CN115422554A - Request processing method, compiling method and trusted computing system - Google Patents
Request processing method, compiling method and trusted computing system Download PDFInfo
- Publication number
- CN115422554A CN115422554A CN202211311423.6A CN202211311423A CN115422554A CN 115422554 A CN115422554 A CN 115422554A CN 202211311423 A CN202211311423 A CN 202211311423A CN 115422554 A CN115422554 A CN 115422554A
- Authority
- CN
- China
- Prior art keywords
- memory
- segment
- program
- user
- security level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Abstract
The specification provides a request processing method, a compiling method and a trusted computing system based on a trusted security zone, wherein the trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a reset program segment, and a legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level; the request processing method comprises the following steps: responding to the task request, executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of the first security level; and executing a user target program compiled from a user source program in the user program segment, wherein a memory access instruction in the user source program is compiled into a safe memory access instruction of which the corresponding memory access address belongs to a legal access range of a first safety level.
Description
Technical Field
The embodiment of the specification belongs to the technical field of computers, and particularly relates to a request processing method, a compiling method and a trusted computing system based on a trusted security zone.
Background
A Trusted Execution Environment (TEE) is a secure area within the CPU that runs in a separate Environment and in parallel with the operating system. With the help of a hardware trust root and a fast memory encryption engine, the TEE can provide an isolated memory area called enclave (trusted secure area) for data processing, the enclave can ensure that programs and data in the enclave are not attacked by any other software including privileged software such as an operating system, and the confidentiality and integrity of the programs running in the enclave are ensured through mechanisms such as memory encryption and remote attestation.
In a scene that enclave is used as a task execution framework of trusted computing, a user program written by a user and loaded into enclave is operated in the enclave as an execution component of the trusted computing task, and each time the enclave receives a corresponding task request, the enclave restarts the enclave and calls the user program to execute the trusted computing task corresponding to the task request. In the related art, enclave is generally restarted using a conventional warm start or cold start.
Although the enclave is difficult to attack by the external program, the user program written by the user and loaded into the enclave breaks through the defense line of the enclave, and the enclave can be attacked from the inside. Therefore, if enclave is executed, some warm-boot of components before restarting can be reused continuously, although the efficiency of restarting the enclave can be improved, some components which are attacked can be reused, so that the enclave is still in an attacked state, and great safety hazards are provided, and particularly when the warm-boot components are attacked, the enclave cannot be separated from the attacked state and is completely mastered by an attacker; if the enclave is subjected to cold boot for reinitializing all components, the potential safety hazard caused by warm boot can be avoided, but a larger time delay is caused, and for a trusted computing service scene in which most task requests need quick response, the execution efficiency of the trusted computing task is seriously influenced by a longer cold boot time.
Disclosure of Invention
The invention aims to provide a request processing method, a compiling method and a trusted computing system based on a trusted secure area.
According to a first aspect of one or more embodiments of the present specification, a request processing method based on a trusted security zone is provided, where the trusted security zone includes a memory segment with a first security level and a memory segment with a second security level, where the memory segment with the first security level includes a user data segment and a user program segment, the memory segment with the second security level includes a backup data segment and a reset program segment, and a legal access range of the first security level includes at least a part of memory addresses in the memory segment with the first security level; the method comprises the following steps:
responding to a task request, executing a trusted security zone reset function in the reset program segment, and covering a memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup covered to the user data segment;
after the execution of the reset function of the trusted security zone is finished, executing a user target program compiled by a user source program in the user program segment; and compiling a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program, wherein a memory access address corresponding to the safe memory access instruction belongs to a legal access range of a first safety level.
According to a second aspect of one or more embodiments of the present specification, there is provided a compiling method including:
the method comprises the steps that a user source program used for being executed in a trusted security zone is obtained, wherein the trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a resetting program segment, the legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level, and the access memory address corresponding to a secure memory access instruction in the user program segment belongs to the legal access range of the first security level;
compiling the user source program into a user target program so as to convert a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program;
loading the user target program to the user program segment to execute the user target program in the user program segment after the trusted secure zone is reset in response to a task request; wherein resetting the trusted secure zone comprises: and executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup used for covering the user data segment.
According to a third aspect of one or more embodiments of the present specification, a request processing apparatus based on a trusted security zone is provided, where the trusted security zone includes a memory segment of a first security level and a memory segment of a second security level, where the memory segment of the first security level includes a user data segment and a user program segment, the memory segment of the second security level includes a backup data segment and a reset program segment, and a legal access range of the first security level includes at least a part of memory addresses in the memory segment of the first security level; the device comprises:
a resetting unit, configured to execute a trusted security region resetting function in the resetting program segment in response to a task request, and cover a memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, where the memory backup includes a user data segment backup for covering the user data segment;
the user target program execution unit is used for executing a user target program obtained by compiling a user source program in the user program segment after the execution of the reset function of the trusted security zone is finished; and compiling a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program, wherein a memory access address corresponding to the safe memory access instruction belongs to a legal access range of a first safety level.
According to a fourth aspect of one or more embodiments of the present specification, there is provided a compiling apparatus including:
the system comprises a user source program obtaining unit, a user source program obtaining unit and a user source program obtaining unit, wherein the user source program obtaining unit is used for obtaining a user source program executed in a trusted security zone, the trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a reset program segment, the legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level, and the memory access address corresponding to a safe memory access instruction in the user program segment belongs to the legal access range of the first security level;
the compiling unit is used for compiling the user source program into a user target program so as to convert the memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program;
a user target program loading unit, configured to load the user target program into the user program segment, so as to execute the user target program in the user program segment after the trusted secure area is reset in response to a task request; wherein resetting the trusted secure zone comprises: and executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup used for covering the user data segment.
According to a fifth aspect of one or more embodiments herein, there is provided a trusted computing system comprising a front-end trusted security zone and at least one back-end trusted security zone, wherein:
the front-end trusted security zone is used for receiving a task request sent by a client, forwarding the task request to a corresponding rear-end trusted security zone, and sending an execution result aiming at the task request returned by the rear-end trusted security zone to the client;
any back-end trusted secure zone is configured to execute the method according to any one of the first aspect when receiving a task request sent by the front-end trusted secure zone, and return an execution result generated by executing a user target program to the front-end trusted secure zone.
According to a sixth aspect of one or more embodiments herein, there is provided an electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method according to any one of the first and second aspects by executing the executable instructions.
According to a seventh aspect of one or more embodiments of the present specification, a computer-readable storage medium is presented, on which computer instructions are stored, which instructions, when executed by a processor, implement the steps of the method according to any one of the first and second aspects.
The embodiment of the specification provides a security resetting method for a trusted security zone, the trusted security zone is divided into memory segments with different security levels, a user target program compiled by a user source program written by a user is placed in the memory segment with a first security level, and after a memory access instruction in the user source program is compiled into a corresponding security memory access instruction in the user target program, an access address corresponding to the security memory access instruction belongs to a legal access range of the first security level, so that the user target program can only access a memory space in the legal access range of the first security level, the user target program is prevented from being badly damaged, and the security of the trusted security zone is damaged from the inside by modifying programs or data in the memory segments with other security levels. For example, the user target program cannot modify the memory backup or the trusted secure zone reset function in the memory segment at the second security level, so that it can be ensured that each time the user data segment is reset by the trusted secure zone reset function, the user target program that is already running in the trusted secure zone does not affect the reset process, that is, the components outside the legal access range of the first security level, including the trusted secure zone reset function, can be reused continuously after the trusted secure zone is reset. And for the memory space corresponding to the legal access range of the first security level which can be accessed and modified by the user target program in the trusted security zone, covering the part of the memory space through memory backup in the process of executing the reset function of the trusted security zone, namely completely resetting the memory space corresponding to the legal access range of the first security level. It is easy to find that the secure reset method of the trusted secure domain implemented in the embodiment of the present disclosure also belongs to a hot start method, however, compared with the conventional hot start, the embodiment of the present disclosure implements an effect of eliminating the potential safety hazard that can be implemented only by the conventional cold start, thereby taking security and efficiency into consideration. In particular, since the memory segment of the second security level and above that which is continuously reused is not attacked by the user target program, the security of the components before reset which are continuously reused, especially the security of the reset function itself of the trusted security zone which executes the reset process, can be ensured, which maintains the self-consistency of the system. Meanwhile, the memory space corresponding to the legal access range of the first security level with the security risk is completely reset, so that the reset trusted security area can not inherit the risk in the trusted security area before resetting, and the trusted security area can be separated from the attacked state even if being attacked by the target program of the user.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a flowchart of a request processing method based on a trusted secure zone according to an exemplary embodiment.
Fig. 2 is a schematic diagram of a trusted secure zone provided in an exemplary embodiment.
Fig. 3 is a schematic diagram of a trusted secure zone after partitioning a memory chunk according to an exemplary embodiment.
FIG. 4 is a flowchart of a compiling method that is provided by an exemplary embodiment.
Fig. 5 is a schematic structural diagram of an apparatus provided in an exemplary embodiment.
Fig. 6 is a block diagram of a request processing device based on a trusted secure zone according to an exemplary embodiment.
Fig. 7 is a block diagram of a compiling apparatus according to an example embodiment.
FIG. 8 is a system architecture diagram of a trusted computing system in accordance with an illustrative embodiment.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Referring to fig. 1, fig. 1 is a flowchart of a request processing method based on a trusted secure zone according to an exemplary embodiment. Fig. 2 is a schematic diagram of a trusted security zone according to an exemplary embodiment, as shown in fig. 2, the trusted security zone includes a memory segment of a first security level and a memory segment of a second security level, wherein the memory segment of the first security level includes a user data segment and a user program segment, the memory segment of the second security level includes a backup data segment and a reset program segment, and a legal access range of the first security level includes at least a part of memory addresses in the memory segment of the first security level; as shown in fig. 1, the method includes:
s102: and responding to a task request, executing a trusted secure area resetting function in the resetting program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup covering the user data segment.
In this embodiment, the programs in the trusted secure zone include a user object program and a system object program, where the user object program is compiled from a user source program, and the system object program is compiled from a system source program. Because the user source program is a self-defined program written by a user, the user source program can bring certain security risk to the trusted security zone after being compiled into the user target program and loaded into the trusted security zone; in contrast, the system source program is written by a developer of the trusted security zone, and the system target program obtained by compiling the system source program is theoretically free from security risks. Thus, to avoid the security risk that the user target program may bring to the trusted security zone, the embodiments of the present specification employ a security policy that segments the trusted security zone according to security levels, where the security policy specifies that a program in a memory segment with a low security level cannot access a memory space in a memory segment with a relatively higher security level, and a program in a memory segment with a high security level can access a memory space in a memory segment with a relatively lower security level. Under the guidance of the security policy, a user program segment for loading a user target program is set in a memory segment with the lowest security level (a first security level), and other system target programs and sensitive data segments are set in a memory segment with a relatively higher security level, so that the user target program with security risk can only access a part of memory space in the memory segment with the first security level (called a legal access range of the first security level). For example, the stack memory segment, the heap memory segment, and the user data segment in the memory segment of the first security level shown in fig. 2 can all be used by the user target program normally, but the user target program cannot normally access all the memory spaces except the legal access range of the first security level, so that the system target program and the sensitive data segment are protected from the attack of the user target program.
The system object program according to this embodiment of the present disclosure includes a trusted secure zone reset function for executing a trusted secure zone reset logic, where the trusted secure zone reset function is specifically configured in a reset program segment in a memory segment of a second security level, which means that the trusted secure zone reset function can normally access and modify a memory space in the memory segment of a first security level, and therefore, the normal implementation of a reset process of the trusted secure zone reset function for a memory space in the memory segment of the first security level where a security risk exists (i.e., a memory space corresponding to a legal access range of the first security level) is not affected. Specifically, when an interface function (an interface function belongs to a system object program) of the trusted security zone receives a task request for requesting execution of a trusted computing task from outside the trusted security zone, a process of resetting the trusted security zone needs to be triggered first to provide a clean task execution environment for executing a subsequent trusted computing task, and at this time, the interface function calls and executes a trusted security zone resetting function in the resetting program section. And in the execution process of the reset function of the trusted security area, the memory backup stored in the backup data segment is covered to the memory space corresponding to the legal access range of the first security level, so that the memory space of the legal access range of the first security level is completely reset to be in an initial memory state when the compiling of the user source program is completed, and the process of resetting the trusted security area is completed. The legal access range of the first security level according to the embodiments of the present specification at least includes the user data segment in the memory segment of the first security level.
It should be noted that, when the user source program is compiled into the user target program, not only the high-level/assembly language is compiled into the machine language at the instruction level (the compiled machine code set constitutes the user target program), and the user target program is loaded to the user program segment, but also a memory space is required to be applied for storing the data variables related to the program, that is, the initialized or uninitialized data variables after the user source program is compiled are stored into the user data segment in the memory segment with the first security level.
When the legal access range of the first security level further includes a user program segment in the memory segment of the first security level, the memory backup may further include a user program segment backup for covering the user program segment, where the user program segment backup refers to a memory state of the user code segment when the user source program is completely compiled, that is, a user target program in an initial state obtained immediately after the compilation is completed. In this embodiment of the present specification, since the user target program may access and modify the user program segment, and may modify the self code included in the user target program segment, thereby bringing a large security risk, during the resetting of the trusted security area, the user program segment backup may be covered to the memory space corresponding to the user program segment, so that the user target program is restored to the initial state just after the compilation is completed, so as to clear the security risk that may exist in the user program segment before the resetting.
In addition, the memory backup according to the embodiments of the present disclosure further includes memory states of the stack memory segment and the heap memory segment when the user source program is completely compiled, so as to be used for overwriting the current debt memory segment and the heap memory segment in the reset process. Since the memory states of the stack memory segment and the heap memory segment are normally empty when the user source program is compiled, after the trusted secure area resetting function is executed and the process of resetting the trusted secure area is completed, the data in the stack memory segment and the heap memory segment are cleared. The user data segment according to the embodiments of the present specification may include a data segment and a bss segment, where initialized global variables obtained after compiling corresponding to the user source program are stored in the data segment, and uninitialized global variables are stored in the bss segment.
In the embodiment of the present specification, the method further includes: and responding to a backup request or under the condition that the trusted secure area finishes cold start, executing a trusted secure area backup function in the reset program segment, and taking the data in the legal access range of the first security level as the memory backup to be stored in the backup data segment. As described above, the memory backup stored in the backup data segment is specifically an initial memory state of the memory space in the legal access range of the first security level when the user source program is completely compiled, and the memory backup is actually stored in the backup data segment by executing the trusted security zone backup function in the reset program segment. Specifically, when the interface program receives a backup request for calling the trusted secure zone backup function from outside the trusted secure zone, or when the system boot program (belonging to the system object program) completes in response to the cold boot of the trusted secure zone (the cold boot includes a process of compiling the user source program and the system source program into the user object program and the system object program and loading the user object program and the system object program into the trusted secure zone), the interface program triggers the calling and execution of the trusted secure zone backup function. In the execution process of the trusted secure area backup function, data in the legal access range of the first security level is used as the memory backup and is copied and stored into the backup data segment, so that the memory state of the memory space in the legal access range of the current first security level is completely stored for subsequent call of the trusted secure area reset function.
In this embodiment of the present specification, the overwriting the memory backup stored in the backup data segment to the memory space corresponding to the legal access range of the first security level includes: starting a user authority hardware instruction, and reallocating memory access authority to the memory space corresponding to the legal access range of the first security level through the user authority hardware instruction; and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, and forbidding the user authority hardware instruction after the memory backup is completed. The trusted secure area enclave according to the embodiments of the present disclosure is implemented based on an Intel Software security extension (Intel SGX) technology stack, and the user right hardware instruction (ENCLU) according to the embodiments of the present disclosure specifically refers to a native instruction defined in the Intel SGX for instructing to modify the memory right of the trusted secure area, and because the native instruction affects the confidentiality of the trusted secure area, we do not want the native instruction to be randomly called unless necessary, and in particular, need to prohibit the native instruction from being called by a user target program. When the memory backup is covered to the memory space corresponding to the legal access range of the first security level, since the memory right needs to be reallocated, a user right hardware instruction (for example, an EMODPE instruction for expanding the existing memory range of the envelope) needs to be invoked, so that in this case, the user right hardware instruction needs to be enabled in advance on the system level, and thus the resetting process of the trusted security zone can be normally implemented. After the trusted secure zone is reset, in order to prevent the user target program from attacking the trusted secure zone by using the user right hardware instruction, the user right hardware instruction may be disabled after the trusted secure zone is reset each time. Specifically, by defining a global insurance value for enabling or not enabling the user right hardware instruction in the trusted secure zone reset function, a logic for setting the global insurance value to an enabled state is added before the override reset logic of the trusted secure zone reset function, and a logic for setting the global insurance value to a disabled state is added after the override reset logic of the trusted secure zone reset function. In addition, the call condition corresponding to each user right hardware instruction needs to be modified, so that the call condition is normally executed when the global insurance value is called in the enabled state, and the call condition is not executed and an error is returned when the global insurance value is called in the disabled state.
In this embodiment, after receiving the task request, the interface function also checks whether there is a trusted computing task that has not been executed in the trusted security zone. If the trusted computing task is not interrupted by the task request, the executing trusted computing task can be completely executed. In addition, in addition to triggering and calling and executing the trusted secure zone reset function in response to the task request, the interface program may also trigger and call and execute the trusted secure zone reset function when receiving an execution result returned after the currently executing trusted computing task is executed, so that a process of resetting the trusted secure zone is not required to be performed again after a new task request is subsequently received, and the user target program can be directly called to execute the trusted computing task corresponding to the task request.
S104: after the execution of the reset function of the trusted safe area is finished, executing a user target program compiled by a user source program in the user program section; and compiling a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program, wherein a memory access address corresponding to the safe memory access instruction belongs to a legal access range of a first safety level.
In this embodiment of the present specification, after receiving a task request, an interface function first calls and executes a trusted secure area reset function in a reset program segment, and then after further receiving a return value of the trusted secure area reset function, it may be determined that the trusted secure area reset function is completed, so that a trusted computing task corresponding to the task request may be executed next. Because the module for executing the trusted computing task is the user target program, the interface function can further call and execute the user target program in the user program segment, and when the interface function is called, some necessary input parameters in the task request can be introduced into the execution process of the user target program as call parameters.
In the embodiment of the present specification, the security policy "a program in a memory segment with a low security level cannot access a memory space in a memory segment with a relatively higher security level, and a program in a memory segment with a high security level can access a memory space in a memory segment with a relatively lower security level" is actually implemented by a compiler technology. For example, in order to enable a user target program in a memory segment of a first security level to access only a legal access range of the first security level, an instruction conversion rule in a conventional compiling process needs to be changed by a compiler technology in a process of compiling a user source program into the user target program, so that the changed instruction conversion rule is used for guiding a memory access instruction in the user source program to be compiled into a corresponding secure memory access instruction in the user target program, and it is ensured that an access address corresponding to the secure memory access instruction in the user target program belongs to the legal access range of the first security level. Therefore, all access operations (including read operations and write operations) in the user target program are limited within the legal access range of the first security level, and cannot access the memory space corresponding to the memory segment with the second security level or above. For another example, in order to ensure that the reset function of the trusted secure area in the memory segment of the second security level can complete the reset process when executed, it is inevitably required to access the memory segment of the first security level normally. Therefore, in the process of compiling the system source program into the system target program, the traditional instruction conversion rule can be changed through the compiler technology, so that the changed instruction conversion rule is used for guiding the compiling of the memory access instruction in the system source program into the corresponding safe memory access instruction in the system target program, and the access address corresponding to the safe memory access instruction in the trusted secure area resetting function is ensured to belong to the legal access range of the second security level.
One memory access instruction in the user source program is essentially a high-level/assembly language programming statement, and one secure memory access instruction in the user object program is essentially a set of one or more machine codes. Taking the user source program as an assembly language as an example, if an instruction conversion rule in the traditional compiling process is adopted, a memory access instruction in the user source program is compiled into a machine code; if the changed instruction conversion rule according to the embodiment of the present specification is used, a memory access instruction in a user source program is compiled into a secure memory access instruction including one or more machine codes, and an operation logic included in the secure memory access instruction is different from an operation logic included in one machine code obtained by conventional compilation, which is specifically embodied as: under the condition that an original access address corresponding to the memory access instruction does not belong to the legal access range of the first security level, after the memory access instruction is compiled into the secure memory access instruction, the implication operation logic of the secure memory access instruction changes, namely the secure memory access instruction does not access the original access address any more, but accesses an address in the legal access range of the first security level. It is easy to find that, according to the changed instruction transformation rule related in the embodiment of the present specification, an operation logic of each compiled secure memory access instruction is substantially changed compared with an operation logic of a memory access instruction before compiling, and this change is a reason why a memory access address of the secure memory access instruction can be limited to a certain legal access range. Since the assembly instructions are in one-to-one correspondence with the machine codes, if the secure memory access instruction includes a plurality of machine codes, a plurality of assembly instructions may be obtained when the secure memory access instruction is reversely compiled into the assembly language, that is, the method for changing the operation logic included in the memory access instruction through compiling may be specifically implemented by the operation logic included in the memory access instruction. By the compiling method related to the embodiment of the specification, the boundary-crossing memory access risk (boundary-crossing memory access risk refers to accessing a memory space except a specified legal access range) of the user source program written by a user on the source code level can be eliminated, and the user source program with the boundary-crossing memory access risk is purified to be a user target program without the boundary-crossing memory access risk.
In the embodiment of this specification, still include: and responding to the task request, and returning an execution result corresponding to the task request generated by executing the user target program to an initiator of the task request. After the user target program is executed, the interface program receives an execution result returned by calling the user target program, wherein the execution result is the execution result of the trusted computing task corresponding to the task request, and at the moment, the interface program can return the execution result to an initiator which is positioned outside the trusted security zone and corresponds to the task request, so that the trusted security zone finishes the whole process of completely executing the trusted computing task.
The embodiment of the specification provides a security resetting method for a trusted security zone, the trusted security zone is divided into memory segments with different security levels, a user target program compiled by a user source program written by a user is placed in the memory segment with a first security level, and after a memory access instruction in the user source program is compiled into a corresponding security memory access instruction in the user target program, an access address corresponding to the security memory access instruction belongs to a legal access range of the first security level, so that the user target program can only access a memory space in the legal access range of the first security level, the user target program is prevented from being badly damaged, and the security of the trusted security zone is damaged from the inside by modifying programs or data in the memory segments with other security levels. For example, the user target program cannot modify the memory backup or the trusted secure zone reset function in the memory segment at the second security level, so that it can be ensured that each time the user data segment is reset by using the trusted secure zone reset function, the user target program that is already running in the trusted secure zone does not affect the process of resetting the user data segment, that is, components that are outside the legitimate access range of the first security level, including the trusted secure zone reset function, can be reused continuously after the trusted secure zone is reset. And for the memory space corresponding to the legal access range of the first security level, which can be accessed and modified by the user target program in the trusted security zone, the memory space is covered by the memory backup in the process of executing the reset function of the trusted security zone, namely, the memory space corresponding to the legal access range of the first security level is completely reset. It is easy to find that the secure reset method of the trusted secure domain implemented in the embodiment of the present disclosure also belongs to a hot start method, however, compared with the conventional hot start, the embodiment of the present disclosure implements an effect of eliminating the potential safety hazard that can be implemented only by the conventional cold start, thereby taking security and efficiency into consideration. Specifically, since the memory segment of the second security level and above that which is continuously multiplexed is not attacked by the user target program, the security of the components before reset, which are continuously multiplexed, and particularly the security of the reset function itself of the trusted security zone that executes the reset process, can be ensured, which maintains the self-consistency of the system. Meanwhile, the memory space corresponding to the legal access range of the first security level with the security risk is completely reset, so that the reset trusted security area can not inherit the risk in the trusted security area before resetting, and the trusted security area can be separated from the attacked state even if being attacked by the target program of the user.
Optionally, the trusted secure zone further includes a memory segment with a third security level, where the memory segment with the third security level includes a key data segment and a certification program segment, and the method further includes:
executing a nested certification function in the certification program segment in response to a program certification request, and signing to-be-certified data based on a nested certification private key stored in the key data segment to generate a trusted program certification, wherein the to-be-certified data comprises data in the user program segment and/or the reset program segment;
providing the trusted program attestation to an initiator of the program attestation request, and receiving the task request sent if the initiator confirms that the trusted program attestation verifies.
In this embodiment of the present specification, the trusted secure area further includes a memory segment with a third security level, where the memory segment is loaded with a nested certification function belonging to a system target program, and in order to ensure that the nested certification function can normally implement a corresponding nested certification process, the lower legal access range with the third security level includes a key data segment and memory segments with the first security level and the second security level. For any verifier outside the trusted secure zone, the verifier may initiate a program attestation request to the trusted secure zone to verify the integrity of the program inside the trusted secure zone, for example, the initiator of a task request may also serve as the verifier at the same time, and initiate a task request to the trusted secure zone after verifying the integrity of the program in the trusted secure zone, so as to ensure that the trusted secure zone can execute the trusted computing task according to the expected specification. In particular, an initiator of a task request may first initiate a program attestation request to a trusted secure zone prior to initiating the task request. After the interface program in the trusted security zone receives the program certification request, the nested certification function in the certification program segment is called and executed, and after the nested certification function returns the corresponding trusted program certification, the trusted program certification is provided to the initiator of the program certification request, namely the initiator of the subsequent task request. And the initiator of the program certification request initiates a task request to the trusted security zone under the condition that the trusted program certification is verified to be passed. The nested proof function, when executed, is to: and signing the data to be certified based on the nested certification private key stored in the key data segment to generate a trusted program certification, and returning the trusted program certification to the calling point. The data to be certified includes data in the user program segment and/or the reset program segment, that is, the user target program and/or the trusted secure zone reset function, and in specific implementation, the data to be certified may also be a hash value corresponding to the user target program and/or the trusted secure zone reset function.
And the initiator of the program certification request can verify the trusted program certification through a pre-published nested certification public key, and can determine that the trusted program certification source is trusted after the verification is successful, so that the verification of the program integrity is further carried out, and under the condition that the hash value corresponding to the pre-published user target program and/or the trusted security zone reset function is consistent with the hash value contained in the data to be certified in a comparison manner, the program operated in the user program segment and/or the reset program segment is not tampered. At this time, the initiator of the program certification request initiates a task request to the trusted security zone, so that it can be ensured that both the trusted security zone resetting process and the user target program executing process corresponding to the trusted security task can be performed regularly in anticipation.
In a conventional remote authentication mechanism, a trusted secure area (referred to as a signing envelope) specially used for signing signs all programs in the trusted secure area to be verified by using a CPU private key to generate a trusted program certificate (referred to as a Quote), since a verifier does not master a corresponding CPU public key and cannot verify the trusted program certificate, the trusted program certificate needs to be transferred to a remote authentication server for verification, and finally, the verifier can determine that the source of the trusted program certificate is trusted under the condition that the remote authentication server determines that the trusted program certificate is successfully verified, and further confirms that the program in the trusted secure area of the source of the trusted program certificate is not tampered through program integrity verification. In the embodiment of the specification, different from a traditional remote authentication mechanism, a nested certification function in a memory segment in a third security level in a trusted security zone is used for signing a program in a memory segment in a first security level or a second security level in the trusted security zone, and a nested certification public key can be published, so that the nested certification public key can be used as a verifier for independently verifying the trusted program certification without the support of a remote authentication server, and the efficiency and the cost for verifying the integrity of the program by the verifier are greatly improved.
In an embodiment of the present specification, the nested proof private key is assigned by a key management server to the key data segment in the trusted secure zone upon confirming that the trusted secure zone passes remote authentication by a remote authentication server. As described above, the key data segment stores the nested proof private key, and the private key may be obtained by a key management server as a verifier through a conventional remote authentication mechanism, after verifying the program integrity of the whole trusted secure area including the nested proof function in the proof memory segment, the nested proof private key may be allocated to the trusted secure area, and the nested proof public key corresponding to the nested proof private key is disclosed to the outside, so as to complete a subsequent program integrity verification process based on the nested proof function.
In this embodiment of the present specification, the trusted secure zone includes memory segments with different security levels, where the different security levels include at least a first security level and a second security level, and a legal access range of any security level includes at least a part of memory addresses in the memory segment of any security level and a memory segment lower than any security level;
the program in the trusted security zone comprises the user target program and a system target program obtained by compiling a system source program, the system target program is in a memory segment with a second security level and above, and the system target program comprises a trusted security zone reset function; and compiling the memory access instruction in the system source program into a corresponding safe memory access instruction in the system target program, wherein the memory access address corresponding to the safe memory access instruction in the memory segment of any safety level belongs to the legal access range of any safety level.
Similarly to the process of compiling the user source program into the user object program, the compiling method according to the embodiment of the present specification may be used in the process of compiling the system source program into the system object program. Specifically, the memory access instruction in the system source program is compiled into a corresponding secure memory access instruction in the system object program, and a memory access address corresponding to the secure memory access instruction in a certain system object program in a memory segment at any security level is ensured to belong to a legal access range at any security level. By the compiling method related to the embodiment of the specification, the boundary-crossing memory access risk of the system source program on the source code level can be eliminated, and the system source program with the boundary-crossing memory access risk is purified into the system target program without the boundary-crossing memory access risk. Taking the trusted secure zone shown in fig. 2 as an example, the secure memory access instruction included in the trusted secure zone reset function of the memory segment at the second security level in fig. 2 can only access the backup data segment and the memory segment at the first security level, and the secure memory access instruction included in the nested attestation function of the memory segment at the third security level can access the key data segment, the memory segment at the first security level, and the memory segment at the second security level.
In this embodiment of the present specification, a global legal access range is defined in the trusted security zone, and the global legal access range is set as a legal access range of any security level when jumping to the memory segment of any security level through a legal call logic, otherwise, is set as a legal access range of a first security level; and the memory access address corresponding to the secure memory access instruction in the memory segment with any security level belongs to the global legal access range. In this embodiment of the present specification, a global valid access range is defined for the trusted security zone, and is used to limit access addresses corresponding to all secure memory access instructions in the trusted security zone at the same time, where the global valid access range is not a fixed value, but may be changed correspondingly according to the program running condition in the trusted security zone, and a changeable value includes a valid access range of each security level. As described above, in the embodiments of the present specification, the compiling process modifies the operation logic implied by the memory access instruction in the source program, so that the memory access address corresponding to the corresponding secure memory access instruction in the compiled target program is guided into the global legal access range. However, after the target program is loaded into the trusted security area, the access addresses corresponding to the secure memory access instructions in the memory segments from different security levels belong to different legal access ranges, which is not realized by setting different operation logics for the secure memory access instructions to be loaded into the memory segments from different security levels in the compiling process, and in fact, in the compiling process, no matter the memory access instructions in the user source program or the system source program are finally converted into the secure memory access instructions containing the same operation logics according to a uniform instruction conversion rule, that is, the memory addresses corresponding to the secure memory access instructions loaded into the trusted security area all belong to the global legal access range. The reason why the phenomenon that the memory access address corresponding to the secure memory access instruction in the memory segment of any security level belongs to the legal access range of any security level can be generated is that when the program of the memory segment of the x security level jumps to the memory segment of the y security level through the legal call logic, the global legal access range is set as the legal access range of the y security level. Therefore, the program running in the trusted secure zone can realize the following functions as long as the program is under the legal call logic: although all the secure memory access instructions have the same operation logic and the actual memory access address is limited within the global legal access range, the secure memory access instructions in the memory segments with different security levels have different legal access ranges.
Through the embodiment of the specification, when programs in memory segments with different security levels jump through illegal call logic, because the global legal access range is not changed, after the programs are randomly jumped from a memory segment with a low security level to a memory segment with a high security level, a secure memory access instruction in the memory segment with the high security level cannot be normally executed due to the limitation of the access address. For example, after a user target program in a memory segment of a first security level jumps to a certain instruction of a memory segment of a second security level through an illegal call logic such as a custom jump instruction, if a secure memory access instruction is not encountered, the user target program will continue to be executed normally (since no memory is accessed, information or modified data is not leaked, and security risk is low), but if a secure memory access instruction is encountered once, since the global legal access range is still the legal access range of the first security level, the actual access address of the secure memory access instruction executed at this time is limited in the global legal access range, that is, the legal access range of the first security level, although the location of the secure memory access instruction is in the memory segment of the second security level, so that after the user target program in the memory segment of the first security level jumps to the memory segment of the second security level illegally, the subsequently executed secure memory access instruction cannot affect the memory space outside the legal access range of the first security level, thereby reducing the system security risk caused by the illegal call logic.
In the embodiment of the present specification, the legal call logic mainly refers to a call logic implemented by a boundary modifying function in the system target program, and when a certain program in a trusted security area needs to call a called function in a memory segment at a different security level (especially, a higher security level) in an operating process, the legal call process is implemented by calling the boundary modifying function through an Ecall instruction. The boundary modification function, when executed, is to: and changing the global legal access range to the legal access range of the security level of the memory segment where the called function which needs to be called and executed actually is located, and then calling the called function to execute. Meanwhile, after the called function is executed, the global legal access range is restored to the numerical value before modification, and the called function jumps to the calling point of the boundary modification function to continue executing the subsequent instruction.
Optionally, the memory address of the memory segment with the low security level is higher than that of the memory segment with the high security level, the legal access range of any security level is an address range of a boundary address higher than any security level, the boundary address of any security level belongs to the memory segment with any security level, the global legal access range is a boundary address higher than that stored in a boundary register, and the legal call logic includes a call logic implemented by a boundary modification function in the system target program;
executing any system function belonging to the system target program and in the memory segment of any security level, including:
calling the boundary modification function to modify the primary boundary address stored in the boundary register into the boundary address of any security level;
and calling and executing any system function in the boundary modification function, and modifying the boundary address stored in the boundary register into the primary boundary address after the execution of any system function is completed.
The memory addresses of the memory segments in the trusted security zone shown in fig. 2 are higher and higher from bottom to top, so as to ensure that the memory address of the memory segment with the low security level is higher than that of the memory segment with the high security level, that is, the memory address of the memory segment with the first security level is higher than that of the memory segment with the second security level, and the memory address of the memory segment with the second security level is higher than that of the memory segment with the third security level. In this embodiment of the present specification, the boundary addresses of different security levels are set to define the legal access ranges of different security levels, and specifically, the legal access range of any security level is an address range higher than the boundary address of any security level, so that the legal access range of any security level includes memory segments lower than any security level. Meanwhile, in order to make the legal access range of any security level include at least a part of the memory addresses in the memory segment of any security level, it is necessary to ensure that the boundary address of any security level belongs to the memory segment of any security level and the memory space higher than the boundary address at least includes one data segment. In addition, the global legal access range is defined by the boundary address in the boundary register, specifically, higher than the boundary address stored in the boundary register.
As described above, before any system function in the memory segment belonging to the system object program and at any security level needs to be called, the calling needs to be performed through legal calling logic. That is, the boundary modification function is first called and executed, and when executed, the boundary modification function is used to: and modifying the primary boundary address stored in the boundary register into the boundary address of any security level, calling and executing any system function, and modifying the boundary address stored in the boundary register into the primary boundary address after the execution of any system function is completed so as to complete legal calling logic for any system function. By the embodiment, the system function called by the legal call logic can be normally executed, and the system function called by the illegal call logic except the legal call logic cannot be normally executed, so that the system security risk caused by the illegal call logic is reduced.
Optionally, the memory segment of any security level includes a corresponding data segment and a program segment with a memory address lower than that of the data segment, and the boundary address of any security level is used to separate the data segment and the program segment in the memory segment of any security level. Therefore, by matching with the operation logic contained in the secure memory access instruction, the program in the program section in the memory section at any security level cannot access and modify the program in the program section per se, so that the system security risk caused by program tampering is reduced, and a protection mechanism in the memory section at a certain security level is realized. Taking fig. 2 as an example, the boundary address of the first security level is used to separate the user data segment and the user program segment in the memory segment of the first security level, so as to limit the user target program from tampering with itself; the boundary address of the second security level is used for separating the backup data segment and the reset program segment in the memory segment of the second security level, so that the trusted security zone reset function is limited from tampering with the trusted security zone reset function; the boundary address of the third security level is used for separating the key data segment and the certification program segment in the memory segment of the third security level, so that the nested certification function is limited from tampering with the nested certification function.
Optionally, the memory address of the memory segment with the low security level is higher than that of the memory segment with the high security level, the legal access range of any security level is an address range higher than the boundary address of any security level, the boundary address of any security level belongs to the memory segment with any security level, and when executed, any secure memory access instruction in the memory segment with any security level is configured to:
subtracting an original access address corresponding to a memory access instruction used for being compiled into any one of the secure memory access instructions from a boundary address stored in a boundary register, and storing an obtained difference value into an offset register, wherein the boundary address stored in the boundary register is the boundary address of any one of the secure levels;
and taking the addend obtained by adding the absolute difference value stored in the offset register and the boundary address stored in the boundary register as the access address corresponding to any one of the secure memory access instructions, and accessing the memory based on the access address.
The embodiment of the present specification introduces operation logic specifically contained in a secure memory access instruction, so that an instruction conversion rule of the compiling method according to the embodiment of the present specification can be analyzed and obtained. Taking the example that the user source program is AT & T assembly language, it is assumed that there exists a memory access instruction "movq% rax,0x (% rdx,% rcx, 3)" in the user source program, and the operation logic contained in the memory access instruction is "write the value stored in the register rax into the memory space with the address of 0x (% rdx,% rcx, 3)", since its corresponding access address 0x (% rdx,% rcx, 3) is uncertain when actually executed, there is an out-of-bounds access risk if the instruction is directly executed. Therefore, in order to limit the legal access range of the first security level, we can change the operation logic contained in the secure memory access instruction when the secure memory access instruction is compiled into machine code, so that the operation logic is no longer the direct access address 0x (% rdx,% rcx, 3), but accesses a redirection address higher than the boundary address of the first security level. Specifically, if we decompile the secure memory access instruction compiled in this example, we can obtain the following assembly instruction set: "
leaq 0x(%rdx,%rcx,3),%r14
subq%r15,%r14
shlq $1,%r14
shrq $1,%r14
movq%rax,(%r15,%r14,1)。”
The register r15 is a boundary register storing a boundary address, and the register r14 is an offset register.
Therefore, the operation logic included in the assembly instruction set, that is, the operation logic of the compiled secure memory access instruction, is specifically "write address 0x (% rdx,% rcx, 3) into register r14, write the difference obtained by subtracting the value stored in register r14 from the value stored in r15 into register r14, set the most significant bit of the value stored in r14 to 0 (since the most significant bit represents the sign, the operation is regarded as taking an absolute value), and write the value stored in register rax into address (% r15,% r14, 1), which is the sum of the value stored in r14 and the value stored in r 15". If the original access address 0x (% rdx,% rcx, 3) is higher than the boundary address, the access address corresponding to the final secure memory access instruction is consistent with the original access address; and if the original access address is lower than the boundary address in the boundary register, modifying the access address corresponding to the final secure memory access instruction into a random address higher than the boundary address. Therefore, no matter what the original access address corresponding to the memory access instruction is, the access address corresponding to the compiled secure memory access instruction is always higher than the boundary address in the boundary register, that is, the access address corresponding to the secure memory access instruction always belongs to the current global legal access range.
Optionally, the user object program is configured to disable the invoking of the boundary register and the offset register, and the boundary address stored in the boundary register can only be modified by executing the boundary modification function in the system object program. In order to ensure the validity of the secure memory access instruction, it is necessary to ensure that a user target program cannot call the boundary register and the offset register, and at the same time, a unique legal channel is provided for modifying the boundary address in the boundary register, so that the boundary address in the boundary register is prevented from being modified in a manner other than a boundary modification function, the boundary address in the boundary register used for defining a global legal access range is ensured not to be modified randomly, and the risk of boundary-crossing memory access can be reduced for the secure memory access instruction as expected.
Optionally, the boundary address of any security level is set to be inaccessible. When the special condition of a push instruction in a memory segment of any security level is processed, because the push instruction is executed, the memory access address pointed by the stack pointer is continuously reduced, so that a memory space lower than the boundary address of any security level can be accessed, namely, the risk of crossing the legal access range of any security level exists, the boundary address in any security level can be forcibly set to be inaccessible, and the risk of border-crossing memory access caused by the push instruction is avoided.
Optionally, the trusted secure area is divided into a plurality of memory blocks connected end to end, the same secure memory access instruction is included in the same memory block, a secure jump point in the trusted secure area is aligned with a start address of any memory block, and the secure jump point in the trusted secure area includes a loop start address, a conditional branch start address, and a function start address of a non-sensitive function;
the programs in the trusted security zone comprise the user object program and a system object program compiled from a system source program, the system object program is positioned in a memory segment with a second security level and above, and the system object program comprises a trusted security zone reset function; and compiling the address jump instruction in the user source program into a corresponding safe address jump instruction in the user target program, and/or compiling the address jump instruction in the system source program into a corresponding safe address jump instruction in the system target program, wherein the jump address corresponding to any safe address jump instruction is a starting address of a memory block where an original jump address corresponding to the address jump instruction compiled into any safe address jump instruction is located.
As mentioned above, the secure memory access instruction is actually a machine code set including one or more machine codes, and only when executed completely, can play a role in avoiding the access and storage crossing risk. However, an attacker can skip the secure memory access instruction by using the address jump instruction in the user target program or the system target program, or modify the values of other registers and jump to a certain machine code in the middle of the secure memory access instruction at the same time, so that the execution of the complete secure memory access instruction is disturbed once, and even the effect of limiting the access address by the secure memory access instruction can be broken through, so that the attacker can cross the range to access a memory space outside the expected legal access range. In order to avoid that an attacker partially or completely avoids the effectiveness of the secure memory access instruction through an address jump instruction, the embodiments of the present specification propose another security policy, where the security policy divides the trusted security region into a plurality of address spaces called memory blocks connected first, the sizes of the memory blocks may be the same or different, any secure memory access instruction is completely contained in a certain memory block, and it is specified that all the secure address jump instructions in the trusted security region can jump to the starting address of a certain memory block only, but cannot jump directly to the inside of any memory block.
By the aid of the security strategy, any security address jump instruction cannot jump to a certain machine code in the middle of a security memory access instruction, and an attacker cannot disturb complete execution of any security memory access instruction through a self-defined address jump instruction, so that any security memory access instruction can be expected to avoid the access border crossing risk as long as being executed, and the address jump instruction in a source program is compiled into the corresponding security address jump instruction. Of course, the security policy cannot prevent an attacker from completely skipping a secure memory access instruction, but in this case, there is practically no risk of an out-of-range access.
Similar to the foregoing compiling method, in the embodiments of the present specification, the above security policy is also implemented by using a compiler technology, and when the user source program and/or the system source program are compiled, the instruction conversion rule in the conventional compiling process is changed by using the compiler technology. In the process of compiling a user/system source program into a user/system target program, the changed instruction conversion rule is used for guiding the address jump instruction in the user/system source program to be compiled into a corresponding safe address jump instruction in the user/system target program, and a jump address corresponding to any safe address jump instruction in the user/system target program is ensured to be a starting address of a memory block where an original jump address corresponding to the address jump instruction which is compiled into the any safe address jump instruction is located. By the compiling method according to the embodiment of the present specification, a jump disturbance risk of the user/system source program at a source code level (the jump disturbance risk refers to a situation where a secure memory access instruction fails by jumping to the inside of the secure memory access instruction) can be eliminated, and the user/system source program with the jump disturbance risk is purified to be a user/system target program without the jump disturbance risk.
Although the above security policy can ensure that there is no risk of jump disturbance in the user/system target program, since the operation logic contained in the objective secure address jump instruction is changed compared with the address jump instruction before compilation, the user/system target program cannot normally jump to the original jump address corresponding to the address jump instruction, but is guided to jump to the start address of the memory block where the original jump address is located, which may cause the user/system target program to fail to complete its normal execution flow. In order to avoid that the security policy affects the normal execution flow of the user/system target program, the secure jump point in the trusted security area is aligned with the start address of any memory block, where the secure jump point in the trusted security area includes a loop start address, a conditional branch start address, and a function start address of a non-sensitive function, and specifically, when the compiled user/system target program is loaded into the trusted security area, the secure jump point included in the user/system target program is automatically aligned with the start address of a memory block that is partitioned in advance. The secure jump points in the trusted secure area refer to jump points necessary for enabling the user/system target program to execute normally, for example, for a loop logic, a loop start address to be repeatedly jumped to must exist, for example, for a conditional branch logic, jump to a different conditional branch start address under different conditions, and for example, if a non-sensitive function needs to be called by jumping, jump to a function start address of the non-sensitive function must be required. Because all the safe jump points in the trusted security zone are aligned with the starting addresses of the corresponding memory blocks in the trusted security zone, if the normal execution process of the user/system target program is to be maintained, the normal execution of the user/system target program can be realized only by using a safe address jump instruction which can jump to the starting address of a certain memory block, namely under the alignment design of the safe jump points and the starting addresses of the memory blocks, the normal execution of the user/system target program is not influenced while the jump interference risk of the user/system source program on the source code level is eliminated.
In addition, in order to avoid that the secure address jump instruction directly jumps to the sensitive function or the sensitive instruction for execution, the start address of any memory block may be set not to be aligned with the start address of the sensitive instruction or the sensitive function. The sensitive instruction referred to in the embodiments of the present specification refers to an instruction that may cause a security breach in the trusted secure area, for example, the aforementioned user right hardware instruction, and the sensitive function referred to in the embodiments of the present specification refers to a function that may cause a security breach in the trusted secure area, for example, the aforementioned boundary modification function.
Fig. 3 is a schematic diagram of a trusted secure zone after partitioning a memory chunk according to an exemplary embodiment. As shown in fig. 3, if the operation logic contained in the address jump instruction in the user/system source program is to jump to a certain address in the middle of the memory block a, the secure address jump instruction obtained by compiling the address jump instruction by the compiling method referred to in this specification is used to: jump to the starting address of memory block a (the secure jump point of memory block a in the figure).
Optionally, the any secure address jump instruction is configured to, when executed:
and performing AND operation on an original jump address corresponding to an address jump instruction used for being compiled into any one of the safe address jump instructions and the alignment constant, and taking a result obtained by the AND operation as a jump address to jump.
The embodiment of the present specification introduces operation logic specifically contained in a secure address jump instruction, so that an instruction conversion rule of the compiling method according to the embodiment of the present specification can be analyzed and obtained. Taking the example that the user source program is AT & T assembly language, assuming that there exists an address jump instruction "jmpq% rax" in the user source program, the operation logic contained in the address jump instruction is "jump using the value stored in the register rax as a jump address", since the jump address% rax corresponding to the address jump instruction is uncertain in actual execution, if the instruction is directly executed, the jump interference risk will be brought. Therefore, to ensure that a jump is not made to the machine code in the middle of the secure address jump instruction, we can change the operation logic contained in the secure address jump instruction when the secure address jump instruction is compiled as the machine code, so that the operation logic does not jump directly to the address% rax any more, but jumps to the start address of a memory block adjacent to the address% rax. Specifically, if we decompile the compiled secure address jump instruction in this example, we can get the following assembly instruction set: "
andq%rax,0Xffffffffffffffe0
jmpq *%rax。”
Wherein 0 xfffffffffffffe 0 is an alignment constant, and the last five bits of the start address of each memory block are 0, so that the address space of each memory block is a fixed 32bit (each memory block can accommodate 32 instructions at most).
Therefore, the operation logic contained in the assembly instruction set is also the operation logic of the safety address jump instruction obtained by compiling, specifically, "store the start address of a certain memory block obtained by performing and operation on the value stored in the register rax and the alignment constant 0 xfffffffffffffffffffff0 to the register rax, and jump the value stored in the register rax as the jump address". If the original jump address is the starting address of a certain memory block (because the safe jump address is aligned with the starting address of the memory block, the safe jump address is necessarily the starting address of the certain memory block under the normal execution flow), the jump address corresponding to the final safe address jump instruction is consistent with the original jump address; if the original jump address is not the starting address of a certain memory block (usually meaning the program is bad), the jump address corresponding to the final safe address jump instruction is modified to the starting address of the memory block where the original jump address is located. Therefore, no matter the original jump address corresponding to the address jump instruction, the jump address corresponding to the compiled safe address jump instruction is always adsorbed to the starting address of one memory block.
In addition, a ret instruction serving as an address jump instruction in a user/system source program also needs to be subjected to a similar compiling process, and the address jump instruction is compiled into a safe address jump instruction in a user/system target program so as to eliminate the corresponding jump interference risk. The ret instruction is usually used to jump to a call point after the called function is executed, and the address of the call point is usually stored to the top of the stack, however, if an attacker modifies the value stored at the top of the stack during the execution of the called function, the ret instruction may be returned to any memory address, which brings the risk of jump disturbance.
Assuming that an address jump instruction "retq" exists in a user source program, the operation logic contained in the address jump instruction is "jump using the value stored at the top of the stack as a jump address", and since the corresponding jump address is uncertain in actual execution, if the instruction is directly executed, the jump interference risk is brought. Therefore, in order to ensure that the machine code in the middle of the safe address jump instruction is not jumped to, the operation logic contained in the safe address jump instruction can be changed when the safe address jump instruction is compiled into the machine code, so that the operation logic is not jumped to the value stored at the top of the stack as the original jump address directly, but jumped to the starting address of a memory block adjacent to the original jump address. Specifically, if we decompile the compiled secure address jump instruction in this example, we can get the following assembly instruction set: "
popq%r14
andq%r14,0Xffffffffffffffe0
jmpq *%r14。”
The register r14, as an offset register, stores the aforementioned difference, and is also used herein to store a jump address (since an instruction is necessarily executed serially by the CPU, the register r14 as a CPU register may be multiplexed in different instructions), 0 xfffffffffffffffffffe 0 is an alignment constant, the last five bits of the start address of each memory block are 0, and therefore the address space of each memory block is a fixed 32-bit.
Therefore, the operation logic contained in the assembly instruction set is also the operation logic of the compiled safe address jump instruction, specifically, "pop the value stored at the top of the stack and store the value in the register rax, store the value stored in the register rax and the initial address of a certain memory block obtained by performing and operation on the alignment constant 0 xfffffffffffffffe 0 in the register rax, and jump the value stored in the register rax as the jump address". Similar to the above description, the jump address corresponding to the compiled secure address jump instruction is always attached to the start address of one of the memory blocks regardless of the original jump address corresponding to the address jump instruction.
Optionally, a shutdown instruction is inserted between a function start address in a memory block occupied by any sensitive function in the system target program and a start address of the memory block, and the shutdown instruction is used to trigger system shutdown when executed. In this embodiment of the present specification, in order to avoid that the secure address jump instruction jumps to a sensitive function, which may damage the security of the system, any sensitive function may be set to be not aligned with the memory block in which the sensitive function is located. Specifically, a shutdown instruction may be inserted between a function start address in a memory block occupied by any sensitive function and a start address of the memory block, so that the start address of the memory block in which the sensitive function is stored is aligned with the shutdown instruction. As shown in fig. 3, since both the memory block b and the memory block c need to store the sensitive function a, the start addresses of both the memory block b and the memory block c are aligned with the halt instruction and are not aligned with the sensitive function a, which ensures that the halt instruction can only be skipped to when the memory block b and the memory block c are skipped to by the secure address jump instruction, thereby protecting the sensitive function a from being skipped and called at will. It should be noted that the halt instruction can be regarded as an insensitive function, and therefore it can also be regarded as a type of safe jump point.
Optionally, when any sensitive function occupies at least two memory blocks, the sensitive function in the at least two memory blocks is connected by a tag jump instruction.
In this embodiment of the present specification, the jump instruction may be divided into an address jump instruction and a tag jump instruction according to types, where the address jump instruction is an instruction to jump according to a jump address given in the instruction, for example, "jmpq ×% rax" refers to a memory space where an address stored in a jump register rax is located; the tag jump instruction is an instruction for performing direct jump according to a tag given in the instruction, for example, "jmp L1" refers to a memory space marked at the location of the jump to the globally unique tag L1. In the embodiment of the present specification, the address jump instruction is compiled into the secure jump instruction according to the changed instruction conversion rule, and the tag jump instruction is compiled according to the instruction conversion rule in the conventional compilation process, so that the operation logic contained in the tag jump instruction is not changed.
In the embodiment of the present disclosure, the same sensitive function may include a large number of instructions, and therefore may not be completely stored in the same memory block, and when the same sensitive function occupies at least two memory blocks, because the instructions are sequentially executed during the operation, the boundary between the two memory blocks is necessarily separated by the shutdown instruction, which results in that the sensitive function cannot be normally executed. Based on the above, the same sensitive function stored in different memory blocks is connected through the tag jump instruction, so that the sensitive function can be normally executed without being interrupted by the halt instruction when the size of the sensitive function is large. As shown in fig. 3, a sensitive function a needs to occupy a memory block b and a memory block c at the same time, however, a shutdown instruction at the beginning of the memory block c may block normal execution of the sensitive function a, so a tag jump instruction is added at the end of a first portion of the sensitive function a stored in the memory block b, and a tag jumped by the tag jump instruction is marked as a start address of a second portion of the sensitive function a stored in the memory block c, so that the sensitive function a jumps to the second portion through the tag jump instruction to continue execution after the first portion is executed, without affecting a normal execution flow of the sensitive function a.
Optionally, a start address of any memory block is aligned with a function start address of a corresponding security detection function, and when executed, the security detection function in any memory block is configured to:
determining the security level of a jump point memory segment where a security address jump instruction jumping to a security detection function in any memory block is located;
under the condition that the original jump address corresponding to the address jump instruction used for compiling the safe address jump instruction or the starting address of any memory block does not belong to the legal access range of the safety level of the jump point memory segment, triggering the system to stop;
and under the condition that the original jump address or the starting address of any memory block is determined to belong to a legal access range of the security level of the memory segment of the jump point, sequentially executing a next instruction or jumping to the original jump address.
The security detection function according to the embodiment of the present disclosure belongs to a non-sensitive function in a system object function, and since the security detection function may be inserted into the beginning of each memory block and the user program segment may include one or more memory blocks, the one or more security detection functions may also be inserted into the user program segment, and the insertion process occurs during the process of loading the user object program into the user program segment, so that the user object program and the system object program are mixed in the user program segment at the same time. The security detection function may determine, through a value in the boundary register, a security level of a jump point memory segment where a security address jump instruction of the security detection function that jumps to any of the memory blocks is located, and specifically, may compare the value in the boundary register with boundary addresses of different security levels, thereby determining the security level of the boundary address that is consistent in comparison as the security level of the jump point memory segment. In order to enable the security detection function to obtain an original jump address corresponding to an address jump instruction for compiling the address jump instruction as a safe address jump instruction jumping to the security detection function, an operation logic may be added when the address jump instruction is compiled as the safe address jump instruction, so that the safe address jump instruction further includes the following operation logic: the original jump address is stacked to remain on the stack before the and operation is performed. During the execution of the safety detection function, the original jump instruction can be obtained through a pop instruction. The boundary of the legal access range of any security level can be set to be aligned with the boundary of the memory block, which means that any memory block cannot cross the legal access range of different security levels, so that as long as the starting address of the jump to any memory block is not out of range, it can be stated that any address jumped to any memory block cannot be out of range. Therefore, if it is determined that the original jump address or the start address of any memory block (the start address of any memory block is maintained in the security detection function in any memory block and does not need to be acquired from other places) belongs to the legal access range of the security level of the jump-point memory segment (i.e. the memory segment where the safe address jump instruction jumping to the security detection function in any memory block is located), it is indicated that the jump is legal, and the next instruction can be sequentially executed or the jump to the original jump address can be executed continuously; otherwise, the jump is proved to be illegal, a shutdown instruction is executed, and the system is triggered to be shut down. The embodiments of the present description can completely eliminate the risk of boundary-crossing jump caused by the address jump instruction in the system, so that any program cannot not only access the memory address outside its legal access range, but also jump to the memory address outside its legal access range normally.
In addition, in order to ensure that each user/system target program is normally executed without being interrupted by the security detection function inserted in the memory block, consecutive memory blocks may be connected by a tag jump instruction so as to skip execution of the security monitoring function when the user/system target program is normally executed in sequence, for example, a tag jump instruction is inserted at the end of each memory block, and the tag jumped by the tag jump instruction is marked as an address after the function termination address of the security detection function in the next memory block.
In this embodiment of the present specification, the user target program is obtained by compiling the user source program by an interpreter in the trusted secure zone; or, the user target program is obtained by the trusted compiling platform through compiling the user source program before running, and the method further includes:
and acquiring the user target program, and loading the user target program to the user program section under the condition that the signature verification corresponding to the user target program provided by the trusted compiling platform is determined to be successful.
The trusted security zone is embedded with an interpreter to implement the function of compiling the user/system source program into the user/system target program, and in this case, the trusted security zone may determine that the compiled user target program is trusted because the compiling method according to the embodiments of the present specification is used, so that it is not necessary to further determine whether the user target program is trusted. However, if in the scenario of AOT (Ahead-of-time, pre-run compilation), what the trusted secure area directly receives is the user target program, and since it cannot be determined whether the user target program uses the compilation method according to the embodiment of the present specification, it is necessary to verify the trustworthiness of the user target program before loading the user target program into the user program segment, so as to ensure that the risks such as access-to-memory boundary-crossing risk, jump interference risk, and the like of the user target program loaded into the user program segment are eliminated.
The trusted security zone may check the signature corresponding to the user target program provided by the trusted compilation platform by itself, or may check the signature corresponding to the user target program provided by the trusted compilation platform by a trusted authority trusted by another trusted security zone, and then, based on the trust of the trusted authority, the trusted security zone may load the user target program to the user program section upon confirming that the signature is successfully verified by the trusted authority. Fig. 8 is a system architecture diagram of a trusted computing system according to an exemplary embodiment, and with reference to fig. 8 as an example, assuming that a user target program compiled by an external trusted compiling platform needs to be loaded in a back-end trusted security zone, a signature corresponding to the user target program may be signed by the back-end trusted security zone itself or submitted to a front-end trusted security zone for signature verification, and then the back-end trusted security zone is notified when the front-end trusted security zone verifies the signature successfully, and the back-end trusted security zone may load the user target program to the user program segment based on a trust relationship with the front-end trusted security zone.
Referring to fig. 4, fig. 4 is a flowchart of a compiling method according to an exemplary embodiment. As shown in fig. 1, the method includes:
s402: the method comprises the steps of obtaining a user source program which is used for being executed in a credible safety area, wherein the credible safety area comprises a memory section with a first safety level and a memory section with a second safety level, the memory section with the first safety level comprises a user data section and a user program section, the memory section with the second safety level comprises a backup data section and a reset program section, the legal access range of the first safety level comprises at least one part of memory addresses in the memory section with the first safety level, and the access address corresponding to a safe memory access instruction in the user program section belongs to the legal access range of the first safety level.
S404: and compiling the user source program into a user target program so as to convert the memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program.
S406: loading the user target program to the user program segment to execute the user target program in the user program segment after the trusted secure zone is reset in response to a task request; wherein resetting the trusted secure zone comprises: and executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup used for covering the user data segment.
The compiling method according to the embodiments of the present disclosure has been described in detail in the foregoing embodiments, and is not described herein again. It should be noted that the compiling method according to the embodiments of the present specification is also applicable to compiling a system source program into a system target program.
By the compiling method related to the embodiment of the description, the memory access instruction in the user source program can be converted into the corresponding safe memory access instruction in the user target program by matching with the memory architecture of the credible safe area of the memory segments with different safety levels, and the memory access address corresponding to the safe memory access instruction belongs to the legal access range of the first safety level, so that the user source program with the jump interference risk is purified into the user target program without the jump interference risk. Meanwhile, after a user target program is compiled and obtained based on the compiling method and loaded into a trusted security zone, a secure reset method of the trusted security zone can be realized by the aid of the design of memory segments with different security levels.
FIG. 5 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 5, at the hardware level, the apparatus includes a processor 502, an internal bus 504, a network interface 506, a memory 508 and a non-volatile memory 510, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by processor 502 reading corresponding computer programs from non-volatile storage 510 into memory 508 and then running. Of course, besides the software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combination of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Fig. 6 is a block diagram of a request processing apparatus based on a trusted secure zone according to an exemplary embodiment, as shown in fig. 6, which may be applied to the device shown in fig. 5 to implement the technical solution of the present specification. The trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, wherein the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a reset program segment, and the legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level; the device comprises:
a resetting unit 601, configured to execute a trusted secure area resetting function in the resetting program segment in response to a task request, and cover a memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, where the memory backup includes a user data segment backup for covering the user data segment;
a user target program executing unit 602, configured to execute a user target program compiled from a user source program in the user program segment after the trusted secure zone reset function is executed; and compiling a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program, wherein a memory access address corresponding to the safe memory access instruction belongs to a legal access range of a first safety level.
Optionally, the reset unit 601 is specifically configured to:
starting a user authority hardware instruction, and reallocating memory access authority to the memory space corresponding to the legal access range of the first security level through the user authority hardware instruction;
and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, and forbidding the user authority hardware instruction after the memory backup is completed.
Optionally, the memory backup further includes a user program segment backup for overwriting the user program segment.
Optionally, the method further includes:
an execution result returning unit 603, configured to return, in response to the task request, an execution result corresponding to the task request generated by executing the user target program to an initiator of the task request.
Optionally, the method further includes:
a backup unit 604, configured to execute a trusted secure area backup function in the reset program segment in response to a backup request or when the trusted secure area completes cold boot, and store data in a legal access range of a first security level as the memory backup to the backup data segment.
Optionally, the trusted security zone is divided into a plurality of memory blocks connected end to end, the same secure memory access instruction is contained in the same memory block, a secure jump point in the trusted security zone is aligned with a start address of any memory block, and the secure jump point in the trusted security zone includes a loop start address, a conditional branch start address, and a function start address of a non-sensitive function;
the program in the trusted security zone comprises the user target program and a system target program obtained by compiling a system source program, the system target program is in a memory segment with a second security level and above, and the system target program comprises a trusted security zone reset function; the address jump instruction in the user source program is compiled into a corresponding safe address jump instruction in the user target program, and/or the address jump instruction in the system source program is compiled into a corresponding safe address jump instruction in the system target program, wherein a jump address corresponding to any safe address jump instruction is a starting address of a memory block where an original jump address corresponding to the address jump instruction of any safe address jump instruction is located.
Optionally, a shutdown instruction is inserted between a function start address in a memory block occupied by any sensitive function in the system target program and a start address of the memory block, and the shutdown instruction is used to trigger system shutdown when executed.
Optionally, when any sensitive function occupies at least two memory blocks, the sensitive function in the at least two memory blocks is connected by a tag jump instruction.
Optionally, a start address of any memory block is aligned with a function start address of a corresponding security detection function, and when executed, the security detection function in any memory block is configured to:
determining the security level of a jump point memory segment where a safe address jump instruction jumping to a safety detection function in any memory block is located;
under the condition that the original jump address corresponding to the address jump instruction used for compiling the safe address jump instruction or the starting address of any memory block does not belong to the legal access range of the safety level of the jump point memory segment, triggering the system to stop;
and under the condition that the original jump address or the starting address of any memory block is determined to belong to a legal access range of the security level of the memory segment of the jump point, sequentially executing a next instruction or jumping to the original jump address.
Optionally, the trusted secure zone further includes a memory segment with a third security level, where the memory segment with the third security level includes a key data segment and a certification program segment, and the apparatus further includes:
a nested certification unit 605, configured to execute a nested certification function in the certification program segment in response to a program certification request, and sign to-be-certified data based on a nested certification private key stored in the key data segment to generate a trusted program certification, where the to-be-certified data includes data in the user program segment and/or the reset program segment;
providing the trusted program attestation to an initiator of the program attestation request, and receiving the task request sent if the initiator confirms that the trusted program attestation verifies.
Optionally, the nested proof private key is distributed to the key data segment in the trusted secure zone by a key management server under the condition that the trusted secure zone is confirmed to pass the remote authentication of a remote authentication server.
Optionally, the trusted secure zone includes memory segments with different security levels, where the different security levels at least include a first security level and a second security level, and a legal access range of any security level includes at least a part of memory addresses in the memory segment of any security level and a memory segment lower than any security level;
the program in the trusted security zone comprises the user target program and a system target program obtained by compiling a system source program, the system target program is in a memory segment with a second security level and above, and the system target program comprises a trusted security zone reset function; and compiling the memory access instruction in the system source program into a corresponding safe memory access instruction in the system target program, wherein the memory access address corresponding to the safe memory access instruction in the memory segment of any safety level belongs to the legal access range of any safety level.
Optionally, the memory address of the memory segment with a low security level is higher than that of the memory segment with a high security level, the legal access range of any security level is an address range higher than the boundary address of any security level, the boundary address of any security level belongs to the memory segment with any security level, and when executed, any secure memory access instruction in the memory segment with any security level is configured to:
subtracting an original access address corresponding to a memory access instruction used for being compiled into any one of the secure memory access instructions from a boundary address stored in a boundary register, and storing an obtained difference value into an offset register, wherein the boundary address stored in the boundary register is the boundary address of any one of the secure levels;
and taking the addend obtained by adding the absolute value of the difference value stored in the offset register and the boundary address stored in the boundary register as the access address corresponding to any one secure memory access instruction, and accessing the memory based on the access address.
Optionally, the user object program is configured to prohibit invoking the boundary register and the offset register, and the boundary address stored in the boundary register can only be modified by executing the boundary modification function in the system object program.
Optionally, the trusted security zone defines a global legal access range, where the global legal access range is set as a legal access range of any security level when jumping to the memory segment of any security level through a legal call logic, and otherwise is set as a legal access range of a first security level; and the memory access address corresponding to the secure memory access instruction in the memory segment with any security level belongs to the global legal access range.
Optionally, the memory address of the memory segment with a low security level is higher than that of the memory segment with a high security level, the legal access range of any security level is an address range of a boundary address higher than that of any security level, the boundary address of any security level belongs to the memory segment with any security level, the global legal access range is a boundary address higher than that stored in a boundary register, and the legal call logic includes a call logic implemented by a boundary modification function in the system target program;
executing any system function belonging to the system object program and in the memory segment of any security level, including:
calling the boundary modification function to modify the primary boundary address stored in the boundary register into the boundary address of any security level;
and calling and executing any system function in the boundary modification function, and modifying the boundary address stored in the boundary register into the primary boundary address after the execution of any system function is completed.
Optionally, the memory segment of any security level includes a corresponding data segment and a program segment with a memory address lower than that of the data segment, and the boundary address of any security level is used to separate the data segment and the program segment in the memory segment of any security level.
Optionally, the boundary address of any security level is set to be inaccessible.
Optionally, the user target program is obtained by compiling the user source program by an interpreter in the trusted secure zone; alternatively, the first and second liquid crystal display panels may be,
the user target program is obtained by compiling the user source program before running through a trusted compiling platform, and the device further comprises:
and a signature verification unit 606, configured to acquire the user target program, and load the user target program into the user program segment when it is determined that signature verification corresponding to the user target program provided by the trusted compiling platform is successful.
Fig. 7 is a block diagram of a compiling apparatus provided in the present specification according to an exemplary embodiment, and the apparatus may be applied to the device shown in fig. 5 to implement the technical solution of the present specification. The device comprises:
a user source program obtaining unit 701, configured to obtain a user source program for execution in a trusted security zone, where the trusted security zone includes a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level includes a user data segment and a user program segment, the memory segment with the second security level includes a backup data segment and a reset program segment, a legal access range of the first security level includes at least a part of memory addresses in the memory segment with the first security level, and a memory access address corresponding to a secure memory access instruction in the user program segment belongs to the legal access range of the first security level;
a compiling unit 702, configured to compile the user source program into a user target program, so that a memory access instruction in the user source program is converted into a corresponding secure memory access instruction in the user target program;
a user target program loading unit 703, configured to load the user target program into the user program segment, so that the trusted secure area executes the user target program in the user program segment after being reset in response to a task request; wherein resetting the trusted secure zone comprises: and executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup used for covering the user data segment.
The above device embodiment corresponds to the above method embodiment, and there is no substantial difference, and the above descriptions regarding the embodiments shown in fig. 1 and fig. 4 are applicable to the embodiments shown in fig. 6 and fig. 7, and are not repeated here.
As shown in fig. 8, fig. 8 is a system architecture diagram of a trusted computing system provided by the present specification in accordance with an exemplary embodiment. The trusted computing system comprises a front-end trusted secure zone and at least one back-end trusted secure zone, wherein:
the front-end trusted security zone is used for receiving a task request sent by a client, forwarding the task request to a corresponding rear-end trusted security zone, and sending an execution result which is returned by the rear-end trusted security zone and aims at the task request to the client;
any one of the back-end trusted secure zones is configured to execute any one of the aforementioned request processing methods based on the trusted secure zone when receiving a task request sent by the front-end trusted secure zone, and return an execution result generated by executing a user target program to the front-end trusted secure zone.
As shown in fig. 8, the front-end trusted security zone in the optional computing system does not need to assume the role of executing the trusted computing task, but only serves as a transfer station between the client and the back-end trusted security zone, and the role of actually executing the trusted computing task is assumed by the plurality of back-end trusted security zones. The client side serving as the outside of the trusted computing system only establishes trust relationship with the front-end trusted security zone and carries out butt joint, and does not need to directly establish trust relationship with a plurality of rear-end trusted security zones for executing different trusted computing tasks, so that the convenience of the client side is improved; meanwhile, the plurality of back-end trusted security zones only need to establish trust relationship with the front-end trusted security zone and are in butt joint with each other, and do not need to directly face different clients and respectively establish trust relationship with different clients, so that the maintenance cost of network connection and trust relationship is greatly reduced on a system level.
When a back-end trusted security zone in a trusted computing system according to an embodiment of the present disclosure processes a task request, a fast and secure restart process is completed by the foregoing request processing method based on the trusted security zone, so that a trusted computing task corresponding to the task request can be quickly responded and executed, and meanwhile, a security policy segmented according to a security level adopted by the back-end trusted security zone can also ensure that a user target program for executing the trusted computing task is difficult to internally destroy the security of the trusted security zone.
For the process related to the task request processed by the back-end trusted secure zone in this embodiment, reference may be made to the description of the foregoing embodiment, and details are not described here again.
In the 90's of the 20 th century, improvements to a technology could clearly distinguish between improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements to process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical blocks. For example, a Programmable Logic Device (PLD) (e.g., a Field Programmable Gate Array (FPGA)) is an integrated circuit whose Logic functions are determined by a user programming the Device. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be conceived to be both a software module implementing the method and a structure within a hardware component.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a server system. Of course, the present invention does not exclude that as future computer technology develops, the computer implementing the functionality of the above described embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For example, the use of the terms first, second, etc. are used to denote names, but not to denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, which are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or the modules implementing the same functions may be implemented by a combination of a plurality of sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is intended to be illustrative of one or more embodiments of the disclosure, and is not intended to limit the scope of one or more embodiments of the disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.
Claims (25)
1. A request processing method based on a trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, wherein the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a reset program segment, and a legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level; the method comprises the following steps:
responding to a task request, executing a trusted security zone reset function in the reset program segment, and covering a memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup covered to the user data segment;
after the execution of the reset function of the trusted security zone is finished, executing a user target program compiled by a user source program in the user program segment; and compiling a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program, wherein a memory access address corresponding to the safe memory access instruction belongs to a legal access range of a first safety level.
2. The method of claim 1, wherein the overwriting the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level comprises:
starting a user authority hardware instruction, and reallocating memory access authority to the memory space corresponding to the legal access range of the first security level through the user authority hardware instruction;
and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, and forbidding the user authority hardware instruction after the memory backup is completed.
3. The method of claim 1, the memory backup further comprising a user program segment backup for overwriting the user program segment.
4. The method of claim 1, further comprising:
and responding to the task request, and returning an execution result corresponding to the task request generated by executing the user target program to an initiator of the task request.
5. The method of claim 1, further comprising:
and responding to a backup request or under the condition that the trusted secure area finishes cold start, executing a trusted secure area backup function in the reset program segment, and taking the data in the legal access range of the first security level as the memory backup to be stored in the backup data segment.
6. The method according to claim 1, wherein the trusted security zone is divided into a plurality of memory blocks connected end to end, the same secure memory access instruction is contained in the same memory block, a secure jump point in the trusted security zone is aligned with a start address of any memory block, and the secure jump point in the trusted security zone includes a loop start address, a conditional branch start address, and a function start address of a non-sensitive function;
the program in the trusted security zone comprises the user target program and a system target program obtained by compiling a system source program, the system target program is in a memory segment with a second security level and above, and the system target program comprises a trusted security zone reset function; and compiling the address jump instruction in the user source program into a corresponding safe address jump instruction in the user target program, and/or compiling the address jump instruction in the system source program into a corresponding safe address jump instruction in the system target program, wherein the jump address corresponding to any safe address jump instruction is a starting address of a memory block where an original jump address corresponding to the address jump instruction compiled into any safe address jump instruction is located.
7. The method according to claim 6, wherein any sensitive function in the system object program inserts a halt instruction between a function start address in a memory block occupied by the sensitive function and a start address of the memory block, and the halt instruction is used for triggering system halt when executed.
8. The method according to claim 7, wherein, when at least two memory blocks are occupied by any sensitive function, any sensitive function in the at least two memory blocks is connected by a tag jump instruction.
9. The method according to claim 6, wherein a start address of any memory block is aligned with a function start address of a corresponding security detection function, and the security detection function in any memory block is configured to, when executed:
determining the security level of a jump point memory segment where a safe address jump instruction jumping to a safety detection function in any memory block is located;
under the condition that the original jump address corresponding to the address jump instruction used for compiling the safe address jump instruction or the starting address of any memory block does not belong to the legal access range of the safety level of the jump point memory segment, triggering the system to stop;
and under the condition that the original jump address or the starting address of any memory block is determined to belong to a legal access range of the security level of the memory segment of the jump point, sequentially executing a next instruction or jumping to the original jump address.
10. The method of claim 1, the trusted secure zone further comprising a memory segment of a third security level, the memory segment of the third security level comprising a key data segment and an attestation program segment, the method further comprising:
responding to a program certification request, executing a nested certification function in the certification program segment, and signing to-be-certified data based on a nested certification private key stored in the key data segment to generate a trusted program certification, wherein the to-be-certified data comprises data in the user program segment and/or the reset program segment;
providing the trusted program attestation to an initiator of the program attestation request, and receiving the task request sent if the initiator confirms that the trusted program attestation verifies.
11. The method of claim 10, the nested proof private key being assigned to the key data segment in the trusted secure zone by a key management server upon confirmation that the trusted secure zone is remotely authenticated by a remote authentication server.
12. The method according to claim 1 or 10, wherein the trusted secure zone comprises memory segments of different security levels, the different security levels comprising at least a first security level and a second security level, wherein a legal access range of any security level comprises at least a part of memory addresses in the memory segment of any security level and memory segments lower than any security level;
the program in the trusted security zone comprises the user target program and a system target program obtained by compiling a system source program, the system target program is in a memory segment with a second security level and above, and the system target program comprises a trusted security zone reset function; and compiling the memory access instruction in the system source program into a corresponding secure memory access instruction in the system target program, wherein the memory access address corresponding to the secure memory access instruction in the memory segment of any security level belongs to the legal access range of any security level.
13. The method of claim 12, wherein the memory address of the memory segment with the low security level is higher than the memory segment with the high security level, the legal access range of any security level is an address range higher than the boundary address of any security level, the boundary address of any security level belongs to the memory segment with any security level, and any secure memory access instruction in the memory segment with any security level is used for:
subtracting an original access address corresponding to a memory access instruction used for being compiled into any one of the secure memory access instructions from a boundary address stored in a boundary register, and storing an obtained difference value into an offset register, wherein the boundary address stored in the boundary register is the boundary address of any one of the secure levels;
and taking the addend obtained by adding the absolute difference value stored in the offset register and the boundary address stored in the boundary register as the access address corresponding to any one of the secure memory access instructions, and accessing the memory based on the access address.
14. The method of claim 13, the user object program being arranged to disable invocation of the bound register and the offset register, the bound address stored in the bound register being modifiable only by execution of a bound-modifying function in the system object program.
15. The method according to claim 12, wherein the trusted security zone defines a global legal access scope, and the global legal access scope is set as a legal access scope of any security level when jumping to the memory segment of any security level through legal call logic, otherwise, is set as a legal access scope of a first security level; and the memory access address corresponding to the secure memory access instruction in the memory segment with any security level belongs to the global legal access range.
16. The method of claim 15, wherein the memory address of the memory segment with low security level is higher than that of the memory segment with high security level, the legal access range of any security level is the address range of the boundary address higher than any security level, the boundary address of any security level belongs to the memory segment with any security level, the global legal access range is the boundary address stored in the boundary register, and the legal call logic comprises the call logic realized by the boundary modification function in the system target program;
executing any system function belonging to the system target program and in the memory segment of any security level, including:
calling the boundary modification function to modify the original boundary address stored in the boundary register into the boundary address of any security level;
and calling and executing any system function in the boundary modification function, and modifying the boundary address stored in the boundary register into the primary boundary address after the execution of any system function is completed.
17. The method of claim 16, wherein the memory segment of any security level comprises a corresponding data segment and a program segment having a lower memory address than the data segment, and the boundary address of any security level is used to separate the data segment from the program segment in the memory segment of any security level.
18. The method of claim 16, wherein the boundary address of any security level is set to be inaccessible.
19. The method of claim 1, the user target program being compiled from the user source program by an interpreter in the trusted secure zone; alternatively, the first and second electrodes may be,
the user target program is obtained by compiling the user source program before running through a trusted compiling platform, and the method further comprises the following steps:
and acquiring the user target program, and loading the user target program to the user program section under the condition that the signature verification corresponding to the user target program provided by the trusted compiling platform is determined to be successful.
20. A compilation method comprising:
the method comprises the steps that a user source program used for being executed in a trusted security zone is obtained, wherein the trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a resetting program segment, the legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level, and the access memory address corresponding to a secure memory access instruction in the user program segment belongs to the legal access range of the first security level;
compiling the user source program into a user target program so as to convert a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program;
loading the user target program into the user program section so as to execute the user target program in the user program section after the user target program is reset by the trusted secure zone in response to a task request; wherein resetting the trusted secure zone comprises: and executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup used for covering the user data segment.
21. A request processing device based on a trusted security zone, wherein the trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a reset program segment, and a legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level; the device comprises:
a resetting unit, configured to execute a trusted security region resetting function in the resetting program segment in response to a task request, and cover a memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, where the memory backup includes a user data segment backup for covering the user data segment;
the user target program execution unit is used for executing a user target program obtained by compiling a user source program in the user program segment after the execution of the reset function of the trusted security zone is finished; and compiling a memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program, wherein a memory access address corresponding to the safe memory access instruction belongs to a legal access range of a first safety level.
22. A compiling apparatus comprising:
the system comprises a user source program obtaining unit, a trusted security zone and a processing unit, wherein the trusted security zone comprises a memory segment with a first security level and a memory segment with a second security level, the memory segment with the first security level comprises a user data segment and a user program segment, the memory segment with the second security level comprises a backup data segment and a reset program segment, the legal access range of the first security level comprises at least one part of memory addresses in the memory segment with the first security level, and the memory access address corresponding to a security memory access instruction in the user program segment belongs to the legal access range of the first security level;
the compiling unit is used for compiling the user source program into a user target program so as to convert the memory access instruction in the user source program into a corresponding safe memory access instruction in the user target program;
a user target program loading unit, configured to load the user target program into the user program segment, so as to execute the user target program in the user program segment after the trusted secure area is reset in response to a task request; wherein resetting the trusted secure zone comprises: and executing a trusted security zone reset function in the reset program segment, and covering the memory backup stored in the backup data segment to a memory space corresponding to a legal access range of a first security level, wherein the memory backup comprises a user data segment backup used for covering the user data segment.
23. A trusted computing system comprising a front-end trusted security zone and at least one back-end trusted security zone, wherein:
the front-end trusted security zone is used for receiving a task request sent by a client, forwarding the task request to a corresponding rear-end trusted security zone, and sending an execution result which is returned by the rear-end trusted security zone and aims at the task request to the client;
any back-end trusted secure zone is used for executing the method according to any one of claims 1-19 when receiving the task request sent by the front-end trusted secure zone, and returning the execution result generated by executing the user target program to the front-end trusted secure zone.
24. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-20 by executing the executable instructions.
25. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1 to 20.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211311423.6A CN115422554B (en) | 2022-10-25 | 2022-10-25 | Request processing method, compiling method and trusted computing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211311423.6A CN115422554B (en) | 2022-10-25 | 2022-10-25 | Request processing method, compiling method and trusted computing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115422554A true CN115422554A (en) | 2022-12-02 |
| CN115422554B CN115422554B (en) | 2023-03-24 |
Family
ID=84207214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211311423.6A Active CN115422554B (en) | 2022-10-25 | 2022-10-25 | Request processing method, compiling method and trusted computing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115422554B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116451235A (en) * | 2023-03-27 | 2023-07-18 | 亿咖通(湖北)技术有限公司 | Memory protection method, device, storage medium and program product |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080282093A1 (en) * | 2007-05-09 | 2008-11-13 | Sony Computer Entertainment Inc. | Methods and apparatus for secure programming and storage of data using a multiprocessor in a trusted mode |
| US8099605B1 (en) * | 2006-06-05 | 2012-01-17 | InventSec AB | Intelligent storage device for backup system |
| CN104111896A (en) * | 2014-07-30 | 2014-10-22 | 云南大学 | Virtual memory management method and virtual memory management device for mass data processing |
| CN105683981A (en) * | 2014-08-21 | 2016-06-15 | 华为技术有限公司 | Secure interaction method and device |
| CN113672237A (en) * | 2021-09-03 | 2021-11-19 | 支付宝(杭州)信息技术有限公司 | Program compiling method and device for preventing memory boundary crossing |
| CN113795826A (en) * | 2019-06-27 | 2021-12-14 | 英特尔公司 | Automated resource management for distributed computing |
| CN114116524A (en) * | 2020-08-25 | 2022-03-01 | 华为技术有限公司 | Method and device for creating secure page table and accessing memory |
| CN114625646A (en) * | 2022-03-14 | 2022-06-14 | 烽火通信科技股份有限公司 | Method and device for detecting system memory boundary crossing |
-
2022
- 2022-10-25 CN CN202211311423.6A patent/CN115422554B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8099605B1 (en) * | 2006-06-05 | 2012-01-17 | InventSec AB | Intelligent storage device for backup system |
| US20080282093A1 (en) * | 2007-05-09 | 2008-11-13 | Sony Computer Entertainment Inc. | Methods and apparatus for secure programming and storage of data using a multiprocessor in a trusted mode |
| CN104111896A (en) * | 2014-07-30 | 2014-10-22 | 云南大学 | Virtual memory management method and virtual memory management device for mass data processing |
| CN105683981A (en) * | 2014-08-21 | 2016-06-15 | 华为技术有限公司 | Secure interaction method and device |
| CN113795826A (en) * | 2019-06-27 | 2021-12-14 | 英特尔公司 | Automated resource management for distributed computing |
| CN114116524A (en) * | 2020-08-25 | 2022-03-01 | 华为技术有限公司 | Method and device for creating secure page table and accessing memory |
| CN113672237A (en) * | 2021-09-03 | 2021-11-19 | 支付宝(杭州)信息技术有限公司 | Program compiling method and device for preventing memory boundary crossing |
| CN114625646A (en) * | 2022-03-14 | 2022-06-14 | 烽火通信科技股份有限公司 | Method and device for detecting system memory boundary crossing |
Non-Patent Citations (4)
| Title |
|---|
| FELIX SCHUSTER等: "VC3 Trustworthy Data Analytics in the Cloud Using SGX", 《2015 IEEE SYMPOSIUM ON SECURITY AND PRIVACY》 * |
| GUOXING CHEN 等: "Securing TEEs with Verifiable Execution", 《IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 * |
| 张殷乾: "基于攻击文法的网络攻击建模和攻击", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 李明煜 等: "面向SGX2代新型可信执行环境的内存优化系统", 《软件学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116451235A (en) * | 2023-03-27 | 2023-07-18 | 亿咖通(湖北)技术有限公司 | Memory protection method, device, storage medium and program product |
| CN116451235B (en) * | 2023-03-27 | 2024-04-09 | 亿咖通(湖北)技术有限公司 | Memory protection method, device, storage medium and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115422554B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3674954B1 (en) | Security control method and computer system | |
| CN111651778B (en) | Physical memory isolation method based on RISC-V instruction architecture | |
| EP3123311B1 (en) | Malicious code protection for computer systems based on process modification | |
| US11144631B2 (en) | Dynamic switching between pointer authentication regimes | |
| KR101237527B1 (en) | A computer system comprising a secure boot mechanism | |
| CN103119601B (en) | For independent of method and apparatus anti-virus (AV) scanner of operating system (OS) performing mandatory security strategy | |
| JP5000573B2 (en) | Protected function call | |
| RU2439665C2 (en) | Compilation of executable code in less trustworthy address space | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
| JP5740573B2 (en) | Information processing apparatus and information processing method | |
| JP5346608B2 (en) | Information processing apparatus and file verification system | |
| US9594915B2 (en) | Information processing apparatus | |
| JP2014513348A (en) | System and method for processing a request to change a system security database and firmware storage in an integrated extended firmware interface compliant computing device | |
| CN107092824B (en) | Application program running method and device | |
| CN111400702A (en) | Virtualized operating system kernel protection method | |
| CN110532767B (en) | Internal isolation method for SGX (secure gateway) security application | |
| US20210150028A1 (en) | Method of defending against memory sharing-based side-channel attacks by embedding random value in binaries | |
| CN115422554B (en) | Request processing method, compiling method and trusted computing system | |
| KR102579861B1 (en) | In-vehicle software update system and method for controlling the same | |
| US10379886B2 (en) | Method and system for enhancing loading speed of intermediate language file | |
| US20090300307A1 (en) | Protection and security provisioning using on-the-fly virtualization | |
| CN107851032B (en) | Computing device, system and method for executing services in containers | |
| CN112182560B (en) | Efficient isolation method, system and medium for Intel SGX interior | |
| KR20170094737A (en) | Method and system for code protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |