CN114443147A - Super monitoring type unmanned aerial vehicle credibility detection method based on credible hardware technology - Google Patents

Super monitoring type unmanned aerial vehicle credibility detection method based on credible hardware technology Download PDF

Info

Publication number
CN114443147A
CN114443147A CN202011228943.1A CN202011228943A CN114443147A CN 114443147 A CN114443147 A CN 114443147A CN 202011228943 A CN202011228943 A CN 202011228943A CN 114443147 A CN114443147 A CN 114443147A
Authority
CN
China
Prior art keywords
trusted
measurement
program
unmanned aerial
aerial vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011228943.1A
Other languages
Chinese (zh)
Other versions
CN114443147B (en
Inventor
李大伟
关振宇
张弛
程东旭
徐迈
邓欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202011228943.1A priority Critical patent/CN114443147B/en
Publication of CN114443147A publication Critical patent/CN114443147A/en
Application granted granted Critical
Publication of CN114443147B publication Critical patent/CN114443147B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4403Processor initialisation
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B64AIRCRAFT; AVIATION; COSMONAUTICS
    • B64CAEROPLANES; HELICOPTERS
    • B64C39/00Aircraft not otherwise provided for
    • B64C39/02Aircraft not otherwise provided for characterised by special use
    • B64C39/028Micro-sized aircraft
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Abstract

The invention discloses a super monitoring type unmanned aerial vehicle credibility detection method based on a credible hardware technology, which comprises the following steps: starting a trusted monitoring system and running a static measurement program, measuring the integrity of a bootstrap program of a main memory system and starting the bootstrap program after the measurement is passed; copying and measuring an operating system image; running an embedded operating system and loading a lightweight measurement agent; the method comprises the steps that authentication data are interacted between a dynamic integrity measurement program and a lightweight measurement agent to confirm that the program integrity and a program loading operation base address are legal; and the trusted monitoring system reads codes and data of the object information which is subjected to measurement, so that dynamic integrity measurement is performed. The detection method can realize the trusted start of the unmanned aerial vehicle, and then the real-time dynamic integrity measurement is carried out on the unmanned aerial vehicle after the unmanned aerial vehicle is trusted, so that the unmanned aerial vehicle is subjected to super monitoring, the safety of the unmanned aerial vehicle is guaranteed, and the running speed of a system of the unmanned aerial vehicle is not influenced.

Description

Super monitoring type unmanned aerial vehicle credibility detection method based on credible hardware technology
Technical Field
The invention relates to the technical field of unmanned aerial vehicles, in particular to a super monitoring type unmanned aerial vehicle credibility detection method based on a credible hardware technology.
Background
In the related art, in order to ensure the safety of hardware of the unmanned aerial vehicle, a safety architecture suitable for the hardware can be constructed by combining hardware and cryptography technology. Mobile Trusted Module (MTM) is a specification proposed for hardware security issues. In the MTM specification, a hardware provider can implement a hardware protection environment, the protection environment can be started and operated before a Trusted Platform Module (TPM), the TPM first trusts the protection environment, and subsequent Trusted chain and Trusted environment building is completed on the premise of protecting the environment safety and reliability. However, the MTM specification has some security and applicability issues for hardware devices whose trusted environment depends to a large extent on the implementation of the protected environment by the device provider. Due to the fact that the unmanned aerial vehicle hardware equipment is various in types and diversified in use environment, high requirements are put forward for equipment providers, and difficulties are caused in subsequent hosting, development and use. With the popularization of unmanned aerial vehicles and the increasing increase of safety risks, the MTM specification is increasingly unable to meet the safety requirements.
In the related art, a new idea is provided for a trusted hardware architecture through the TrustZone hardware security feature. TrustZone partitions hardware and software resources securely and insecure, wherein operations that need to be kept secret are performed in a secure area, and the rest are performed in an insecure area. The processor is also divided into a secure core and a non-secure core, and TrustZone sets an isolation mechanism between the secure area and the non-secure area to ensure that the non-secure core can only access the resources of the non-secure area, and the secure core can access all the resources. The scheme can verify the boot code and the system kernel file during starting, ensure that the system is correctly started and builds a trusted chain, and also can verify the integrity of the content by checking the code and the stored data in operation after starting, thereby ensuring the safety of the operation environment. However, the running of the program in the TrustZone secure area interrupts the running of other programs in the operating system, and the real-time monitoring introduces a large system overhead. And because the running of the safe region program shares a CPU core with other kernel programs and user processes, the super monitoring program and the dynamic integrity measurement program which run in the TrustZone are difficult to be managed by a trusted third party, namely the safe application design is separated from the common application development. These problems make TrustZone technology difficult to apply to unmanned aerial vehicles.
Dynamic Integrity Measurement (DIM) is a technique to enhance the trustworthiness of a system. The dynamic integrity measurement can measure the program and data in operation in real time, the dynamic integrity measurement can acquire the memory address corresponding to the program execution, read the data in the memory address, check the integrity of the memory address, and if the data is abnormal, an alarm can be given or the program operation can be directly interrupted. However, most of the existing dynamic integrity measurement mechanisms rely on protection of the kernel level of the operating system, although processes can be measured dynamically, the system overhead is high, and when the kernel of the operating system is broken by malicious embedded viruses and trojans, the security of the dynamic integrity measurement mechanism is difficult to guarantee.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, the invention aims to provide a super-monitoring type unmanned aerial vehicle credible detection method based on a credible hardware technology, so that the unmanned aerial vehicle can be started in a credible mode, and then real-time dynamic integrity measurement is carried out on the unmanned aerial vehicle after the unmanned aerial vehicle is started in a credible mode, so that the unmanned aerial vehicle is super-monitored, the safety of the unmanned aerial vehicle is guaranteed, and the running speed of a system of the unmanned aerial vehicle cannot be influenced.
In order to achieve the above object, an embodiment of the present invention provides a super monitoring type unmanned aerial vehicle credibility detection method based on a credible hardware technology, where the method includes the following steps: the trusted monitoring system is started before the main processor system and runs a static measurement program; measuring the integrity of a bootstrap program of the main memory system through the static measurement program, starting the main processor system after the measurement is passed, running the bootstrap program and copying an operating system image; reading the operating system image and measuring the integrity of the operating system image through the static measuring program; starting and running an embedded operating system through the main processor system, and loading and running a lightweight measurement agent as a kernel module of the embedded operating system; the dynamic integrity measurement program and the lightweight measurement agent in the trusted monitoring system interact identity authentication data, and the static trusted measurement process is ended after the completeness of the program and the validity of a program loading operation base address are confirmed; the trusted monitoring system acquires object information subjected to measurement, and reads codes and data of the object information subjected to measurement; and the trusted monitoring system performs dynamic integrity measurement on the acquired content to form trusted chain data for the security policy to call and verify.
According to the super monitoring type unmanned aerial vehicle credibility detection method based on the credible hardware technology, a credible monitoring system is started before a main processor system, and a static measurement program is operated; measuring the integrity of a bootstrap program of the main memory system through a static measurement program, starting a main processor system after the measurement is passed, running the bootstrap program and copying an operating system mirror image; reading an operating system image and measuring the integrity of the operating system image through a static measurement program; starting and running the embedded operating system through the main processor system, and loading and running the lightweight measurement agent as a kernel module of the embedded operating system; the identity authentication data are interacted between the dynamic integrity measurement program and the lightweight measurement agent in the trusted monitoring system, and the static trusted measurement process is ended after the completeness of the program and the legality of the program loading operation base address are confirmed; acquiring object information subjected to measurement through a trusted monitoring system, and reading codes and data of the object information subjected to measurement; therefore, the obtained content can be subjected to dynamic integrity measurement through the trusted monitoring system, and trusted chain data for the security policy calling verification is formed. Therefore, the unmanned aerial vehicle can be started in a trusted mode, and then real-time dynamic integrity measurement is carried out on the unmanned aerial vehicle after the unmanned aerial vehicle is started in a trusted mode, so that the unmanned aerial vehicle is subjected to super monitoring, the safety of the unmanned aerial vehicle is guaranteed, and the running speed of a system of the unmanned aerial vehicle cannot be influenced.
In addition, the super monitoring type unmanned aerial vehicle credibility detection method based on the credible hardware technology can also have the following additional technical characteristics:
according to an embodiment of the invention, a first static random access memory (on-chip SRAM2) is integrated in the trusted monitoring system, wherein, if the trusted monitoring system does not integrate an on-chip embedded flash memory (on-chip eFlash), the static measurement program is loaded from off-chip, the integrity is verified and decrypted, then the static measurement program is written into the first static random access memory, and the static measurement program is operated from the first static random access memory; and if the trusted monitoring system is integrated with the on-chip embedded flash memory, the static measurement program is directly operated from the on-chip embedded flash memory.
According to one embodiment of the present invention, the main processor system is integrated with a first Bus Bridge (Bus Bridge1), a direct memory access Controller (DMA Controller), and a second static random access memory (SRAM1) that adopts a dual-port structure, wherein the static metric program measures the integrity of a boot program of the main processor system in an external memory through the first Bus Bridge, and copies the operating system image to the second static random access memory by setting the direct memory access Controller.
According to an embodiment of the present invention, the measuring the integrity of the operating system image comprises: calculating a hash value of the operating system image; and comparing the hash value with a preset hash value, and measuring the integrity of the operating system image according to the comparison result.
According to an embodiment of the present invention, the code and data reading of the object information of the acceptance measure includes: if the objects to be measured are an operating system mirror program and a lightweight measurement agent program, the trusted monitoring system reads data from the second static random access memory directly; if the object of accepting the measurement is other key applications in the main processor system, the trusted monitoring system reads the content in the second static random access memory according to at least one of a code page memory address, size information, and a program name.
According to an embodiment of the present invention, the reading, by the trust monitoring system, contents in the second sram according to at least one of a code page memory address, size information, and a program name includes: and the dynamic integrity measurement program of the trusted monitoring system reads the application program code page content of the specified memory size in the specified address in the second static random access memory through the second static random access memory monitoring channel.
According to an embodiment of the present invention, the trusted monitoring system performs dynamic integrity measurement on the acquired content by the following processes:
Figure BDA0002764522240000031
Vi=Hash(Mi)(1≤i≤n)
MeasureIsOK=(V1==H1)&(V2==H2)&…&(Vn==Hn)
PCR=Hash(PCR||V1||V2||…||Vn)
wherein M isi(1. ltoreq. i. ltoreq.n) represents the code page space during the run of the process, HiM representing pre-computed storage in application information listiHash value of ViRepresenting the Hash value obtained by calculating the code and data by the dynamic integrity measurement range sequence, and MeasureiSOK representing the result of the integrity measurement when ViAnd HiWhen the range of i is more than or equal to 1 and less than or equal to n is equal, the measurement is passed, MeasureiSOK is True, otherwise, the measurement is not passed, MeasureiSOK is False, and PCR represents the trusted chain data for calling and verifying the security policy, which is formed by the expansion of all the measurement values.
According to one embodiment of the invention, the method for detecting the credibility of the super-monitoring unmanned aerial vehicle based on the credible hardware technology further comprises the following steps: in the dynamic integrity measurement process, the dynamic integrity measurement program of the trusted monitoring system maintains a currently running application information list which needs real-time measurement, wherein the application information list comprises a program name, a code page address and a hash value of each code page.
According to one embodiment of the invention, the method for detecting the credibility of the super-monitoring unmanned aerial vehicle based on the credible hardware technology further comprises the following steps: in the dynamic integrity measurement process, if the main processor system is abnormal, the trusted monitoring system manages a plurality of functions of the main processor system.
According to one embodiment of the invention, the method for detecting the credibility of the super-monitoring unmanned aerial vehicle based on the credible hardware technology further comprises the following steps: the plurality of functions comprise at least one of a touch screen input and display output function, a network communication function, a navigation function, a photographing function and a recording function.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a flow chart of a trusted detection method of a super-supervised unmanned aerial vehicle based on trusted hardware technology according to an embodiment of the present invention;
FIG. 2 is a diagram of a hardware host processor system trust enhancement architecture according to one embodiment of the present invention;
FIG. 3 is a diagram of a dynamic integrity metric based trusted monitoring system according to one embodiment of the present invention;
fig. 4 is a diagram of a peripheral interface management structure based on a bus arbiter according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The following describes a super-monitoring unmanned aerial vehicle credibility detection method based on a credible hardware technology according to an embodiment of the invention with reference to the accompanying drawings.
Fig. 1 is a flowchart of a trusted detection method of a super-supervised unmanned aerial vehicle based on trusted hardware technology according to an embodiment of the present invention.
As shown in fig. 1, the method for detecting the credibility of the super-monitoring unmanned aerial vehicle based on the credible hardware technology comprises the following steps:
s11, the trusted monitoring system starts before the main processor system and runs the static measurement program.
In an embodiment of the invention, an unmanned aerial vehicle includes a trusted monitoring system and a primary processor system. The trusted monitoring system is physically isolated from the main processing system, and an embedded operating system and application programs thereof running on the main processing system cannot access the memory space of the trusted monitoring system; for the code and data of the secret program which needs to be loaded by the credible monitoring system stored in the external memory, the bus arbiter can divide the independent controlled access address on the external memory, and only the credible monitoring system program is allowed to access the memory. The physical isolation ensures that the security program of the trusted monitoring system can be safely and trustfully operated, and is completely immune to the attack of malicious programs.
As shown in fig. 2, a first sram is integrated in the trusted monitoring system.
Specifically, the trusted monitoring system is started before the main processor system, if the trusted monitoring system does not integrate the on-chip embedded flash memory, the static measurement program is loaded from the outside of the chip, the integrity is verified and decrypted, then the static measurement program is written into the first static random access memory, and the static measurement program is operated from the first static random access memory.
Wherein, the main processor system is in a reset state before starting. The off-chip static metrology program described above may be stored in external memory as shown in FIG. 2.
Alternatively, if the trusted monitoring system is integrated with an on-chip embedded flash memory, the static measurement program is run directly from the on-chip embedded flash memory.
Therefore, the trusted monitoring system can be started, the static measurement program can be read into the trusted monitoring system, and the trusted monitoring system runs the static measurement program.
And S12, measuring the integrity of the bootstrap program of the main processor system through the static measurement program, starting the main processor system after the measurement is passed, and running the bootstrap program and copying the operating system image.
As shown in fig. 2, the main processor system is integrated with a first bus bridge, a direct memory access controller, and a second sram, where the second sram has a dual port structure.
Specifically, the static measurement program measures the integrity of the boot program of the main processor system in the external memory through the first bus bridge, and copies the operating system image to the second static random access memory through setting the direct memory access controller.
The static measurement program can be operated in a trusted monitoring system. The second static random access memory can adopt a dual-port structure and also can adopt other optimized structures.
Optionally, before the operating system image is copied to the second sram by setting the dma controller, the host processor system may be started by the boot program after the integrity of the boot program of the host processor system is measured.
Therefore, the trusted monitoring system can detect the integrity of the bootstrap program of the main processor system through the static measurement program, and the main processor system is started through the bootstrap system. Thereby copying the operating system image into SRAM 1.
S13, reading the operating system image by the static measurement program and measuring the integrity of the operating system image.
Specifically, as shown in FIG. 2, the trusted monitoring system may retrieve information from within the second SRAM. Thus, when the trusted monitoring system runs the static measurement program, the trusted monitoring system can read the operating system image copied into the second static random access memory from the second static random access memory. Further, the trusted monitoring system may measure the file integrity of the operating system image.
Optionally, the step of measuring the integrity of the image of the operating system may be: calculating a hash value of the operating system image; and comparing the hash value with a preset hash value, and measuring the integrity of the operating system image according to the comparison result.
Therefore, the credible monitoring system can detect the integrity of the copied operating system image through the static measurement program.
And S14, starting and running the embedded operating system through the main processor system, and loading and running the lightweight measurement agent as a kernel module of the embedded operating system.
And S15, the dynamic integrity measurement program and the lightweight measurement agent in the trusted monitoring system interact identity authentication data, and the static trusted measurement process is ended after the completeness of the program and the legality of the program loading operation base address are confirmed.
Thereby, the trusted start of the unmanned aerial vehicle can be completed.
And S16, the trusted monitoring system acquires the object information subjected to measurement and reads codes and data of the object information subjected to measurement.
Specifically, the trusted monitoring system acquires the information of the object receiving the measurement, and reads the code and data of the information of the object according to the type of the object receiving the measurement.
If the objects to be measured are an operating system mirror program and a lightweight measurement agent program, the trusted monitoring system directly reads data from the second static random access memory; if the object of accepting the measurement is other critical applications in the host processor system, the trusted monitoring system reads the contents of the second SRAM according to at least one of the code page memory address, the size information, and the program name. The dynamic integrity measurement program of the trusted monitoring system can acquire the read content.
Further, the dynamic integrity measurement program of the trusted monitoring system reads the application program code page content of the specified memory size in the specified address in the second static random access memory through the second static random access memory monitoring channel.
It should be noted that the content in the second sram read according to at least one of the code page memory address, the size information, and the program name may be obtained and written by the lightweight measurement agent, and then the trusted monitoring system may measure the application corresponding to the information after obtaining the information. Therefore, in the process of measuring other key applications in the main processor system, only the lightweight measurement agent in the kernel system participates in the measurement process, and the lightweight measurement agent only needs to acquire and write information when the applications are loaded or quit, so that the influence on the application operation can be ignored.
And S17, the trusted monitoring system performs dynamic integrity measurement on the acquired content to form trusted chain data for the security policy to call and verify.
It should be noted that the dynamic integrity measurement in the embodiment of the present invention is non-interfering, which means that the dynamic integrity measurement program does not affect the operating speed of the system. On a system level, the dynamic integrity measurement program can locate the initial memory address space operated by the kernel of the operating system, the operating address space of the key module and the operating address space of the lightweight measurement agent program, and carry out real-time dynamic integrity measurement on the dynamic integrity measurement program. In the key application dynamic integrity measurement layer, the dynamic integrity measurement program can read the application code through the information such as the memory address and the size of the applied code page, and the dynamic integrity measurement is carried out. Once the measurement process is started, the main CPU system is not occupied, and any interference and performance loss are not generated to the running embedded operating system program and key application programs.
Specifically, the above process of dynamic integrity measurement may be as follows:
Figure BDA0002764522240000071
Vi=Hash(Mi)(1≤i≤n)
MeasureIsOK=(V1==H1)&(V2==H2)&…&(Vn==Hn)
PCR=Hash(PCR||V1||V2||…||Vn)
wherein, as shown in FIG. 3, Mi(1. ltoreq. i. ltoreq.n) represents the code page space during the run of the process, HiM representing pre-computed storage in application information listiHash value of ViRepresenting the Hash value obtained by calculating the code and data by the dynamic integrity measurement range sequence, and MeasureiSOK representing the result of the integrity measurement when ViAnd HiWhen the range of i is more than or equal to 1 and less than or equal to n is equal, the measurement is passed, MeasureiSOK is True, otherwise, the measurement is not passed, MeasureiSOK is False, and PCR represents the trusted chain data for calling and verifying the security policy, which is formed by the expansion of all the measurement values.
Further, in the dynamic integrity measurement process, the dynamic integrity measurement program of the trusted monitoring system maintains a currently running application information list requiring real-time measurement, wherein the application information list includes a program name, a code page address and a hash value of each code page.
It should be noted that the process of the trusted monitoring system performing dynamic integrity measurement on the object receiving measurement is performed in real time, so that when the system is found to be abnormal, the trusted monitoring system performs management and control on the main processor system, thereby implementing super monitoring on the unmanned aerial vehicle. In the above dynamic integrity measurement process, if the main processor system is working normally, the main processor system may perform read/write operations on each device interface through the peripheral interface management and control structure shown in fig. 4. If the main processor system is abnormal, the credible monitoring system manages and controls a plurality of functions of the main processor system. The functions comprise at least one of a touch screen input and display output function, a network communication function, a navigation function, a photographing function and a recording function. Furthermore, meaningless protocol data or response timeouts may also be output depending on the type of peripheral, ensuring that the main processor system program does not crash due to a peripheral denial of service.
Further, the super-monitoring unmanned aerial vehicle credible detection method based on the credible hardware technology in the embodiment of the invention can also support third-party credible trusting. Because the program development, loading operation, upgrading maintenance and the like of the trusted monitoring system are independent of the main processor system, after the unmanned aerial vehicle hardware provider completes the development verification of the main system, a trusted monitoring system programming model can be opened to a professional trusted third party, the third party completes the design and development of the trusted program, and the trusted hosting mode is favorable for forming an industry standard and receiving the monitoring of related departments of the country so as to reduce security vulnerabilities.
Therefore, the unmanned aerial vehicle can be subjected to dynamic integrity measurement.
In summary, the super-monitoring type unmanned aerial vehicle credibility detection method based on the credible hardware technology of the embodiment of the invention can realize credible startup of the unmanned aerial vehicle, and further perform real-time dynamic integrity measurement on the unmanned aerial vehicle after the unmanned aerial vehicle is credible started, thereby performing super-monitoring on the unmanned aerial vehicle, ensuring the safety of the unmanned aerial vehicle, and not affecting the running speed of the system of the unmanned aerial vehicle. Moreover, third party trusted trusting can be supported to reduce security holes.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be considered limiting of the invention.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the present invention, unless otherwise expressly stated or limited, the first feature "on" or "under" the second feature may be directly contacting the first and second features or indirectly contacting the first and second features through an intermediate. Also, a first feature "on," "over," and "above" a second feature may be directly or diagonally above the second feature, or may simply indicate that the first feature is at a higher level than the second feature. A first feature being "under," "below," and "beneath" a second feature may be directly under or obliquely under the first feature, or may simply mean that the first feature is at a lesser elevation than the second feature.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (10)

1. A super-monitoring type unmanned aerial vehicle credibility detection method based on a credible hardware technology is characterized in that the unmanned aerial vehicle comprises a credible monitoring system and a main processor system, and the method comprises the following steps:
the trusted monitoring system is started before the main processor system and runs a static measurement program;
measuring the integrity of a bootstrap program of the main processor system through the static measurement program, starting the main processor system after the measurement is passed, running the bootstrap program and copying an operating system mirror image;
reading the operating system image and measuring the integrity of the operating system image through the static measuring program;
starting and running an embedded operating system through the main processor system, and loading and running a lightweight measurement agent as a kernel module of the embedded operating system;
the dynamic integrity measurement program and the lightweight measurement agent in the trusted monitoring system interact identity authentication data, and the static trusted measurement process is ended after the completeness of the program and the validity of a program loading operation base address are confirmed;
the trusted monitoring system acquires object information subjected to measurement, and reads codes and data of the object information subjected to measurement;
and the trusted monitoring system performs dynamic integrity measurement on the acquired content to form trusted chain data for security policy calling and verification.
2. The trusted detection method for the supervisors based on the trusted hardware technology as claimed in claim 1, wherein the trusted monitoring system is integrated with a first static random access memory, wherein,
if the trusted monitoring system does not integrate the on-chip embedded flash memory, the static measurement program is loaded from the outside of the chip, the integrity is verified and decrypted, then the static measurement program is written into the first static random access memory, and the static measurement program is operated from the first static random access memory;
and if the trusted monitoring system is integrated with the on-chip embedded flash memory, the static measurement program is directly operated from the on-chip embedded flash memory.
3. The trusted hardware technology-based supervised unmanned aerial vehicle trust detection method of claim 1, wherein the main processor system is integrated with a first bus bridge, a direct memory access controller, and a second static random access memory, the second static random access memory adopting a dual port architecture, wherein,
the static measurement program measures the integrity of a boot program of the main processor system in an external memory through the first bus bridge, and copies the operating system image to the second static random access memory by setting the direct memory access controller.
4. The method for trusted testing of an ultra-supervised unmanned aerial vehicle based on trusted hardware technology as claimed in claim 1, wherein measuring the integrity of the operating system image comprises:
calculating a hash value of the operating system image;
and comparing the hash value with a preset hash value, and measuring the integrity of the operating system image according to the comparison result.
5. The method for the trusted detection of the supervised unmanned aerial vehicle based on trusted hardware technology as claimed in claim 3, wherein the code and data reading of the measured object information comprises:
if the objects to be measured are an operating system mirror program and a lightweight measurement agent program, the trusted monitoring system reads data from the second static random access memory directly;
if the object of accepting the measurement is other key applications in the main processor system, the trusted monitoring system reads the content in the second static random access memory according to at least one of code page memory address, size information, and program name.
6. The method for trusted detection of the ultra-supervised unmanned aerial vehicle based on trusted hardware technology as recited in claim 5, wherein the trusted monitoring system reads contents in the second static random access memory according to at least one of a code page memory address, size information and program name, and comprises:
and the dynamic integrity measurement program of the trusted monitoring system reads the application program code page content of the specified memory size in the specified address in the second static random access memory through the second static random access memory monitoring channel.
7. The method for credibly detecting the ultra-monitored unmanned aerial vehicle based on the trusted hardware technology as claimed in claim 5, wherein the credible monitoring system measures the dynamic integrity of the acquired content by the following processes:
Figure FDA0002764522230000021
Vi=Hash(Mi)(1≤i≤n)
MeasureIsOK=(V1==H1)&(V2==H2)&…&(Vn==Hn)
PCR=Hash(PCR||V1||V2||…||Vn)
wherein M isi(1. ltoreq. i. ltoreq.n) represents the code page space during the run of the process, HiM representing pre-computed storage in application information listiHash value of ViRepresenting the Hash value obtained by calculating the code and data by the dynamic integrity measurement range sequence, and MeasureiSOK representing the result of the integrity measurement when ViAnd HiWhen the range of i is more than or equal to 1 and less than or equal to n is equal, the measurement is passed, MeasureiSOK is True, otherwise, the measurement is not passed, MeasureiSOK is False, and PCR represents the trusted chain data for calling and verifying the security policy, which is formed by the expansion of all the measurement values.
8. The method for trusted testing of an unmanned aerial vehicle based on trusted hardware technology as claimed in claim 5, wherein during said dynamic integrity measurement process, a dynamic integrity measurement program of said trusted monitoring system maintains a list of currently running application information requiring real-time measurement, wherein said list of application information includes a program name, a code page address and a hash value of each code page.
9. The supervised-based unmanned aerial vehicle trust detection method of claim 1, wherein during the dynamic integrity measurement, if the main processor system is abnormal, the trusted monitoring system manages functions of the main processor system.
10. The trusted hardware technology-based supervised unmanned aerial vehicle confidence detection method of claim 9, wherein the plurality of functions includes at least one of a touch screen input and display output function, a network communication function, a navigation function, a photographing function, and a sound recording function.
CN202011228943.1A 2020-11-06 2020-11-06 Trusted hardware technology-based super monitoring type unmanned aerial vehicle trusted detection method Active CN114443147B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011228943.1A CN114443147B (en) 2020-11-06 2020-11-06 Trusted hardware technology-based super monitoring type unmanned aerial vehicle trusted detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011228943.1A CN114443147B (en) 2020-11-06 2020-11-06 Trusted hardware technology-based super monitoring type unmanned aerial vehicle trusted detection method

Publications (2)

Publication Number Publication Date
CN114443147A true CN114443147A (en) 2022-05-06
CN114443147B CN114443147B (en) 2023-02-03

Family

ID=81361326

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011228943.1A Active CN114443147B (en) 2020-11-06 2020-11-06 Trusted hardware technology-based super monitoring type unmanned aerial vehicle trusted detection method

Country Status (1)

Country Link
CN (1) CN114443147B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105205401A (en) * 2015-09-30 2015-12-30 中国人民解放军信息工程大学 Trusted computer system based on safe password chip and trusted guiding method thereof
CN105608386A (en) * 2016-03-11 2016-05-25 成都三零嘉微电子有限公司 Trusted computing terminal integrity measuring and proving method and device
CN106874771A (en) * 2017-02-16 2017-06-20 浪潮(北京)电子信息产业有限公司 A kind of method and device for building reliable hardware trust chain
CN108345786A (en) * 2018-01-17 2018-07-31 中国人民解放军战略支援部队信息工程大学 The software control stream integrality remote certification method of hardware assist
CN110147674A (en) * 2019-04-08 2019-08-20 全球能源互联网研究院有限公司 A kind of trusted system environment construction method and device of charging control unit
CN110321712A (en) * 2019-07-08 2019-10-11 北京可信华泰信息技术有限公司 The staticametric method and device of credible calculating platform based on dual Architecture

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105205401A (en) * 2015-09-30 2015-12-30 中国人民解放军信息工程大学 Trusted computer system based on safe password chip and trusted guiding method thereof
CN105608386A (en) * 2016-03-11 2016-05-25 成都三零嘉微电子有限公司 Trusted computing terminal integrity measuring and proving method and device
CN106874771A (en) * 2017-02-16 2017-06-20 浪潮(北京)电子信息产业有限公司 A kind of method and device for building reliable hardware trust chain
CN108345786A (en) * 2018-01-17 2018-07-31 中国人民解放军战略支援部队信息工程大学 The software control stream integrality remote certification method of hardware assist
CN110147674A (en) * 2019-04-08 2019-08-20 全球能源互联网研究院有限公司 A kind of trusted system environment construction method and device of charging control unit
CN110321712A (en) * 2019-07-08 2019-10-11 北京可信华泰信息技术有限公司 The staticametric method and device of credible calculating platform based on dual Architecture

Also Published As

Publication number Publication date
CN114443147B (en) 2023-02-03

Similar Documents

Publication Publication Date Title
US9087188B2 (en) Providing authenticated anti-virus agents a direct access to scan memory
EP3103056B1 (en) Methods and apparatus for protecting operating system data
US7836299B2 (en) Virtualization of software configuration registers of the TPM cryptographic processor
CN107533609B (en) System, device and method for controlling multiple trusted execution environments in a system
KR102244645B1 (en) Management of authenticated variables
EP1518158B1 (en) Trusted computer platform
RU2390836C2 (en) Authenticity display from highly reliable medium to non-secure medium
EP3047375B1 (en) Virtual machine manager facilitated selective code integrity enforcement
CN101621520B (en) Method and system for platform-based trust verifying service for multi-party verification
EP3115920A1 (en) System and method of controlling opening of files by vulnerable applications
EP3761208A1 (en) Trust zone-based operating system and method
US8464047B2 (en) Method and apparatus for authorizing host to access portable storage device
JP5346608B2 (en) Information processing apparatus and file verification system
US20150113618A1 (en) Verifying the security of a remote server
US9164925B2 (en) Method and apparatus for authorizing host to access portable storage device
CN110390201A (en) The method of computer system and initializing computer system
US20100017893A1 (en) System for Securing Register Space and Method of Securing the Same
CN112329005A (en) Boot measurement method, device, electronic equipment and medium for starting operating system
CN114707140A (en) Kernel architecture based on PKS system
CN114443147B (en) Trusted hardware technology-based super monitoring type unmanned aerial vehicle trusted detection method
JP2005149394A (en) Information processor, information processing method, program and recording medium
WO2024078159A1 (en) Integrity measurement method and apparatus
CN111382433B (en) Module loading method, device, equipment and storage medium
CN115982714A (en) Computing device and trusted chain construction method thereof
CN116743458A (en) Authentication management method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant