CN113449292B - Running method, device and equipment of trusted application - Google Patents
Running method, device and equipment of trusted application Download PDFInfo
- Publication number
- CN113449292B CN113449292B CN202010231197.5A CN202010231197A CN113449292B CN 113449292 B CN113449292 B CN 113449292B CN 202010231197 A CN202010231197 A CN 202010231197A CN 113449292 B CN113449292 B CN 113449292B
- Authority
- CN
- China
- Prior art keywords
- virtual
- virtual machine
- cpu
- memory space
- trusted application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45583—Memory management, e.g. access or allocation
Abstract
The embodiment of the specification discloses a method, a device and equipment for running a trusted application. The scheme comprises the following steps: after acquiring a request for creating a trusted execution environment from a started trusted application, a virtual machine monitor may determine a physical CPU occupied by the trusted application as a virtual CPU; determining a virtual memory space from the physical memory occupied by the trusted application; to create a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space; the virtual machine may thus be controlled to run the trusted application in a trusted execution environment.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a method, an apparatus, and a device for running a trusted application.
Background
A Trusted Execution Environment (TEE) may refer to a secure operating Environment in a device, and the Trusted Execution Environment may guarantee security, privacy, and integrity of code and data loaded into the Environment. With the increasing requirements for privacy and security of user data, applications to trusted execution environments are becoming more popular. Currently, virtualization technology can be used to run a virtual machine monitor in an operating system and construct a trusted execution environment based on the virtual machine monitor, and run a trusted application in the trusted execution environment. Because the virtual machine monitor usually needs to include program codes of a part of the operating system, the code amount of the virtual machine monitor is large, and the running efficiency of the trusted application is influenced.
In summary, how to provide an operation method of a trusted application with higher operation efficiency becomes a technical problem to be urgently solved.
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure provide a method, an apparatus, and a device for running a trusted application, so as to improve the running efficiency of the trusted application.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
an operation method of a trusted application provided in an embodiment of the present specification includes:
the virtual machine monitor acquires a request for creating a trusted execution environment by the started trusted application; the program code of the trusted application at least comprises first code running in an untrusted operating system and second code needing to run in a trusted execution environment;
determining the physical CPU occupied by the trusted application as a virtual CPU;
determining a virtual memory space from the physical memory occupied by the trusted application;
creating a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space;
and controlling the virtual machine to run the second code.
An embodiment of this specification provides an apparatus for running a trusted application, including:
The virtual machine monitor is used for acquiring a creation request of the started trusted application to the trusted execution environment; the program code of the trusted application at least comprises first code running in an untrusted operating system and second code needing to run in a trusted execution environment;
the first determining module is used for determining the physical CPU occupied by the trusted application as a virtual CPU;
the second determining module is used for determining a virtual memory space from the physical memory occupied by the trusted application;
a virtual machine creation module configured to create a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space;
and the running module is used for controlling the virtual machine to run the second code.
An embodiment of this specification provides a running device of a trusted application, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
the virtual machine monitor acquires a request for creating a trusted execution environment by the started trusted application; the program code of the trusted application at least comprises first code running in an untrusted operating system and second code needing to run in a trusted execution environment;
Determining the physical CPU occupied by the trusted application as a virtual CPU;
determining a virtual memory space from the physical memory occupied by the trusted application;
creating a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space;
and controlling the virtual machine to run the second code.
One embodiment of the present description achieves the following advantageous effects:
after the virtual machine monitor acquires a request for creating a trusted execution environment from a started trusted application, a physical CPU occupied by the trusted application can be determined as a virtual CPU of a virtual machine to be generated, and a virtual memory space required by the virtual machine to be generated can be determined from a physical memory occupied by the trusted application, so that the virtual machine monitor does not need to include a program code of an operating system to execute resource allocation operation, the code scale of the virtual machine monitor is reduced, the built virtual machine and the trusted execution environment are lightened, and the operation efficiency of the operation method of the trusted application can be improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of one or more embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the disclosure and together with the description serve to explain the embodiments of the disclosure and not to limit the embodiments of the disclosure. In the drawings:
Fig. 1 is a schematic flowchart of an operation method of a trusted application provided in an embodiment of the present specification;
fig. 2 is a schematic diagram of a program permission architecture when a virtual machine is not built according to an embodiment of the present specification;
fig. 3 is a schematic diagram of a program permission architecture after a virtual machine is built according to an embodiment of the present specification;
fig. 4 is a schematic diagram of an operation phase of a trusted application operation method provided in an embodiment of the present specification;
fig. 5 is a schematic structural diagram of an operating apparatus corresponding to one trusted application of fig. 1 according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an operating device corresponding to one trusted application of fig. 1, provided in an embodiment of this specification.
Detailed Description
To make the objects, technical solutions and advantages of one or more embodiments of the present disclosure more apparent, the technical solutions of one or more embodiments of the present disclosure will be described in detail and completely with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present specification, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from the embodiments given herein without making any creative effort fall within the scope of protection of one or more embodiments of the present specification.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
In the prior art, in order to solve the defects in the prior art, the scheme provides the following embodiments:
fig. 1 is a flowchart illustrating an operation method of a trusted application according to an embodiment of the present disclosure. From the viewpoint of a program, the execution subject of the flow may be a device mounted with a virtual machine monitor or a program mounted in the device.
As shown in fig. 1, the process may include the following steps:
step 102: the virtual machine monitor acquires a request for creating a trusted execution environment by the started trusted application; the program code of the trusted application includes at least first code that runs on an untrusted operating system and second code that needs to run on a trusted execution environment.
In an embodiment of the present description, a Virtual Machine Monitor (VMM) may be a piece of system software that may be used to maintain efficient, isolated program environments that do not support direct user access to real hardware, and such program environments may be referred to as virtual machines. In particular, a Virtual Machine (Virtual Machine) may refer to a complete computer system having complete hardware system functionality, which is emulated by software and runs in a completely isolated environment. In practical applications, the work that can be done in a physical computer can be implemented in a virtual machine.
In the embodiments of the present specification, the trusted application refers to an application that needs to perform data security protection and data privacy protection, for example, the trusted application may be an identification application, a payment application, a privacy data processing application, and the like. In the embodiments of the present specification, the type of the trusted application is not particularly limited.
In the embodiments of the present specification, the code of the trusted application may include a first code to be executed in the untrusted operating system, and may include a second code to be executed in the trusted execution environment. The first code generally only needs to be run in an execution environment of an operating system, and the second code needs to be run in a trusted execution environment, so as to ensure the security and privacy of the second code and data generated after the second code is run.
In this embodiment of the present specification, a user may start a trusted application in a user device in advance, and start a virtual machine monitor through an Operating System (OS) of the user device, so that the virtual machine monitor may obtain a request for creating a trusted execution environment from the trusted application. The user equipment may be implemented by a terminal device, a server or a server cluster, and the like, which is not specifically limited.
In practical applications, corresponding permissions can be set for the operating system that loads the virtual machine monitor and the virtual machine monitor in general. In order to ensure the security of the virtual machine monitor, before step 102, the system authority of the virtual machine monitor may be set to a first authority, and the system authority of the operating system loading the virtual machine monitor may be set to a second authority, where the second authority is lower than the first authority, so as to prevent the untrusted operating system from affecting the running security of the trusted application by controlling the virtual machine monitor.
Step 104: and determining the physical CPU occupied by the trusted application as a virtual CPU.
In the embodiment of the present specification, based on a CPU virtualization technology, one physical CPU may be divided into a plurality of virtual CPUs, so as to meet the use requirements of a plurality of users on CPU resources, thereby facilitating the improvement of the CPU resource utilization rate.
In this embodiment of the present specification, since the trusted application is already in a running state, the trusted application usually already occupies the specified physical CPU resource, and therefore, the physical CPU occupied by the trusted application may be determined as the virtual CPU of the virtual machine to be generated, without reallocating the virtual CPU for the virtual machine to be generated through the operating system.
Step 106: and determining a virtual memory space from the physical memory occupied by the trusted application.
In the embodiments described herein, virtual memory is a technique for memory management in a computer system that allows an application to think that it has continuous available memory (i.e., a continuous complete address space), and in fact, it is typically part of multiple physical memory fragments that are partitioned. The utilization rate of the physical memory can be improved based on the virtual memory technology.
In this embodiment of the present specification, since the trusted application is already in the running state, the application code and the initial data of the trusted application usually already occupy the designated physical memory space, so that the virtual memory space of the virtual machine to be generated can be determined from the physical memory already occupied by the trusted application, and the virtual memory does not need to be reallocated for the virtual machine to be generated by the operating system.
Step 108: creating a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space.
In this specification embodiment, when creating a virtual machine with a trusted execution environment, code and initial data for a trusted application may be loaded into the memory of a virtual machine monitor by an untrusted operating system. When the trusted application sends a creation request for the trusted execution environment, the creation request may carry memory range information of a target area in which a code and initial data of the trusted application are stored in a virtual machine monitor memory. When the virtual machine monitor creates a virtual machine with a trusted execution environment, the target area can be mapped to the memory area of the virtual machine created by the virtual machine monitor according to the memory range information, and other equipment is prohibited from accessing the physical address corresponding to the target area; the virtual machine monitor may also configure a local interrupt register to prevent other devices from controlling the virtual CPU of the virtual machine; thereby building a virtual machine with a trusted execution environment.
Fig. 2 is a schematic diagram of a program authority architecture when a virtual machine is not built according to an embodiment of the present specification. As shown in fig. 2, an untrusted operating system 202 is loaded in a user device 201, and a user may run a virtual machine monitor 203 in the untrusted operating system 202 and start a trusted application 204, where the trusted application 204 includes a first code that may run under the untrusted operating system 202 and a second code that needs to run in a trusted execution environment.
Fig. 3 is a schematic diagram of a program authority architecture after a virtual machine is built, which is provided in an embodiment of this specification, and as shown in fig. 3, an untrusted operating system 302 is installed in a user device 301, and a first code 306 in a trusted application may be run in the untrusted operating system 302. Since the system privilege of virtual machine monitor 303 may be made higher than the system privilege setting of untrusted operating system 302 before virtual machine 304 with the trusted execution environment is created, virtual machine monitor 303 may not be controlled by untrusted operating system 302. Meanwhile, the virtual machine 304 having the trusted execution environment may not be controlled by the untrusted operating system 302, so that the second code 305 of the trusted application may be run in the virtual machine 304 having the trusted execution environment.
In an embodiment of the present specification, the virtual machine monitor may further generate a metric value of a secure memory area of the trusted execution environment using a hash algorithm; saving the metric value to a memory of the virtual machine monitor. So that the metric value is provided as part of the remote verification report to provide an integrity basis for the security of the virtual machine with trusted execution environment built in step 108.
Step 110: and controlling the virtual machine to run the second code.
In this specification embodiment, the second code may be executed in a trusted execution environment of the virtual machine to ensure security and privacy of the second code and execution results of the second code.
It should be understood that the order of some steps in the method described in one or more embodiments of the present disclosure may be interchanged according to actual needs, or some steps may be omitted or deleted.
In the method in fig. 1, because the virtual machine monitor can determine the physical CPU occupied by the trusted application as the virtual CPU of the virtual machine to be generated, and can determine the virtual memory space required by the virtual machine to be generated from the physical memory occupied by the trusted application, the virtual machine monitor does not need to include a program code of an operating system to perform resource allocation operation, so as to reduce the code scale of the virtual machine monitor, and further lighten the built virtual machine and trusted execution environment, thereby improving the operation efficiency of the operation method of the trusted application. In addition, the method in fig. 1 can reduce the number of operating system codes included in the virtual machine monitor, so that the influence on the running security of the trusted application due to the existence of the operating system bug can be reduced.
Based on the process of fig. 1, some specific embodiments of the process are also provided in the examples of this specification, which are described below.
Currently, there are various types of hypervisor, for example, Type 1 hypervisor, which can run directly on the hardware of the host to control the hardware and the virtual machine, and therefore, the amount of code included in the hypervisor is large. In practical applications, the Type 1 Type of virtual machine monitor may include Xen developed by cambridge university, and the like. The Type 2 virtual machine monitor can run in a traditional operating system environment and is controlled by the operating system, so that the safety of the virtual machine monitor is poor. In actual practice, the Type 2 Type of Virtual machine monitor may include a version before VMware 5.5, a version before Xen 3.0, a Virtual PC 2004, and so on. There is also a Type 1.5 virtual machine monitor, which is usually loaded by an operating system, but whose runtime can virtualize an OS, so that it is better in security and smaller in code amount. In practical applications, the Type 1.5 virtual machine monitor may include Jailhouse or the like.
Since, in general, the smaller the code size of a virtual machine monitor, the less potential security holes it contains, the higher the security level of the trusted execution environment generated based on the virtual machine monitor can be. Therefore, in consideration of both safety and operation efficiency, the virtual machine monitor in step 102 can be implemented based on a Type 1.5 virtual machine monitor, and thus a light-weight and highly-safe virtual machine and a trusted execution environment can be built.
In this embodiment, when the virtual machine monitor in step 102 is implemented based on a Type 1.5 virtual machine monitor, the virtual machine monitor may not need to include program code of the operating system since the solution in fig. 1 may determine the virtual CPU and the virtual memory space required by the virtual machine through the virtual machine monitor. It can be seen that the method in fig. 1 can eliminate the operating system from the set of security protection mechanisms of the trusted execution environment, thereby avoiding the security vulnerability of the operating system from affecting the trusted execution environment.
In this embodiment of the description, for the problem that it is difficult for the conventional Type 1.5 vm monitor to effectively perform security restriction on the operating system, a sensitive control Interface (control Interface) in the Type 1.5 vm monitor for enabling the operating system to control the vm monitor may be closed or cancelled to prevent the operating system from reacquiring the system control right, so as to improve the operation security of the trusted application.
Specifically, before step 102, the method may further include: closing an interface for stopping the running of the virtual machine monitor; and closing the interface for upgrading the virtual machine into the host machine. Or, the virtual machine monitor is not provided with an interface for stopping the running of the virtual machine monitor, an interface for upgrading the virtual machine to a host machine, an interface for acquiring sensitive running information of the virtual machine monitor and the like.
In the embodiment of the present specification, in order to improve the universality and compatibility of the running method of the trusted application, the virtual machine monitor may further have a compatible interface. For example, in order to be compatible with the SGX SDK, the compatible interface and the interface of the software protection extension SGX system may have the same function and interface name, so that unmodified running of the SGX application may be supported.
In this embodiment of the present specification, the creating a virtual machine having the trusted execution environment in step 108 may specifically include:
prohibiting access by another device to a physical address of the virtual memory space, and/or prohibiting access by another device to state data of the virtual CPU.
Wherein the further device may comprise: untrusted virtual machines or hardware devices controlled by other virtual machines, e.g., CPUs, etc. By making other devices unable to access the physical address of the virtual memory space of the virtual machine and the state data of the virtual CPU of the virtual machine, the security and privacy of the data of the trusted application running on the virtual machine are ensured.
In this embodiment of the present specification, the prohibiting another device from accessing the physical address of the virtual memory space may specifically include:
Modifying the physical address corresponding to the virtual memory space in the extended page table into a first address; the first address is different from an actual physical address corresponding to the virtual memory space.
And/or modifying a physical address corresponding to the virtual memory space in a device memory access page table of the input/output memory manager into a second address; the second address is different from an actual physical address corresponding to the virtual memory space.
And/or deleting the physical address corresponding to the virtual memory space in the device memory access page table of the input and output memory manager.
In the embodiment of the present specification, the page table is a special data structure, and is placed in a page table area of the system space, and stores the corresponding relationship between the logical page and the physical page frame. An Extended Page Table (EPT) is a virtualized extension for a Memory Management Unit (MMU), and can be used for translation of virtual machine addresses to host physical addresses.
An input-output memory management unit (IOMMU) is a Memory Management Unit (MMU) that can connect an I/O bus with direct memory access capability to a main memory. The device-visible virtual address may be mapped to a physical address based on a device memory access page table of the input output memory management unit.
In this embodiment of the present specification, modifying a physical address corresponding to the virtual memory space in the extended page table to a first address may specifically include: first, a physical page is allocated from the memory of the virtual machine monitor, and the content of the physical page is written as 0, so that an all-zero page (empty page) is formed. And finding page table entries of each physical page corresponding to the virtual memory space from an extended page table of the operating system, and mapping the page table entries to all zero pages.
In the embodiment of the present specification, by modifying the physical addresses corresponding to the virtual memory space of the virtual machine in the extended page table and the device memory access page table of the i/o memory manager, an attacker cannot acquire the real physical addresses corresponding to the virtual memory space of the virtual machine and cannot access the virtual memory space, so that the security and privacy of data and codes of a trusted application running in the virtual machine can be effectively guaranteed.
In this embodiment of the present specification, the prohibiting another device from accessing the state data of the virtual CPU may specifically include:
and for each physical CPU, setting the state data access authority of the physical CPU to be capable of only accessing the state data of the physical CPU.
And/or, acquiring an inter-core interrupt instruction; judging whether a target CPU of the inter-core interrupt instruction is the virtual CPU or not to obtain a judgment result; and if the judgment result shows that the target CPU of the inter-core interrupt instruction is the virtual CPU, stopping the execution of the inter-core interrupt instruction.
In this embodiment, the state data access right of the physical CPU is set to only access the state data of the physical CPU, so that other physical CPUs cannot access the state data of the physical CPU corresponding to the virtual CPU, thereby ensuring the security of the state data of the virtual CPU.
In this embodiment of the present specification, a virtual machine monitor may virtualize a Local Advanced Programmable Interrupt Controller (LAPIC), so that the virtual machine monitor may intercept all inter-core Interrupt instructions sent by the LAPIC for a virtual machine, and suspend execution of the inter-core Interrupt instructions for the virtual machine, so that state data of a virtual CPU of the virtual machine is not read by other devices, thereby facilitating improvement of security of an operation method of a trusted application.
In this embodiment of the present specification, to prevent an attacker from attacking the virtual machine monitor through the memory data of the virtual machine monitor, before performing step 102, the method may further include:
Prohibiting access to the memory address of the virtual machine monitor by another device. Specifically, the memory address of the virtual machine monitor in the extended page table may be modified to a third address; the third address is different from an actual memory address of the virtual machine monitor.
In this embodiment of the present specification, the principle of prohibiting another device from accessing the memory address of the virtual machine monitor may be the same as the principle of prohibiting another device from accessing the physical address of the virtual memory space, and details are not described here again.
In this embodiment of the specification, in order to ensure the operation security of the trusted application, the virtual machine with the trusted execution environment built by the method in fig. 1 may not include a code of the operating system, and therefore, when the trusted application running in the virtual machine needs to access a hardware resource, the trusted execution environment of the virtual machine needs to be switched to the execution environment of the untrusted operating system to run a resource access code.
Therefore, after step 110, the method may further include:
and acquiring a switching request which is sent by the virtual machine and needs to be switched to the operation of the untrusted operating system.
In response to the switch request, saving state data of the virtual CPU to a secure area.
And clearing the state data of the virtual CPU in the virtual machine state register.
And switching the running state of the virtual CPU to run in the untrusted operating system.
In this embodiment, the secure area may be a designated area in the memory of the virtual machine monitor, and the other devices cannot obtain data from the secure area. When the environment is switched, the state data of the virtual CPU of the virtual machine is firstly stored in the safe area, and then the state data of the virtual CPU in the state register of the virtual machine is cleared, so that other equipment still cannot acquire the state data of the virtual CPU of the virtual machine after the running environment is switched, the safety and the privacy of the state data are improved on the basis of ensuring the integrity of the state data of the virtual CPU of the virtual machine, and the safety and the privacy of the running method of the trusted application are further improved.
In this embodiment of the present specification, when the untrusted operating system determines the hardware resources that the trusted application needs to access, it is also necessary to switch from the execution environment of the untrusted operating system to the trusted execution environment of the virtual machine, so as to run the subsequent code of the trusted application. Therefore, the method in fig. 1 may further include:
And acquiring a data return request of the untrusted operating system.
And determining the address corresponding to the data return request.
And judging whether the address is the address corresponding to the switching request. Wherein, the address corresponding to the switching request can be realized based on the address of the dispatching function.
If so, it may be indicated that the data return request of the untrusted operating system does not belong to an attack behavior, and therefore, the running state of the virtual CPU may be switched to the virtual machine having the trusted execution environment, and the running may be continued according to the data returned by the data return request.
If not, the data return request of the untrusted operating system can be represented to belong to an attack behavior, so that the running state of the virtual CPU can be refused to be switched.
In the embodiment of the present specification, after it is determined that an address corresponding to the data return request is the same as an address corresponding to the switching request, the operating state of the virtual CPU is switched to the virtual machine having the trusted execution environment, so as to prevent a malicious attack behavior of the untrusted operating system, thereby improving the security of the trusted execution environment in the virtual machine, and further facilitating improvement of the security of the operating method of the trusted application.
In this specification embodiment, when the second code of the trusted application in the virtual machine completes the computing task, the virtual machine with the trusted execution environment may also be destroyed to release resources.
Therefore, the method in fig. 1 may further include:
and when the second code is completely operated, clearing the data in the virtual memory space.
Allowing another device to access a physical address of the virtual memory space.
Allowing additional devices to access the state data of the virtual CPU.
The allowing another device to access the physical address of the virtual memory space may specifically include: and modifying the physical address corresponding to the virtual memory space in the extended page table into an actual physical address corresponding to the virtual memory space. And/or modifying the physical address corresponding to the virtual memory space in the device memory access page table of the input and output memory manager into the actual physical address corresponding to the virtual memory space.
The allowing another device to access the state data of the virtual CPU may specifically include:
and recovering the configuration information of the local advanced programmable interrupt controller, and allowing the virtual CPU to receive the inter-core interrupt instructions sent by other virtual CPUs controlled by the untrusted operating system.
In practical applications, the virtual CPU may receive the inter-core interrupt instruction sent by another virtual CPU controlled by the non-trusted operating system by causing the virtual machine monitor to no longer check whether the target CPU of the inter-core interrupt instruction sent by the local advanced programmable interrupt controller is the virtual CPU. In practical application, the running state of the virtual CPU needs to be switched to run in the untrusted operating system, so as to reuse the virtual CPU subsequently.
Fig. 4 is a schematic diagram of an operation stage of a trusted application operation method provided in an embodiment of the present specification, and as shown in fig. 4, the scheme may include a stage that needs to be executed under an untrusted operating system 401 in a device, and may also include a stage that needs to be executed under a virtual machine 402 having a trusted execution environment in the device.
Specifically, for the boot phase, a user may boot trusted applications and a virtual machine monitor in an untrusted operating system. For the creation phase, a user may generate a creation request for a virtual machine having a trusted execution environment based on a trusted application in an untrusted operating system and create the virtual machine having the trusted execution environment using a virtual machine monitor. For the initialization phase, the operating parameters and the like of the created virtual machine may be initialized. For the first entry phase, the second code (i.e., the code that needs to run in the trusted execution environment) of the trusted application may be entered into the built virtual machine. When the trusted application needs to call the hardware resource, a first exit phase may be executed, thereby jumping to an execution environment of the untrusted operating system to determine the resource needed by the trusted application. After determining the resources required by the trusted application in the untrusted operating system, a second entry phase may be executed to jump to the virtual machine to continue executing the second code of the trusted application. After the second code of the trusted application is run, the virtual machine can be quitted, and the operation of destroying the virtual machine is executed in the execution environment of the untrusted operating system. Finally, the trusted application may be exited and a jump to the end may be made.
In the embodiment of the present specification, according to the above-described embodiment of the method in fig. 1, it can be seen that the virtual machine monitor can directly manage secure hardware, such as an extended page table, an input/output memory manager, a local advanced programmable interrupt controller, a CPU, and the like. For external interrupt controller (IOAPIC), pci (peripheral Component interconnect) devices, etc., they may be managed by an untrusted operating system. It can be seen that the scheme provided in the embodiments of the present specification repartitions the hardware management responsibilities of the virtual machine monitor and the operating system. The virtual machine monitor can directly manage the security hardware, so that the security of the virtual machine monitor is improved, and the use security of the running method of the trusted application is improved.
When the virtual machine monitor is implemented based on type1.5 hypervisor, the virtual machine monitor may not only contain no codes of the untrusted operating system any more, but also reserve the right of the virtual machine monitor to perform security check on the behavior of the untrusted operating system. Because the virtual machine monitor may not contain the code of the untrusted operating system, the effect of a bug in the code of the untrusted operating system on the virtual machine and the trusted execution environment built by the virtual machine monitor can be avoided, so as to further improve the use security of the running method of the trusted application.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the method. Fig. 5 is a schematic structural diagram of an operating apparatus corresponding to one trusted application of fig. 1, provided in an embodiment of this specification. As shown in fig. 5, the apparatus may include:
a first obtaining module 505, configured to enable the virtual machine monitor to obtain a request for creating a trusted execution environment by a launched trusted application; the program code of the trusted application includes at least first code that runs on an untrusted operating system and second code that needs to run on a trusted execution environment.
A first determining module 505, configured to determine a physical CPU occupied by the trusted application as a virtual CPU.
A second determining module 506, configured to determine a virtual memory space from the physical memory occupied by the trusted application.
A virtual machine creation module 508, configured to create a virtual machine with a trusted execution environment based on the virtual CPU and the virtual memory space.
An execution module 510, configured to control the virtual machine to execute the second code.
In the apparatus in fig. 5, based on the first determining module 505 and the second determining module 506, the virtual machine monitor may determine the physical CPU occupied by the trusted application as the virtual CPU of the virtual machine to be generated, and may determine the virtual memory space required by the virtual machine to be generated from the physical memory occupied by the trusted application, so that the virtual machine monitor does not need to include a program code of an operating system to perform a resource allocation operation, so as to reduce the code scale of the virtual machine monitor, and further lighten the built virtual machine and the trusted execution environment, thereby improving the operating efficiency of the operating apparatus of the trusted application. And because the amount of the operating system code contained in the virtual machine monitor in the device in fig. 5 is small, the influence on the running safety of the trusted application due to the existence of the operating system vulnerability can be reduced.
The examples of this specification also provide some specific embodiments of the process based on the apparatus of fig. 5, which is described below.
Optionally, the virtual machine creating module 508 may be specifically configured to: prohibiting another device from accessing the physical address of the virtual memory space.
The prohibiting another device from accessing the physical address of the virtual memory space may specifically include: modifying the physical address corresponding to the virtual memory space in the extended page table into a first address; the first address is different from an actual physical address corresponding to the virtual memory space. And/or modifying a physical address corresponding to the virtual memory space in a device memory access page table of the input/output memory manager into a second address; the second address is different from an actual physical address corresponding to the virtual memory space.
Optionally, the virtual machine creating module 508 may be specifically configured to: prohibiting access to the state data of the virtual CPU by another device. Specifically, for each physical CPU, the state data access authority of the physical CPU may be set to only access its own state data.
Optionally, the apparatus in fig. 5 may further include:
And the second acquisition module is used for acquiring the inter-core interrupt instruction.
And the judging module is used for judging whether the target CPU of the inter-core interrupt instruction is the virtual CPU or not to obtain a judging result.
And the instruction stopping module is used for stopping the execution of the inter-core interrupt instruction if the judgment result shows that the target CPU of the inter-core interrupt instruction is the virtual CPU.
Optionally, the system right of the virtual machine monitor is a first right, and the apparatus may further include:
and the permission setting module is used for setting the system permission of the operating system loaded with the virtual machine monitor as a second permission, and the second permission is lower than the first permission.
Optionally, the apparatus in fig. 5 may further include:
and the access forbidding module is used for forbidding other equipment to access the memory address of the virtual machine monitor. Specifically, the memory address of the virtual machine monitor in the extended page table may be modified to a third address; the third address is different from an actual memory address of the virtual machine monitor.
Optionally, the apparatus in fig. 5 may further include:
and the metric value generating module is used for generating the metric value of the secure memory area of the trusted execution environment by using a hash algorithm.
And the metric value storage module is used for storing the metric value to the memory of the virtual machine monitor.
Optionally, the apparatus in fig. 5 may further include:
and the third acquisition module is used for acquiring a switching request for switching to the operation of the untrusted operating system.
And the state data saving module is used for responding to the switching request and saving the state data of the virtual CPU to a safe area.
And the state data clearing module is used for clearing the state data of the virtual CPU in the virtual machine state register.
And the first switching module is used for switching the running state of the virtual CPU to run in the untrusted operating system.
Optionally, the apparatus in fig. 5 may further include:
and the fourth acquisition module is used for acquiring the data return request of the untrusted operating system.
And the address determining module is used for determining the address corresponding to the data return request.
And the address judging module is used for judging whether the address is the address corresponding to the switching request.
And the second switching module is used for switching the running state of the virtual CPU to the virtual machine with the trusted execution environment when the judgment result shows that the address corresponding to the data return request is the same as the address corresponding to the switching request, and continuing running according to the data returned by the data return request.
Optionally, the apparatus in fig. 5 may further include:
and the data clearing module is used for clearing the data in the virtual memory space after the second code is operated.
A first permission module to permit another device to access a physical address of the virtual memory space.
A second permission module to permit access by another device to the state data of the virtual CPU.
The first permission module is specifically configured to modify a physical address corresponding to the virtual memory space in the extended page table to an actual physical address corresponding to the virtual memory space. And/or modifying the physical address corresponding to the virtual memory space in the device memory access page table of the input and output memory manager into the actual physical address corresponding to the virtual memory space.
And the second allowing module is specifically used for recovering the configuration information of the local advanced programmable interrupt controller and allowing the virtual CPU to receive the inter-core interrupt instruction sent by other virtual CPUs controlled by the untrusted operating system.
The apparatus in fig. 5, may further include:
the first interface closing module is used for closing an interface for stopping the operation of the virtual machine monitor;
And the second interface closing module is used for closing the interface for upgrading the virtual machine into the host machine.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method.
Fig. 6 is a schematic structural diagram of an operating device corresponding to one trusted application of fig. 1, provided in an embodiment of this specification. As shown in fig. 6, the apparatus 600 may include:
at least one processor 610; and the number of the first and second groups,
a memory 660 communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory 660 stores instructions 620 executable by the at least one processor 610 to enable the at least one processor 610 to:
the virtual machine monitor is made to acquire a request for creating a trusted execution environment by the started trusted application; the program code of the trusted application includes at least first code that runs on an untrusted operating system and second code that needs to run on a trusted execution environment.
And determining the physical CPU occupied by the trusted application as a virtual CPU.
And determining a virtual memory space from the physical memory occupied by the trusted application.
Creating a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space.
And controlling the virtual machine to run the second code.
In the device in fig. 6, the virtual machine monitor may determine the physical CPU occupied by the trusted application as the virtual CPU of the virtual machine to be generated, and may determine the virtual memory space required by the virtual machine to be generated from the physical memory occupied by the trusted application, so that the virtual machine monitor does not need to include a program code of an operating system to perform resource allocation operation, thereby reducing the code scale of the virtual machine monitor, and further lightening the built virtual machine and the trusted execution environment, thereby improving the operating efficiency of the operating device of the trusted application. And because the virtual machine monitor in the setting in fig. 6 contains a small amount of operating system code, the influence on the running security of the trusted application due to the operating system existing bug can be reduced.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be conceived to be both a software module implementing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
One skilled in the art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to one or more embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is merely exemplary of the present disclosure and is not intended to limit one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of the present specification should be included in the scope of claims of one or more embodiments of the present specification.
Claims (28)
1. A method of running a trusted application, comprising:
the virtual machine monitor acquires a request for creating a trusted execution environment by the started trusted application; the program code of the trusted application at least comprises first code running in an untrusted operating system and second code needing to run in a trusted execution environment;
Determining the physical CPU occupied by the trusted application as a virtual CPU;
determining a virtual memory space from the physical memory occupied by the trusted application;
creating a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space;
and controlling the virtual machine to run the second code.
2. The method of claim 1, wherein creating the virtual machine having the trusted execution environment specifically comprises:
prohibiting another device from accessing the physical address of the virtual memory space.
3. The method according to claim 2, wherein the prohibiting another device from accessing the physical address of the virtual memory space specifically includes:
modifying the physical address corresponding to the virtual memory space in the extended page table into a first address; the first address is different from an actual physical address corresponding to the virtual memory space.
4. The method according to claim 2, wherein the prohibiting another device from accessing the physical address of the virtual memory space specifically includes:
modifying a physical address corresponding to the virtual memory space in a device memory access page table of the input/output memory manager into a second address; the second address is different from an actual physical address corresponding to the virtual memory space.
5. The method of claim 1, wherein creating the virtual machine having the trusted execution environment specifically comprises:
prohibiting access to the state data of the virtual CPU by another device.
6. The method according to claim 5, wherein the prohibiting another device from accessing the state data of the virtual CPU specifically comprises:
and for each physical CPU, setting the state data access authority of the physical CPU to be capable of only accessing the state data of the physical CPU.
7. The method of claim 1, further comprising:
acquiring an inter-core interrupt instruction;
judging whether a target CPU of the inter-core interrupt instruction is the virtual CPU or not to obtain a judgment result;
and if the judgment result shows that the target CPU of the inter-core interrupt instruction is the virtual CPU, stopping the execution of the inter-core interrupt instruction.
8. The method of claim 1, the system privilege of the virtual machine monitor being a first privilege, the virtual machine monitor, prior to obtaining the request for creation of the trusted execution environment by the trusted application, further comprising:
and setting the system authority of the operating system loaded with the virtual machine monitor as a second authority, wherein the second authority is lower than the first authority.
9. The method of claim 1, prior to the virtual machine monitor obtaining a create request for the trusted execution environment by the trusted application, further comprising:
prohibiting access to the memory address of the virtual machine monitor by another device.
10. The method according to claim 9, wherein the prohibiting another device from accessing the memory address of the virtual machine monitor specifically comprises:
modifying a memory address of the virtual machine monitor in an extended page table to a third address; the third address is different from an actual memory address of the virtual machine monitor.
11. The method of claim 1, further comprising:
generating a metric value of a secure memory area of the trusted execution environment using a hash algorithm;
saving the metric value to a memory of the virtual machine monitor.
12. The method of claim 1, further comprising:
acquiring a switching request needing to be switched to the operation of the untrusted operating system;
saving state data of the virtual CPU to a secure area in response to the switching request;
clearing state data of the virtual CPU in a virtual machine state register;
and switching the running state of the virtual CPU to run in the untrusted operating system.
13. The method of claim 12, further comprising:
acquiring a data return request of the untrusted operating system;
determining an address corresponding to the data return request;
judging whether the address is the address corresponding to the switching request;
if so, switching the running state of the virtual CPU to the virtual machine with the trusted execution environment, and continuing running according to the data returned by the data return request.
14. The method of claim 1, further comprising:
when the second code is completely operated, clearing the data in the virtual memory space;
allowing another device to access a physical address of the virtual memory space;
allowing additional devices to access the state data of the virtual CPU.
15. The method according to claim 14, wherein the allowing another device to access the physical address of the virtual memory space specifically comprises:
and modifying the physical address corresponding to the virtual memory space in the extended page table into an actual physical address corresponding to the virtual memory space.
16. The method according to claim 14, wherein the allowing another device to access the physical address of the virtual memory space specifically comprises:
And modifying the physical address corresponding to the virtual memory space in the equipment memory access page table of the input/output memory manager into the actual physical address corresponding to the virtual memory space.
17. The method according to claim 14, wherein the allowing another device to access the state data of the virtual CPU specifically comprises:
and recovering the configuration information of the local advanced programmable interrupt controller, and allowing the virtual CPU to receive the inter-core interrupt instructions sent by other virtual CPUs controlled by the untrusted operating system.
18. The method of claim 1, prior to the virtual machine monitor obtaining a create request for the trusted execution environment by the trusted application, further comprising:
closing an interface for stopping the running of the virtual machine monitor;
and closing the interface for upgrading the virtual machine into the host machine.
19. The method of claim 1, the virtual machine monitor having a compatible interface with the same function and interface name as an interface of a software protection extension SGX system.
20. The method of any one of claims 1 to 19, wherein the Type of the virtual machine monitor is a Type 1.5 Type.
21. An apparatus for running a trusted application, comprising:
The virtual machine monitor is used for acquiring a creation request of the started trusted application to the trusted execution environment; the program code of the trusted application at least comprises first code running in an untrusted operating system and second code needing to run in a trusted execution environment;
the first determining module is used for determining the physical CPU occupied by the trusted application as a virtual CPU;
the second determining module is used for determining a virtual memory space from the physical memory occupied by the trusted application;
a virtual machine creation module configured to create a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space;
and the running module is used for controlling the virtual machine to run the second code.
22. The apparatus of claim 21, wherein the virtual machine creation module is specifically configured to:
prohibiting another device from accessing the physical address of the virtual memory space.
23. The apparatus of claim 21, wherein the virtual machine creation module is specifically configured to:
prohibiting access to the state data of the virtual CPU by another device.
24. The apparatus of claim 21, further comprising:
the second acquisition module is used for acquiring an inter-core interrupt instruction;
The judging module is used for judging whether the target CPU of the inter-core interrupt instruction is the virtual CPU or not to obtain a judging result;
and the instruction stopping module is used for stopping the execution of the inter-core interrupt instruction if the judgment result shows that the target CPU of the inter-core interrupt instruction is the virtual CPU.
25. The apparatus of claim 21, the system privilege of the virtual machine monitor being a first privilege, the apparatus further comprising:
and the permission setting module is used for setting the system permission of the operating system loaded with the virtual machine monitor as a second permission, and the second permission is lower than the first permission.
26. The apparatus of claim 21, further comprising:
and the access forbidding module is used for forbidding other equipment to access the memory address of the virtual machine monitor.
27. The apparatus of any of claims 21 to 26, the Type of the virtual machine monitor being a Type 1.5 Type.
28. A running device of a trusted application, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
Enabling a virtual machine monitor to acquire a creation request of a started trusted application to a trusted execution environment; the program code of the trusted application at least comprises first code running in an untrusted operating system and second code needing to run in a trusted execution environment;
determining the physical CPU occupied by the trusted application as a virtual CPU;
determining a virtual memory space from the physical memory occupied by the trusted application;
creating a virtual machine having a trusted execution environment based on the virtual CPU and the virtual memory space;
and controlling the virtual machine to run the second code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010231197.5A CN113449292B (en) | 2020-03-27 | 2020-03-27 | Running method, device and equipment of trusted application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010231197.5A CN113449292B (en) | 2020-03-27 | 2020-03-27 | Running method, device and equipment of trusted application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113449292A CN113449292A (en) | 2021-09-28 |
| CN113449292B true CN113449292B (en) | 2022-07-29 |
Family
ID=77807978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010231197.5A Active CN113449292B (en) | 2020-03-27 | 2020-03-27 | Running method, device and equipment of trusted application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113449292B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113987554B (en) * | 2021-12-23 | 2022-04-08 | 支付宝(杭州)信息技术有限公司 | Method, device and system for obtaining data authorization |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011034717A1 (en) * | 2009-09-21 | 2011-03-24 | Oracle International Corporation | System and method for synchronizing transient resource usage between virtual machines in a hypervisor environment |
| WO2012122796A1 (en) * | 2011-03-15 | 2012-09-20 | 华为技术有限公司 | Method for creating virtual machine, virtual machine monitor and virtual machine system |
| CN105095765A (en) * | 2014-05-14 | 2015-11-25 | 展讯通信(上海)有限公司 | Mobile terminal, and processor system and trusted execution method thereof |
| US9442752B1 (en) * | 2014-09-03 | 2016-09-13 | Amazon Technologies, Inc. | Virtual secure execution environments |
| CN109800050A (en) * | 2018-11-22 | 2019-05-24 | 海光信息技术有限公司 | A kind of EMS memory management process of virtual machine, device, relevant device and system |
| CN110245001A (en) * | 2019-05-05 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Data isolation method and device, electronic equipment |
| CN110737608A (en) * | 2018-07-03 | 2020-01-31 | 阿里巴巴集团控股有限公司 | data operation method, device and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100005531A1 (en) * | 2004-12-23 | 2010-01-07 | Kenneth Largman | Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features |
| US8090919B2 (en) * | 2007-12-31 | 2012-01-03 | Intel Corporation | System and method for high performance secure access to a trusted platform module on a hardware virtualization platform |
| WO2013008450A1 (en) * | 2011-07-14 | 2013-01-17 | パナソニック株式会社 | Virtual computer system, memory management method, memory management program, recording medium, and integrated circuit |
| US9727725B2 (en) * | 2015-02-04 | 2017-08-08 | Amazon Technologies, Inc. | Security protocols for low latency execution of program code |
-
2020
- 2020-03-27 CN CN202010231197.5A patent/CN113449292B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011034717A1 (en) * | 2009-09-21 | 2011-03-24 | Oracle International Corporation | System and method for synchronizing transient resource usage between virtual machines in a hypervisor environment |
| WO2012122796A1 (en) * | 2011-03-15 | 2012-09-20 | 华为技术有限公司 | Method for creating virtual machine, virtual machine monitor and virtual machine system |
| CN105095765A (en) * | 2014-05-14 | 2015-11-25 | 展讯通信(上海)有限公司 | Mobile terminal, and processor system and trusted execution method thereof |
| US9442752B1 (en) * | 2014-09-03 | 2016-09-13 | Amazon Technologies, Inc. | Virtual secure execution environments |
| CN110737608A (en) * | 2018-07-03 | 2020-01-31 | 阿里巴巴集团控股有限公司 | data operation method, device and system |
| CN109800050A (en) * | 2018-11-22 | 2019-05-24 | 海光信息技术有限公司 | A kind of EMS memory management process of virtual machine, device, relevant device and system |
| CN110245001A (en) * | 2019-05-05 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Data isolation method and device, electronic equipment |
Non-Patent Citations (3)
| Title |
|---|
| Everything You Should Know About Intel SGX Performance on Virtualized Systems;Tu Dinh Ngoc;《Proceedings of the ACM on Measurement and Analysis of Computing Systems》;20190326;全文 * |
| 一种可信虚拟平台构建方法的研究和改进;李海威等;《信息网络安全》;20150110(第01期);全文 * |
| 基于虚拟机的内核完整性保护技术;张磊等;《电子科技大学学报》;20150130(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113449292A (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100984203B1 (en) | System and method to deprivilege components of a virtual machine monitor | |
| US10310882B2 (en) | Algorithm and apparatus to deploy virtual machine monitor on demand | |
| Bugnion et al. | Bringing virtualization to the x86 architecture with the original vmware workstation | |
| US9117081B2 (en) | Strongly isolated malware scanning using secure virtual containers | |
| JP6218859B2 (en) | Memory introspection engine for virtual machine integrity protection | |
| KR102189296B1 (en) | Event filtering for virtual machine security applications | |
| US9507727B2 (en) | Page fault injection in virtual machines | |
| CN104424034A (en) | Hardware resource access method and hardware resource access device | |
| US20160210069A1 (en) | Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine | |
| KR20050035833A (en) | Systems and methods for using synthetic instrictions in a virtual machine | |
| US20180136867A1 (en) | Address based host page table selection | |
| US11061829B2 (en) | Prefetch support with address space randomization | |
| US11144347B2 (en) | Protection domains for processes in shared address space | |
| CN113449292B (en) | Running method, device and equipment of trusted application | |
| GB2537760A (en) | Computer, and resource scheduling method using hypervisor | |
| US9477509B2 (en) | Protection against interrupts in virtual machine functions | |
| CN110765462B (en) | Operation control method and device, computing system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |