CN114375443A - Safety detection method and device - Google Patents
Safety detection method and device Download PDFInfo
- Publication number
- CN114375443A CN114375443A CN201980100088.5A CN201980100088A CN114375443A CN 114375443 A CN114375443 A CN 114375443A CN 201980100088 A CN201980100088 A CN 201980100088A CN 114375443 A CN114375443 A CN 114375443A
- Authority
- CN
- China
- Prior art keywords
- data
- safety
- monitoring module
- security
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Alarm Systems (AREA)
Abstract
A method and a device for safety detection relate to the technical field of chips, can improve the accuracy and the sensitivity of safety protection of a chip system (200), and can effectively control overhead cost. The safety detection method is applied to a system-on-chip (SoC) 101, the SoC 101 comprises an intelligent monitoring module 201 and a safety subsystem 202, and the specific method comprises the following steps: the method comprises the steps that an intelligent monitoring module (201) acquires safety monitoring data, wherein the safety monitoring data comprise environmental parameters (301) of a safety subsystem acquired by a sensor; the intelligent monitoring module (201) matches the safety monitoring data with preconfigured offline training data to obtain a target data type (302) matched with the safety monitoring data; and if the target data type belongs to the preset data type, the intelligent monitoring module (201) generates alarm information (303), so that the safety of the Soc (101) is protected.
Description
The present application relates to the field of chip technologies, and in particular, to a method and an apparatus for security detection.
The chip or the device can normally operate only under certain environmental parameters, such as certain requirements on temperature, voltage, power consumption, electromagnetic radiation and other parameters. If environmental parameters, such as clock faults, voltage faults or malicious attack faults, exceeding the normal operation of the chip or the device may cause a glitch at a certain moment (for example, the duration unit is nanosecond), the glitch caused by the parameter faults may cause the chip or the device to operate in error at the certain moment. For chips or devices with safety requirements, it is therefore necessary to monitor such malfunctions in order to avoid operating errors resulting therefrom.
The existing safety protection methods mainly comprise two types, one type is passive protection, and the protection is enhanced by identifying important modules, processes or bugs and adopting a method of checking and verifying for many times. However, since there are many kinds of security services operated by a chip, and modules depended on by each security service may be different, important modules, processes or bugs requiring security protection need to be artificially identified, it is difficult to ensure comprehensive identification, and omission is easily caused.
And the other type is active protection, and a sensor is adopted to detect parameters and compare the parameters with a preset threshold value for judgment. Specifically, the parameter detected by the sensor is within a preset threshold range, and the sensor is judged to be in a normal working state; if the detection parameter is larger than the preset threshold value, the fault or attack state is judged to be generated, so that an alarm signal is generated, or the chip is reset, so that operation errors are avoided. However, the preset threshold of the sensor is difficult to determine, and if the preset threshold is set too small, a false alarm may be caused due to environmental factors; if the threshold setting is too large, it results in a low sensitivity of the sensor for safe detection.
Disclosure of Invention
The embodiment of the application provides a method and a device for safety detection, which can improve the accuracy and the sensitivity of safety protection of a chip system.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, a method for security detection is provided, which is applied to a System on Chip (SoC), where the SoC includes an intelligent monitoring module and a security subsystem, where the security subsystem includes a module with security requirements; the intelligent monitoring module acquires safety monitoring data, wherein the safety monitoring data comprise environmental parameters of a safety subsystem acquired by a sensor; the intelligent monitoring module matches the safety monitoring data with preconfigured off-line training data to obtain a target data type matched with the safety monitoring data; and if the target data type belongs to a preset data type, the intelligent monitoring module generates alarm information.
In the above technical scheme, the safety monitoring module performs matching comparison with preconfigured offline training data according to the safety monitoring data of the safety subsystem acquired by the sensor to obtain the data type corresponding to the safety monitoring data, that is, the working state of the current chip is judged by determining the characteristics of the environmental parameters of the current safety subsystem, so as to determine whether to alarm. The safety monitoring data acquired by the sensor and the preset offline training data are subjected to matching calculation, so that the problem that the preset threshold of the sensor is difficult to determine is solved, the safety detection is more accurate, and the accuracy and the sensitivity of safety protection are improved.
Illustratively, the sensor is integrated into the safety subsystem, or the sensor may not be in the safety subsystem but located on the SOC.
In a possible design mode, the intelligent monitoring module matches the safety monitoring data with the preconfigured off-line training data based on an artificial intelligence algorithm to obtain a target data type matched with the safety monitoring data.
In one possible design, the security subsystem includes a true random number generator TRNG, and the security monitoring data further includes: TRNG generated random numbers. In the possible implementation manner, the safety monitoring data also comprises a random number generated by the TRNG, so that the singleness and limitation of safety detection according to the environmental parameters acquired by the sensor are avoided, and the accuracy and the sensitivity of safety protection are improved by using the random number generated by the TRNG of the existing device on the safety subsystem as auxiliary judgment; meanwhile, the existing modules of the system are used as assistance, so that the number of sensors integrated in the safety subsystem can be properly reduced, and the problem of overhead caused by the arrangement of a large number of sensors is solved.
In one possible design, the SoC further includes a temperature sensor, a PWM module, and a high performance monitoring HPM module, and the security monitoring data further includes: and at least one of the temperature parameter acquired by the temperature sensor, the factory process deviation data acquired by the HPM and the power supply adjusting parameter acquired by the PWM. In the possible implementation mode, the singleness and limitation of safety detection according to the environmental parameters acquired by the sensor are avoided, and the data generated by the existing devices such as the temperature sensor, the PWM module and the HPM module on the chip system are used as auxiliary judgment, so that the accuracy and the sensitivity of safety protection are improved; meanwhile, the problem of overhead caused by the arrangement of a large number of sensors is solved.
In a possible design, the SOC further includes a clock reset generator CRG, and the alarm information is used to instruct the CRG to reset the SOC; or, the warning information is used to instruct the CRG to turn off the clock driving, or the warning information is used to instruct the SoC to turn off the power supply. In the possible implementation manner, when the intelligent monitoring module generates the alarm information, the alarm information can be used for indicating the chip to reset, close the clock drive or close the power supply, so that the chip system is subjected to safety protection, and the efficiency of the chip safety protection can be effectively improved.
In one possible design, the SoC further includes a processor, and before the security monitoring data is acquired, the processor loads offline training data into a storage unit of the smart monitoring module, wherein the processor is a security processor or an application processor; or the intelligent monitoring module loads the offline training data into a storage unit of the intelligent monitoring module in a Direct Memory Access (DMA) mode. In the possible implementation manner, the intelligent monitoring module can actively acquire the off-line training data in a DMA mode, and can also perform safety detection in a mode of passively loading data by the processor, so that the intelligent monitoring module performs safety detection according to the matching comparison between the safety monitoring data and the off-line training data, and the accuracy and the sensitivity of chip safety protection are improved.
In a possible design, if the offline training data is compressed data, before the security monitoring data is matched with the preconfigured offline training data, the method further includes: and the intelligent monitoring module decompresses the offline training data to obtain the decompressed offline training data. In the possible implementation manner, when the offline training data acquired by the intelligent monitoring module is compressed data, the intelligent monitoring module can decompress the offline training data to obtain the decompressed offline training data, so that the offline training data is acquired from the storage unit for safety detection, and the accuracy and the sensitivity of chip safety protection are improved.
In a possible design, the intelligent monitoring module obtains the safety monitoring data, and specifically includes: the intelligent monitoring module determines the frequency of acquiring safety monitoring data according to different service scenes of the SoC; and the intelligent monitoring module acquires safety monitoring data according to the frequency. In the possible implementation manner, the intelligent monitoring module determines the frequency of acquiring the safety monitoring data according to different service scenes of the SoC, so that the frequency of acquiring the safety monitoring data is adaptively adjusted, and the power consumption overhead of the safety detection of the intelligent monitoring module is effectively controlled.
In a possible design mode, the offline training data is obtained by performing offline training on a plurality of safety monitoring data of the SoC based on an artificial intelligence AI algorithm, and the data type of the offline training data includes at least one of an attacked type, a normal operation type, a low-power voltage regulation type, a high-temperature protection type, a high-voltage protection type, an overcurrent protection type and a false trigger type. In the possible implementation manner, the offline training data is obtained based on an AI algorithm, and different data types are configured in advance according to chip service requirements during training, so as to meet different safety requirements of a chip system, and improve accuracy and sensitivity of chip safety protection.
In a possible design manner, the matching of the security monitoring data and the preconfigured offline training data by the intelligent monitoring module to obtain a target data type matched with the security monitoring data includes: the intelligent monitoring module selects a target AI algorithm which is adaptive to a service scene from a plurality of AI algorithms according to the service scene of the SoC; the intelligent monitoring module matches the safety monitoring data with the offline training data based on a target AI algorithm to obtain a target data type. In the possible implementation manner, the intelligent monitoring module can select the offline training data corresponding to the matched AI algorithm to perform matching calculation according to different service scenes of the SoC, so that the AI algorithm can be adaptively adjusted, and the accuracy and the sensitivity of chip safety protection are improved.
In one possible design mode, the intelligent monitoring module comprises a data backup program or a safety check protection program, wherein the data backup program is used for backing up a control signal, and the control signal is used for realizing the function selection of the intelligent monitoring module by the processor; and the safety check protection program is used for protecting the intelligent monitoring module to acquire the safety monitoring data. In the possible implementation mode, the intelligent monitoring module can be subjected to safety protection, and the accuracy of chip safety protection is improved.
In a second aspect, a device for safety detection is provided, the device includes an intelligent monitoring module and a safety subsystem, wherein the safety subsystem includes a module with safety requirement, and the intelligent monitoring module is used for: acquiring safety monitoring data, wherein the safety monitoring data comprise environmental parameters of a safety subsystem acquired by a sensor; matching the safety monitoring data with pre-configured offline training data to obtain a target data type matched with the safety monitoring data; and if the target data type belongs to the preset data type, the intelligent monitoring module generates alarm information.
In one possible design, the security subsystem includes a true random number generator TRNG, and the security monitoring data further includes: TRNG generated random numbers.
In one possible design, the apparatus further includes a temperature sensor, a PWM module, and a high performance monitoring HPM module, and the safety monitoring data further includes: and at least one of the temperature parameter acquired by the temperature sensor, the factory process deviation data acquired by the HPM and the power supply adjusting parameter acquired by the PWM.
In a possible design, the apparatus further includes a clock reset generator CRG, and the alarm information is used to instruct the CRG to reset the apparatus; alternatively, the warning information is used to instruct the CRG to turn off the clock driving, or the warning information is used to instruct the apparatus to turn off the power.
In one possible embodiment, the apparatus further includes a processor that, prior to obtaining the security monitoring data: the processor is used for loading the offline training data into a storage unit of the intelligent monitoring module, wherein the processor is a safety processor or an application program processor; or the intelligent monitoring module is used for loading the offline training data into a storage unit of the intelligent monitoring module in a Direct Memory Access (DMA) mode.
In a possible design, if the offline training data is compressed data, before the security monitoring data is matched with the preconfigured offline training data, the intelligent monitoring module is further configured to: and decompressing the offline training data to obtain decompressed offline training data.
In one possible design, the intelligent monitoring module is specifically configured to: determining the frequency of acquiring safety monitoring data according to different service scenes of the device; and acquiring safety monitoring data according to the frequency.
In a possible design mode, the offline training data is obtained by performing offline training on a plurality of safety monitoring data of the device based on an artificial intelligence AI algorithm, and the data type of the offline training data includes at least one of an attacked type, a normal operation type, a low-power voltage regulation type, a high-temperature protection type, a high-voltage protection type, an overcurrent protection type and a false trigger type.
In one possible design, the intelligent monitoring module is specifically configured to: selecting a target AI algorithm which is adaptive to a service scene from a plurality of AI algorithms according to the service scene of the device; and matching the safety monitoring data with the offline training data based on a target AI algorithm to obtain a target data type.
In one possible design mode, the intelligent monitoring module comprises a data backup program or a safety check protection program, wherein the data backup program is used for backing up a control signal, and the control signal is used for realizing the function selection of the intelligent monitoring module by the processor; and the safety check protection program is used for protecting the intelligent monitoring module to acquire the safety monitoring data.
In a third aspect, a readable storage medium is provided, where instructions are stored, and when the instructions are executed on a computer or a processor, the instructions cause the computer or the processor to execute the method for security detection in any one of the possible design manners of the first aspect.
In a fourth aspect, a computer program product is provided, which when run on a computer causes the computer to perform the method of security detection in any of the possible designs of the first aspect.
It is understood that any one of the above-provided methods, apparatuses, computer storage media and computer program products for security detection can be implemented by the corresponding methods provided above, and therefore, the beneficial effects achieved by the methods can refer to the beneficial effects in the corresponding methods provided above, and are not described herein again.
Fig. 1 is a schematic hardware structure diagram of an electronic device according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a hardware structure of a chip system for security detection according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of a security detection method according to an embodiment of the present application;
fig. 4 is a schematic diagram of a hardware structure of a chip system for security detection according to an embodiment of the present application;
fig. 5 is a schematic diagram of a hardware structure of an intelligent monitoring module for security detection according to an embodiment of the present application.
In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present embodiment, "a plurality" means two or more unless otherwise specified.
It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
Before the embodiments of the present application are introduced, the techniques of the design are briefly introduced:
artificial Intelligence (AI): is a branch of computer science and is a new technical science for researching and developing theories, methods, techniques and application systems for simulating, extending and expanding human intelligence. Research in this area includes robotics, language recognition, image recognition, natural language processing, and expert systems, among others.
A sensor: the device is a detection device which can sense the measured information and convert the sensed information into an electric signal or other information in a required form according to a certain rule to be output so as to meet the requirements of information transmission, processing, storage, display, recording, control and the like. Generally, the basic sensing functions can be classified into ten categories, such as thermal sensors, photosensitive sensors, gas sensors, force sensors, magnetic sensors, humidity sensors, acoustic sensors, radiation sensors, color sensors, and taste sensors.
Temperature Sensor (T-Sensor): refers to a sensor that senses temperature and converts it into a usable output signal.
Application Processor (AP): the operating system, user interface, and user applications on the electronic device all run on the application processor.
A secure processor: the secure processor may be two processors physically separate from the application processor. A processor may also be considered a secure processor when operating in a trusted environment, i.e., the application processor and the secure processor may also be logically isolated. Running on the secure processor is a program that passes the verification.
True Random Number Generator (True Random Number Generator, TRNG): an apparatus for generating random numbers by a physical process other than a computer program. Random numbers are typically generated based on microscopic phenomena that can create random phenomena, such as thermal noise, photoelectric effects involving beam splitters, and other quantum phenomena. Theoretically, these stochastic processes are completely unpredictable.
Pulse Width Modulation (PWM): the analog control mode modulates the bias of a transistor base or an MOS transistor grid according to the change of corresponding load to realize the change of the conduction time of the transistor or the MOS transistor, thereby realizing the change of the output of a switching voltage-stabilized power supply. The mode can keep the output voltage of the power supply constant when the working condition changes, is a very effective technology for controlling an analog circuit by using a digital signal of a microprocessor, and can be used as a voltage regulating module in a chip.
The embodiment of the application provides a security detection method, which can be applied to a chip system needing security protection or an electronic device comprising the chip system.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device may be a mobile phone, a tablet computer, a notebook computer, or other terminal devices. For convenience of description, the above-mentioned devices are collectively referred to as electronic devices in this application. In the embodiment of the present application, the electronic device is taken as a mobile phone for illustration, and referring to fig. 1, the mobile phone includes a System on Chip (SoC) 101 and a memory 102 coupled to the SoC 101.
The SoC101 is a control center of the mobile phone, connects various parts of the entire device by using various interfaces and lines, and executes various functions and processes data of the mobile phone by running or executing software programs and/or software modules stored in the memory and calling data stored in the memory, thereby integrally monitoring the mobile phone. In some possible embodiments, SoC101 may include a central processor unit, other various general purpose processors such as a digital signal processor, an artificial intelligence processor, a microcontroller or microprocessor, or the like. In addition, the SoC101 may further include an application Processor, a secure Processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a voice Processor, or the like. The SoC101 may further include other hardware circuits or accelerators, such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic device, transistor logic device, hardware component, or any combination thereof.
In the embodiment of the present application, the memory 102 may include different types of memories, and the SoC101 may be used to access any type of memory or storage medium in the memory 102. In fig. 1, the Memory 102 includes a Double Data Rate (DDR) Synchronous Dynamic Random Access Memory (SDRAM) (DDR SDRAM for short), a Non-Volatile Random Access Memory (NVRAM), and a NAND flash Memory, and the DDR SDRAM, the NVRAM, and the NAND flash Memory are integrated together as an example for explanation.
The memory 102 of FIG. 1 incorporates different types of memory, such as DDR SDRAM, NVRAM, and NAND flash memory, and may further include other types of memory. Reference may be made in particular to the following description of embodiments. At least one of the memories 102 or storage medium therein may be used to store data, software programs, and modules. For example, each memory may include a stored program area and a stored data area, wherein the stored program area may store a software program including instructions formed in code, including but not limited to an operating system, application programs required for at least one function, such as a sound playing function, an image playing function, and the like; the storage data area may store data created according to the use of the cellular phone, such as audio data, image data, a phonebook, and the like.
Further, referring to fig. 1, the mobile phone may further include a sensor component 103, a multimedia component 104, an input/output interface 105, and the like, which are described in detail below.
Wherein the sensor component 103 includes one or more sensors for providing various aspects of state assessment for the handset. For example, the sensor assembly 103 may include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications, i.e., as an integral part of a camera or a video camera. In addition, the sensor assembly 103 may further include an acceleration sensor, a gyro sensor, a magnetic sensor, a pressure sensor or a temperature sensor, and acceleration/deceleration, orientation, on/off state of the cellular phone, relative positioning of the components, or temperature change of the cellular phone, etc. may be detected by the sensor assembly 103.
The multimedia component 104 provides a screen, which may be a display panel or a touch panel, as an output interface between the cellular phone and the user, and when the screen is a touch panel, the screen may be implemented as a touch screen to receive an input signal from the user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In addition, the multimedia component 104 may further include at least one camera, for example, the multimedia component 104 may include a front camera and/or a rear camera. When the handset is in an operational mode, such as a capture mode or a video mode, the front-facing camera and/or the rear-facing camera may sense external multimedia signals that are used to form image frames. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The input/output interface 105 provides an interface between the SoC101 and a peripheral interface module, for example, the peripheral interface module may include a keyboard, a mouse, or a USB (universal serial bus) device. In one possible implementation, the input/output interface 105 may have only one input/output interface or a plurality of input/output interfaces.
Although not shown, the mobile phone may further include an audio component, a communication component, and the like, for example, the audio component includes a microphone, and the communication component includes a Wireless Fidelity (WiFi) module, a bluetooth module, and the like, which is not described herein again. Those skilled in the art will appreciate that the handset configuration shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. It is understood that all components shown in fig. 1 may be located on the same circuit board, and this embodiment is not limited thereto.
With the network architecture, SoC101 of the electronic device may be a system on chip as shown in fig. 2, the system on chip may be a hardware architecture as shown in fig. 2, and the system on chip 200 may include a smart monitoring module 201 and a security subsystem 202. It should be understood that the intelligent monitoring module 201 may be a hardware module, such as an application specific integrated circuit or a solidified intellectual property IP core, and the intelligent monitoring module 201 may also be a software module.
The intelligent monitoring module 201 is configured to obtain the safety monitoring data of the safety subsystem 202, and match the obtained safety monitoring data with offline training data pre-configured in the intelligent monitoring module 201 to obtain a target data type matched with the safety monitoring data.
Specifically, the intelligent monitor 201 may be configured in a training mode for acquiring and saving the security monitoring data detected by the security subsystem 202; and then training a large amount of acquired safety monitoring data according to an artificial intelligence algorithm to obtain training data. It should be noted that the training process of the training data may also be performed by performing data training offline by using other chips or electronic devices, and generating offline training data and then sending the offline training data to the intelligent monitoring module 201 for storage. In this case, the intelligent monitor 201 only needs to complete the acquisition of the security monitoring data on the chip system 200.
Further, the intelligent monitor 201 may be configured to be in a pre-judging mode, and may be configured to compare the safety monitoring data acquired in real time according to the above-mentioned offline training data, and perform pre-judging according to the matched data type, so as to determine the current working state of the chip system 200, and implement safety protection on the chip system 200 by using an artificial intelligence technology. Illustratively, if the data type matched according to the real-time security monitoring data is an attacked type, which indicates that the chip system 200 may be in an abnormal working state, the intelligent monitor 201 may generate an alarm signal for instructing the reset chip to reset, so as to protect the chip system 200 and prevent the loss caused by malicious attack.
The training mode and the anticipation mode of the intelligent monitor 201 may be performed simultaneously or separately. The data training and the data pre-judging can take longer time at the same time, so that the real-time performance of the data pre-judging is reduced; moreover, if the intelligent monitor 201 or the system-on-chip 200 is attacked from the outside in the training mode, the accuracy of the data training result may be affected, and therefore, the effect of selecting the training mode alone or other electronic devices to perform data training is better.
The security subsystem 202 is mainly used for running security-related programs and work tasks, and the security subsystem 202 includes modules with security requirements, i.e. modules with a close security relationship, such as key generation and storage related modules, and scrambling calculation related modules, and in addition, the intelligent monitor 201 and the security processor can also be placed in the security subsystem. Therefore, special protection of the security module in the security subsystem 202 is required, such as adding one or more sensors for detecting the operating environment parameters of the security subsystem 202; or some chip synthesis, back-end processing and the like are added, so that the safety of the safety subsystem 202 is improved. The chip synthesis and the back-end processing are both flows in the chip development design, the chip synthesis is to convert abstract codes into gate-level circuits, and the back-end processing is to convert the gate-level circuits into physical implementation parameters. For example, by adding an optimization prevention process to the chip synthesis, the logic circuit of the safety measure is prevented from being considered invalid and being optimized during the chip synthesis process; the back-end special processing may be to determine sensor placement requirements based on security.
In addition, when the chipset system 200 is a Trusted Execution Environment (TEE), the security requirement relates to most of the modules on the chipset system 200, and some modules with high security level may be placed in the security subsystem.
The embodiment of the application provides a security detection method, which is applied to the chip system. The specific method comprises the following steps: the current detection data of at least one sensor is obtained and compared with the data obtained by off-line training by using a training algorithm to obtain a matched data type, and whether an alarm signal needs to be generated or not is determined according to the data type, so that the chip system or the electronic equipment is protected safely.
Furthermore, according to the technical scheme of the application, some modules with safety requirements are integrated in a safety subsystem, the modules in the safety subsystem need special protection, the application integrates a sensor in the safety subsystem, the sensor is used for acquiring environmental parameters of the modules with the safety requirements in the safety subsystem, further, data of other existing detection modules, inspection logics or temperature sensors in a chip system can be acquired, various detection data are synthesized for prejudgment, and the accuracy and the flexibility of safety detection are improved; meanwhile, the data of some existing modules of the chip system are combined, so that the number of sensors integrated on the chip system can be reduced, and the device overhead of safety detection can be reduced.
As shown in fig. 3, the method may include:
301: the intelligent monitoring module acquires safety monitoring data, and the safety monitoring data comprise environmental parameters of the safety subsystem acquired by the sensor.
Where the sensors are used to acquire environmental parameters of the modules with safety requirements on the safety subsystem 202, the chip system 200 may be configured with a plurality of sensors, such as the sensor 1 and the sensor 2.
The sensor may be a digital integrated sensor, and may acquire various environmental parameters such as temperature, voltage, current, oscillation frequency, and the like, and specifically, may be configured to perform data processing on various sensed data such as temperature, voltage, current, oscillation frequency, and the like on the security subsystem 202 through a sensor sensing function, and convert the data to generate a digital signal for representing the magnitude of each environmental parameter.
As can be seen from the above, the safety monitoring data may be the environmental parameters of the safety subsystem acquired by the plurality of sensors. When the chip system 200 or the security subsystem 202 is subjected to fault injection or man-made attack, the sensor may acquire a change of the current environmental parameter, and therefore, the intelligent monitoring module 201 may determine the current working state of the chip system 200 according to the security monitoring data acquired by the sensor.
Further, the security subsystem 202 may also include a true random number generator TRNG, or other checking logic.
The TRNG is used to generate random numbers that may be used by the system-on-chip 200 to create a random encryption key to encrypt data. When the security subsystem 202 or the TRNG is subjected to fault injection or man-made attack, the randomness of the random number generated by the TRNG is affected, and therefore, the data generated by the TRNG can also be used as security monitoring data to assist in judging the current working state of the chip system 200.
Other checking logic is used to securely verify certain operations on the system-on-chip 200, and may be, for example, a Cyclic Redundancy Check (CRC), a parity Check, or a signature Check. The accuracy of the check logic checks may be compromised when the security subsystem 202 or the check logic is subject to fault injection or human attack. For example, the accuracy of the CRC check may be affected, and therefore, the smart monitoring module may also obtain check data of the CRC check and the other check logics as the security monitoring data to assist in determining the current operating state of the system-on-chip 200.
The security monitoring data may also include random numbers generated by the TRNG described above, or check data generated by other checking logic.
302: the intelligent monitoring module matches the safety monitoring data with the preconfigured off-line training data to obtain a target data type matched with the safety monitoring data.
The offline training data are obtained by performing offline training on a large amount of safety monitoring data under various data types acquired by the intelligent monitoring module based on an artificial intelligence AI algorithm.
The data type of the offline training data can be configured manually by those skilled in the art according to the security level, the accuracy of security detection, or the possible working state of the chip system. Illustratively, the data type of the offline training data may be configured as at least one of an attacked class, a normal operation class, a low power consumption voltage regulation class, a high temperature protection class, a high voltage protection class, an overcurrent protection class, and a false trigger class.
The attacked type refers to a data type which accords with the characteristics of the security monitoring data acquired under the condition that the chip receives malicious attack. When the security monitoring data acquired by the intelligent monitoring module conforms to the data characteristics under the condition of malicious attack, the target data type matched with the security monitoring data is an attack type, and at the moment, the chip is possibly attacked maliciously, and security early warning needs to be provided for the chip. Correspondingly, the high-temperature protection type, the high-voltage protection type and the overcurrent protection type refer to data types according with the characteristics of safety monitoring data acquired when the chip is at an overhigh temperature, an overhigh voltage or an overhigh current, and once the data exceeds a corresponding safety threshold, the chip may work abnormally or the chip may be burnt out, so that safety early warning needs to be provided for the chip.
The normal operation type refers to safety monitoring data of the chip under normal operation. The false triggering class refers to chip safety monitoring data of the chip under false triggering operation; the configuration may include a false triggering operation that does not affect the normal operation of the chip, or may include a false triggering operation that affects the normal operation of the chip, and needs to be performed according to specific situations. The low-power consumption voltage regulation type refers to safety monitoring data under the condition that the chip regulates the power supply voltage of the chip according to the service type, for example, when the chip detects that the current service power consumption is low, the power supply voltage can be properly reduced, so that the electricity can be saved; when the chip detects that the power consumption of the current service is higher, the power supply voltage can be recovered, so that the power supply requirement of the service can be met.
For example, the processing process of the offline training data may be that the intelligent monitoring module acquires several sets of security monitoring data of the chip under the attack condition, and performs data training on the security monitoring data by using an AI algorithm to obtain at least one set of offline training data corresponding to the attacked class, which may also be referred to as a data model corresponding to the attacked class.
The AI algorithm may be a neural network algorithm, a linear classification and Support Vector Machine (SVM) algorithm, a gaussian SVM algorithm, etc., and the offline training algorithm is not specifically limited in the present application.
The intelligent monitoring module matches the security monitoring data obtained in step 301 with preconfigured offline training data to obtain offline training data with the highest matching degree, and the data type corresponding to the offline training data with the highest matching degree is the target data type matched with the security monitoring data.
303: and if the target data type belongs to the preset data type, the intelligent monitoring module generates alarm information.
The preset data type may be preconfigured by a person skilled in the art as required, for example, the attacked type, the high-temperature protection type, the high-voltage protection type, and the overcurrent protection type may be configured as the preset data type, and then the intelligent monitoring module determines that the several data types need to generate the alarm information. When the type of the target data matched by the intelligent monitoring module is any one of the attacked type, the high-temperature protection type, the high-voltage protection type and the overcurrent protection type according to the step 302, the intelligent monitoring module generates alarm information.
In the embodiment of the application, the safety monitoring data such as the random number generated by at least one sensor and the TRNG and the check data of other checking logics are acquired through the intelligent monitoring module, the safety monitoring data are matched with the off-line training data configured in advance, and whether an alarm signal needs to be generated or not is judged according to the matched data type, so that the safety of the chip is protected. The data type of the current safety monitoring data is determined by matching and comparing the safety monitoring data with the offline training data of different data types, so that the problem that the preset threshold value detected by the sensor in the prior art is difficult to set is solved; by acquiring TRNG and other data of checking logic and comprehensively judging the TRNG and the data detected by the sensor in an auxiliary manner, the problems that the sensitivity of the detection of the sensor is not high, a single sensor cannot form integral judgment, the detection is insufficient or the cost of configuring a large number of sensors is low in the prior art are solved, so that the accuracy and the sensitivity of the safety protection of the chip system are improved, and the cost can be effectively controlled.
In the above embodiment, as shown in fig. 4, the chip system 200 may further include a processor 203 and a clock reset generator 204. The processor 203 is used for scheduling and controlling the program running on the chip system 200.
In some embodiments, in step 301, before the intelligent monitoring module 201 acquires the safety monitoring data of each module, the method may specifically include: the processor 203 loads the offline training data into a memory unit of the smart monitoring module 201. The processor 203 may be a security processor or an application processor, and for the related description of the security processor and the application processor, please refer to the above description, which is not described herein again.
The secure processor described above may be a processor for running a verified or encrypted security program. In an alternative case, the processor running in the TEE may be defined as the secure processor. In the above embodiments of the present application, the offline training data may be loaded into the storage unit of the smart monitoring module 201 through the security processor. For example, the Memory unit of the smart monitoring module may be a Static Random Access Memory (SRAM).
The application processor is a processor for running a user program, and a user can perceive or see running processing of the application program through operation of the electronic device. In the present application, on the premise of ensuring the safety of the running program of the application processor, the off-line training data may also be loaded into the storage unit of the intelligent monitoring module 201 through the application processor.
In addition, in step 301, before the intelligent monitoring module 201 obtains the safety monitoring data of each module, the method may further include: the intelligent monitoring module 201 directly loads the offline training data into a storage unit of the intelligent monitoring module 201 in a Direct Memory Access (DMA) manner.
The DMA is an access function provided by the computer bus architecture, and enables data to be directly sent from other devices to a memory of the computer motherboard, for example, offline training data generated on other devices may be sent to a storage unit of the intelligent monitoring module 201 on the chip system 200 through the DMA. The specific data link may be directly accessed to the memory by using a bus master, or through a program Input/Output (PIO) interface, which is not limited by the present application.
In some embodiments, in step 301, the intelligent monitoring module 201 may obtain the security monitoring data of each module by actively reading, passively reading, or accessing through a public bus or a private interface, where the method for obtaining the security monitoring data is not limited in the embodiment of the present application.
In addition, the intelligent monitoring module 201 may also determine a frequency of acquiring the security monitoring data according to different service scenarios of the chip system 200, and acquire the security monitoring data according to different frequencies. For example, the intelligent monitoring module 201 may determine the frequency of acquiring the security monitoring data according to the current service type of the chip system 200, for example, if the current service of the chip system 200 is a service with a higher security level, such as a payment class, the intelligent monitoring module 201 may adjust the frequency of acquiring the security monitoring data to a higher level, and the intelligent monitoring module 201 has a higher frequency of acquiring the security monitoring data, which may effectively protect the service security of the security chip 200.
For example, the intelligent monitoring module 201 may determine the frequency of obtaining the safety monitoring data according to the current service power consumption of the chip system 200, for example, if the current service power consumption of the chip system 200 is large, the intelligent monitoring module 201 may adjust the frequency of obtaining the safety monitoring data to be relatively low, so as to save the electric quantity.
In some embodiments, the chip system 200 may also include a Clock and Reset Generator (CRG) 204. The CRG is also called a reset chip, and is used for generating a clock signal to the chip system 200 and for performing a reset operation on other modules or devices on the chip system 200.
The smart monitoring module 201 may send the alarm information generated in step 303 to the clock reset generator 204, so as to instruct the clock reset generator 204 to perform clock reset on the chip system 200; alternatively, the alarm message may be used to instruct the clock reset generator 204 to turn off the clock driving of the system-on-chip 200. Alternatively, the smart monitoring module 201 may send the warning message to a power control module on the system on chip 200, so as to instruct to turn off the power of the system on chip 200.
Further, the intelligent monitoring module 201 may include a data backup program or a security check protection program. In order to ensure the reliability of the safety monitoring data input into the intelligent monitoring module 201, a check value may be added to the read safety monitoring data, that is, when the intelligent monitoring module 201 acquires the safety monitoring data, it is determined whether the data is legal based on a safety check protection program, and then matching calculation is continued if the data is legal, and if the data is illegal, the intelligent monitoring module 201 may process the acquired data, for example, discard the data or perform reset.
In addition, the intelligent monitoring module 201 may further include a data backup program for backing up a control signal of the intelligent monitoring module 201, where the control signal may be used to implement function selection of the intelligent monitoring module 201 by the processor, so as to improve security. For example, for a control signal configured by the processor and selected by the AI algorithm of the intelligent monitoring module 201, or a control signal for whether to decompress the offline training data, a data backup program may be used, and if the control signal is consistent with the backup data, the control signal is considered to be trusted; if not, either discard or reset is performed.
In some embodiments, the system-on-chip 200 may further include a temperature sensor, a Pulse Width Modulation (PWM) module, and a High Performance Monitor (HPM) module. Alternatively, the chip system 200 includes a peripheral module controller 205, and the temperature sensor, the PWM module, and the HPM module described above may be integrated on the peripheral module controller 205, as shown in fig. 4.
The peripheral module controller 205 may be used to manage and control other devices or related modules described above with respect to the security parameters of the system-on-chip 200.
Based on this, the security monitoring data obtained by the intelligent monitoring module 201 in step 301 may further include: and at least one of the temperature parameter acquired by the temperature sensor, the factory process deviation data acquired by the HPM and the power supply adjusting parameter acquired by the PWM.
The temperature sensor may obtain a temperature parameter of the chip system 200, which is used to indicate the operating temperature of the current chip. When the chip operates in an environment with too high temperature, a chip failure or a chip burn-out condition may occur.
The HPM module may be configured to measure factory process deviation parameters of the chip system 200, and identify misjudgment parameters according to a process deviation range. Some process deviation parameters are in a normal and acceptable range and belong to parameters in a normal working state; if some chip process deviation parameters exceed the preset range, the chip process deviation is considered to be unacceptable and affects the normal working state of the chip, and the chip in the working state of the data type needs to be pre-warned.
The PWM module is configured to adjust a power supply size according to a service, for example, adjust a power supply voltage size according to a power consumption size of the chip system 200, for example, if a current service of the chip system 200 of the electronic device is a playing video, and a generated power consumption is relatively large, the PWM module adjusts the power supply voltage to be relatively large; the chip system 200 of the electronic device is currently in a standby state, and the generated power consumption is relatively low, so that the PWM module adjusts the power supply voltage to be relatively low. Therefore, the elimination of the data misjudgment caused by the voltage regulation of the PWM module can be eliminated according to the detection data provided by the PWM module.
It should be noted that fig. 4 is only an exemplary illustration of a possible hardware structure of the chip system 200, and in practical applications, more or less components than those shown in the drawings may be included, or some components may be combined, or some components may be separated, or different component arrangements may be adopted. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The following briefly introduces the composition structure of the intelligent monitoring module 201 in the above embodiments of the present application with reference to the above embodiments, and as shown in fig. 5, for example, the internal structure of the intelligent monitoring module 201 may include a data processing module 1, an AI control module 2, an AI algorithm engine 3, an AI algorithm engine 4, a storage unit 5, a parameter decompression module 6, a calculation module 7, a register configuration module 8, and a bus control module 9.
The data processing module 1 is configured to pre-process acquired security monitoring data, where the security monitoring data includes, but is not limited to, security monitoring data acquired from at least one Sensor, TRNG, other inspection logic, T-Sensor, PWM, HPM, and the like. The preprocessing of the security monitoring data may include packing and conversion, and specifically may be to pack the acquired security monitoring data according to a certain format and convert the acquired security monitoring data into a certain vector format, for example, to pack all the acquired security monitoring data and convert the security monitoring data into an agreed data format.
The AI control module 2 may be configured to control different AI algorithm engines to perform read/write operations on the storage unit 5, and call different AI algorithm engines to the computing resources in the computing module 7. For example, the AI control module 2 may control the selection of different AI algorithm engines, select which AI algorithm engine performs read/write operations on data in the storage unit 5, and select which AI algorithm engine invokes the computing resources in the computing module 7. Illustratively, the selection of the AI algorithm engine is accomplished by the processor configuring registers and passing to the AI control module. For example, the AI control module 2 may be further configured to select different AI algorithm engines for matching calculation, select communication of parameter decompression modules, select communication of data processing modules, send preprocessed security monitoring data to the AI algorithm engine 3 for data matching calculation, and the like. The AI control module 2 may also be used to automatically manage read and write operations to the storage unit 5.
In addition, the AI control module 2 may also be configured to determine whether the target data type matched by the AI algorithm engine 3 is a preset data type, and if it is determined that the security monitoring data belongs to the preset data type that needs to be alerted, the AI control module 2 generates an alert signal and sends the alert signal to the CRG reset chip.
And the AI algorithm engine 3 is used for performing matching calculation on the received safety monitoring data and the offline training data in the storage unit 5 to generate a matching result. The AI algorithm engine 3 is mainly configured to continue to calculate tasks according to an AI algorithm, generate a calculation instruction, schedule calculation resources in the calculation module 7 to complete a specific data calculation task, obtain a matched data type, and optionally may further include accuracy of a corresponding prejudgment result. The execution of the specific calculation procedure of the AI algorithm is carried out by the calculation module 7. In some embodiments, optionally, the intelligent monitor 201 may further include more than one AI algorithm engine 3, for example, an AI algorithm engine 4, and the like, and may be configured to perform matching calculation on the acquired security monitoring data and different offline training data according to different artificial intelligence algorithm engines, and may select different AI algorithm engines according to chip requirements, so as to improve accuracy and flexibility of security detection. The AI algorithm engine is illustratively a hardware module, which may be, for example, an integrated hardware logic circuit or a dedicated solidified hardware core, and the computation module 7 includes computation resources such as addition, subtraction, multiplication, and division of integers or decimal numbers, and exponent operation. The computation module 7 may be a hardware module, and the computation resources in the computation module may be multiplexed by a plurality of AI algorithm engines. Illustratively, the AI control module 2 controls the various AI algorithm engines to invoke the computing resources in the computing module 7.
For example, the AI algorithm engine 3 may be a neural network based algorithm, configured to perform matching calculation on the security monitoring data and the offline training data according to the neural network algorithm, or configured to perform data training on the security monitoring data according to the neural network algorithm to generate the offline training data. The AI algorithm engine 4 may be a linear classification based algorithm, and is configured to perform matching calculation on the safety monitoring data and the offline training data according to a linear classification algorithm, or perform data training on the safety monitoring data according to a linear classification algorithm to generate offline training data. The two different algorithm engines may generate different offline training data, and thus, when the intelligent monitoring module matches the security monitoring data with the preconfigured offline training data, different data types may be obtained according to the different algorithm engines.
In some embodiments, the intelligent monitoring module may select a target AI algorithm adapted to a service scenario from a plurality of AI algorithms according to different service scenarios of the chip system; the intelligent monitoring module matches the safety monitoring data with the offline training data based on a target AI algorithm to obtain a target data type. For example, the intelligent monitoring module may select an AI algorithm with higher accuracy according to the security level of the service of the chip system, and perform data matching calculation. Or the intelligent monitoring module can select an AI algorithm with simpler calculation and smaller generated power consumption according to the service power consumption of the chip system to perform data matching calculation and the like.
As shown in fig. 5, the internal structure of the smart monitoring module may include a storage unit 5 for storing offline training data. In particular, offline training data generated according to more than one AI algorithm may be stored. Illustratively, the memory cell may be an SRAM.
Further optionally, the intelligent monitoring module may further include a parameter decompression module 6, configured to decompress the offline training data stored in the storage unit 5 when the stored offline training data is compressed data.
If the offline training data generated by offline training of other electronic devices occupies a relatively large storage space, the offline training data can be compressed and then sent to the intelligent monitoring module 201. Therefore, the offline training data received by the intelligent monitoring module 201 is compressed data, and before the intelligent monitoring module 201 performs matching calculation on the security monitoring data and the preconfigured offline training data, the intelligent monitoring module 201 needs to decompress the offline training data to obtain the decompressed offline training data.
The calculation module 7 is a basic calculation unit, and is configured to perform a data calculation task sent by the AI algorithm engine 3 or the AI algorithm engine 4. Illustratively, the calculation module 5 may be specifically configured to implement addition and multiplication operations, and may also include an exponential operation. Since the subtraction operation can be converted into an addition operation with a complement, and the division operation can be converted into a fixed-point number or floating-point number multiplication operation, the calculation module 5 can meet the calculation requirements of the AI algorithm engine 3.
The register configuration module 8 is configured to pre-store data, and may specifically be intermediate data storage in the data matching calculation process of the intelligent monitoring module 201. For example, the different anticipation results generated by the different AI algorithm engines 3 or 4 are stored in the register configuration module 8, and then the final anticipation result is selected by the processor through the bus control module 9 and output.
The bus control module 9 is configured to perform access and data transmission between the intelligent monitoring module and the processor, and the bus control module 9 may be configured to implement parameter configuration of the intelligent monitoring module by the processor. Specifically, the configuration of the storage unit 5 in the intelligent monitoring module and the configuration of the data type of the prediction result generated by the AI algorithm engine 3 may be included, and in an optional case, the processor may implement selection of different AI algorithm engines through the bus control module 9, and the like.
In addition, the processor can also select the pre-judgment results generated by different AI algorithms through the bus control module 9, and can select the pre-judgment results according to the matched data type and the corresponding accuracy to output the pre-judgment results.
It should be noted that fig. 5 is only an exemplary illustration of a possible hardware structure of the smart monitoring module, and in practical applications, more or less components than those shown in the drawings may be included, or some components may be combined, or some components may be separated, or different component arrangements may be adopted. The modules shown in fig. 5 may be implemented entirely in hardware, entirely in software, partly in hardware and partly in software.
The embodiment of the application further provides a safety detection device, which comprises an intelligent monitoring module and a safety subsystem, wherein the intelligent monitoring module can be used for: acquiring safety monitoring data, and matching the safety monitoring data with preconfigured offline training data to obtain a target data type matched with the safety monitoring data; and if the target data type belongs to the preset data type, the intelligent monitoring module generates alarm information. Specifically, the intelligent monitoring module may be configured to execute steps 301 and 303 in the foregoing method embodiment, and please refer to relevant contents of the foregoing method embodiment for specific implementation and possible exemplary descriptions thereof, which are not described herein again.
Finally, it should be noted that: the above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (22)
- A method for security detection is applied to a system-on-chip (SoC), and is characterized in that the SoC comprises an intelligent monitoring module and a security subsystem, wherein the security subsystem comprises a module with a security requirement, and the method comprises the following steps:the intelligent monitoring module acquires safety monitoring data, wherein the safety monitoring data comprise environmental parameters of the safety subsystem acquired by a sensor;the intelligent monitoring module matches the safety monitoring data with preconfigured off-line training data to obtain a target data type matched with the safety monitoring data;and if the target data type belongs to a preset data type, the intelligent monitoring module generates alarm information.
- The method of claim 1, wherein the security subsystem comprises a true random number generator TRNG, and wherein the security monitoring data further comprises: the TRNG generates a random number.
- The method of claim 1 or 2, wherein the SoC further comprises a temperature sensor, a Pulse Width Modulation (PWM) module, and a High Performance Monitoring (HPM) module, the security monitoring data further comprising:and at least one of the temperature parameter obtained by the temperature sensor, the factory process deviation data obtained by the HPM and the power supply adjusting parameter obtained by the PWM.
- The method according to claim 1 or 2, wherein the SoC further comprises a clock reset generator CRG, the alarm information being used to instruct the CRG to reset the SoC; or, the warning information is used to instruct the CRG to turn off the clock drive, or the warning information is used to instruct the SoC to turn off the power supply.
- The method of any of claims 1 to 4, wherein the SoC further comprises a processor, and prior to obtaining the security monitoring data, the method further comprises:the processor loads the offline training data into a storage unit of the intelligent monitoring module, wherein the processor is a safety processor or an application processor;or the intelligent monitoring module loads the offline training data into a storage unit of the intelligent monitoring module in a Direct Memory Access (DMA) mode.
- The method of any of claims 1 to 5, wherein if the offline training data is compressed data, before the matching the security monitoring data with preconfigured offline training data, the method further comprises:and the intelligent monitoring module decompresses the offline training data to obtain the decompressed offline training data.
- The method according to any one of claims 1 to 6, wherein the intelligent monitoring module obtains the security monitoring data, specifically comprising:the intelligent monitoring module determines the frequency of acquiring the safety monitoring data according to different service scenes of the SoC;and the intelligent monitoring module acquires the safety monitoring data according to the frequency.
- The method according to any one of claims 1 to 7, wherein the offline training data is obtained by performing offline training on a plurality of security monitoring data of the SoC based on an Artificial Intelligence (AI) algorithm, and the data type of the offline training data comprises at least one of an attacked class, a normal operation class, a low power consumption voltage regulation class, a high temperature protection class, a high voltage protection class, an overcurrent protection class and a false trigger class.
- The method of any one of claims 1 to 8, wherein the intelligent monitoring module matches the security monitoring data with preconfigured offline training data, and obtaining a target data type matching the security monitoring data comprises:the intelligent monitoring module selects a target AI algorithm which is adaptive to the service scene from a plurality of AI algorithms according to the service scene of the SoC;and the intelligent monitoring module matches the safety monitoring data with the off-line training data based on the target AI algorithm to obtain the target data type.
- The method according to any one of claims 1 to 9, wherein the intelligent monitoring module comprises a data backup program or a safety check protection program, the data backup program is used for backing up control signals, and the control signals are used for realizing function selection of the intelligent monitoring module by a processor;and the safety check protection program is used for protecting the intelligent monitoring module to acquire the safety monitoring data.
- An apparatus for safety detection, the apparatus comprising an intelligent monitoring module and a safety subsystem, wherein the safety subsystem comprises a module with safety requirements, and the intelligent monitoring module is configured to:acquiring safety monitoring data, wherein the safety monitoring data comprise environmental parameters of the safety subsystem acquired by a sensor;matching the safety monitoring data with pre-configured off-line training data to obtain a target data type matched with the safety monitoring data;and if the target data type belongs to a preset data type, the intelligent monitoring module generates alarm information.
- The apparatus of claim 11, wherein the security subsystem comprises a true random number generator TRNG, and wherein the security monitoring data further comprises: the TRNG generates a random number.
- The apparatus of claim 11 or 12, further comprising a temperature sensor, a Pulse Width Modulation (PWM) module, and a High Performance Monitoring (HPM) module, the safety monitoring data further comprising:and at least one of the temperature parameter obtained by the temperature sensor, the factory process deviation data obtained by the HPM and the power supply adjusting parameter obtained by the PWM.
- The apparatus according to claim 11 or 12, wherein the apparatus further comprises a clock reset generator CRG, the alarm information being used to instruct the CRG to reset the apparatus; or, the warning information is used to instruct the CRG to turn off the clock driving, or, the warning information is used to instruct the apparatus to turn off the power supply.
- The apparatus of any of claims 11 to 14, further comprising a processor that, prior to obtaining the security monitoring data:the processor is used for loading the offline training data into a storage unit of the intelligent monitoring module, wherein the processor is a safety processor or an application program processor;or the intelligent monitoring module is used for loading the offline training data into a storage unit of the intelligent monitoring module in a Direct Memory Access (DMA) mode.
- The apparatus of any one of claims 11 to 15, wherein if the offline training data is compressed data, before the matching the security monitoring data with the preconfigured offline training data, the smart monitoring module is further configured to:and decompressing the offline training data to obtain the decompressed offline training data.
- The apparatus according to any one of claims 11 to 16, wherein the smart monitoring module is specifically configured to:determining the frequency of acquiring the safety monitoring data according to different service scenes of the device;and acquiring the safety monitoring data according to the frequency.
- The device according to any one of claims 11 to 17, wherein the offline training data is obtained by performing offline training on a plurality of safety monitoring data of the device based on an artificial intelligence AI algorithm, and the data type of the offline training data includes at least one of an attacked class, a normal operation class, a low power consumption voltage regulation class, a high temperature protection class, a high voltage protection class, an overcurrent protection class, and a false trigger class.
- The apparatus according to any one of claims 11 to 18, wherein the smart monitoring module is specifically configured to:selecting a target AI algorithm which is adaptive to the service scene from a plurality of AI algorithms according to the service scene of the device;and matching the safety monitoring data with the offline training data based on the target AI algorithm to obtain the target data type.
- The device according to any one of claims 11 to 19, wherein the intelligent monitoring module comprises a data backup program or a safety check protection program, the data backup program is used for backing up a control signal, wherein the control signal is used for realizing function selection of the intelligent monitoring module by a processor;and the safety check protection program is used for protecting the intelligent monitoring module to acquire the safety monitoring data.
- A readable storage medium having stored therein instructions which, when run on a computer or processor, cause the computer or processor to perform the method of security detection of any of claims 1-10.
- A computer program product, characterized in that it causes a computer to carry out the method of security detection according to any one of claims 1 to 10, when said computer program product is run on said computer.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/105445 WO2021046771A1 (en) | 2019-09-11 | 2019-09-11 | Security detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114375443A true CN114375443A (en) | 2022-04-19 |
Family
ID=74866880
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980100088.5A Pending CN114375443A (en) | 2019-09-11 | 2019-09-11 | Safety detection method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114375443A (en) |
| WO (1) | WO2021046771A1 (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113220655A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | Data access method, device, equipment and readable storage medium |
| TW202324183A (en) * | 2021-10-12 | 2023-06-16 | 聯發科技股份有限公司 | Macro placement in continuous action space using an artificial intelligence approach |
| CN115037649B (en) * | 2022-06-16 | 2024-03-01 | 广东电网有限责任公司 | Method and machine for safely monitoring running environment of field station |
| CN115390609B (en) * | 2022-08-08 | 2024-01-26 | 南京芯驰半导体科技有限公司 | Voltage adjustment method and device, electronic equipment and readable storage medium |
| CN117743065B (en) * | 2024-02-21 | 2024-04-23 | 北京怀美科技有限公司 | Method for detecting irradiation of memory chip |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103686737B (en) * | 2013-12-16 | 2017-05-24 | 重庆邮电大学 | Wireless sensor network intrusion tolerance method and system based on tree topology |
| CN104391784B (en) * | 2014-08-27 | 2017-05-17 | 北京中电华大电子设计有限责任公司 | Method and device for fault injection attack based on simulation |
| US9268938B1 (en) * | 2015-05-22 | 2016-02-23 | Power Fingerprinting Inc. | Systems, methods, and apparatuses for intrusion detection and analytics using power characteristics such as side-channel information collection |
| US10142353B2 (en) * | 2015-06-05 | 2018-11-27 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
| CN107437088B (en) * | 2016-05-27 | 2020-12-08 | 百度在线网络技术(北京)有限公司 | File identification method and device |
| US11303460B2 (en) * | 2016-06-29 | 2022-04-12 | Arizona Board Of Regents On Behalf Of Northern Arizona University | PUFs from sensors and their calibration |
| CN106603538A (en) * | 2016-12-20 | 2017-04-26 | 北京安信天行科技有限公司 | Invasion detection method and system |
| CN109271791A (en) * | 2018-10-28 | 2019-01-25 | 大连多维互动数字科技有限公司 | A kind of computer testing protection system |
-
2019
- 2019-09-11 CN CN201980100088.5A patent/CN114375443A/en active Pending
- 2019-09-11 WO PCT/CN2019/105445 patent/WO2021046771A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021046771A1 (en) | 2021-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114375443A (en) | Safety detection method and device | |
| US10432627B2 (en) | Secure sensor data transport and processing | |
| US10032030B2 (en) | Trusted kernel starting method and apparatus | |
| US20220335127A1 (en) | Side-channel exploit detection | |
| US9998488B2 (en) | Protection system including machine learning snapshot evaluation | |
| US20080052532A1 (en) | Methods and systems involving secure ram | |
| US10185633B2 (en) | Processor state integrity protection using hash verification | |
| EP3292501B1 (en) | Attack detection through signal delay monitoring | |
| CN112152776A (en) | Countermeasures against hardware side channel attacks for cryptographic operations | |
| TWI736264B (en) | Method and device for detecting whether an image has been tampered with, and electronic equipment | |
| US11580231B2 (en) | Methods and devices for secure secret key generation | |
| US20200019701A1 (en) | Per thread side channel attack protection | |
| CN113312620B (en) | Program safety detection method and device, processor chip and server | |
| US10860412B2 (en) | Coordinated panic flow | |
| US11822651B2 (en) | Adversarial resilient malware detector randomization method and devices | |
| CA3165290A1 (en) | Systems and methods for secure face authentication | |
| CN108959938B (en) | Method, device, storage medium and equipment for detecting vulnerability exploitation | |
| CN111736770A (en) | Embedded secure memory | |
| CN110543769A (en) | Trusted starting method based on encrypted TF card | |
| US11307921B2 (en) | Coordinated panic flow | |
| US20240152621A1 (en) | Control method and apparatus for safety boot of chip, electronic device and storage medium | |
| WO2022213128A1 (en) | Read-only memory (rom) security | |
| CN117992135A (en) | Loading method and loading device of kernel module | |
| CN116416670A (en) | Big data control method and system based on face recognition | |
| CN113994332A (en) | Non-safety software detection device, detection method and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |