CN114676392A - Trusted authorization method and device for application and electronic equipment - Google Patents
Trusted authorization method and device for application and electronic equipment Download PDFInfo
- Publication number
- CN114676392A CN114676392A CN202210270141.XA CN202210270141A CN114676392A CN 114676392 A CN114676392 A CN 114676392A CN 202210270141 A CN202210270141 A CN 202210270141A CN 114676392 A CN114676392 A CN 114676392A
- Authority
- CN
- China
- Prior art keywords
- trusted
- application
- trusted application
- domain
- protection domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 67
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000004891 communication Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 9
- 230000006978 adaptation Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000007246 mechanism Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000004913 activation Effects 0.000 description 5
- 238000010367 cloning Methods 0.000 description 4
- 238000002955 isolation Methods 0.000 description 4
- 238000005192 partition Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Abstract
The invention provides a trusted authorization method and device for application and electronic equipment, relates to the field of hardware equipment, and particularly relates to the field of trusted equipment. The specific implementation scheme is as follows: the method is applied to ARM trusted equipment, and the ARM trusted equipment comprises two protection domains with different authorities on a processor layer: a first protection domain and a second protection domain, comprising the steps of: establishing an incidence relation between the trusted application in the first protection domain and the trusted application in the second protection domain; and controlling other applications in the first protection domain except the trusted application to perform local authorization through the trusted application in the first protection domain.
Description
Technical Field
The present disclosure relates to the field of hardware devices, and more particularly, to the field of trusted devices.
Background
With the rapid development of the 5G network and the maturity of underlying technologies such as cloud and native technologies, the deployment and distribution of applications become faster and more efficient, and more applications are deployed on ARM equipment of edge nodes. Compared with the traditional Internet Data Center (IDC) deployment environment with layer-by-layer protection, the IDC deployment environment applied to the edge equipment is vulnerable to attack due to relatively weak security construction, and is mainly reflected in attack on application, Data stealing and illegal access of the equipment. This puts higher demands on the safety of the edge side.
Disclosure of Invention
The disclosure provides a trusted authorization method and device for application and electronic equipment.
According to one aspect of the disclosure, a trusted authorization method for an application is provided, and is applied to an ARM trusted device, where the ARM trusted device includes, in a processor layer, two protection domains with different permissions: a first protection domain and a second protection domain, the method comprising the steps of: establishing an incidence relation between the trusted application in the first protection domain and the trusted application in the second protection domain; and controlling other applications except the trusted application in the first protection domain to perform local authorization through the trusted application in the first protection domain.
According to another aspect of the present disclosure, there is provided a trusted authority for an application, including: the device comprises an establishing module, a judging module and a judging module, wherein the establishing module is set to establish an incidence relation between a trusted application in a first protection domain and a trusted application in a second protection domain, and the first protection domain and the second protection domain are two protection domains with different authorities, which are included in a processor layer of ARM trusted equipment; and the control module is used for controlling other applications except the trusted application in the first protection domain to perform local authorization through the trusted application in the first protection domain.
According to another aspect of the present disclosure, there is provided an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the above trusted authority method of the application.
According to still another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the above trusted authorization method of an application.
According to yet another aspect of the present disclosure, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the above trusted authorization method for an application.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a flow diagram of a method for trusted authorization of an application according to an embodiment of the present disclosure;
figure 2 is a schematic diagram of an ARM trusted device according to an embodiment of the present disclosure;
FIG. 3 is a flowchart illustrating the start-up of an ARM trusted device, in accordance with an embodiment of the present disclosure;
FIG. 4 is a block diagram of a trusted authority for an application, according to an embodiment of the present disclosure;
FIG. 5 illustrates a schematic block diagram of an example electronic device 500 that can be used to implement embodiments of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
First, some terms or terms appearing in the description of the embodiments of the present application are applicable to the following explanations:
the cloud is native, is a distributed cloud based on distributed deployment and unified management, and is a cloud technology product system established on the basis of technologies such as containers, micro services, DevOps and the like.
Edge devices, devices that provide an entry point to an enterprise or service provider core network, such as routers, routing switches, integrated access devices, multiplexing devices, and various metropolitan and wide area network access devices.
Trustzone hardware architecture, which is intended to provide a security framework to enable devices to resist the myriad of threats that will be encountered. Trustzone technology may provide an infrastructure that allows SoC designers to choose from a large number of components that may implement a particular function in a secure environment, without providing a fixed and unchanging security solution.
Kubernet, a container orchestration engine for Google open source, supports automated deployment, large-scale scalable, application containerization management.
And the Unix Domain Socket is used for realizing the interprocess communication on the same host.
Transport Layer Security, TLS, a secure Transport Layer protocol, is used to provide privacy and data integrity between two communicating applications.
In the background art, it is mentioned that more and more applications are deployed on ARM devices of edge nodes, and application protection of edge devices is currently and generally considered from two aspects:
1) Fingerprint-based device and application authorization deployment of edge devices;
2) the edge device applies a central authorization based on remote authentication;
fingerprint-based device and application authorization on edge devices can suffer from the following drawbacks: because the dimensionality of fingerprint acquisition is related to hardware equipment, and the hardware is provided by a hardware manufacturer, the source cannot be guaranteed not to be tampered, and even if the hardware manufacturer does not modify the dimensionality, the purpose of attacking an attacker who knows the equipment firmware by re-engraving the fingerprint dimensionality from a firmware level is difficult to guarantee, so that the attacker becomes malicious edge node equipment; the mode of firstly collecting fingerprints and then deploying is usually adopted in the process, so that the deployment and issuing time of the application is restricted, and the cloud native deployment mode is not met.
On the edge device adopting the central authentication, the application needs to rely on external service authorization, higher requirements are also put forward on the aspects of network availability, communication safety and the like of the edge device under the edge environment, and meanwhile, the attack surface is increased, for example, the attack is achieved by using an agent to bypass a remote authorization mechanism.
The existing edge device admission and application authorization schemes are still easy to be admitted by malicious nodes and bypass authorization, and attack points are additionally increased by adopting central authorization.
Aiming at the above mentioned problems of illegal admission of equipment and unauthorized use of applications, the present disclosure provides a scheme for activating and authorizing an edge application based on an ARM trusted device for an edge device, aiming at protecting the secure admission of the edge device and the trusted authorization of the application.
The scheme provided by the disclosure can solve the problem of access of malicious nodes on the edge and provide trusted applications, and ensures safe deployment of other applications running on the nodes through an authorization mechanism of the trusted applications. The scheme also has high expandability, can expand the access of various trusted devices based on the scheme, greatly reduces the adaptation difficulty of the upper layer application on different devices, and even achieves zero code adaptation.
The following detailed description of the embodiments is provided in connection with the following embodiments:
fig. 1 is a flowchart of a trusted authorization method applied to an ARM trusted device according to an embodiment of the present disclosure, where the ARM trusted device includes two protection domains with different permissions at a processor layer: a first protection domain and a second protection domain, the method comprising the steps of:
step S101, establishing an association relation between the trusted application in the first protection domain and the trusted application in the second protection domain.
Fig. 2 is a schematic diagram of an ARM trusted device according to an embodiment of the present disclosure, and as shown in fig. 2, the ARM provides relevant documents of hardware and firmware, including security requirements necessary for designing a secure device. Therefore, the edge device based on the ARM architecture generally has Trustzone capability. Arm-track is a Soc and CPU-wide security solution introduced by Arm corporation, and the basic principle is to introduce two protection domains with different rights into the processor layer, namely the secure world (trusttrack OS, i.e. the second protection domain in the above) and the Normal world (Normal OS, i.e. the first protection domain in the above), by modifying the original hardware architecture, and the processor runs in only one of the two environments at any time. Meanwhile, the two worlds are isolated by hardware and have different permissions, an application program or an operating system running in the ordinary world is strictly limited to access to resources in the secure world, and conversely, the program running in the secure world can normally access to resources in the normal world. The hardware isolation between the two worlds, the different authorities and other attributes provide an effective mechanism for protecting codes and data of application programs, and the scheme provided by the embodiment of the disclosure is to construct a set of safe edge device access and trusted application authorization scheme on the basis of the Trustzone technology.
In the structure diagram shown in fig. 2, the authorization relationship before and after the authorization relationship is that the Normal OS starts up and whether the Normal OS provides the capability of authorizing the other applications to run after the start-up depends on whether the association is generated with the trusted application (Trusty application in fig. 2) in the Trusty zone OS, and this process is called activation.
And step S102, controlling other applications except the trusted application in the first protection domain to perform local authorization through the trusted application in the first protection domain.
Whether other applications (generally actual service applications) in the Normal OS can normally run when deployed based on kubernet after being issued in the cloud is realized in a local authorization manner, that is, whether the credentials are authorized are accessed to trusted applications in the Normal OS.
By the method, the problem of malicious node access on the edge equipment is solved, the authorization mechanism of the trusted application is realized by establishing the incidence relation between the Normal OS and the Trustzone OS, and the safe deployment of other applications running on the edge equipment can be ensured.
According to an optional embodiment of the present application, the step S101 of establishing an association relationship between the trusted application in the first protected domain and the trusted application in the second protected domain may be performed by storing authorization information of the trusted application in the first protected domain in the second protected domain; a root key for launching a trusted application in a first protected domain is stored in a second protected domain.
The incidence relation between the trusted application in Normal OS and the trusted application in Trustzone OS can be embodied in various forms: such as whether authorization information (license) of a trusted application in the Normal OS is stored in the Trustzone OS or whether a root key for starting the trusted application in the Normal OS is stored in the Trustzone OS.
Therefore, in this step, establishing the association relationship between the trusted application in Normal OS and the trusted application in Trustzone OS may be implemented by: and storing authorization information (license) of the trusted application in the Normal OS in the Trustzone OS, or storing a root key for starting the trusted application in the Normal OS in the Trustzone OS.
In practical applications, a second method is generally adopted, that is, a root key for starting trusted applications in the Normal OS is stored in the Trustzone OS, because the root key is needed when upper-layer applications in the Normal OS are started, storing the root key in the Trustzone OS can prevent communication contents from being intercepted during communication between the Normal OS and the Trustzone OS, and can achieve a technical effect of improving data security.
By the method, the authorization mechanism of the trusted application in the Normal OS based on Trustzone can be realized.
According to another optional embodiment of the present application, the step S102 of controlling other applications in the first protection domain except the trusted application to perform local authorization through the trusted application in the first protection domain is executed, which includes the following steps: controlling other applications to acquire a certificate for local authorization from a trusted application in a first protection domain; and locally authorizing other applications according to the certificate.
In some optional embodiments of the present application, controlling the other applications to obtain the credentials for local authorization from the trusted application in the first protection domain is implemented by: the credentials are obtained through an interprocess communication socket and a two-way secure transport layer protocol.
In the process of local authorization of other applications (generally referred to as actual business applications) except the trusted application in the Normal OS, whether the trusted application in the Normal OS is authorized is accessed, and the communication of the part is generally realized in a manner of inter-process communication Socket (Unix Domain Socket) and bidirectional secure Transport Layer protocol (TLS), wherein the former ensures the communication efficiency, and the latter ensures the identity authentication reliability of both communication parties.
By the method, the safe deployment of the trusted application and the business application in the Normal OS is realized.
As an alternative embodiment, the ARM trusted device runs encrypted and signed firmware.
In an optional embodiment of the present application, before establishing an association relationship between a trusted application in a first protected domain and a trusted application in a second protected domain, the method further includes: decrypting the firmware by using a preset private key and verifying whether the signature of the firmware is consistent with the preset signature; and under the condition that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature, triggering to execute and establishing an association relation between the trusted application in the first protection domain and the trusted application in the second protection domain.
It cannot be guaranteed that a device is not a malicious node based on the above-described implementation alone. The Trustzone capability on the ARM device provides an isolation environment for safe access, and ensures that confidential data can be stored and isolated in Trustzone, but the Trustzone cannot be ensured to be credible on the current device, and the possibility of forging and cloning Trustzone partitions still exists, so that Trustzone firmware is flushed into unauthorized devices, and related applications are copied to the situation of authorized operation on new devices, and malicious nodes appear. Therefore, on the basis of the trustzone function, the concept of trusted firmware and trusted boot is added in the technical scheme provided by the disclosure, that is, the firmware flushed by the device is encrypted and signed, and cloning of system partitions cannot be realized without a private key, and other firmware cannot be flushed on the trusted device. During the system starting process, the firmware is decrypted and whether the signature values of the firmware are consistent or not is verified.
Fig. 3 is a flowchart illustrating a boot process of an ARM trusted device according to an embodiment of the present disclosure, where, as shown in fig. 3, the ARM trusted device is first booted from a device root (Soc BootRom); then, decrypting the firmware and verifying the signature of the firmware; and loading the kernel under the condition that the firmware is successfully decrypted and the signature of the firmware is verified.
According to the scheme provided by the disclosure, the firmware source of the equipment to be brushed in is reliable by using a firmware encryption and signature mechanism on the ARM equipment, so that the trusted access of the node equipment is ensured; meanwhile, trusted application activation in the Normal OS is realized by using trusted application in the Trustzone OS, and the deployment and the operation of the business program in the Normal OS are based on the trusted application in the Normal OS, so that authorized deployment of the business application is realized. And the scheme also has great universality when different hardware is migrated, and only the activation strategy that trusted application adapts to various hardware in Normal OS is needed to be realized, so that the adaptation workload or zero code adaptation can be greatly reduced by a service program in the Normal OS.
The technical scheme provided by the disclosure comprehensively considers complete links of equipment admission and application deployment. The method can protect software assets from running on trusted and authorized edge nodes, and meanwhile, when more hardware types appear on the edge nodes, the threshold of service program adaptation is reduced, only trusted application adaptation is needed to be realized on the bottom layer authorization of different hardware platforms, and the method has high flexibility.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, and do not violate the customs of public sequences.
Fig. 4 is a block diagram of a trusted authority for an application according to an embodiment of the present disclosure, where, as shown in fig. 4, the trusted authority includes:
the establishing module 41 is configured to establish an association relationship between a trusted application in a first protection domain and a trusted application in a second protection domain, where the first protection domain and the second protection domain are two protection domains with different permissions, which are included in a processor layer of an ARM trusted device.
As shown in fig. 2, ARM provides documentation about hardware and firmware, including the necessary security requirements for designing secure devices. Therefore, the edge device based on the ARM architecture is generally provided with Trustzone capability. Arm-Trust-zone is a Soc and CPU-wide security solution introduced by Arm corporation, and the basic principle is to introduce two protection domains with different rights at the processor layer, namely, a secure world (Trustzone OS, i.e. the second protection domain in the above) and a Normal world (Normal OS, i.e. the first protection domain in the above), by modifying the original hardware architecture, and the processor only runs in one of the environments at any time. Meanwhile, the two worlds are isolated by hardware and have different authorities, the access of an application program or an operating system running in the ordinary world to resources in the secure world is strictly limited, and conversely, the program running in the secure world can normally access the resources in the normal world. The hardware isolation between the two worlds, the different authorities and other attributes provide an effective mechanism for protecting codes and data of application programs, and the scheme provided by the disclosure is to construct a set of safe edge device admission and trusted application authorization scheme on the basis of Trustzone technology.
In the structure diagram shown in fig. 2, the former and latter authorization relations are that whether the start of the trusted application in the Normal OS and the capability of normally providing authorization for other applications to run after the start depend on whether an association is made with the trusted application in the Trustzone OS (Trusty application in fig. 2), and this process is called activation.
A control module 42 arranged to control other applications in the first protected domain than the trusted application to perform local authorization by the trusted application in the first protected domain.
Whether other applications (generally, actual business applications) in the Normal OS can normally run when deployed based on kubernet after being issued in the cloud is realized in a local authorization manner, that is, whether the credentials are authorized are accessed to trusted applications in the Normal OS.
By the device, the problem of malicious node access on the edge device is solved, and the safe deployment of other applications running on the edge device can be ensured through an authorization mechanism of the trusted application.
According to an alternative embodiment of the present application, the establishing module 41 comprises: a first storage unit configured to store authorization information of a trusted application in a first protected domain in a second protected domain; a second storage unit arranged to store a root key for launching a trusted application in the first protected domain in a second protected domain.
The incidence relation between the trusted application in Normal OS and the trusted application in Trustzone OS can be embodied in various forms: such as whether authorization information (license) of a trusted application in the Normal OS is stored in the Trustzone OS or whether a root key for starting the trusted application in the Normal OS is stored in the Trustzone OS.
Therefore, establishing the association relationship between the trusted application in Normal OS and the trusted application in Trustzone OS can be realized by the following steps: and storing authorization information (license) of the trusted application in the Normal OS in the Trustzone OS, or storing a root key for starting the trusted application in the Normal OS in the Trustzone OS.
Through the device, an authorization mechanism of trusted application in the Normal OS based on Trustzone can be realized.
According to another alternative embodiment of the present application, the control module 42 comprises: a control unit configured to control the other applications to obtain credentials for local authorization from the trusted application in the first protected domain; and the processing unit is used for carrying out local authorization on other applications according to the certificate.
In some optional embodiments of the present application, the control unit is further configured to obtain the credentials via an interprocess communication socket and a two-way secure transport layer protocol.
In the process of local authorization of other applications (generally referred to as actual business applications) except the trusted application in the Normal OS, whether the trusted application in the Normal OS is authorized is accessed, and the communication of the part is generally realized in a manner of inter-process communication Socket (Unix Domain Socket) and bidirectional secure Transport Layer protocol (TLS), wherein the former ensures the communication efficiency, and the latter ensures the identity authentication reliability of both communication parties.
Through the device, the safe deployment of the trusted application and the business application in the Normal OS is realized.
As an alternative embodiment, the ARM trusted device runs encrypted and signed firmware.
In other alternative embodiments of the present application, the apparatus further comprises: the processing module is used for decrypting the firmware by using a preset private key and verifying whether the signature of the firmware is consistent with the preset signature; and the triggering module is used for triggering and executing the establishment of the association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain under the condition that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature.
It cannot be guaranteed that a device is not a malicious node based on the above-described implementation alone. The Trustzone capability on the ARM device provides an isolation environment for safe access, and ensures that confidential data can be stored and isolated in Trustzone, but the Trustzone cannot be ensured to be credible on the current device, and the possibility of forging and cloning Trustzone partitions still exists, so that Trustzone firmware is flushed into unauthorized devices, and related applications are copied to the situation of authorized operation on new devices, and malicious nodes appear. Therefore, on the basis of the trustzone function, the concept of trusted firmware and trusted boot is added in the technical scheme provided by the disclosure, that is, the firmware flushed by the device is encrypted and signed, and cloning of system partitions cannot be realized without a private key, and other firmware cannot be flushed on the trusted device. During the system starting process, the firmware is decrypted and whether the signature values of the firmware are consistent or not is verified.
As shown in fig. 3, first boot from the device root (Soc BootRom); then, decrypting the firmware and verifying the signature of the firmware; and loading the kernel under the condition that the firmware is successfully decrypted and the signature of the firmware is verified.
The device provided by the disclosure realizes reliable firmware source of the equipment to be brushed in by using a firmware encryption and signature mechanism on the ARM equipment, thereby ensuring the trusted access of the node equipment; meanwhile, the trusted application in the Normal OS is activated by using the trusted application in the Trustzone OS, and the service program in the Normal OS is deployed and operated based on the trusted application in the Normal OS, so that authorized deployment of the service application is realized. And the scheme also has great universality when different hardware is migrated, and only the activation strategy that trusted application in Normal OS adapts to various hardware needs to be realized, so that the service program in Normal OS can greatly reduce the adaptation workload or zero code adaptation.
The technical scheme provided by the disclosure comprehensively considers complete links of equipment admission and application deployment. The method can protect software assets from running on trusted and authorized edge nodes, and meanwhile, when more hardware types appear on the edge nodes, the threshold of service program adaptation is reduced, only trusted application adaptation is needed to be realized on the bottom layer authorization of different hardware platforms, and the method has high flexibility.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 5 illustrates a schematic block diagram of an example electronic device 500 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 5, the apparatus 500 comprises a computing unit 501 which may perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM)502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the device 500 can also be stored. The calculation unit 501, the ROM 502, and the RAM 503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
A number of components in the device 500 are connected to the I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, or the like; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508, such as a magnetic disk, optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the device 500 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general-purpose and/or special-purpose processing components having processing and computing capabilities. Some examples of the computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 501 performs the various methods and processes described above, such as a trusted authorization method of an application. For example, in some embodiments, the trusted authorization method of an application may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 500 via the ROM 502 and/or the communication unit 509. When the computer program is loaded into the RAM 503 and executed by the computing unit 501, one or more steps of the above described trusted authorization method of an application may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured in any other suitable way (e.g., by means of firmware) to execute a trusted authorization method of an application.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.
Claims (15)
1. A trusted authorization method of an application is applied to an ARM trusted device, and the ARM trusted device comprises two protection domains with different authorities in a processor layer: a first protection domain and a second protection domain, the method comprising the steps of:
establishing an association between a trusted application in the first protected domain and a trusted application in the second protected domain;
and controlling other applications in the first protection domain except the trusted application to perform local authorization through the trusted application in the first protection domain.
2. The method of claim 1, wherein the establishing an association between the trusted application in the first protected domain and the trusted application in the second protected domain comprises at least one of:
storing authorization information for a trusted application in the first protected domain in the second protected domain;
storing a root key for launching a trusted application in the first protected domain in the second protected domain.
3. The method of claim 1, wherein the controlling other applications in the first protected domain other than the trusted application to be locally authorized by the trusted application in the first protected domain comprises:
controlling the other application to obtain credentials for local authorization from a trusted application in the first protected domain;
and locally authorizing the other applications according to the certificate.
4. The method of claim 3, wherein the controlling the other application to obtain credentials for local authorization from a trusted application in the first protected domain comprises:
and acquiring the certificate through an interprocess communication socket and a two-way secure transport layer protocol.
5. The method of any of claims 1 to 4, further comprising:
And the ARM trusted equipment runs encrypted and signed firmware.
6. The method of claim 5, wherein prior to the establishing an association between the trusted application in the first protected domain and the trusted application in the second protected domain, the method further comprises:
decrypting the firmware by using a preset private key and verifying whether the signature of the firmware is consistent with a preset signature;
and under the condition that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature, triggering and establishing an association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain.
7. A trusted authority for an application, comprising:
the device comprises an establishing module, a judging module and a judging module, wherein the establishing module is set to establish an incidence relation between a trusted application in a first protection domain and a trusted application in a second protection domain, and the first protection domain and the second protection domain are two protection domains with different authorities, which are included in a processor layer of ARM trusted equipment;
a control module configured to control other applications in the first protected domain except the trusted application to perform local authorization through the trusted application in the first protected domain.
8. The apparatus of claim 7, wherein the establishing means comprises:
a first storage unit configured to store authorization information of a trusted application in the first protected domain in the second protected domain;
a second storage unit arranged to store a root key for launching a trusted application in the first protected domain in the second protected domain.
9. The apparatus of claim 7, wherein the control module comprises:
a control unit configured to control the other application to obtain a credential for local authorization from a trusted application in the first protected domain;
and the processing unit is arranged for carrying out local authorization on the other applications according to the certificate.
10. The apparatus of claim 9, wherein the control unit is further configured to obtain the credentials via an interprocess communication socket and a two-way secure transport layer protocol.
11. The apparatus of any of claims 7 to 10, the ARM trusted device running encrypted and signed firmware.
12. The apparatus of claim 11, wherein the apparatus further comprises:
the processing module is used for decrypting the firmware by using a preset private key and verifying whether the signature of the firmware is consistent with a preset signature or not;
And the triggering module is used for triggering and executing the establishment of the association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain under the condition that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature.
13. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a trusted authorization method for an application as claimed in any of claims 1-6.
14. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform a trusted authorization method of an application according to any one of claims 1-6.
15. A computer program product comprising a computer program which, when executed by a processor, implements a trusted authorization method for an application according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210270141.XA CN114676392A (en) | 2022-03-18 | 2022-03-18 | Trusted authorization method and device for application and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210270141.XA CN114676392A (en) | 2022-03-18 | 2022-03-18 | Trusted authorization method and device for application and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114676392A true CN114676392A (en) | 2022-06-28 |
Family
ID=82074266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210270141.XA Pending CN114676392A (en) | 2022-03-18 | 2022-03-18 | Trusted authorization method and device for application and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114676392A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1993921A (en) * | 2004-08-06 | 2007-07-04 | 摩托罗拉公司 | Enhanced security using service provider authentication |
| CN101004776A (en) * | 2006-01-09 | 2007-07-25 | 太阳微系统有限公司 | Method and apparatus for protection domain based security |
| CN101223534A (en) * | 2005-07-22 | 2008-07-16 | 英特尔公司 | Quiescing a processor bus agent |
| US20140245013A1 (en) * | 2011-11-04 | 2014-08-28 | Sk Planet Co., Ltd. | Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it |
| CN106027257A (en) * | 2016-05-05 | 2016-10-12 | 北京元心科技有限公司 | Method and system for securely performing identity authentication |
| US20170344407A1 (en) * | 2016-05-30 | 2017-11-30 | Samsung Electronics Co., Ltd. | Electronic device for authenticating application and operating method thereof |
| EP3264710A1 (en) * | 2016-06-28 | 2018-01-03 | Alcatel Lucent | Securely transferring the authorization of connected objects |
| CN111382445A (en) * | 2020-03-03 | 2020-07-07 | 首都师范大学 | Method for providing trusted service by using trusted execution environment system |
| CN113094764A (en) * | 2019-12-23 | 2021-07-09 | 英特尔公司 | Trusted local memory management in virtual GPU |
| CN113343212A (en) * | 2021-06-25 | 2021-09-03 | 成都商汤科技有限公司 | Device registration method and apparatus, electronic device, and storage medium |
-
2022
- 2022-03-18 CN CN202210270141.XA patent/CN114676392A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1993921A (en) * | 2004-08-06 | 2007-07-04 | 摩托罗拉公司 | Enhanced security using service provider authentication |
| CN101223534A (en) * | 2005-07-22 | 2008-07-16 | 英特尔公司 | Quiescing a processor bus agent |
| CN101004776A (en) * | 2006-01-09 | 2007-07-25 | 太阳微系统有限公司 | Method and apparatus for protection domain based security |
| US20140245013A1 (en) * | 2011-11-04 | 2014-08-28 | Sk Planet Co., Ltd. | Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it |
| CN106027257A (en) * | 2016-05-05 | 2016-10-12 | 北京元心科技有限公司 | Method and system for securely performing identity authentication |
| US20170344407A1 (en) * | 2016-05-30 | 2017-11-30 | Samsung Electronics Co., Ltd. | Electronic device for authenticating application and operating method thereof |
| EP3264710A1 (en) * | 2016-06-28 | 2018-01-03 | Alcatel Lucent | Securely transferring the authorization of connected objects |
| CN113094764A (en) * | 2019-12-23 | 2021-07-09 | 英特尔公司 | Trusted local memory management in virtual GPU |
| CN111382445A (en) * | 2020-03-03 | 2020-07-07 | 首都师范大学 | Method for providing trusted service by using trusted execution environment system |
| CN113343212A (en) * | 2021-06-25 | 2021-09-03 | 成都商汤科技有限公司 | Device registration method and apparatus, electronic device, and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 张英骏;冯登国;秦宇;杨波;: "基于Trustzone的强安全需求环境下可信代码执行方案", 计算机研究与发展, no. 10, 15 October 2015 (2015-10-15), pages 2224 - 2238 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chelladhurai et al. | Securing docker containers from denial of service (dos) attacks | |
| Bouayad et al. | Cloud computing: Security challenges | |
| US9984227B2 (en) | Hypervisor and virtual machine protection | |
| EP3657377A1 (en) | Techniques to secure computation data in a computing environment | |
| TWI744797B (en) | Computer implement method, system and computer program product for binding secure keys of secure guests to a hardware security module | |
| US8826275B2 (en) | System and method for self-aware virtual machine image deployment enforcement | |
| WO2023029447A1 (en) | Model protection method, device, apparatus, system and storage medium | |
| WO2024021577A1 (en) | Tamper-proof data protection method and system | |
| Sethi et al. | Cloud security issues and challenges | |
| US20140115689A1 (en) | Execution stack securing process | |
| Zareapoor et al. | Establishing safe cloud: Ensuring data security and performance evaluation | |
| Duncan et al. | Cloud cyber security: finding an effective approach with unikernels | |
| US9560028B1 (en) | Systems and methods for filtering interprocess communications | |
| Kirar et al. | An efficient architecture and algorithm to prevent data leakage in Cloud Computing using multi-tier security approach | |
| US20230155984A1 (en) | Trusted execution environment for service mesh | |
| CN114676392A (en) | Trusted authorization method and device for application and electronic equipment | |
| Patidar et al. | Integrating the trusted computing platform into the security of cloud computing system | |
| US11558190B2 (en) | Using keys for selectively preventing execution of commands on a device | |
| Deylami et al. | More than old wine in new bottles: A secure live virtual machine job migration framework for cloud systems integrity | |
| CN110430046B (en) | Cloud environment-oriented trusted platform module two-stage key copying method | |
| Zobaed et al. | Confidential computing across edge-to-cloud for machine learning: A survey study | |
| Nabi et al. | Smartphones platform security a comparison study | |
| Shekhawat et al. | Cloud Computing Security through Cryptography for Banking Sector | |
| US20230259606A1 (en) | Asset Access Control Method, Apparatus, Device, and Medium | |
| US11947687B2 (en) | Trusted system upgrade and secrets transfer in a secure computing environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |