CN112257064A - Nested page table measurement method, device and related equipment - Google Patents
Nested page table measurement method, device and related equipment Download PDFInfo
- Publication number
- CN112257064A CN112257064A CN202011195443.2A CN202011195443A CN112257064A CN 112257064 A CN112257064 A CN 112257064A CN 202011195443 A CN202011195443 A CN 202011195443A CN 112257064 A CN112257064 A CN 112257064A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- page table
- nested page
- exception
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000691 measurement method Methods 0.000 title claims description 5
- 238000000034 method Methods 0.000 claims abstract description 77
- 230000002159 abnormal effect Effects 0.000 claims abstract description 64
- 230000008569 process Effects 0.000 claims abstract description 21
- 238000005259 measurement Methods 0.000 claims description 109
- 230000015654 memory Effects 0.000 claims description 44
- 238000012790 confirmation Methods 0.000 claims description 37
- 230000006854 communication Effects 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 9
- 230000005856 abnormality Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the invention provides a nested page table measuring method, a nested page table measuring device and related equipment, wherein a safety processor can measure the NPT of a virtual machine when the virtual machine is in a running state, obtain the NPT measuring result of the virtual machine, and send an exception notification to the virtual machine when the NPT measuring result is abnormal, so that the virtual machine executes the exception handling process of the virtual machine based on the exception notification, the integrity of the NPT of the virtual machine is ensured, and the safety of the virtual machine is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of trusted measurement, in particular to a nested page table measurement method, a nested page table measurement device and related equipment.
Background
Through Virtualization technology (Virtual Machine, VM), a physical host can virtualize a plurality of Virtual machines, so that hardware resources of the physical host are utilized to the maximum extent; each virtualized virtual machine may be allocated memory (space), and the memory allocated by each virtual machine may be loaded with virtual machine code for supporting the operation of the virtual machine.
In the current virtualization technology, a Nested Page Table (NPT) of a virtual machine is maintained by a host, so that the host can tamper with information of the Page Table of the virtual machine, and in combination with other attack technologies, the virtual machine leaks confidential information or executes unauthorized codes, thereby threatening the security of the memory data of the virtual machine.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a related device for measuring a nested page table, so as to improve security of a virtual machine.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
in a first aspect, an embodiment of the present invention provides a nested page table metric method, applied to a secure processor, including:
detecting the state of the virtual machine;
when the virtual machine is in a running state, measuring the NPT of the virtual machine to obtain an NPT measurement result of the virtual machine;
and when the NPT measurement result is abnormal, sending an abnormal notification to the virtual machine.
In a second aspect, an embodiment of the present invention provides a nested page table metric method, applied to a virtual machine, including:
acquiring an exception notification sent by a security processor;
and executing an exception handling process of the virtual machine based on the exception notification.
In a third aspect, an embodiment of the present invention provides a nested page table metric apparatus, including:
the detection module is used for detecting the state of the virtual machine;
the measurement module is used for measuring the NPT of the virtual machine when the virtual machine is in an operating state to obtain an NPT measurement result of the virtual machine;
and the abnormal notification sending module is used for sending an abnormal notification to the virtual machine when the NPT measurement result is abnormal.
In a fourth aspect, an embodiment of the present invention provides a nested page table metric apparatus, including:
the exception notification acquisition module is used for acquiring exception notifications sent by the security processor;
and the exception processing execution module is used for executing the exception processing flow of the virtual machine based on the exception notification.
In a fifth aspect, an embodiment of the present invention provides a secure processor, configured to execute the nested page table metric method according to the first aspect.
In a sixth aspect, an embodiment of the present invention provides a secure processor, where the secure processor includes a nested page table metric module, and the nested page table metric module is configured to execute the nested page table metric method according to the first aspect.
In a seventh aspect, an embodiment of the present invention provides a virtual machine, configured to execute the nested page table metric method in the second aspect.
In an eighth aspect, an embodiment of the present invention provides a virtual machine, where the virtual machine includes an exception handling module, and the exception handling module is configured to execute the nested page table metric method according to the second aspect.
In a ninth aspect, an embodiment of the present invention provides a storage medium, where the storage medium stores a program for implementing the nested page table metric method according to the first aspect, or a program for implementing the nested page table metric method according to the second aspect.
In a tenth aspect, an embodiment of the present invention provides a computer system, including: a secure processor according to any of the fifth to sixth aspects and a virtual machine according to any of the seventh to eighth aspects.
The nested page table measuring method, the nested page table measuring device and the related equipment provided by the embodiment of the invention have the advantages that the safety processor can measure the NPT of the virtual machine when the virtual machine is in the running state, obtain the NPT measuring result of the virtual machine, and send the exception notification to the virtual machine when the NPT measuring result is abnormal, so that the virtual machine executes the exception handling process of the virtual machine based on the exception notification, the integrity of the NPT of the virtual machine is ensured, and the safety of the virtual machine is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a system architecture diagram of a virtualized environment according to an embodiment of the invention;
FIG. 2 is a system architecture diagram of a virtualized environment in accordance with an embodiment of the invention;
FIG. 3 is an alternative flow diagram of the present invention for starting and running a virtual machine;
FIG. 4 is a flow chart of an alternative method of NPT measurement in accordance with an embodiment of the present invention;
FIG. 5 is a flowchart of an alternative method for a virtual machine to perform exception handling in accordance with an embodiment of the present invention;
FIG. 6 is a flowchart of an alternative method for determining that a metric is anomalous according to an embodiment of the present invention;
FIG. 7 is a flowchart of an alternative method for establishing a secure communication connection for a virtual machine and a secure processor in accordance with embodiments of the present invention;
FIG. 8 is an alternative block diagram of a nested page table metric apparatus in accordance with an embodiment of the present invention;
FIG. 9 is an alternative block diagram of a nested page table metric apparatus in accordance with an embodiment of the present invention.
Detailed Description
In the technical field of virtualization, data or codes in a virtual machine are visible to a host, and when the host is not trusted or is attacked, the security of the virtual machine cannot be guaranteed. Encryption virtualization is based on a secure processor built in a CPU (Central Processing Unit), and performs encryption protection on a memory of a virtual machine by using a randomly generated key, so as to improve the security of the virtual machine.
When the encryption virtualization technology generates the secret key, the secret key is only visible in the security processor and invisible to the host, so that the secret key is read by the host when the host reads the memory of the virtual machine, and the host or other virtual machines are prevented from stealing information in the virtual machine, so that the confidentiality of the information in the virtual machine is enhanced.
However, when a program in a Virtual machine accesses memory, a Virtual Address (GVA) is usually used, and the GVA is executed by a memory management hardware module on a processor (CPU) through two sets of page tables: a Guest Page Table (GPT) and a Nested Page Table (NPT) are translated into a Host Physical Address (HPA) finally, so that access to the Physical memory can be realized. GPT is completely maintained by the virtual machine, is positioned in the memory of the virtual machine and has encryption protection; the NPT is not within the scope of the encryption of the virtual machine and is maintained by the host, thereby providing the possibility for a program on the host to attack the encrypted virtual machine. Programs on the host can cause threats to the security of the memory data of the virtual machine by tampering with the NPT and combining with other attack techniques to cause the virtual machine to reveal confidential information or execute unauthorized codes.
Based on this, the embodiment of the present invention provides a nested page table measurement method, an apparatus and a related device, where a security processor may measure an NPT of a virtual machine when the virtual machine is in a running state, obtain an NPT measurement result of the virtual machine, and send an exception notification to the virtual machine when the NPT measurement result is an exception, so that the virtual machine executes an exception handling procedure of the virtual machine based on the exception notification, thereby ensuring the integrity of the NPT of the virtual machine and improving the security of the virtual machine.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As an alternative example, fig. 1 shows a schematic diagram of a system architecture of a virtualization environment, which, as shown in fig. 1, may include: a Processor (CPU) 1, a memory controller 2, a memory 3, a secure Processor (PSP) 4;
the processor 1 is a very large scale integrated circuit, and can be used for interpreting computer instructions and processing data in computer software. The processor 1 may virtualize a plurality of virtual machines 12 by a virtualization technique, and the plurality of virtual machines 12 may be managed by the virtual machine manager 11.
The memory controller 2 is hardware that controls the memory 3 and causes the memory 3 and the processor 1 to exchange data; in a typical computer system, the memory controller 2 is responsible for processing a memory access request, and for the memory access request, the memory controller 2 may detect whether a cache records an address corresponding to the memory access request, if so, read data corresponding to the address from the cache, otherwise, traverse a page table of the memory to find the address and read data corresponding to the address.
The secure processor 4 is a specially configured processor responsible for processing security-related operations of the virtual machine, for example, the secure processor 4 may perform memory encryption and decryption operations (e.g., encrypting the initial data of the virtual machine by the secure processor). The secure processor 4 usually has a higher system authority, and can directly access hardware resources of the system, such as a system memory, a peripheral device, and the like; meanwhile, in order to ensure the data security of the security processor 4, the security processor 4 may also be configured with dedicated hardware resources such as a memory and a non-volatile memory (NVRAM), so as to ensure that the data in the security processor cannot be tampered.
By encrypting the memories of part or all of the virtual machines and encrypting the memories used by different virtual machines through different keys, the virtual machine manager cannot access the keys, so that data access and tampering of the physical host and the virtual machine manager to the virtual machines are prevented, and the data security of the virtual machines is improved;
in the embodiment of the present invention, the virtual machine manager 11 may configure an SEV API (Secure Encrypted Virtualization) for communicating with the Secure processor 4, and an Application Programming Interface (API) for implementing data interaction between the virtual machine manager 11 and the Secure processor 4;
the virtual machine can directly access the security processor, and can also access the security processor through the virtual machine manager. When accessing the security processor through the virtual machine manager, a secure communication connection can be directly established between the virtual machine and the security processor, and data interaction is performed based on the secure communication connection, so that possible Man-in-the-Middle Attack (Man-in-the-Middle Attack) is avoided.
In embodiments of the present invention, the memory controller 2 may configure the encryption engine 21, and the encryption engine 21 may store the key. The secure processor 4 may encrypt part or all of the memory of the virtual machine with a key stored by the encryption engine 21.
Optionally, the secure processor 4 may be disposed outside the chip of the processor 1, or may be integrated on the chip of the processor 1, and in a preferred example, the secure processor 4 may be integrated on the chip of the processor 1.
In this example, the security processor is caused to provide a metrics service. Based on the configuration of the special hardware resource of the safety processor, the measurement service is provided by the safety processor, so that the data security of the measurement service provided by the safety processor can be ensured; based on a special API (application program interface) configured between the safety processor and the processor, the data transmission safety in the measurement process can be kept; moreover, the system authority of hardware resources of the system, such as system memory, peripheral equipment and the like, can be directly accessed based on the security processor, so that the measurement of the measurement target is conveniently realized.
As an alternative example, referring to the architecture diagram of the computer system shown in fig. 2, the secure processor 4 may include an NPT measurement module 41, which measures the NPT during the running of the virtual machine, compares the measured NPT with a reference value, and notifies the virtual machine when an exception is found. Optionally, the NPT measurement module 41 may periodically perform the measurement of the NPT to ensure the integrity of the NPT.
The virtual machine 12 may include an exception handling module 121, configured to, when receiving an exception notification sent by the security processor 4, further query, through a secure communication connection between the virtual machine 12 and the security processor 4, the security processor for determining measurement exception information, and when determining that an NPT measurement result is an exception, perform exception handling on the virtual machine 12, such as shutdown, setting the virtual machine as untrusted, or further report the virtual machine to a security management center.
Next, the NPT measurement process in the embodiment of the present invention is described in detail.
It can be understood that, in the process of performing the measurement, the module for performing the measurement needs to store a corresponding measurement reference value first, so that the corresponding measurement process is implemented according to the measurement reference value.
In general, when a user starts a virtual machine, a virtual machine manager VMM on a host may first allocate memory for the virtual machine and create an NPT page table, and then cooperate with a security processor to complete operations such as image loading, encryption, and activation of an encrypted virtual machine. Because the virtual machine memory and the NPT page table are both allocated and created by the host when running the virtual machine, the contents of the NPT page table cannot be predicted in advance, and therefore the metric reference value cannot be predicted in advance. In view of this, in the embodiment of the present invention, the measurement reference value is determined in a dynamic collection manner when the virtual machine is started, so as to implement subsequent measurement on the NPT of the virtual machine.
As an alternative implementation, fig. 3 illustrates an alternative flow for starting and running a virtual machine, which may be performed by the system architecture illustrated in fig. 2, wherein the step of generating a metric reference value for the NPT may be performed after creating the NPT of the virtual machine, for example, after the virtual machine manager allocates a memory for the virtual machine and creates the NPT of the virtual machine, and before the virtual machine manager loads a virtual machine image into the memory allocated by the virtual machine, with reference to fig. 3, the method may include:
step S10: the virtual machine manager allocates a memory and creates an NPT (network platform transport) for the virtual machine;
in the starting stage of the virtual machine, the virtual machine manager can allocate memory and create an NPT for the virtual machine based on the requirements of the client and corresponding parameters.
It should be noted that, in the embodiment of the present invention, the execution is performed in a scenario based on a host closing a memory swap page (swap) function, so that the NPT remains unchanged during the running of the virtual machine, thereby dynamically verifying the integrity of the NPT. Since this scenario is also a precondition for using the encrypted virtual machine at present, the application range of the present example is not limited.
Step S11: the safety processor measures the NPT of the virtual machine to obtain the NPT measurement value of the virtual machine;
after creating the NPT, the virtual machine manager may generate an NPT creation notification notifying the security processor that the NPT of the virtual machine has been created, thereby triggering the security processor to measure the NPT of the virtual machine. Or, detecting relevant information, and measuring the NPT of the virtual machine by the security processor after detecting that the NPT is created by the virtual machine manager.
It is understood that the security processor may detect the state of the virtual machine, so that step S11 is performed when the virtual machine is detected to be in a startup state and after the virtual machine manager creates the NPT of the virtual machine.
In this example, an NPT metric module may be disposed in the secure processor, and the NPT metric module performs the measurement on the NPT of the virtual machine, so as to obtain an NPT metric value of the virtual machine.
It should be noted that, in this step, the measurement of the NPT of the virtual machine is used to determine a measurement reference value, so that the measurement of the NPT can be implemented based on the measurement reference value.
Step S12: the safety processor takes the NPT measurement value for measuring the virtual machine as a measurement reference value of the NPT of the virtual machine;
under the scene of closing the memory page swap (swap) function by the host, the NPT keeps unchanged during the running of the virtual machine, so that the NPT metric value obtained after measuring the NPT of the virtual machine can be used as the measurement reference value of the NPT to provide a comparison reference for the subsequent measurement process.
And in the subsequent comparison process, if the NPT is inconsistent with the measurement reference value, the NPT is attacked and tampered. Because the attack on the NPT of the encrypted virtual machine is mainly in the running period of the virtual machine, the method for dynamically acquiring the measurement reference value can effectively monitor the integrity of the NPT, and further prevent the attack on the NPT of the virtual machine.
In this example, step S12 may be performed by an NPT metric module in the secure processor.
Further, after setting the metric reference value, the embodiment of the present invention further includes:
step S13: the virtual machine manager loads a virtual machine image to a memory allocated by the virtual machine;
mirroring is a form of file storage, and is a type of redundancy, where data on one disk has an identical copy on another disk, i.e. Mirroring. In the virtual system, the data information in the virtual machine is stored by generating a virtual machine image of a virtual machine operating system, and the data information in the virtual machine is recovered by the virtual machine after the virtual machine is loaded.
And after the memory is allocated to the virtual machine, loading the virtual machine mirror image through a virtual machine manager so as to realize the operation of the virtual machine.
Step S14: the secure processor encrypts the virtual machine image;
after the virtual machine manager loads the virtual machine image, the virtual machine image is encrypted through the security processor, and therefore the running security of the virtual machine is guaranteed.
Based on that different virtual machines correspond to different keys, the security processor in this example encrypts the virtual machine image based on the key corresponding to the virtual machine.
Step S15: the virtual machine manager runs the virtual machine;
after the virtual machine mirror image is encrypted, the virtual machine manager can operate the virtual machine.
In the embodiment of the invention, the measurement reference value is determined in a dynamic collection mode when the virtual machine is started, so that the NPT of the virtual machine is measured.
As an alternative implementation, fig. 4 shows an alternative method flow of NPT metric, which may be executed by a secure processor, and in particular may be executed by an NPT metric module of the secure processor while running a virtual machine, and referring to fig. 4, the method may include:
step S20: detecting the state of the virtual machine;
the state of the virtual machine may include a start state, an operating state, a stop state, and the like, and the timing for measuring the NPT of the virtual machine is determined by detecting the state of the virtual machine.
It should be noted that, when the state of the virtual machine is the startup state, the measurement of the NPT of the virtual machine may be performed.
Step S21: when the virtual machine is in a running state, measuring the NPT of the virtual machine to obtain an NPT measurement result of the virtual machine;
because the attack on the NPT of the encrypted virtual machine is mainly during the running of the virtual machine, when the virtual machine is in a running state, the measurement on the NPT of the virtual machine is executed, so that the attack on the NPT of the virtual machine is effectively prevented.
In an alternative example, the metric is a dynamic metric, and correspondingly, the NPT of the virtual machine may be periodically measured until a condition that the metric may be stopped is detected. The condition of stopping the measurement may be that the virtual machine is in a stopped state, or that the measurement result is an exception, and the security processor may set the condition of stopping the measurement based on an actual condition.
In this example, the measurement process in this step is specifically as follows:
step S211: measuring the NPT of the virtual machine to obtain a measurement value corresponding to the NPT of the virtual machine;
based on the fact that the security processor has the right of directly accessing hardware resources of the system, the NPT of the virtual machine can be directly measured, and therefore a measurement value corresponding to the NPT of the virtual machine is obtained.
Step S212: comparing the metric value with a metric reference value of the NPT of the virtual machine to determine an NPT metric result of the virtual machine;
based on a preset metric reference value, after the metric value is obtained, the metric value and a metric reference value of the NPT of the virtual machine can be determined, and when the metric value and the metric reference value are consistent, the NPT metric result of the virtual machine is determined to be normal, that is, the NPT of the virtual machine is not tampered; when the metric value is inconsistent with the metric reference value, determining that the NPT metric result of the virtual machine is abnormal, namely the NPT of the virtual machine is tampered.
When the metric is dynamic metric, optionally, a dynamic metric switch may be disposed in the NPT metric module, and when the virtual machine is in an operating state, the dynamic metric switch may be triggered to be turned on to indicate that a dynamic metric request of the virtual machine manager is periodically sent.
Step S22: when the NPT measurement result is abnormal, an abnormal notification is sent to the virtual machine;
by sending the exception notification, the virtual machine can execute corresponding processing based on the exception notification.
The exception notification may include information related to sending an exception, such as a time when the exception occurs, an identification code corresponding to the exception, and the like, where the identification code corresponding to the exception is used as identification information of a query when the virtual machine query confirms the exception information, so as to determine whether the exception exists.
Specifically, the security processor may notify the virtual machine in a preset manner, for example, sending an interrupt to the virtual machine, or setting a memory flag for polling and checking the virtual machine, and meanwhile, recording the abnormal information for subsequent virtual machine query.
In the embodiment of the invention, the NPT is measured to realize the integrity verification of the NPT of the virtual machine, thereby enhancing the safety of the encrypted virtual machine.
In an optional example, after the virtual machine receives the exception notification sent by the security processor, corresponding processing may be performed. As an alternative implementation, fig. 5 shows an alternative method flow of the virtual machine executing exception handling, which may be executed by the virtual machine, and referring to fig. 5, the method may include:
step S30: acquiring an exception notification sent by a security processor;
in the process of measuring the NPT by the security processor, when the NPT measurement result is abnormal, an abnormal notification is sent to the virtual machine, so that the virtual machine can acquire the abnormal notification sent by the security processor. Specifically, the virtual machine may respond to an interrupt triggered by the security processor, and receive information about NPT metric abnormality attached to the interrupt, or look up a corresponding memory tag during polling to obtain information about NPT metric abnormality.
Step S31: executing an exception handling flow of the virtual machine based on the exception notification;
when the measurement result of the NPT is abnormal, the virtual machine may be directly subjected to exception handling, where the exception handling may include shutdown, setting the machine to be untrusted, or reporting to a security management center, so as to avoid possible attacks.
In a preferred example, to prevent abnormal misrepresentation and false alarm, it may be further determined whether a measurement result of the NPT of the virtual machine is abnormal in the exception processing flow for executing the virtual machine. Specifically, the executing the exception handling process of the virtual machine may include:
step S311: confirming whether the measurement result of the NPT of the virtual machine is abnormal or not;
specifically, whether the measurement result of the NPT of the virtual machine is abnormal or not may be confirmed by interacting with the security processor, so that whether the measurement result is abnormal or not may be determined based on the confirmation result fed back by the security processor.
Step S312: and when the measurement result of the NPT is abnormal, performing exception handling on the virtual machine.
After the virtual machine receives the exception notification sent by the security processor, a corresponding exception handling process can be performed, so that the security of the virtual machine is improved.
In an optional example, a flow of confirming whether a measurement result of the NPT of the virtual machine is abnormal is further performed in an exception handling flow of the virtual machine. In particular, the virtual machine may query the security processor for confirmation of the exception. Referring to fig. 6, an alternative method flow for confirming that a measurement result is an exception, where the method flow may be executed by the system architecture shown in fig. 2, and specifically may be executed when a virtual machine executes an exception handling flow step of the virtual machine, and referring to fig. 6, the method may include:
step S40: the virtual machine sends an exception confirmation command to the safety processor based on the exception notification;
wherein the exception confirmation command is used for indicating whether a measurement result of the NPT of the virtual machine is confirmed to be an exception. The abnormality confirmation command may include related information in the abnormality notification, such as the time when the abnormality occurs, an identification code corresponding to the abnormality, and the like, to determine whether the abnormality occurs.
Alternatively, step S40 may be performed by an exception handling module in the virtual machine.
Step S41: the safety processor receives an abnormal confirmation command sent by the virtual machine;
after the virtual machine sends the exception confirmation command, the security processor may receive the exception confirmation command accordingly.
Alternatively, step S41 may be performed by an NPT metric module in the security processor.
Step S42: the safety processor confirms whether the measurement result of the NPT of the virtual machine is abnormal or not to obtain an abnormal confirmation result corresponding to the abnormal confirmation command;
based on information in the exception confirmation command, such as the time when the exception occurs, the identification code corresponding to the exception, and the like, the security processor may confirm whether the exception exists, if so, confirm that the measurement result of the NPT of the virtual machine is the exception, and if not, confirm that the measurement result of the NPT of the virtual machine is not the exception, thereby obtaining an exception confirmation result corresponding to the exception confirmation command.
Alternatively, step S42 may be performed by an NPT metric module in the security processor.
Step S43: the safety processor sends the abnormal confirmation result to the virtual machine;
step S44: the virtual machine receives an exception confirmation result sent by the security processor;
the exception confirmation result is used for indicating whether the measurement result of the NPT of the virtual machine is an exception or not, so that corresponding processing can be executed based on the exception confirmation result.
Specifically, if the measurement result of the NPT of the virtual machine is abnormal, the virtual machine is subjected to exception handling, and if the measurement result of the NPT of the virtual machine is not abnormal, the exception notification is ignored.
Whether the measurement result of the NPT of the virtual machine is abnormal or not is confirmed in the abnormal processing flow of the virtual machine, so that abnormal false alarm and misinformation are prevented, and the safety and the stability of the virtual machine are improved.
In an alternative implementation, when the hardware lacks the corresponding support of the direct access of the virtual machine to the secure processor, the access of the virtual machine to the secure processor needs to be performed via the host, and in this scenario, a secure communication connection may be established between the virtual machine and the secure processor to avoid a possible Man-in-the-Middle attach (Man-in-the-Middle attach). As an alternative implementation, fig. 7 shows an alternative method flow for establishing a secure communication connection between a virtual machine and a secure processor, where the method flow may be executed by the system architecture shown in fig. 2, and specifically may be executed after the virtual machine runs and before NPT measurement of the virtual machine, and referring to fig. 7, the method may include:
step S50: the virtual machine sends a certificate sending request, wherein the certificate sending request is used for requesting a security processor to send a security processor certificate to the virtual machine;
the secure processor Certificate is a built-in secure Certificate in the secure processor, such as a vendor's Certificate, and the Certificate is signed by a signature key of an Authority Certificate Authority (CA) or a vendor root, so as to verify the validity of the secure processor Certificate.
The secure processor certificate is verified by requesting the secure processor to send the secure processor certificate to the virtual machine.
Step S51: the security processor receives a certificate sending request sent by the virtual machine;
step S52: the security processor sends the security processor certificate to the virtual machine based on the certificate sending request;
step S53: the virtual machine receives a security processor certificate sent by the security processor;
step S54: the virtual machine verifies the secure processor certificate;
based on the secure processor certificate, the secure processor certificate may be verified to determine whether the secure processor is legitimate. When the secure processor certificate is legal, step S55 is executed, and when the secure processor certificate is illegal, the verification fails, and the process returns to step S50 to resend the certificate transmission request. And if the verification fails to exceed the preset times, interrupting the establishing process of the secure communication connection.
Step S55: the virtual machine and the security processor negotiate to generate a master key;
the master key may provide a basis for subsequent interaction encryption or authentication. The specific negotiation process may be performed according to a key negotiation protocol (e.g., ECDH, SM2), and the master key may be used for authorized protection of the command. Optionally, the master key may be bound to the virtual machine within the secure processor.
Step S56: the security processor derives an encryption key and a consistency key which are communicated with the virtual machine based on the master key;
the encryption key and the consistency key are used for encryption and consistency verification when communicating with the virtual machine, so that related data are prevented from being illegally called or tampered, and safety protection is performed on safety communication connection.
Step S57: the virtual machine derives an encryption key and a consistency key which are communicated with the safety processor based on the master key;
the encryption key and the consistency key derived by the virtual machine are used for encryption and consistency verification when communicating with the security processor, so that related data are prevented from being illegally called or tampered, and security protection is performed on security communication connection.
In this example, the secure communication connection may use encryption and consistency check to protect the communication process, so that the interaction between the virtual machine and the secure processor may be performed safely and reliably.
In the following, from the perspective of the secure processor, the nested page table metric apparatus provided in the embodiment of the present invention is described, and the nested page table metric apparatus described below may be considered as a program module that is required by the secure processor to implement the nested page table metric method provided in the embodiment of the present invention. The nested page table metric devices described below may be referred to in correspondence with the contents of the schemes described above.
Fig. 8 is an alternative block diagram of a nested page table metric apparatus provided in an embodiment of the present invention, the apparatus is applicable to a secure processor, and referring to fig. 8, the apparatus may include:
a detection module 200, configured to detect a state of a virtual machine;
a measurement module 210, configured to measure an NPT of the virtual machine when the virtual machine is in an operating state, so as to obtain an NPT measurement result of the virtual machine;
an exception notification sending module 220, configured to send an exception notification to the virtual machine when the NPT measurement result is an exception.
Optionally, the nested page table metric apparatus further includes:
a reference value measurement module 230, configured to measure the NPT of the virtual machine after the virtual machine manager creates the NPT of the virtual machine, to obtain an NPT measurement value of the virtual machine;
a reference value determining module 240, configured to use the NPT metric value for measuring the virtual machine as a metric reference value of the NPT of the virtual machine.
Optionally, the measurement module 210 is configured to measure the NPT of the virtual machine after the virtual machine manager creates the NPT of the virtual machine, before the virtual machine manager loads the virtual machine image of the virtual machine to the memory allocated to the virtual machine.
Optionally, the measuring module 210 is configured to measure the NPT of the virtual machine when the virtual machine is in the running state, and obtain an NPT measurement result of the virtual machine, and includes:
measuring the NPT of the virtual machine to obtain a measurement value corresponding to the NPT of the virtual machine;
and comparing the metric value with a metric reference value of the NPT of the virtual machine to determine an NPT metric result of the virtual machine.
Optionally, the nested page table metric apparatus further includes:
a confirmation command receiving module 250, configured to receive an exception confirmation command sent by the virtual machine, where the exception confirmation command is used to indicate whether a measurement result of the NPT of the virtual machine is confirmed to be an exception;
a result confirmation module 260, configured to confirm whether a measurement result of the NPT of the virtual machine is abnormal, and obtain an abnormal confirmation result corresponding to the abnormal confirmation command;
a result sending module 270, configured to send the exception confirmation result to the virtual machine.
Optionally, the nested page table metric apparatus further includes:
a connection establishing module 280 for establishing a secure communication connection for communicating with the virtual machine.
Optionally, the connection establishing module 280 is configured to establish a secure communication connection for communicating with the virtual machine, and includes:
receiving a certificate sending request sent by a virtual machine;
sending the secure processor certificate to the virtual machine based on the certificate send request;
after the virtual machine verifies the safety processor certificate, negotiating with the virtual machine to generate a master key;
deriving an encryption key and a consistency key for communication with the virtual machine based on the master key;
wherein the encryption key and the consistency key are used for encryption and consistency verification when communicating with the virtual machine.
The safety processor can measure the NPT of the virtual machine when the virtual machine is in a running state, obtain an NPT measurement result of the virtual machine, and send an exception notification to the virtual machine when the NPT measurement result is abnormal, so that the virtual machine executes an exception handling process of the virtual machine based on the exception notification, the integrity of the NPT of the virtual machine is ensured, and the safety of the virtual machine is improved.
In the following, from the perspective of the virtual machine, the nested page table metric apparatus provided in the embodiment of the present invention is described, and the nested page table metric apparatus described below may be considered as a program module that is required by the virtual machine to implement the nested page table metric method provided in the embodiment of the present invention. The nested page table metric devices described below may be referred to in correspondence with the contents of the schemes described above.
Fig. 9 is another alternative block diagram of a nested page table metric apparatus provided in an embodiment of the present invention, where the apparatus is applicable to a virtual machine, and referring to fig. 9, the apparatus may include:
an exception notification acquiring module 300, configured to acquire an exception notification sent by a secure processor;
an exception handling module 310, configured to execute an exception handling procedure of the virtual machine based on the exception notification.
Optionally, the exception handling module 310 is configured to execute an exception handling process of the virtual machine, where the exception handling process includes:
confirming whether the measurement result of the NPT of the virtual machine is abnormal or not;
and when the measurement result of the NPT is abnormal, performing exception handling on the virtual machine.
Optionally, the exception handling module 310 is configured to determine whether a measurement result of the NPT of the virtual machine is abnormal, and includes:
based on the exception notification, sending an exception confirmation command to the security processor, wherein the exception confirmation command is used for indicating whether a measurement result of the NPT of the virtual machine is confirmed to be abnormal or not;
receiving an exception confirmation result sent by the security processor, wherein the exception confirmation result is used for indicating whether a measurement result of the NPT of the virtual machine is abnormal or not;
and if the measurement result of the NPT of the virtual machine is abnormal, executing the abnormal processing flow of the virtual machine, and if the measurement result of the NPT of the virtual machine is not abnormal, ignoring the abnormal notification.
Optionally, the nested page table metric apparatus further includes:
a connection establishment module 320 for establishing a secure communication connection in communication with the secure processor.
Optionally, the connection establishing module 320 is configured to establish a secure communication connection in communication with the secure processor, and includes:
sending a certificate sending request, wherein the certificate sending request is used for requesting a security processor to send a security processor certificate to the virtual machine;
receiving a secure processor certificate sent by the secure processor;
verifying the secure processor certificate;
after the secure processor certificate is verified, negotiating with the secure processor to generate a master key;
deriving an encryption key and a consistency key for communication with the secure processor based on the master key;
wherein the encryption key and the consistency key are used for encryption and consistency verification when communicating with the virtual machine.
After the virtual machine obtains the exception notification, based on the exception notification, the exception handling process of the virtual machine is executed, the integrity of the NPT of the virtual machine is ensured, and the safety of the virtual machine is improved.
Optionally, an embodiment of the present invention may further provide a secure processor, where the secure processor is configured to execute a nested page table metric method based on a secure processor angle.
Optionally, an embodiment of the present invention may further provide a secure processor, where the secure processor includes a nested page table metric module, and the nested page table metric module is configured to execute a nested page table metric method based on a secure processor angle.
Optionally, an embodiment of the present invention may further provide a virtual machine, where the virtual machine is configured to execute the nested page table metric method based on a virtual machine angle.
Optionally, an embodiment of the present invention may further provide a virtual machine, where the virtual machine includes an exception handling module, and the exception handling module is configured to execute the nested page table metric method based on a virtual machine angle.
Optionally, an embodiment of the present invention may further provide a storage medium, where the storage medium may store a program for implementing the nested page table metric method based on the secure processor angle, or a program for implementing the nested page table metric method based on the virtual machine angle.
Optionally, an embodiment of the present invention may further provide a computer system, where the computer system includes the secure processor and the virtual machine.
While various embodiments of the present invention have been described above, various alternatives described in the various embodiments can be combined and cross-referenced without conflict to extend the variety of possible embodiments that can be considered disclosed and disclosed in connection with the embodiments of the present invention.
Although the embodiments of the present invention have been disclosed, the present invention is not limited thereto. Various changes and modifications may be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (20)
1. A nested page table metric method, applied to a secure processor, comprising:
detecting the state of the virtual machine;
when the virtual machine is in a running state, measuring a nested page table of the virtual machine to obtain a measurement result of the nested page table of the virtual machine;
and when the measurement result of the nested page table is abnormal, sending an abnormal notice to the virtual machine.
2. The nested page table metric method of claim 1, further comprising:
when the virtual machine is in a starting state and after a virtual machine manager creates a nested page table of the virtual machine, measuring the nested page table of the virtual machine to obtain a measurement value of the nested page table of the virtual machine;
and taking the nested page table measurement value for measuring the virtual machine as a measurement reference value of the nested page table of the virtual machine.
3. The method of claim 2, wherein the step of measuring the nested page tables of the virtual machine while the virtual machine is in a boot state and after the virtual machine manager creates the nested page tables of the virtual machine is preceded by the step of the virtual machine manager loading the virtual machine image of the virtual machine into the virtual machine allocated memory.
4. The method of claim 2, wherein said measuring nested page tables of the virtual machine while the virtual machine is in a running state to obtain a nested page table measurement result of the virtual machine comprises:
measuring the nested page table of the virtual machine to obtain a measurement value of the nested page table corresponding to the virtual machine;
and comparing the measurement value with a measurement reference value of a nested page table of the virtual machine, and determining a nested page table measurement result of the virtual machine.
5. The nested page table metric method of claim 1, further comprising, after sending an exception notification to the virtual machine when the nested page table metric result is an exception:
receiving an exception confirmation command sent by the virtual machine, wherein the exception confirmation command is used for indicating whether a measurement result of a nested page table of the virtual machine is confirmed to be abnormal or not;
confirming whether the measurement result of the nested page table of the virtual machine is abnormal or not to obtain an abnormal confirmation result corresponding to the abnormal confirmation command;
and sending the abnormal confirmation result to the virtual machine.
6. The nested page table measurement method of claim 2, wherein after running a virtual machine, before measuring the nested page table of the virtual machine while the virtual machine is in a running state, further comprising:
establishing a secure communication connection in communication with the virtual machine.
7. The nested page table metric method of claim 6, wherein the establishing a secure communication connection in communication with the virtual machine comprises:
receiving a certificate sending request sent by a virtual machine;
sending the secure processor certificate to the virtual machine based on the certificate send request;
after the virtual machine verifies the safety processor certificate, negotiating with the virtual machine to generate a master key;
deriving an encryption key and a consistency key for communication with the virtual machine based on the master key;
wherein the encryption key and the consistency key are used for encryption and consistency verification when communicating with the virtual machine.
8. A nested page table metric method, applied to a virtual machine, comprising:
acquiring an exception notification sent by a security processor;
and executing an exception handling process of the virtual machine based on the exception notification.
9. The nested page table metric method of claim 8, wherein the executing the exception handling flow for the virtual machine comprises:
confirming whether a measurement result of a nested page table of the virtual machine is abnormal or not;
and when the measurement result of the nested page table is abnormal, performing exception handling on the virtual machine.
10. The nested page table metric method of claim 9, wherein the confirming whether the metric result of the nested page table of the virtual machine is abnormal comprises:
based on the exception notification, sending an exception confirmation command to the secure processor, the exception confirmation command being used for indicating whether a measurement result of a nested page table of the virtual machine is confirmed to be abnormal or not;
receiving an exception confirmation result sent by the security processor, wherein the exception confirmation result is used for indicating whether a measurement result of a nested page table of the virtual machine is abnormal or not;
and if the measurement result of the nested page table of the virtual machine is abnormal, executing the step of the abnormal processing flow of the virtual machine, and if the measurement result of the nested page table of the virtual machine is not abnormal, ignoring the abnormal notification.
11. The nested page table metric method of claim 8, wherein prior to obtaining the exception notification sent by the secure processor, further comprising:
establishing a secure communication connection in communication with the secure processor.
12. The nested page table metric method of claim 11, wherein the establishing a secure communication connection in communication with the secure processor comprises:
sending a certificate sending request, wherein the certificate sending request is used for requesting a security processor to send a security processor certificate to the virtual machine;
receiving a secure processor certificate sent by the secure processor;
verifying the secure processor certificate;
after the secure processor certificate is verified, negotiating with the secure processor to generate a master key;
deriving an encryption key and a consistency key for communication with the secure processor based on the master key;
wherein the encryption key and the consistency key are used for encryption and consistency verification when communicating with the virtual machine.
13. A nested page table metric apparatus, comprising:
the detection module is used for detecting the state of the virtual machine;
the measurement module is used for measuring the nested page table of the virtual machine when the virtual machine is in a running state, and obtaining a measurement result of the nested page table of the virtual machine;
and the abnormal notification sending module is used for sending an abnormal notification to the virtual machine when the measurement result of the nested page table is abnormal.
14. A nested page table metric apparatus, comprising:
the exception notification acquisition module is used for acquiring exception notifications sent by the security processor;
and the exception processing execution module is used for executing an exception processing flow based on the exception notification.
15. A secure processor configured to perform the nested page table metric method of any of claims 1-7.
16. A secure processor comprising a nested page table metrics module for performing the nested page table metrics method of any of claims 1 to 7.
17. A virtual machine configured to perform the nested page table metric method of any of claims 8 to 12.
18. A virtual machine comprising an exception handling module for performing the nested page table metrics method of any one of claims 8 to 12.
19. A storage medium storing a program for implementing the nested page table metric method according to any one of claims 1 to 7, or a program for implementing the nested page table metric method according to any one of claims 8 to 12.
20. A computer system, comprising: a security processor as claimed in any one of claims 15 to 16 and a virtual machine as claimed in any one of claims 17 to 18.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011195443.2A CN112257064B (en) | 2020-10-31 | 2020-10-31 | Nested page table measurement method, device and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011195443.2A CN112257064B (en) | 2020-10-31 | 2020-10-31 | Nested page table measurement method, device and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112257064A true CN112257064A (en) | 2021-01-22 |
| CN112257064B CN112257064B (en) | 2024-02-09 |
Family
ID=74268145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011195443.2A Active CN112257064B (en) | 2020-10-31 | 2020-10-31 | Nested page table measurement method, device and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112257064B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113407299A (en) * | 2021-05-14 | 2021-09-17 | 海光信息技术股份有限公司 | Method and device for preventing malicious rollback of virtual machine and electronic equipment |
| CN114201752A (en) * | 2021-11-29 | 2022-03-18 | 海光信息技术股份有限公司 | Page table management method and device for security isolation virtual machine and related equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120137117A1 (en) * | 2009-07-16 | 2012-05-31 | Peter Bosch | System and method for providing secure virtual machines |
| CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
| CN109739613A (en) * | 2018-11-22 | 2019-05-10 | 海光信息技术有限公司 | Maintaining method, access control method and the relevant apparatus of nested page table |
| CN109800050A (en) * | 2018-11-22 | 2019-05-24 | 海光信息技术有限公司 | A kind of EMS memory management process of virtual machine, device, relevant device and system |
-
2020
- 2020-10-31 CN CN202011195443.2A patent/CN112257064B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120137117A1 (en) * | 2009-07-16 | 2012-05-31 | Peter Bosch | System and method for providing secure virtual machines |
| CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
| CN109739613A (en) * | 2018-11-22 | 2019-05-10 | 海光信息技术有限公司 | Maintaining method, access control method and the relevant apparatus of nested page table |
| CN109800050A (en) * | 2018-11-22 | 2019-05-24 | 海光信息技术有限公司 | A kind of EMS memory management process of virtual machine, device, relevant device and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113407299A (en) * | 2021-05-14 | 2021-09-17 | 海光信息技术股份有限公司 | Method and device for preventing malicious rollback of virtual machine and electronic equipment |
| CN113407299B (en) * | 2021-05-14 | 2023-08-29 | 海光信息技术股份有限公司 | Method and device for preventing virtual machine from maliciously rolling back and electronic equipment |
| CN114201752A (en) * | 2021-11-29 | 2022-03-18 | 海光信息技术股份有限公司 | Page table management method and device for security isolation virtual machine and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112257064B (en) | 2024-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109858265B (en) | Encryption method, device and related equipment | |
| US9698988B2 (en) | Management control method, apparatus, and system for virtual machine | |
| JP5551130B2 (en) | Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem | |
| CN111723383B (en) | Data storage and verification method and device | |
| US8006100B2 (en) | Enhancing trusted platform module performance | |
| US20080163212A1 (en) | Paralleled management mode integrity checks | |
| KR101281678B1 (en) | Method and Apparatus for authorizing host in portable storage device and providing information for authorizing host, and computer readable medium thereof | |
| JP5346608B2 (en) | Information processing apparatus and file verification system | |
| JP4469892B2 (en) | Certification of control equipment in the vehicle | |
| US10270596B2 (en) | Generating memory dumps | |
| CN112257064B (en) | Nested page table measurement method, device and related equipment | |
| US9195821B2 (en) | System and methods for remote software authentication of a computing device | |
| JP2003507784A (en) | Mandatory restrictions on the use of stored data | |
| JP6951375B2 (en) | Information processing equipment, information processing methods and programs | |
| CN112256392B (en) | Measurement method, measurement device and related equipment | |
| CN114662150A (en) | Data acquisition method and device and electronic equipment | |
| US9202056B2 (en) | Inter-processor attestation hardware | |
| CN117272286A (en) | TEE-based process dynamic integrity measurement method and system | |
| US8429423B1 (en) | Trusted platform modules | |
| CN116415313A (en) | Safety all-in-one machine, protection method and device of safety all-in-one machine | |
| CN112363800A (en) | Network card memory access method, security processor, network card and electronic equipment | |
| JP5355351B2 (en) | Computer | |
| CN116305092B (en) | Method and system for realizing trusted virtualization system | |
| CN117932691A (en) | BMC data writing method, system, device and medium | |
| CN115776405A (en) | Embedded equipment terminal safety protection method, device and system for smart power grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |