CN114844726A - Firewall implementation method, chip, electronic device and computer readable storage medium - Google Patents
Firewall implementation method, chip, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN114844726A CN114844726A CN202210766031.2A CN202210766031A CN114844726A CN 114844726 A CN114844726 A CN 114844726A CN 202210766031 A CN202210766031 A CN 202210766031A CN 114844726 A CN114844726 A CN 114844726A
- Authority
- CN
- China
- Prior art keywords
- domain
- firewall
- access
- chip
- initiating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a firewall implementation method, a chip, electronic equipment and a computer readable storage medium, wherein the method comprises the following steps: the initiating domain sends an access request to a secondary firewall connected with the target domain; the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain or not; the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different. The invention solves the isolation problem of complex SoC resources under the situation of multi-system and multi-application by deploying two-stage firewalls at the NoC and the equipment end.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a firewall implementation method, a chip, an electronic device, and a computer-readable storage medium.
Background
In the existing System On Chip (SOC) design method, various digital logics and various functional blocks are generally integrated on a single Chip, wherein different functional blocks have different functions.
In order to cope with increasingly complex application scenarios, heterogeneous multi-domain socs integrate multiple cores and more and stronger functional blocks. To realize the integration of a plurality of functional blocks into one chip, NoC (network-on-chip) is used. A NoC is an SoC bus architecture, which is a logical and physical instance of the logical and physical connections between IP blocks drawn in SoC block and plan views. In order to isolate the functional blocks, especially to protect the resources of the core module from theft, firewalls need to be deployed at the NoC and at the device end.
The application scenario in the prior art is simple, the access control implementation mechanism is only simple ID comparison, resource isolation scenarios under different domains are not comprehensively considered, and the isolation problem of the complex heterogeneous multi-core SoC under the multi-system multi-application scenario cannot be realized.
Disclosure of Invention
Embodiments of the present invention provide a firewall implementation method, a chip, an electronic device, and a computer-readable storage medium, which solve the isolation problem of complex SoC resources under the scenario of multiple systems and multiple applications by deploying two-stage firewalls at the NoC and device end.
In a first aspect, to achieve the above object, an embodiment of the present invention provides a firewall implementation method, which is applied to a system-on-chip, where the system-on-chip is provided with two layers of firewalls, and the system-on-chip is divided into a plurality of domains, where:
the multiple domains comprise a main control domain and a secondary control domain, the main control domain and the secondary control domain both comprise a plurality of partitions for storing resource data, the main control domain is connected with a primary firewall through a network on chip, the multiple secondary control domains are respectively connected with multiple secondary firewalls through the network on chip, the primary firewall is deployed on the network on chip and used for registering and managing the secondary firewall, and the secondary firewall is deployed on an IP core and used for detecting the legality of an access request, and the method comprises the following steps:
the initiating domain sends an access request to a secondary firewall connected with the target domain;
the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
In a second aspect, to solve the same technical problem, an embodiment of the present invention provides a system-on-chip, where the system-on-chip is provided with two firewalls and is divided into a plurality of domains, each of the domains includes a main control domain and a secondary control domain, each of the main control domain and the secondary control domain includes a plurality of partitions for storing resource data, the main control domain is connected to the primary firewall through a network on chip, the secondary control domains are connected to a plurality of secondary firewalls through the network on chip, the primary firewall is deployed on the network on chip and used for registering and managing the secondary firewall, and the secondary firewall is deployed on an IP core and used for detecting validity of an access request, including:
the initiating domain is used for sending an access request to a secondary firewall connected with the target domain;
the secondary firewall is used for judging whether the initiating domain is allowed to perform resource access on the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
In a third aspect, to solve the same technical problem, an embodiment of the present invention provides an integrated system-on-chip electronic device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the memory is coupled to the processor, and the processor executes the computer program to implement the steps in the firewall implementation method described in any one of the above.
In a fourth aspect, to solve the same technical problem, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, where, when the computer program runs, a device in which the computer-readable storage medium is located is controlled to execute the steps in the firewall implementation method described in any one of the above.
The embodiment of the invention provides a firewall implementation method, a chip, electronic equipment and a computer readable storage medium. In addition, the invention also realizes the resource isolation between the Safety code and the non-Safety code and the isolation between the Trust application and the non-trust application. The invention mainly solves the isolation problem of complex SoC resources under the situation of multi-system and multi-application by deploying two-stage firewalls at the NoC and the equipment end.
Drawings
Fig. 1 is a schematic flow chart of a firewall implementation method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a system-on-chip according to an embodiment of the invention;
FIG. 3 is a flowchart illustrating steps of system-on-chip partitioning according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a firewall detection principle according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating steps of initializing configuration of a primary firewall according to an embodiment of the present invention;
fig. 6 is a flowchart of a step in which the secondary firewall determines whether to allow the initiating domain to perform resource access to the target domain according to the embodiment of the present invention;
FIG. 7 is a block diagram illustrating an architecture for partitioned access to different domains according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention;
fig. 9 is another schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic flow diagram of a firewall implementation method according to an embodiment of the present invention, and as shown in fig. 1, the firewall implementation method according to the embodiment of the present invention is applied to a system-on-chip, fig. 2 is a schematic structural diagram of the system-on-chip according to the embodiment of the present invention, the system-on-chip is provided with two firewalls, the system-on-chip is divided into a plurality of domains, each of the domains includes a primary control domain and a secondary control domain, each of the primary control domain and the secondary control domain includes a plurality of partitions for storing resource data, the primary control domain is connected to a primary firewall through an on-chip network, the secondary control domains are respectively connected to a plurality of secondary firewalls through the on-chip network, the primary firewall is deployed on the on-chip network and is used for registering and managing the secondary firewall, and the secondary firewall is deployed on an IP core and is used for detecting validity of an access request, the method comprises steps S101 to S102.
Step S101, an initiating domain sends an access request to a secondary firewall connected with a target domain;
in an embodiment, the plurality of domains are classified into a master domain and a secondary domain, the initiating domain may be the master domain or the secondary domain, and certainly, the target domain may be the master domain or the secondary domain, but the domain identifiers of the initiating domain and the target domain are different, that is, the initiating domain and the target domain are domains with different identities. For example, when the originating domain is a master domain, the target domain can only be either a slave domain or another master domain.
Preferably, the standard of the main control domain is a domain capable of accessing the external storage device, the secondary control domain is a domain incapable of accessing the external storage device, only the main control domain has the capability of accessing the external storage device, and the secondary control domain has no capability of accessing the external storage device, so that the hardware performance requirement of a core chip in the secondary control domain can be reduced, and further the hardware cost of the whole system-level chip can be reduced.
The operating systems supported by the primary control domain and the secondary control domain may be the same or different, but all cores in the same domain support the same operating system. For example, the operating systems supported by the primary control domain and the secondary control domain are Linux operating systems, and all cores in the primary control domain and the secondary control domain support the Linux operating systems. Of course, the primary control domain may support the Android operating system but the secondary control domain supports the Linux operating system, and all cores in the primary control domain support the Android operating system but all cores in the secondary control domain support the Linux operating system. The operating systems supported by the different domains of the present invention include, but are not limited to, the Linux operating system, the Android operating system and the Qnx operating system, an embedded real-time operating system (e.g., FreeRTOS), and a real-time operating system (RTOS).
As shown in fig. 2, each domain is connected to the on-chip network through an AXI bus, the main control domain in fig. 2 is an AP domain, and the secondary control domain includes a CP domain and an RP domain. The AP Domain is an Android Domain (i.e., a Domain supporting an Android operating system), the CP is a Cluster Domain (e.g., an instrument Domain supporting Qnx operating system), and the RP is an R52 Domain (e.g., a functional security Domain supporting a real-time secure operating system, and the RTOS is a real-time secure operating system). Of course, the secondary control Domain may also include an MP Domain, wherein MP is an M4 Domain Domain (e.g., a management Domain supporting an embedded real-time operating system, and FreeRTOS is an embedded real-time operating system).
Step S102, the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain.
Specifically, when accessing and calling resources, the initiating domain sends an access request to a target domain which wants to access the resources, and each domain is provided with a corresponding secondary firewall to receive the corresponding access request, so that the secondary firewall performs validity detection on the access request to access and call the resources in the target domain.
Referring to fig. 3, fig. 3 is a flowchart illustrating a system-on-chip dividing step according to an embodiment of the present invention, which includes steps S201 to S202.
S201, longitudinally dividing the system-level chip into a plurality of domains according to the security attributes and the attribute identifications;
s202, according to the abnormal level identification, the system-on-chip is transversely divided into a plurality of layers.
Specifically, as shown in fig. 2, the protection system of the SoC includes two firewalls: a primary firewall and a secondary firewall. The first-level firewall is mainly used for registering and managing the second-level firewall, and the second-level firewall and the partition of the second-level firewall need to grant the OWNER attribute through the first-level firewall. The secondary firewall is mainly used for detecting the validity of the Package and the partition reading permission.
As shown in fig. 2 above, the primary firewall is mainly deployed on the NoC, for example, 8 primary firewalls may be deployed: AP0_ NOC _ FW, AP1_ NOC _ FW, DDR _ NOC _ FW, AUD _ NOC _ FW, SYS _ NOC _ FW, GPU _ NOC _ FW, SAF _ NOC _ FW, DDR _ LINK _ FW. The authority of the primary firewall can be configured through a Config command. In addition, as shown in fig. 2, the secondary firewall is mainly deployed on the service NIU at the device end, and the permission of the primary firewall can be configured through a Config configuration command. For example, the secondary firewall has a total of 95 partitions, and the primary firewall and the secondary firewall have a total of 1055 partitions.
The firewall detection principle is shown in fig. 4, and the Info Package (i.e. the access request of the present invention) includes three parts: package attribute, Package address, and Package data. Wherein the Package attribute contains VMID (i.e., attribute identifier of the present invention), EL _ F (i.e., exception level identifier of the present invention), and PROT (i.e., security attribute of the present invention, including both Secure and Non-Secure attributes).
Through the two attributes of VMID and PROT, the whole SoC is divided into five domains as in fig. 5, which are AP secure Domain, AP non-secure Domain, CP Domain, MP Domain and RP Domain, respectively. Furthermore, by means of the property of EL _ F, the whole SoC is divided into four levels of PL3, PL2, PL1 and PL0, wherein the authority of PL3 is the largest and the authority of PL0 is the smallest.
When accessing and calling the resources, the secondary firewall receives the corresponding access request, and then the secondary firewall responds and processes the access request to realize the access and calling of the resources. Specifically, an access request is received, and a domain identifier and a hierarchy identifier included in the access request are identified and acquired, where the domain identifier is related information of a domain for resource invocation, and the hierarchy identifier is related information of a resource that the domain wants to access and invoke, where the domain identifier and the resource identifier may be described in a manner of numbers, words, or a combination of the two.
Different areas can be divided for the secondary firewall according to different functions, and the different divided areas are responsible for different functions and working requirements. After the whole SOC system is divided horizontally and vertically, different corresponding and unique domain identifiers can be set for different domains and different layers, and since different domains have different function implementations, there are also different authority settings for accessing and calling resources, for example, an application management area cannot acquire related resources of security information when accessing and calling resources, and therefore, in the using process, the corresponding relationship between domains and resources is set by setting the relationship between the domain identifiers and the resource information, that is, which domains can access which resources.
Furthermore, when accessing and calling a resource, an access request issued by a domain is received, and a domain identifier and a hierarchy identifier corresponding to the resource desired to be accessed are determined.
Because different domains have different access rights to resources, for example, the domain a can only access the resource a, and the domain B can only access the resource B, when accessing the resources, if the domain a wants to access the resource B, the access will fail. Therefore, when accessing and calling the resource, whether the resource access is possible is determined by the acquired domain identifier and the acquired hierarchy identifier. Specifically, through the domain identifier, it is determined whether the domain corresponding to the domain identifier has an access right to the resource corresponding to the hierarchy identifier.
In one embodiment, before the initiating domain issues the access request to the target domain, the method further includes the following steps:
and performing initialization configuration on the primary firewall and the secondary firewall.
In one embodiment, the primary firewall is initialized in a partitioned mode, and the first address and the last address and the domain access authority of each secondary firewall are configured through the primary firewall; initializing the secondary firewall and setting a secondary access mark; and circularly initializing and configuring the secondary firewall until the initialization and configuration of the secondary firewall managed by the primary firewall are finished, and finishing the initialization and configuration of the primary firewall.
Specifically, in practical applications, when initialization and other related settings are performed, a firewall is used to perform related setting operations, for example, which domains can access and control the device manager through the firewall configuration, which domains can access and control corresponding resources through the firewall configuration, and the firewall is used to configure the DDR range and different access permissions that can be accessed by each domain, including: read, write, read only, write only, and the like.
As shown in fig. 5, which is a flowchart of firewall registration configuration, a first-level firewall is initialized, and when each first-level firewall is initialized, a browser lock is configured first to occupy resources. Then, the partition of the first-level firewall is initialized, and the first address and the last address and the domain access mode of the second-level firewall are configured. And then, initializing the secondary firewall and setting a mark of secondary access. And circularly configuring the secondary firewall until the number of partitions of the secondary firewall is less than the total number of groups of the secondary firewall, which indicates that the configuration of the secondary firewall contained in the primary firewall is finished, and ending the initial configuration process of the primary firewall.
The firewall initialization is to configure the firewall for the first time after power-on, and in order to simplify the boot configuration process, all Pri _ FW and Sec-FW registers can be configured by an init-master which locks the configuration space of the primary firewall. For Pri-FW, the OWNER field of a partition is written by the init-master at initialization. After initialization, this field is set by the hardware according to who locked the current partition. There is no concept of OWNER in Sec-FW. There are two steps to initialize the se1000 firewall, the first is to initialize Pri-FW and the next is to initialize Sec-FW.
Referring to fig. 6, fig. 6 is a flow chart illustrating that the secondary firewall determines whether to allow the initiating domain to perform resource access on the target domain according to the embodiment of the present invention, where the flow chart includes steps S301 to S302.
S601, the secondary firewall judges whether the initiating domain is allowed to access the target domain or not according to the domain identifier and the hierarchy identifier;
s602, the secondary firewall judges whether the initiating domain is allowed to access the partition of the target domain or not according to the target address and the access type.
Specifically, the access request includes a domain identifier, a hierarchy identifier, a destination address, and an access type. As shown in fig. 2 and 4, each Info Package transmitted on the AXI has a Domain attribute (i.e., the Domain identifier of the present invention) and a level attribute (i.e., the hierarchy attribute of the present invention), and when entering firewall detection, firstly, according to these attributes, the validity of the Info Package access is determined, secondly, according to the Package address, the validity of the partition (i.e., the partition of the present invention) accessing the target Domain is determined, and it is determined whether the partition of the target Domain corresponding to the VMID is accessed. And finally, carrying out partition authority detection: readable, writable, i.e., read and write, inaccessible.
In an embodiment, the step of determining, by the secondary firewall according to the domain identifier and the hierarchical identifier, whether to allow the originating domain to access the target domain specifically includes:
the secondary firewall judges whether the initiating domain is allowed to access the partition of the target domain corresponding to the attribute identification or not according to the target address;
and if the initiating domain accesses the partition of the target domain corresponding to the attribute identifier, the secondary firewall judges whether the partition of the target domain has access authority or not according to the access type and the read-write type of the partition of the target domain.
In an embodiment, the step of determining, by the secondary firewall, whether the partition of the target domain has the access right according to the access type and the read-write type of the partition of the target domain specifically includes:
when the access type is the same as the read-write type, the secondary firewall allows the initiating domain to access the partition of the target domain;
and when the access type is different from the read-write type, the secondary firewall sends feedback information of partition access abnormity.
In practical applications, when accessing resources in the entire SOC system, the SOC system is processed in advance, specifically, the entire SOC is divided into four domains, namely AP0, AP1, Safety and SPU, and configured with corresponding IDs, which are 0x10, 0x01, 0x11 and 0x00, respectively. Taking the AP noosec-Domain as an example, how the AP noosec-Domain reads data in a target Partition (e.g., Partition 0) of the DDR by the GPU is described below, and the process is as follows:
(1) when the firewall is initialized and registered, firstly, the firewall above the GPU is configured to be accessible by AP-NonSecure, and the access space of a GPU register is configured;
(2) when the AP-NonSecure initializes the GPU, firstly Firewall above the GPU needs to detect the validity of a request sent by the AP;
(3) after the legality detection is carried out, the AP-NonSecure initializes the GPU, and after the initialization is completed, the GPU serves as a master and sends out a request for accessing the DDR memory.
(4) After the GPU is configured by a Device Manger, enabling the GPU to inherit the attribute of the AP-NonSecure;
(5) when an access request pacackge sent by a GPU passes through firewall detection above a DDR Controller, VMID, PROT and EL _ F attributes are detected firstly, whether a current access area is an accessible area is judged, then a partition is calculated according to an address, and whether the accessed partition allows access of AP-NonSecure is judged; and finally, detecting whether the reading of the Patition 0 is legal or not.
For example, as shown in fig. 7, the following takes an MP (i.e., M4) as an example to describe how the MP accesses a target Partition (e.g., Partition n) of the DDR, and the flow is:
(1) m4 issues an access request to the DDR;
(2) and a firewall above the DDR Controller detects the validity of the access request and whether the M4 is allowed to access.
(3) It is checked whether Partition n allows M4 to read or write.
In an embodiment, the step of judging, by the secondary firewall, whether the partition of the target domain has the access right according to the access type and the read-write type of the partition of the target domain includes:
when the access type is the same as the read-write type, the secondary firewall allows the initiating domain to access the partition of the target domain;
and when the access type is different from the read-write type, the secondary firewall sends feedback information of partition access abnormity.
Specifically, when accessing the partition of the target domain, the access to the partition of the target domain is realized according to the access type of the access request. Specifically, the access type of the access request is obtained, and the read-write type of the partition of the target domain is read at the same time, wherein the access type includes any one of read, write, read-only and write-only, and the read-write type includes any one of read, write, read-only and write-only, and then the access type is compared with the read-write type to realize the access to the partition of the target domain.
In practical applications, the read-write permissions corresponding to different partitions are different, for example, resources in a partition of a security domain may only be read but not written, and resources in a partition of a conventional domain, for example, an instrument domain, may be read and written. Therefore, when accessing the resource, the resource access needs to be the same as the authority information of the resource, and the resource access can be realized.
When the partition of the target domain is determined to be accessed according to the access type of the access request, whether the access type is the same as the read-write type or not is compared, if the access type is the same as the read-write type, the partition of the target domain is determined to be accessible, and otherwise, feedback information of resource access abnormity is sent out.
The invention mainly solves the isolation problem of complex SoC resources under the situation of multi-system and multi-application by deploying two-stage firewalls at the NoC and the equipment end. The invention realizes the safe access control of the whole SOC through two stages of firewalls, wherein the first stage of firewall is responsible for registering and managing the second stage of firewall and has OWNER attribute; the secondary firewall is responsible for packet Check (e.g., Domain Attribute Check, Partition OWNER Check, Partition Permissor Check, shown in fig. 4). And according to the VMID and the PROT, the SOC is longitudinally divided into 5 security domains, and isolation among different domains is realized. And transversely dividing the SOC into 4 safety LEVELs according to the EL _ F, and realizing different permission of Firewall configured by different LEVELs. The invention realizes the functions of firewall and partition anti-collision configuration by providing a Lock/Unlock mechanism. The partitions of different domains of the present invention have an ower attribute and provide four types of access rights: read/write, read only, write only, no access is allowed. The invention also provides an AP detection mechanism of the partition OVERL.
The invention mainly solves the isolation problem of complex SoC resources under the situation of multi-system and multi-application by deploying two-stage firewalls at the NoC and the end of equipment, and realizes the resource isolation between different domains in the longitudinal direction and the resource isolation of different Exception levels (Exception Level) in the transverse direction. In addition, the invention also realizes the resource isolation between the Safety code and the non-Safety code and the isolation between the Trust application and the non-trust application.
The system-on-chip provided by the embodiment of the invention is provided with two layers of firewalls and is divided into a plurality of domains, each domain comprises a main control domain and a secondary control domain, each main control domain and each secondary control domain comprises a plurality of partitions for storing resource data, the main control domain is connected with a primary firewall through an on-chip network, the secondary control domains are respectively connected with a plurality of secondary firewalls through the on-chip network, the primary firewall is deployed on the on-chip network and used for registering and managing the secondary firewalls, and the secondary firewalls are deployed on an IP core and used for detecting the legality of an access request, and the system-on-chip comprises:
the initiating domain is used for sending an access request to a secondary firewall connected with the target domain;
the secondary firewall is used for judging whether the initiating domain is allowed to perform resource access on the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifiers of the initiating domain and the target domain are different.
In a specific implementation, each of the modules and/or units may be implemented as an independent entity, or may be implemented as one or several entities by any combination, where the specific implementation of each of the modules and/or units may refer to the foregoing method embodiment, and specific achievable beneficial effects also refer to the beneficial effects in the foregoing method embodiment, which are not described herein again.
In addition, referring to fig. 8, fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, where the electronic device may be a mobile terminal such as a smart phone and a tablet computer. As shown in fig. 8, the integrated system-on-chip electronic device 700 includes a processor 701, a memory 702. The processor 701 is electrically connected to the memory 702.
The processor 701 is a control center of the integrated system-on-chip electronic device 700, connects various parts of the entire electronic device using various interfaces and lines, and performs various functions of the integrated system-on-chip electronic device 700 and processes data by running or loading an application program stored in the memory 702 and calling data stored in the memory 702, thereby performing overall monitoring of the integrated system-on-chip electronic device 700.
In this embodiment, the processor 701 in the electronic device 700 integrated with a system-on-chip loads instructions corresponding to one or more processes of an application program into the memory 702 according to the following steps, and the processor 701 runs the application program stored in the memory 702, thereby implementing various functions:
the initiating domain sends an access request to a secondary firewall connected with the target domain;
the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
The electronic device 700 integrated with the system-on-chip may implement the steps in any embodiment of the firewall implementation method provided in the embodiment of the present invention, and therefore, the beneficial effects that can be achieved by any firewall implementation method provided in the embodiment of the present invention may be achieved, which are detailed in the foregoing embodiments and will not be described herein again.
Referring to fig. 9, fig. 9 is another schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 9, fig. 9 is a specific structural block diagram of the electronic device according to the embodiment of the present invention, where the electronic device may be used to implement the firewall implementation method provided in the foregoing embodiment. The electronic device 900 may be a mobile terminal such as a smart phone or a notebook computer.
The RF circuit 910 is used for receiving and transmitting electromagnetic waves, and interconverting the electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices. RF circuit 910 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The RF circuit 910 may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices over a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The Wireless network may use various Communication standards, protocols and technologies, including but not limited to Global System for Mobile Communication (GSM), Enhanced Data GSM Environment (EDGE), Wideband Code Division Multiple Access (WCDMA), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Wireless Fidelity (Wi-Fi) (e.g., IEEE802.11 a, IEEE802.11 b, IEEE802.11g and/or IEEE802.11 n), Voice over Internet Protocol (VoIP), world wide Internet Protocol (Microwave Access for micro), and other short message protocols for instant messaging, as well as any other suitable communication protocols, and may even include those that have not yet been developed.
The memory 920 may be used to store software programs and modules, such as program instructions/modules corresponding to the firewall implementation method in the foregoing embodiment, and the processor 980 executes various functional applications and resource accesses by executing the software programs and modules stored in the memory 920, that is, the following functions are implemented:
the initiating domain sends an access request to a secondary firewall connected with the target domain;
the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
The memory 920 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 920 may further include memory located remotely from the processor 980, which may be connected to the electronic device 900 over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input unit 930 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, the input unit 930 may include a touch-sensitive surface 931 as well as other input devices 932. The touch-sensitive surface 931, also referred to as a touch screen or a touch pad, may collect touch operations by a user on or near the touch-sensitive surface 931 (e.g., operations by a user on or near the touch-sensitive surface 931 using a finger, a stylus, or any other suitable object or attachment) and drive the corresponding connecting device according to a predetermined program. Alternatively, the touch sensitive surface 931 may include both a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 980, and can receive and execute commands sent by the processor 980. In addition, the touch sensitive surface 931 may be implemented in various types, such as resistive, capacitive, infrared, and surface acoustic wave. The input unit 930 may also include other input devices 932 in addition to the touch-sensitive surface 931. In particular, other input devices 932 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 940 may be used to display information input by or provided to the user and various graphical user interfaces of the electronic device 900, which may be made up of graphics, text, icons, video, and any combination thereof. The Display unit 940 may include a Display panel 941, and optionally, the Display panel 941 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch-sensitive surface 931 may overlay the display panel 941, and when a touch operation is detected on or near the touch-sensitive surface 931, the touch operation is transmitted to the processor 980 to determine the type of touch event, and the processor 980 then provides a corresponding visual output on the display panel 941 according to the type of touch event. Although the touch-sensitive surface 931 and the display panel 941 are shown as two separate components to implement input and output functions, in some embodiments, the touch-sensitive surface 931 and the display panel 941 may be integrated to implement input and output functions.
The electronic device 900 may also include at least one sensor 950, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 941 according to the brightness of ambient light, and a proximity sensor that may generate an interrupt when the folder is closed or closed. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the mobile phone is stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which may be further configured to the electronic device 900, detailed descriptions thereof are omitted.
The audio circuitry 960, speaker 961, microphone 962 may provide an audio interface between a user and the electronic device 900. The audio circuit 960 may transmit the electrical signal converted from the received audio data to the speaker 961, and convert the electrical signal into a sound signal for output by the speaker 961; on the other hand, the microphone 962 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the audio circuit 960, and outputs the audio data to the processor 980 for processing, and then transmits the audio data to another terminal via the RF circuit 910, or outputs the audio data to the memory 920 for further processing. The audio circuit 960 may also include an earbud jack to provide communication of a peripheral headset with the electronic device 900.
The electronic device 900, via the transport module 970 (e.g., a Wi-Fi module), may assist the user in receiving requests, sending information, etc., which provides the user with wireless broadband internet access. Although the transmission module 970 is shown in the drawings, it is understood that it does not belong to the essential constitution of the electronic device 900 and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 980 is a control center of the electronic device 900, connects various parts of the entire cellular phone using various interfaces and lines, and performs various functions of the electronic device 900 and processes data by operating or executing software programs and/or modules stored in the memory 920 and calling data stored in the memory 920, thereby integrally monitoring the electronic device. Optionally, processor 980 may include one or more processing cores; in some embodiments, the processor 980 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 980.
The electronic device 900 also includes a power supply 990 (e.g., a battery) that provides power to the various components and, in some embodiments, may be logically coupled to the processor 980 via a power management system that provides management of charging, discharging, and power consumption. Power supply 990 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuits, power converters or inverters, power status indicators, and the like.
Although not shown, the electronic device 900 further includes a camera (e.g., a front camera, a rear camera), a bluetooth module, etc., which are not described in detail herein. Specifically, in this embodiment, the display unit of the electronic device is a touch screen display, the mobile terminal further includes a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs include instructions for:
the initiating domain sends an access request to a secondary firewall connected with the target domain;
the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
In specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and specific implementation of the above modules may refer to the foregoing method embodiments, which are not described herein again.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor. To this end, an embodiment of the present invention provides a storage medium, where a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps of any embodiment of the firewall implementation method provided in the embodiment of the present invention.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium may execute the steps in any embodiment of the firewall implementation method provided in the embodiment of the present invention, beneficial effects that can be achieved by any firewall implementation method provided in the embodiment of the present invention may be achieved, for details, see the foregoing embodiment, and are not described herein again.
The cross-domain data sharing, the apparatus, the electronic device and the storage medium provided by the embodiments of the present invention are described in detail above, and the principles and embodiments of the present invention are explained herein by applying specific examples, and the descriptions of the above embodiments are only used to help understanding the method and the core ideas of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention. Moreover, it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention, and such modifications and adaptations are intended to be within the scope of the invention.
Claims (10)
1. A firewall implementation method is applied to a system-on-chip, wherein the system-on-chip is provided with two layers of firewalls, and is divided into a plurality of domains, wherein: the multiple domains comprise a main control domain and a secondary control domain, the main control domain and the secondary control domain both comprise a plurality of partitions for storing resource data, the main control domain is connected with a primary firewall through a network on chip, the multiple secondary control domains are respectively connected with multiple secondary firewalls through the network on chip, the primary firewall is deployed on the network on chip and used for registering and managing the secondary firewall, and the secondary firewall is deployed on an IP core and used for detecting the legality of an access request, and the method comprises the following steps:
the initiating domain sends an access request to a secondary firewall connected with the target domain;
the secondary firewall judges whether the initiating domain is allowed to access the resources of the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
2. The method of claim 1, wherein the initiating domain comprises, before issuing the access request to the target domain, the steps of:
longitudinally dividing the system-level chip into a plurality of domains according to the security attributes and the attribute identifications;
and transversely dividing the system-level chip into a plurality of layers according to the abnormal level identification.
3. The method of claim 1, further comprising the step of:
and performing initialization configuration on the primary firewall and the secondary firewall.
4. The method of claim 3, wherein the initially configuring the primary firewall and the secondary firewall comprises:
performing partition initialization on the primary firewall, and configuring the first and last addresses and domain access permissions of the secondary firewalls through the primary firewall;
initializing the secondary firewall and setting a secondary access mark;
and circularly initializing and configuring the secondary firewall until the initialization and configuration of the secondary firewall managed by the primary firewall are finished, and finishing the initialization and configuration of the primary firewall.
5. The method of claim 2, wherein the access request comprises a domain identification, a hierarchy identification, a target address, and an access type; the secondary firewall judging whether the initiating domain is allowed to perform resource access to the target domain comprises the following steps:
the secondary firewall judges whether the initiating domain is allowed to access the target domain or not according to the domain identifier and the hierarchy identifier;
and the secondary firewall judges whether the initiating domain is allowed to access the partition of the target domain or not according to the target address and the access type.
6. The method of claim 5, wherein the secondary firewall determines whether to allow the originating domain to access the partition of the target domain based on the target address and the access type comprises:
the secondary firewall judges whether the initiating domain is allowed to access the partition of the target domain corresponding to the attribute identification or not according to the target address;
if the initiating domain accesses the partition of the target domain corresponding to the attribute identification, the secondary firewall judges whether the partition of the target domain has access permission or not according to the access type and the read-write type of the partition of the target domain.
7. The method as claimed in claim 6, wherein the step of the secondary firewall determining whether the partition of the target domain has the access right according to the access type and the read-write type of the partition of the target domain comprises:
when the access type is the same as the read-write type, the secondary firewall allows the initiating domain to access the partition of the target domain;
and when the access type is different from the read-write type, the secondary firewall sends feedback information of partition access abnormity.
8. The utility model provides a system-on-chip, its characterized in that, system-on-chip is equipped with two-layer firewall and is divided into a plurality of domains, a plurality of domains include main control domain and secondary control domain, main control domain and secondary control domain all include a plurality of and are used for the subregion of storage resource data, main control domain passes through network on chip with the first-level firewall, a plurality of secondary control domains pass through with a plurality of second-level firewall respectively network on chip is connected, the first-level firewall is deployed on network on chip and is used for registering and managing the second-level firewall, the second-level firewall is deployed on the IP core and is used for detecting the legitimacy of access request, include:
the initiating domain is used for sending an access request to a secondary firewall connected with the target domain;
the secondary firewall is used for judging whether the initiating domain is allowed to perform resource access on the target domain or not;
the initiating domain and the target domain both comprise a main control domain and a secondary control domain, and the domain identifications of the initiating domain and the target domain are different.
9. An integrated system-on-chip electronic device, comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the memory is coupled to the processor, and the processor executes the computer program to implement the steps of the firewall implementation method according to any one of claims 1 to 7.
10. A computer-readable storage medium, storing a computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the steps of the firewall implementation method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210766031.2A CN114844726B (en) | 2022-07-01 | 2022-07-01 | Firewall implementation method, chip, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210766031.2A CN114844726B (en) | 2022-07-01 | 2022-07-01 | Firewall implementation method, chip, electronic device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114844726A true CN114844726A (en) | 2022-08-02 |
CN114844726B CN114844726B (en) | 2022-09-06 |
Family
ID=82574699
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210766031.2A Active CN114844726B (en) | 2022-07-01 | 2022-07-01 | Firewall implementation method, chip, electronic device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114844726B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117097576A (en) * | 2023-10-20 | 2023-11-21 | 北京凯芯微科技有限公司 | AXI bus firewall for functional safety |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101958903A (en) * | 2010-10-09 | 2011-01-26 | 南京博同科技有限公司 | Method for realizing high-performance firewall based on SOC and parallel virtual firewall |
US20190058691A1 (en) * | 2017-08-17 | 2019-02-21 | Texas Instruments Incorporated | Flexible hybrid firewall architecture |
CN110532789A (en) * | 2019-08-13 | 2019-12-03 | 南京芯驰半导体科技有限公司 | A kind of the system firewall and configuration method of stratification |
US20200065099A1 (en) * | 2018-08-24 | 2020-02-27 | Texas Instruments Incorporated | Resource allocation in a multi-processor system |
EP3671475A1 (en) * | 2018-12-21 | 2020-06-24 | Thales | Device for general control of memory transfers for simultaneous access to a system on a chip |
CN114218560A (en) * | 2022-02-22 | 2022-03-22 | 湖北芯擎科技有限公司 | Resource access method, device, electronic equipment and storage medium |
-
2022
- 2022-07-01 CN CN202210766031.2A patent/CN114844726B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101958903A (en) * | 2010-10-09 | 2011-01-26 | 南京博同科技有限公司 | Method for realizing high-performance firewall based on SOC and parallel virtual firewall |
US20190058691A1 (en) * | 2017-08-17 | 2019-02-21 | Texas Instruments Incorporated | Flexible hybrid firewall architecture |
US20200065099A1 (en) * | 2018-08-24 | 2020-02-27 | Texas Instruments Incorporated | Resource allocation in a multi-processor system |
EP3671475A1 (en) * | 2018-12-21 | 2020-06-24 | Thales | Device for general control of memory transfers for simultaneous access to a system on a chip |
CN110532789A (en) * | 2019-08-13 | 2019-12-03 | 南京芯驰半导体科技有限公司 | A kind of the system firewall and configuration method of stratification |
CN114218560A (en) * | 2022-02-22 | 2022-03-22 | 湖北芯擎科技有限公司 | Resource access method, device, electronic equipment and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117097576A (en) * | 2023-10-20 | 2023-11-21 | 北京凯芯微科技有限公司 | AXI bus firewall for functional safety |
CN117097576B (en) * | 2023-10-20 | 2024-01-02 | 北京凯芯微科技有限公司 | AXI bus firewall for functional safety |
Also Published As
Publication number | Publication date |
---|---|
CN114844726B (en) | 2022-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11954204B2 (en) | Artificial intelligence AI processing method and AI processing apparatus | |
CN110366843B (en) | Method and terminal for controlling access of trusted application | |
CN106605233B (en) | Providing trusted execution environment using processor | |
US10726120B2 (en) | System, apparatus and method for providing locality assertion between a security processor and an enclave | |
WO2021036706A1 (en) | Trusted application operation method and information processing and memory allocation method and apparatus | |
US10075443B2 (en) | System, apparatus and method for stateful application of control data in a device | |
US9870467B2 (en) | Apparatus and method for implementing a forked system call in a system with a protected region | |
CN109416800B (en) | Authentication method of mobile terminal and mobile terminal | |
JP2013536505A (en) | Secure readable memory area support for pre-boot and secure mode operations | |
US10289853B2 (en) | Secure driver platform | |
CN106897595B (en) | Mobile terminal | |
KR20140147141A (en) | Method, firewall, terminal and readable storage medium for implementing security protection | |
CN113569245A (en) | Processing device, embedded system, system on chip and security control method | |
US20230221997A1 (en) | System and method for subscription management using composed systems | |
CN114218560B (en) | Resource access method, device, electronic equipment and storage medium | |
US12093102B2 (en) | System and method for power state enforced subscription management | |
CN114844726B (en) | Firewall implementation method, chip, electronic device and computer readable storage medium | |
KR102177407B1 (en) | An AVN system of a vehicle using a virtualization and an operating method of the AVN system | |
CN114826785B (en) | Dynamic protection method, system-on-chip, electronic device and medium | |
CN111414625B (en) | Method and system for realizing computer trusted software stack supporting active trusted capability | |
CN116415247A (en) | Method and device for checking safety of container | |
CN111666579B (en) | Computer device, access control method thereof and computer readable medium | |
CN114564212A (en) | Application deployment method and device of vehicle-mounted edge computing device based on K3s, storage medium and terminal equipment | |
CN113742714A (en) | Method, device and apparatus for managing access between microservices and storage medium | |
CN116049809B (en) | Drive calling method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |