a measurement management method and related equipment, which are not limited to measurement of a program with a preset measurement reference value, and are flexible and convenient to use.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
in a first aspect, an embodiment of the present invention provides a metric management method, applied to a secure processor, including:
After a program is loaded, acquiring a sampling command for sampling a measurement reference value of the program, wherein the sampling command comprises a code start-stop address corresponding to a code of the program;
and measuring codes in the code start-stop addresses in response to the sampling command, and setting a measured measurement value as a measurement reference value of the program to measure whether the program is abnormal or not based on the measurement reference value.
In a second aspect, an embodiment of the present invention provides a metric management method, applied to a processor, including:
after a program is loaded, a sampling command is sent, the sampling command comprises a code start-stop address corresponding to the code of the program, the sampling command is used for indicating to sample the code in the code start-stop address, and a measurement value obtained by sampling is set as a measurement reference value of the program so as to measure whether the program is abnormal or not based on the measurement reference value;
and acquiring a response notice of the sampling command, and determining that the program sets the measurement reference value.
In a third aspect, an embodiment of the present invention provides a secure processor configured to perform the metric management method of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a security processor, where the security processor includes a metric command processing module, a metric target list, and a metric engine, where the metric command processing module is configured to execute the metric management method according to the first aspect.
In a fifth aspect, an embodiment of the present invention provides a processor configured to perform the metric management method according to the second aspect.
In a sixth aspect, an embodiment of the present invention provides a processor, where the processor includes a metric software stack, where the metric software stack is configured to perform the metric management method according to the second aspect.
In a seventh aspect, an embodiment of the present invention provides a computer system, including: the secure processor according to any one of the third to fourth aspects and the processor according to any one of the fifth to sixth aspects.
In an eighth aspect, an embodiment of the present invention provides a storage medium, where the storage medium may store a program for implementing the metric management method according to the first aspect, or a program for implementing the metric management method according to the second aspect.
The method comprises the steps of obtaining a sampling command for sampling a measurement reference value of a program after the program is loaded, wherein the sampling command comprises a code start-stop address corresponding to the code of the program, measuring the code in the code start-stop address in response to the sampling command, and setting an obtained measurement value as the measurement reference value of the program so as to measure whether the program is abnormal or not based on the measurement reference value. It can be seen that, in the embodiment of the invention, after the program is loaded, the measurement reference value used for determining whether the program is abnormal in the measurement process of the program is obtained by sampling, so that the measurement reference value corresponding to the program can be set in real time, the measurement of the program is realized, the measurement of the program is not limited to the measurement of the program with the measurement reference value set in advance, and the use is flexible and convenient.
And, based on the measurement reference value obtained after the program is loaded, the code or parameter change before the program is loaded does not need to be considered, so that the measurement management method disclosed by the embodiment of the application can be simultaneously applied to the program (such as a virtual machine program) with uncertain code storage positions, running parameters and the like before the program is loaded, and has a larger application range.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a system architecture diagram of a virtualized environment;
FIG. 2 is a schematic diagram of a computer system according to an embodiment of the application;
FIG. 3 is a flowchart of an alternative method of generating a metric reference value for a program in accordance with an embodiment of the present application;
FIG. 4 is a flowchart of an alternative method for creating metrology targets for a program in accordance with an embodiment of the present application;
FIG. 5 is a flow chart of an alternative method of creating metrology targets for a program in accordance with an embodiment of the present application;
FIG. 6 is a flowchart of an alternative method of starting and stopping a metrology process in accordance with an embodiment of the present invention;
FIG. 7 is a flowchart of an alternative method for deleting a metrology target corresponding to a program in accordance with an embodiment of the present invention;
FIG. 8 is a flowchart of an alternative method for querying the anomaly status of a metrology target in accordance with an embodiment of the present invention;
FIG. 9 is a schematic diagram of a metric command parameter and metric response parameter configuration according to an embodiment of the present invention;
FIG. 10 is a flow chart of checking commands according to an embodiment of the present invention;
FIG. 11 is a flow chart of a check for response according to an embodiment of the present invention;
FIG. 12 is a metrology flow chart of a metrology target.
Detailed Description
As known from the background art, the existing measurement method is only suitable for measuring a fixed program with a preset measurement reference value in a customized system, and is inconvenient to use.
For example, in a virtualized environment, before a virtual machine is virtualized, a code storage location, an operation parameter, and the like of a virtual machine program are uncertain, so that it is difficult to set a measurement reference value corresponding to the virtual machine program in advance in the virtualized environment, and measurement of the virtual machine program cannot be achieved.
Based on the above, the embodiment of the invention provides a measurement management method and related equipment, wherein after a program is loaded, the method acquires a sampling command for sampling a measurement reference value of the program, and the sampling command comprises a code start-stop address corresponding to a code of the program; and measuring codes in the code start-stop addresses in response to the sampling command, and setting a measured measurement value as a measurement reference value of the program to measure whether the program is abnormal or not based on the measurement reference value.
It can be seen that, in the embodiment of the invention, after the program is loaded, the measurement reference value used for determining whether the program is abnormal in the measurement process of the program is obtained by sampling, so that the measurement reference value corresponding to the program can be set in real time, the measurement of the program is realized, the measurement target of the measurement reference value is not required to be limited, and the use is flexible and convenient.
And, based on the measurement reference value obtained after the program is loaded, the code or parameter change before the program is loaded does not need to be considered, so that the measurement management method disclosed by the embodiment of the invention can be simultaneously applied to the program (such as a virtual machine program) with uncertain code storage positions, running parameters and the like before the program is loaded, and has a larger application range.
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Virtualization technology (Virtualization) is a way to virtualize multiple Virtual Machines (VMs) through a physical host, so as to maximally utilize hardware resources of the physical host; in the process of creating the virtual machine in the virtualized environment, the hardware resources and the operation parameters allocated to the virtual machine are determined according to the actual requirements, so that the operation position and the operation parameters of the virtual machine cannot be determined in advance, and accordingly, the storage position, the operation parameters and the like of the codes of the created program of the virtual machine dynamically change along with the change of the creation requirements, so that the measurement reference value of the corresponding virtual machine program is difficult to set in the virtualized environment in advance. The embodiment of the invention takes a virtualized environment as an example to explain the measurement management method of the invention.
As an alternative example, fig. 1 shows a system architecture schematic diagram of a virtualized environment, as shown in fig. 1, the system architecture of the virtualized environment may include: a processor (Central Processing Unit, CPU) 1, a memory 2, a peripheral 3 and a secure processor 4;
the processor 1 is a very large scale integrated circuit, and can be used for interpreting computer instructions and processing data in computer software. The processor 1 can virtualize a plurality of virtual machines 11 through a virtualization technology, and the operation positions and operation parameters of the plurality of virtual machines 11 can be configured according to actual user requirements and device states.
The secure processor 4 is a specially configured processor responsible for processing security related operations with the virtual machine, for example, the secure processor 4 may perform operations such as memory encryption and decryption (e.g., the secure processor encrypts the virtual machine initial data). The secure processor 4 generally has higher system authority and can directly access hardware resources of the system, such as system memory, peripherals and the like; meanwhile, in order to ensure the data security of the secure processor 4, the secure processor 4 may be configured with dedicated hardware resources such as a memory and a non-volatile memory (NVRAM), so as to ensure that the data in the secure processor cannot be tampered.
Processor 1 may configure a dedicated API (Application Programming Interface ) interface in communication with secure processor 4 to enable data interaction of processor 1 with secure processor 4. The data interaction between the processor and the secure processor may be implemented using an interrupt mechanism, for example, the sending process may trigger an interrupt for the sender, and the receiving party responds to the interrupt process, where the interrupt is accompanied by the data of the desired interaction.
Alternatively, the secure processor 4 may be provided off-chip from the processor 1 or may be integrated on-chip from the processor 1, in a preferred example the secure processor 4 may be integrated on-chip from the processor 1.
In this example, the secure processor may be caused to provide the metrics service. Based on the configuration of the safety processor with special hardware resources, the safety processor is adopted to provide measurement service, so that the data security of the measurement service provided by the safety processor can be ensured; based on the configuration of a special API interface between the safety processor and the processor, the safety of data transmission between the safety processor and the processor in the measurement process can be kept; and the security processor can directly access the system authority of the hardware resource of the system, such as the system memory, the peripheral equipment and the like, so as to conveniently realize the measurement of the measurement target.
As an alternative example, referring to the architecture diagram of the computer system shown in fig. 2, the secure processor 4 may include a metrology command processing module 41, a metrology target list 42, and a metrology engine 43. Wherein, the measurement command processing module 41 can process the measurement related command sent by the CPU and maintain the measurement target list 42, and the measurement target list is functionally used as the front end of measurement service; the measurement target list 42 is used for storing the set measurement targets and corresponding encryption information, address information, reference information, enabled state information, abnormal state information and the like, such as a master key, an address range, a reference value, abnormal measurement state information and the like corresponding to the measurement targets; the metrics engine 43 may implement periodic metrics on the metrics targets.
In the processor 1, a metrology software stack 12 for interacting with the secure processor 4 is correspondingly configured for encapsulating metrology services provided on the secure processor and providing a standard metrology interface API upwards after masking specific implementation details.
The program to be used as a measurement target may be an operating system loader, an operating system kernel, an operating system, and an application program running in the operating system of the virtual machine.
As an optional implementation, fig. 3 illustrates an optional method flow for generating a metric reference value for a program, where the method flow may be performed by the system architecture illustrated in fig. 2, specifically may be performed after the virtual machine is created and the program of the virtual machine is loaded, and referring to fig. 3, the method may include:
step S01: and the measurement software stack sends a sampling command for sampling the measurement reference value of the program, wherein the sampling command comprises a code start-stop address corresponding to the code of the program.
It can be understood that after the program is loaded, the code address of the program and the running parameter of the program are determined, and at this time, a sampling command is sent to sample the measurement reference value to obtain the measurement reference value, so that the measurement reference value caused by the uncertainty of the related data before the program is loaded is prevented from being difficult to determine, and the measurement of the program is realized.
The metrology software stack may invoke a sample command based on a command of a metrology service caller. The measurement service caller can be a program manager in the system or a security manager in the system, and optionally, the measurement service caller can also be an application program loader or a kernel module loader. Specifically, the measurement service caller may issue a corresponding command after detecting that the program is loaded, so that the measurement software stack invokes the sampling command, or after the measurement service caller issues the command, the measurement software stack detects whether the program is loaded, and invokes the sampling command after the program is loaded.
Based on the fact that the corresponding code start-stop addresses are uncertain before the program is loaded, and after the program is loaded, the corresponding code start-stop addresses are determined, and correspondingly, the code corresponding to the code start-stop addresses of the program are carried in the sampling command, so that the measurement range of the measurement is determined.
In an alternative example, the measurement command parameters of the command may also be encrypted or a check code generated to be checked before sending the sample command, so as to prevent the command data from being stolen and tampered with.
Step S02: the measurement command processing module acquires a sampling command for sampling a measurement reference value of the program;
after the metrology software stack sends a sample command, a corresponding metrology command processing module may receive the sample command, thereby obtaining the sample command.
It should be noted that, when the measurement command parameter of the command is encrypted or checked, the step may further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a check code to check the measurement command parameter.
Step S03: a measurement command processing module responds to the sampling command, measures codes in the code start-stop addresses, and sets a measurement value obtained by measurement as a measurement reference value of the program so as to measure whether the program is abnormal or not based on the measurement reference value;
the measurement reference value is used as a reference value for determining whether the program is abnormal or not in the measurement process of the program.
The code in the code start-stop address can be measured by adopting a preset algorithm to obtain a corresponding measurement value, and the measurement value is used as a measurement reference value.
After obtaining the measurement reference value corresponding to the program, the measurement reference value may be further stored in a measurement target list, where a measurement target corresponding to the program is stored in the measurement target list, and the measurement reference value corresponds to the measurement target. Wherein, in the measurement target list, when a measurement reference value corresponding to the measurement target exists, the measurement reference value is updated.
It should be noted that, after obtaining the measurement reference value corresponding to the program, the measurement command processing module further sends a response notification of the sampling command to the measurement software stack.
In an alternative example, the metric command processing module may further encrypt the metric response parameter of the response or generate a check code to verify before sending the response notification of the sampling command, thereby preventing the response data from being stolen and tampered with.
Step S04: the measurement software stack acquires a response notice of the sampling command;
the metrology software stack may obtain a response notification of a sample command by receiving the response notification of the sample command sent by the metrology command processing module.
The response notification of the sampling command is acquired, so that the program can be determined to set the measurement reference value, and further the measurement of the program can be indicated in the subsequent flow.
It should be noted that, when the corresponding metric response parameter is encrypted or a check code is generated to perform a check, the metric response parameter may be further decrypted or checked in this step, so as to obtain the metric response parameter of the response.
It can be seen that, in the embodiment of the invention, after the program is loaded, the measurement reference value used for determining whether the program is abnormal in the measurement process of the program is obtained by sampling, so that the measurement reference value corresponding to the program can be set in real time, the measurement of the program is realized, the measurement of the program is not limited to the measurement of the program with the measurement reference value set in advance, and the use is flexible and convenient.
And, based on the measurement reference value obtained after the program is loaded, the code or parameter change before the program is loaded does not need to be considered, so that the measurement management method disclosed by the embodiment of the application can be simultaneously applied to the program (such as a virtual machine program) with uncertain code storage positions, running parameters and the like before the program is loaded, and has a larger application range.
Further, the measurement reference value of the measurement target is usually obtained based on a preset algorithm, and based on safety consideration, different devices usually correspond to different calculation methods and parameters, if the measurement reference value is pre-calculated based on a mode of the prior art and is set in the measurement entity, the calculation process of the measurement reference value of the measurement target is complicated and inconvenient to use, and the sampling calculation of the measurement reference value is performed after the program is loaded, so that the process can be avoided, and the convenience of measuring the program is improved.
In an alternative example, after the program is loaded, before the metrology reference value sampling is performed, the creation of the metrology target may be further performed. Specifically, FIG. 4 illustrates an alternative method flow for creating a metrology target for a program, with reference to FIG. 4, the flow comprising:
Step S11: the measurement software stack sends a measurement target creation command of the program;
the measurement target creation command is used for creating a measurement target corresponding to the program in a measurement target list, so that based on the measurement target, relevant parameters corresponding to the measurement target, such as measurement reference values, state information, encryption information and the like of the measurement target, are recorded, and measurement of the measurement target is performed.
The measurement target creation command may be invoked by a measurement target creation command based on a command of a measurement service caller, specifically, the measurement service caller may issue a corresponding command after detecting that a program is loaded, so that a measurement software stack invokes the measurement target creation command, or after the measurement service caller issues a command, the measurement software stack detects whether the program is loaded, and invokes the measurement target creation command after the program is loaded.
It should be noted that, in order to enable the program to implement the creation of the corresponding metrology target, the metrology command parameter may not be encrypted or checked when the metrology target creation command is invoked.
Step S12: the measurement command processing module acquires a measurement target creation command of the program;
After the metrology software stack sends the metrology target creation command, a metrology command processing module may receive the metrology target creation command accordingly, thereby obtaining the metrology target creation command.
Step S13: a measurement command processing module responds to the measurement target creation command and creates a measurement target corresponding to the program in a measurement target list;
after the metrology targets corresponding to the program are created, the metrology command processing module may further perform initialization of the metrology targets to achieve initial configuration of the metrology targets.
It should be noted that, after the metrology target corresponding to the program is created, the metrology command processing module further sends a response notification of a metrology target creation command to the metrology software stack.
Step S14: the measurement software stack acquires a response notice of the measurement target creation command and determines to create the measurement target of the program;
the metrology software stack may obtain a response notification of a metrology target creation command by receiving a metrology target creation command response notification sent by a metrology command processing module.
And the measurement standard value, the code start-stop address and the measurement target are stored in the measurement target list in a corresponding way, and a measurement engine measures whether the program is abnormal or not based on data in the measurement target list.
It can be understood that in the prior art, a preset measurement target is usually created on dedicated hardware before a program is loaded, and further before the program is loaded, a measurement reference value, encryption information and the like corresponding to the measurement target are set, so that the measurement target cannot be dynamically created, deleted and the like, and thus adaptive adjustment of the measurement target cannot be performed. In this example, the measurement target may be created after the program is loaded, so that dynamic adjustment of the measurement target may be implemented.
In an optional example, after the metric command processing module creates the metric target, the metric command processing module may further negotiate to obtain a master key to encrypt or verify the related metric command, so as to avoid illegal invoking or tampering of the command, and secure the interface.
Specifically, referring to the flow shown in fig. 5, after the metric target is created based on fig. 4, before the metric reference value sampling is performed, steps S15 and S16 may be performed, so that the metric management requester negotiates with the metric management executor to obtain a master key, and stores the master key, thereby implementing encryption or verification of the metric-related command by using the master key. The measurement management requester may be a CPU side, and may specifically be a measurement software stack. Specifically, the metric command processing module may negotiate with the metric software stack to obtain a master key, and store the master key on the metric command processing module side in the metric target list correspondingly.
The master key may provide a basis for encryption or authentication of subsequent interactions. The specific negotiation process may be performed according to a key negotiation protocol (e.g., ECDH, SM 2), and the master key may be used for authorization protection of the command. Alternatively, the master key may be bound to the metrology task within the secure processor.
In an alternative example, after the measurement reference value sampling is performed, the start control of the measurement task may be further performed. Specifically, FIG. 6 illustrates an alternative method flow for starting and stopping a metrology process, and with reference to FIG. 6, the flow includes:
step S21: the measurement software stack sends a measurement starting command of the program;
after sampling the metrology reference value, the metrology tasks for the program may be performed. Wherein the start metric command is used to instruct the metric command processing module to initiate a metric task of a program.
The measurement software stack may call a start measurement command of the program based on a command of a measurement service caller and send the start measurement command, or may call the start measurement command of the program and send the start measurement command after detecting a response notification of a sampling command of the program.
In an alternative example, before sending the start metric command, the metric command parameters of the command may be encrypted or a check code may be generated to check, so as to prevent command data from being stolen and tampered with.
Step S22: the measurement command processing module acquires a measurement command of starting the program;
after the metrology software stack sends the start metrology command, a corresponding metrology command processing module may receive the start metrology command, thereby obtaining the start metrology command.
It should be noted that, when the step of encrypting or checking is performed on the measurement command parameter of the command, the step may further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a check code to check the measurement command parameter.
Step S23: and the measurement command processing module is used for responding to the start measurement command of the program, and updating the enabling state of the measurement target corresponding to the program in the measurement target list to be yes.
The enabled state of the metrology target is yes, and is used for instructing a metrology engine to perform a metrology task on the metrology target. Alternatively, the measurement task may measure the measurement target periodically.
And storing the enabling state of the measurement target in a measurement target list, and correspondingly, updating the enabling state of the corresponding measurement target in the measurement target list to be yes.
Correspondingly, when the measurement engine executes the measurement task and determines that the enabling state corresponding to the measurement target is yes, the measurement engine executes the measurement of the codes in the code start-stop addresses corresponding to the measurement target. In an alternative example, the metrology engine may be caused to perform metrology of metrology targets and, when the metrology result is anomalous, cause the metrology engine to send anomaly state information to the metrology software stack and update the anomaly state information to a metrology target list.
It should be noted that, after updating the enabled state of the metrology target to be yes, the metrology command processing module further sends a response notification of a start metrology command to the metrology software stack.
In an alternative example, the metric command processing module may further encrypt the metric response parameter of the response or generate a check code to verify before sending the response notification to begin the metric command, thereby preventing theft and tampering of the response data.
Step S24: the measurement software stack acquires a response notice of the start measurement command and determines that the enabling state of the measurement target corresponding to the program is yes;
The metrology software stack may obtain a response notification of a start metrology command by receiving a start metrology command response notification sent by a metrology command processing module.
It should be noted that, when the corresponding metric response parameter is encrypted or a check code is generated to perform a check, the metric response parameter may be further decrypted or checked in this step, so as to obtain the metric response parameter of the response.
Accordingly, in this example, stopping control of the metrology task may be further performed, and with continued reference to fig. 6, the process includes:
step S25: the measurement software stack sends a stop measurement command of the program;
after the metrology task is started, the present example may further stop the metrology task. Wherein the stop metric command is used for instructing the metric command processing module to stop the metric task of the program.
The measurement software stack can call a stop measurement command of the program based on a command of a measurement service caller and send the stop measurement command, and can call the stop measurement command of the program and send the stop measurement command according to a preset condition. For example, the metric software stack may invoke a stop metric command of a program according to a state of the program, e.g., may invoke the stop metric command of the program when the program is set to a sleep state.
Alternatively, encryption or verification of the metric command parameters of the stop metric command may be performed before the command is sent.
Step S26: the measurement command processing module acquires a stop measurement command of the program;
after the metrology software stack sends the stop metrology command, a corresponding metrology command processing module may receive the stop metrology command, thereby obtaining the stop metrology command.
Optionally, when the step of encrypting or checking the measurement command parameter is performed, the step may further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a check code to check the measurement command parameter.
Step S27: and the measurement command processing module responds to a stop measurement command of the program, and updates the enabling state of the measurement target corresponding to the program in the measurement target list to be no.
And the enabling state of the measurement target is NO, and the enabling state is used for indicating a measurement engine to stop the measurement target from executing the measurement task. The enabling state of the measurement target may be stored in a measurement target list, and accordingly, the enabling state of the corresponding measurement target in the measurement target list may be updated to be no.
Correspondingly, when the measurement engine executes the measurement task and determines that the enabling state corresponding to the measurement target is NO, the measurement engine stops executing the measurement of the codes in the code start-stop addresses corresponding to the measurement target. And stopping the measurement target to execute the measurement task, and not deleting the information (such as address range information and measurement reference value) corresponding to the measurement target, wherein after stopping the measurement task, the measurement software stack can still resume executing the corresponding measurement task on the measurement target through a measurement starting command.
It should be noted that, after updating the enabled state of the metrology target to be no, the metrology command processing module further sends a response notification of stopping the metrology command to the metrology software stack.
Optionally, before sending the notification of the response of the sampling command, the response may also be encrypted or verified with a metric response parameter.
Step S28: the measurement software stack acquires a response notice of the stopping measurement command and determines whether the enabling state of the measurement target corresponding to the program is updated;
the metrology software stack may obtain a response notification of a stop metrology command by receiving a stop metrology command response notification sent by a metrology command processing module.
Optionally, when the metric response parameter is encrypted or a check code is generated to check, the metric response parameter may be further decrypted or checked in this step, so as to obtain the metric response parameter of the response.
It can be appreciated that in the prior art, a measurement task corresponding to a measurement target is generally automatically performed based on creating a preset measurement target and related parameters on dedicated hardware, so that the measurement target cannot be dynamically started, stopped, and the like, and thus cannot be adjusted. In this example, the adjustment of the enabling state of the metrology target may be performed after the metrology reference value is sampled, so that the adaptive adjustment of the metrology task may be implemented.
In an alternative example, the respective metrology targets may be further deleted after they are created. Specifically, fig. 7 shows an alternative method flow of deleting a measurement target corresponding to a program, and referring to fig. 7, the flow includes:
step S31: the measurement software stack sends an ending measurement command of the program;
after creating the corresponding metrology tasks, the metrology tasks for the program may be ended. Wherein the end metric command is used for indicating the metric command processing module to end the metric task of the program.
The measurement software stack may call an end measurement command of the program based on a command of a measurement service caller and send the end measurement command, or call an end measurement command of the program according to a preset condition and send the end measurement command. For example, the metrology software stack may invoke an end metrology command for a program based on a state of the program, e.g., may invoke an end metrology command for a program when the program is set to an end state.
Optionally, before sending the end measurement command, the measurement command parameter of the command may be encrypted or a check code may be generated to check, so as to prevent command data from being stolen and tampered.
Step S32: the measurement command processing module acquires an ending measurement command of the program;
after the metrology software stack sends the end metrology command, a corresponding metrology command processing module may receive the end metrology command, thereby obtaining an end metrology command.
When the encryption or verification step is performed on the measurement command parameter of the command, the step can further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a verification code for verification.
Step S33: and the measurement command processing module responds to the ending measurement command of the program, and deletes the measurement target corresponding to the program and the data information corresponding to the measurement target in the measurement target list.
The end metric command is configured to delete the metric target and the data information corresponding to the metric target, where the data information includes a master key, an address range, a reference value, and the like corresponding to the metric target, and in an optional example, the metric target further corresponds to a random number for information verification, and correspondingly, when the metric command is ended correspondingly, the random number is also deleted simultaneously.
And when the measurement command processing module responds to the ending measurement command of the program, deleting the measurement target and the corresponding data information thereof in the measurement target list.
In an optional example, the deleting the metric object and the corresponding data information may further destroy the metric object and the corresponding data information.
It should be noted that, after deleting the measurement target and the data information corresponding to the measurement target, the measurement command processing module further sends a response notification of ending the measurement command to the measurement software stack.
Optionally, before sending the response notification of ending the metric command, the metric command processing module may encrypt the metric response parameter of the response or generate a check code to check, so as to prevent the response data from being stolen and tampered.
Step S34: the measurement software stack acquires a response notice of the ending measurement command, and determines to delete a measurement target corresponding to the program and data information corresponding to the measurement target;
the metrology software stack may obtain a response notification of a stop metrology command by receiving a stop metrology command response notification sent by a metrology command processing module.
Optionally, when the corresponding metric response parameter is encrypted or a check code is generated to perform verification, the step may further decrypt or verify the metric response parameter, so as to obtain the metric response parameter of the response.
It can be appreciated that in the prior art, a measurement task corresponding to a measurement target is automatically performed, generally based on creating a preset measurement target and related parameters on dedicated hardware, so that the measurement target cannot implement a corresponding deletion procedure, and thus cannot be adjusted. In this example, the metric targets may be deleted after they are created, so that adaptive adjustment of the metric targets may be achieved.
In an alternative example, after measuring the corresponding measurement target, when the measurement result is abnormal, the measurement software stack may further be caused to query abnormal state information of the corresponding measurement target to confirm the state of the measurement target. Specifically, fig. 8 shows an alternative method flow for querying an abnormal state of a metrology target, and referring to fig. 8, the flow includes:
step S41: the measurement software stack sends a measurement state query command of the program;
the measurement state inquiry command is used for indicating the measurement object state information corresponding to the measurement command processing module inquiry program.
In an optional example, when the measurement engine measures the measurement target, if the measurement result is abnormal, the measurement engine updates the abnormal state information to the measurement target list, and notifies the CPU to perform abnormal processing, so that the measurement engine can send the abnormal state information to the measurement software stack and the measurement software stack performs measurement state query for confirming that the measurement target is abnormal.
After receiving the abnormal state information that the measurement result is abnormal, the measurement software stack can trigger the measurement software stack to call the measurement state query command of the program and send the ending measurement command to the measurement command processing module.
The measurement software stack inquires the abnormal state information of the measurement target and is used for determining whether the abnormal state information of the measurement target is true or not.
Optionally, before sending the measurement state query command, the measurement command parameter of the command is encrypted or a check code is generated to check, so that the command data is prevented from being stolen and tampered.
Step S42: the measurement command processing module acquires a measurement state query command of the program;
after the metrology software stack sends a metrology state query command, a corresponding metrology command processing module may receive the metrology state query command.
Optionally, when the step of encrypting or checking the measurement command parameter of the command is performed, the step may further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a check code to check the measurement command parameter.
Step S43: and the measurement command processing module responds to a measurement state query command of the program, and queries the measurement target list to obtain the state of the measurement target corresponding to the program.
After querying the state of the metrology target, the metrology command processing module further sends a response notification including state information of the metrology target to the metrology software stack.
Optionally, before sending the response notification, the metric command processing module may encrypt the metric response parameter of the response or generate a check code to check, so as to prevent the response data from being stolen and tampered.
Step S44: the measurement software stack obtains the response notice of the measurement state inquiry command and determines the abnormal state information of the measurement target;
the measurement software stack can acquire the state information of the measurement target by receiving the measurement state query command response notification sent by the measurement command processing module, and confirms whether the measurement result of the measurement target is abnormal.
And when the measurement result of the measurement target is abnormal, performing abnormal processing of the corresponding program, such as stopping the program, and when the measurement result of the measurement target is not abnormal, ending the flow.
Optionally, when the corresponding metric response parameter is encrypted or a check code is generated to perform verification, the step may further decrypt or verify the metric response parameter, so as to obtain the metric response parameter of the response.
It can be understood that whether the measurement result of the measurement target is abnormal is confirmed, so that the possibility of attacking the system by using false measurement state information is avoided, and the safety of the system is improved.
In an alternative example, security protection of the interface may be implemented in a verification manner.
Specifically, as shown in fig. 9, an authorized protection domain is attached to each of the metric command parameters and the metric response parameters except for the creation of the metric command, and the authorized protection domain may include a random number and a check code.
The random Number is used for participating in calculation to generate a check code in the authorized protection domain, the random Number may be a Nonce random Number (i.e. an arbitrary or non-repeated random Number used only once), the random Number in the measurement command parameter may be a random Number of the measurement service caller on the CPU, and the random Number in the measurement response parameter may be a random Number corresponding to the measurement task on the secure processor. The CPU measures the caller and updates the random number after finishing a response authentication, namely the random number corresponding to the measurement command parameter updates the random number once after checking the measurement response parameter data once, the security processor updates the random number corresponding to the measurement task after finishing a measurement command authentication, namely the random number corresponding to the measurement response parameter updates the random number once after checking the measurement command parameter once, and the application of the random number can effectively prevent replay attack.
The check code is used to confirm that the command or response has not been tampered with, while enabling authorization to invoke the command operation specified metrology task. Wherein the check code may be an HMAC authorization code (Hash Message Authentication Code, hashed message authorization code), and the elements of the check code that participate in the calculation to generate the corresponding metrology command parameters may include: a measurement command parameter, a random number corresponding to the last measurement response parameter, and one or more parameters in the consistency key; the elements of the check code that participate in the calculation to generate the corresponding metric response parameters may include: the response parameters are measured, the bar responds to the random numbers in the corresponding command, the bar measures the random numbers corresponding to the response parameters, and one or more parameters in the consistency key. The coherence key is typically derived from the master key.
In an alternative example, the generation of the authorized protection domain on the CPU, and the corresponding encryption and verification of the associated commands and responses, may be accomplished by the metrology software stack, thereby simplifying the use of metrology services.
In an alternative example, a verification process of the related command is provided, and in particular, referring to fig. 10, the verification process of the command may include:
Step S51: the measurement software stack generates a check code of the measurement command parameter to obtain measurement command parameter data;
after the related command is called by the metric software stack, and before the related command is sent, a check code corresponding to the metric command parameter can be generated based on the metric command parameter, the random number corresponding to the last metric response parameter and one or more parameters in the consistency secret key.
After the check code of the measurement command parameter is generated, the measurement command parameter data is formed by the measurement command parameter, the check code and the random number corresponding to the measurement service caller, and the measurement command parameter data is sent.
Wherein the metric command parameter may be a command parameter in a sample command, a start metric command, a stop metric command, an end metric command, or a metric state query command.
Step S52: the metrology command processing module receives metrology command parameter data.
Step S53: and the measurement command processing module checks the measurement command parameter data according to the check code to determine measurement command parameters corresponding to the measurement command.
Based on the measurement command parameter in the measurement command parameter data, the random number corresponding to the measurement command parameter, and the random number and the consistency key corresponding to the last measurement response parameter in the secure processor, verification of the check code can be achieved.
In another alternative example, a verification procedure of the relevant response is provided, and in particular, referring to fig. 11, the verification procedure of the response may include:
step S54: the measurement command processing module generates a check code of the measurement response parameter to obtain measurement response parameter data;
after the measurement command processing module responds to the related command, and before sending the related response notification, a check code corresponding to the measurement command parameter can be generated based on the measurement response parameter, the random number in the command corresponding to the measurement command parameter, the random number corresponding to the measurement command parameter and one or more parameters in the consistency secret key.
After the check code of the metric response parameter is generated, the metric response parameter data is formed by the metric response parameter, the check code and the random number corresponding to the metric command parameter, and the metric response parameter data is sent.
The metric response parameter may be a response parameter obtained in response to the sampling command, the start metric command, the stop metric command, the end metric command, or the metric state query command.
Step S55: the metrology software stack receives metrology response parameter data.
Step S56: and the measurement response software stack checks the measurement response parameter data according to the check code, and determines measurement command parameters corresponding to measurement response.
Based on the measurement response parameters in the measurement response parameter data, the random number corresponding to the measurement response parameters, the random number corresponding to the last measurement response parameter on the CPU side and the consistency secret key, verification of the check code can be achieved.
In an alternative example, the embodiment of the present invention further provides a measurement procedure of the measurement engine, specifically, referring to fig. 12, the measurement procedure of the measurement target may include:
step S61: acquiring a measurement target;
the metrology engine may periodically obtain metrology targets from a metrology target list to measure the metrology targets.
It can be understood that, while the acquisition of the measurement target is performed, the start and stop addresses of the codes corresponding to the measurement target are also acquired from the measurement target list, so as to facilitate the measurement of the program codes.
Step S62: an enable state of the metrology target is determined, and whether the metrology target is enabled is determined.
Alternatively, the metrics engine may query the list of metrics targets for the enabled state of the metrics targets to determine if the metrics targets are enabled.
If the enabling state of the measurement target is yes, continuing to execute the subsequent steps, and measuring the measurement target; if the enabled state of the measurement target is no, the process returns to step S61 to reacquire the measurement target.
Step S63: and measuring the measurement target to obtain a measurement value of the measurement target.
The metrics are typically implemented by computing a Hash value of the metric object from which it can be determined whether the metric object has been tampered with, in this example the Hash algorithm may be SM3, SHA1 or SHA256.
Step S64: and comparing the measurement value of the measurement target with the measurement reference value to determine whether the measurement target is abnormal.
When the measurement target is abnormal, step S65 is executed, and when the measurement target is not abnormal, step S61 is returned to, and the measurement target is acquired again.
Step S65: and sending out an exception handling notification and updating the exception state information of the measurement target.
When the measurement target is abnormal, an abnormal processing notification is sent to the CPU side, and meanwhile, the abnormal state information of the corresponding measurement target in the measurement target list is updated to be abnormal.
The embodiment of the invention samples after the program is loaded to obtain the measurement reference value for determining whether the program is abnormal in the measurement process of the program, thereby being capable of setting the measurement reference value corresponding to the program in real time, realizing the measurement of the program without being limited to the measurement of the program with the measurement reference value set in advance, and being flexible and convenient to use.
And, based on the measurement reference value obtained after the program is loaded, the code or parameter change before the program is loaded does not need to be considered, so that the measurement management method disclosed by the embodiment of the invention can be simultaneously applied to the program (such as a virtual machine program) with uncertain code storage positions, running parameters and the like before the program is loaded, and has a larger application range.
Optionally, an embodiment of the present invention may further provide a secure processor, where the secure processor is configured to perform the above method for metric management based on a secure processor angle.
Optionally, an embodiment of the present invention may further provide a secure processor, where the secure processor may include a metric command processing module, a metric target list, and a metric engine, where the metric command processing module is configured to execute the foregoing method for managing metrics based on the angle of the secure processor, the metric target list is configured to store a metric target and data information corresponding to the metric target, and the metric engine is configured to execute a metric on the metric target according to the metric target list.
Optionally, an embodiment of the present invention may further provide a processor, where the processor is configured to perform the above method for metric management based on a processor angle.
Optionally, an embodiment of the present invention may further provide a processor, where the processor includes a metric software stack, and the metric software stack is configured to perform the foregoing method for managing metrics based on a processor angle.
Optionally, an embodiment of the present invention may further provide a computer system, including: any of the secure processors described above and any of the processors described above.
Optionally, an embodiment of the present invention may further provide a storage medium, where the storage medium may store a program for implementing the above-mentioned secure processor angle-based metric management method, or a program for implementing the above-mentioned processor angle-based metric management method.
The foregoing describes several embodiments of the present invention, and the various alternatives presented by the various embodiments may be combined, cross-referenced, with each other without conflict, extending beyond what is possible embodiments, all of which are considered to be embodiments of the present invention disclosed and disclosed.
Although the embodiments of the present invention are disclosed above, the present invention is not limited thereto. Various changes and modifications may be made by one skilled in the art without departing from the spirit and scope of the invention, and the scope of the invention should be assessed accordingly to that of the appended claims.

Claims (24)

1. A method of metric management, applied to a secure processor, comprising:
after a program is loaded, acquiring a measurement target creation command of the program;
creating a metrology target corresponding to the program in a metrology target list in response to the metrology target creation command;
acquiring a sampling command for sampling a measurement reference value of the program, wherein the sampling command comprises a code start-stop address corresponding to a code of the program;
measuring codes in the code start-stop addresses in response to the sampling command, and setting a measured measurement value as a measurement reference value of the program to measure whether the program is abnormal or not based on the measurement reference value;
the measurement standard value, the code start-stop address, the enabling state of the measurement target, the main key of the measurement target and the measurement target are correspondingly stored in the measurement target list, and a measurement engine measures whether the program is abnormal or not based on data in the measurement target list; the enabling state of the measurement target is used for indicating a measurement engine to stop or execute the measurement task of the measurement target; the master key of the metrology target is used to encrypt or verify the metrology related commands.
2. The method according to claim 1, further comprising, after creating a metrology target corresponding to the program in a metrology target list, before the acquiring a sample command:
negotiating with a measurement management requester to obtain a master key corresponding to the measurement target, wherein the master key is used for encrypting or verifying interaction data with the measurement management requester;
the master key is stored in the measurement target list, and the master key is stored corresponding to the measurement target.
3. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring a start measurement command of the program;
and in response to a start measurement command of the program, updating the enabling state of the measurement target corresponding to the program in the measurement target list to be yes, wherein the enabling state of the measurement target is yes and is used for indicating a measurement engine to execute measurement tasks on the measurement target.
4. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring a stop measurement command of the program;
And in response to a stopping measurement command of the program, updating whether the enabling state of the measurement target corresponding to the program is in the measurement target list, and indicating that a measurement engine stops the measurement task of the measurement target if the enabling state of the measurement target is in the NO state.
5. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring a measurement state query command of the program;
inquiring abnormal state information of a measurement target corresponding to the program in the measurement target list in response to a measurement state inquiry command of the program;
and sending a response notice of the measurement state query command, wherein the response notice comprises abnormal state information of the measurement target.
6. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring an ending measurement command of the program;
and deleting a measurement target corresponding to the program and data information corresponding to the measurement target in the measurement target list in response to an ending measurement command of the program.
7. The method of claim 2, wherein after storing the master key in the metrics goal list, the method further comprises:
receiving measurement command parameter data, wherein the measurement command parameter data comprises measurement command parameters, a check code and a random number of a measurement service caller, and the check code is generated according to one or more parameters of the measurement command parameters, the random number corresponding to the last measurement response parameter and a consistency secret key; the consistency secret key is derived from the master secret key; the measurement command parameter is a command parameter in a sampling command, a start measurement command, a stop measurement command, an end measurement command or a measurement state query command;
and according to the check code, checking the measurement command parameter data to determine the measurement command parameter of the corresponding command.
8. The method of claim 7, wherein after storing the master key in the metrics goal list, the method further comprises:
generating a check code of a measurement response parameter to obtain measurement response parameter data, wherein the measurement response parameter data comprises measurement response parameters, the check code and random numbers corresponding to measurement response, the check code is generated according to the measurement response parameters, the random numbers in a command corresponding to the measurement response parameters, the random numbers corresponding to the measurement response parameters and one or more parameters in a consistency secret key; the measurement response parameters are response parameters obtained after responding to the sampling command, the start measurement command, the stop measurement command, the end measurement command or the measurement state query command;
And sending the measurement response parameter data.
9. The method of claim 8, wherein the random number corresponding to the metric command parameter is updated once per check of the metric response parameter data, and the random number corresponding to the metric response parameter is updated once per check of the metric command parameter.
10. A method of metric management, applied to a processor, comprising:
after a program is loaded, a measurement target creation command of the program is sent, wherein the measurement target creation command is used for indicating to create a measurement target corresponding to the program in a measurement target list;
acquiring a response notice of the measurement target creation command, and determining to create a measurement target of the program;
a sampling command is sent, the sampling command comprises a code start-stop address corresponding to the code of the program, the sampling command is used for indicating to sample the code in the code start-stop address, and a measurement value obtained by sampling is set as a measurement reference value of the program so as to measure whether the program is abnormal or not based on the measurement reference value;
acquiring a response notice of the sampling command, and determining that the program sets the measurement reference value;
The measurement standard value, the code start-stop address, the enabling state of the measurement target, the main key of the measurement target and the measurement target are correspondingly stored in the measurement target list, and a measurement engine measures whether the program is abnormal or not based on data in the measurement target list; the enabling state of the measurement target is used for indicating a measurement engine to stop or execute the measurement task of the measurement target; the master key of the metrology target is used to encrypt or verify the metrology related commands.
11. The method of claim 10, further comprising, after obtaining a response notification of the metrology target creation command, prior to sending a sample command:
negotiating with a measurement management executive party to obtain a master key corresponding to the program, wherein the master key is used for encrypting or verifying interaction data with the measurement management executive party;
storing a master key corresponding to the program.
12. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
transmitting a start measurement command of the program, wherein the start measurement command is used for indicating that the enabling state of a measurement target corresponding to the program is updated in the measurement target list, and the enabling state of the measurement target is yes and is used for indicating a measurement engine to execute a measurement task on the measurement target;
And acquiring response notification of the start measurement command, and determining that the enabling state of the measurement target corresponding to the program is yes.
13. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
a stopping measurement command of the program is sent, the stopping measurement command is used for indicating whether the enabling state of the measurement target corresponding to the program is updated in the measurement target list, and the enabling state of the measurement target is not used for indicating a measurement engine to stop the measurement task of the measurement target;
and acquiring response notification of the stopping measurement command, and determining whether the enabling state of the measurement target corresponding to the program is updated.
14. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
a measurement state query command of the program is sent, and the measurement state query command is used for indicating to query abnormal state information of a measurement target corresponding to the program in the measurement target list;
and acquiring response notification of the measurement state query command, and determining abnormal state information of the measurement target.
15. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
transmitting an end metric command of the program, wherein the end metric command is used for indicating to delete a metric target corresponding to the program in the metric target list and data information corresponding to the metric target;
and acquiring a response notice of the ending measurement command, determining to delete a measurement target corresponding to the program, and determining data information corresponding to the measurement target.
16. The method of claim 11, wherein after storing the master key corresponding to the program, the method further comprises:
generating a check code of the measurement command parameter to obtain measurement command parameter data; the measurement command parameter data comprises measurement command parameters, check codes and random numbers of measurement service callers, wherein the check codes are generated according to one or more parameters of the measurement command parameters, the random numbers corresponding to the last measurement response parameters and the consistency secret keys; the consistency secret key is derived from the master secret key; the measurement command parameter is a command parameter in a sampling command, a start measurement command, a stop measurement command, an end measurement command or a measurement state query command;
And sending the measurement command parameter data.
17. The method of claim 16, wherein after storing the master key corresponding to the program, the method further comprises:
receiving a check code of a metric response parameter to obtain metric response parameter data, wherein the metric response parameter data comprises the metric response parameter, the check code and a random number corresponding to the metric response, and the check code is generated according to the metric response parameter, the random number in a command corresponding to the response, the random number corresponding to the metric response parameter and one or more parameters in a consistency secret key; the measurement response parameters are response parameters obtained after responding to a sampling command, a start measurement command, a stop measurement command, an end measurement command or a measurement state query command;
and according to the check code, checking the metric response parameter data, and determining the metric response parameter of the corresponding response.
18. The method of claim 17, wherein the random number corresponding to the metric command parameter is updated once per check of the metric response parameter data, and the random number corresponding to the metric response parameter is updated once per check of the metric command parameter.
19. A security processor for performing the metric management method of any of claims 1 to 9.
20. A security processor, characterized in that the security processor comprises a metric command processing module for executing the metric management method of any one of claims 1 to 9, a metric target list for storing metric targets and data information corresponding to the metric targets, and a metric engine for executing metrics on the metric targets according to the metric target list.
21. A processor for performing the metric management method of any of claims 10 to 18.
22. A processor, characterized in that it comprises a metrics software stack for executing the metrics management method of any of claims 10-18.
23. A computer system, comprising: a secure processor as claimed in any one of claims 19 to 20 and a processor as claimed in any one of claims 21 to 22.
24. A storage medium storing a program for implementing the metric management method according to any one of claims 1 to 9, or a program for implementing the metric management method according to any one of claims 10 to 18.
CN202011138070.5A 2020-10-22 2020-10-22 Measurement management method and related equipment Active CN112256390B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011138070.5A CN112256390B (en) 2020-10-22 2020-10-22 Measurement management method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011138070.5A CN112256390B (en) 2020-10-22 2020-10-22 Measurement management method and related equipment

Publications (2)

Publication Number Publication Date
CN112256390A CN112256390A (en) 2021-01-22
CN112256390B true CN112256390B (en) 2023-08-29

Family

ID=74263522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011138070.5A Active CN112256390B (en) 2020-10-22 2020-10-22 Measurement management method and related equipment

Country Status (1)

Country Link
CN (1) CN112256390B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113157543B (en) * 2021-05-14 2023-07-21 海光信息技术股份有限公司 Trusted measurement method and device, server and computer readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515316A (en) * 2008-02-19 2009-08-26 北京工业大学 Trusted computing terminal and trusted computing method
CN104298917A (en) * 2014-11-14 2015-01-21 北京航空航天大学 Virtual machine application program completeness measuring method based on TPM
CN109716345A (en) * 2016-04-29 2019-05-03 普威达有限公司 Computer implemented privacy engineering system and method
CN110024330A (en) * 2016-12-30 2019-07-16 英特尔公司 The service of IoT device is provided
CN111164952A (en) * 2017-11-16 2020-05-15 英特尔公司 Distributed software-defined industrial system
CN111638936A (en) * 2020-04-16 2020-09-08 中国科学院信息工程研究所 Virtual machine static measurement method and device based on built-in security architecture

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515316A (en) * 2008-02-19 2009-08-26 北京工业大学 Trusted computing terminal and trusted computing method
CN104298917A (en) * 2014-11-14 2015-01-21 北京航空航天大学 Virtual machine application program completeness measuring method based on TPM
CN109716345A (en) * 2016-04-29 2019-05-03 普威达有限公司 Computer implemented privacy engineering system and method
CN110024330A (en) * 2016-12-30 2019-07-16 英特尔公司 The service of IoT device is provided
CN111164952A (en) * 2017-11-16 2020-05-15 英特尔公司 Distributed software-defined industrial system
CN111638936A (en) * 2020-04-16 2020-09-08 中国科学院信息工程研究所 Virtual machine static measurement method and device based on built-in security architecture

Also Published As

Publication number Publication date
CN112256390A (en) 2021-01-22

Similar Documents

Publication Publication Date Title
US10204241B2 (en) Theft and tamper resistant data protection
CN109522726B (en) Authentication method for applet, server and computer readable storage medium
KR100737628B1 (en) Attestation using both fixed token and portable token
TWI598814B (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (uefi)-compliant firmware
JP3999655B2 (en) Method and apparatus for access control with leveled security
US8352740B2 (en) Secure execution environment on external device
CN111654367B (en) Method for cryptographic operation and creation of working key, cryptographic service platform and device
EP1648109A2 (en) Initializing, maintaining, updating and recovering secure operation within ans integrated system employing a data access control function
US9961048B2 (en) System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading
US20040117318A1 (en) Portable token controlling trusted environment launch
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
JPWO2008035450A1 (en) One-time ID authentication
EP3516573A1 (en) Version control for trusted computing
US7603566B2 (en) Authenticated process switching on a microprocessor
US8132021B2 (en) Information processing apparatus, control method therefor and computer-readable storage medium
CN112256390B (en) Measurement management method and related equipment
CN112256392B (en) Measurement method, measurement device and related equipment
CN112257064B (en) Nested page table measurement method, device and related equipment
KR101107056B1 (en) Method for protecting important information of virtual machine in cloud computing environment
US11641281B2 (en) Hashing values using salts and peppers
CN109891823B (en) Method, system, and non-transitory computer readable medium for credential encryption
CN112182669A (en) System and method for storing data records to be protected
CN110932853B (en) Key management device and key management method based on trusted module
Scandariato et al. Application-oriented trust in distributed computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant