JP7113887B2 - トラステッドカーネルベースの耐攻撃データプロセッサ - Google Patents
トラステッドカーネルベースの耐攻撃データプロセッサ Download PDFInfo
- Publication number
- JP7113887B2 JP7113887B2 JP2020502210A JP2020502210A JP7113887B2 JP 7113887 B2 JP7113887 B2 JP 7113887B2 JP 2020502210 A JP2020502210 A JP 2020502210A JP 2020502210 A JP2020502210 A JP 2020502210A JP 7113887 B2 JP7113887 B2 JP 7113887B2
- Authority
- JP
- Japan
- Prior art keywords
- kernel
- trusted
- data processor
- untrusted
- switching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710648239.3 | 2017-08-01 | ||
| CN201710648239.3A CN107463856B (zh) | 2017-08-01 | 2017-08-01 | 一种基于可信内核的防攻击数据处理器 |
| PCT/CN2018/096759 WO2019024708A1 (zh) | 2017-08-01 | 2018-07-24 | 一种基于可信内核的防攻击数据处理器 |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| JP2020529063A JP2020529063A (ja) | 2020-10-01 |
| JP2020529063A5 JP2020529063A5 (enExample) | 2021-08-19 |
| JP7113887B2 true JP7113887B2 (ja) | 2022-08-05 |
Family
ID=60548019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2020502210A Active JP7113887B2 (ja) | 2017-08-01 | 2018-07-24 | トラステッドカーネルベースの耐攻撃データプロセッサ |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US10909246B2 (enExample) |
| EP (1) | EP3663958B1 (enExample) |
| JP (1) | JP7113887B2 (enExample) |
| CN (1) | CN107463856B (enExample) |
| WO (1) | WO2019024708A1 (enExample) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107463856B (zh) * | 2017-08-01 | 2020-06-16 | 杭州中天微系统有限公司 | 一种基于可信内核的防攻击数据处理器 |
| CN108390856B (zh) * | 2018-01-12 | 2020-09-18 | 北京奇艺世纪科技有限公司 | 一种DDoS攻击检测方法、装置及电子设备 |
| CN109033842B (zh) * | 2018-07-27 | 2020-10-16 | 杭州中天微系统有限公司 | 数据处理器 |
| CN108985098B (zh) * | 2018-07-27 | 2020-10-13 | 杭州中天微系统有限公司 | 数据处理器 |
| CN109063516B (zh) * | 2018-07-27 | 2020-12-04 | 杭州中天微系统有限公司 | 数据处理器 |
| CN111552514B (zh) * | 2019-02-12 | 2024-12-06 | 阿里巴巴集团控股有限公司 | 一种处理器以及指令执行方法 |
| CN115718444A (zh) * | 2022-11-04 | 2023-02-28 | 航天科工空间工程发展有限公司 | 一种基于异构计算机的星务工作模式的切换方法和系统 |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004171563A (ja) | 2002-11-18 | 2004-06-17 | Arm Ltd | データ処理装置内のメモリへアクセスするための技術 |
| CN106599717A (zh) | 2016-12-01 | 2017-04-26 | 杭州中天微系统有限公司 | 数据处理器 |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4519032A (en) * | 1982-06-09 | 1985-05-21 | At&T Bell Laboratories | Memory management arrangement for microprocessor systems |
| US20030225817A1 (en) * | 2002-06-04 | 2003-12-04 | Prashanth Ishwar | Concurrent execution of kernel work and non-kernel work in operating systems with single-threaded kernel |
| FR2937439B1 (fr) * | 2008-10-17 | 2012-04-20 | Commissariat Energie Atomique | Procede d'execution deterministe et de synchronisation d'un systeme de traitement de l'information comportant plusieurs coeurs de traitement executant des taches systemes. |
| KR102012436B1 (ko) * | 2012-09-17 | 2019-08-20 | 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. | 화상형성장치, 구동 제어 방법, 및 컴퓨터 판독가능 기록매체 |
| JP2014089652A (ja) * | 2012-10-31 | 2014-05-15 | Toshiba Corp | 情報処理装置 |
| CN103176855A (zh) * | 2013-03-15 | 2013-06-26 | 中兴通讯股份有限公司 | 消息交互处理方法及装置 |
| US10867032B2 (en) * | 2014-09-17 | 2020-12-15 | Irdeto B.V. | Generating and executing protected items of software |
| US9870467B2 (en) * | 2015-03-27 | 2018-01-16 | Intel Corporation | Apparatus and method for implementing a forked system call in a system with a protected region |
| CN106778365B (zh) * | 2016-12-01 | 2019-10-18 | 杭州中天微系统有限公司 | 实现延时压栈的装置及处理器 |
| CN106775971B (zh) * | 2016-12-02 | 2020-01-31 | 杭州中天微系统有限公司 | 数据处理装置 |
| US10367639B2 (en) * | 2016-12-29 | 2019-07-30 | Intel Corporation | Graphics processor with encrypted kernels |
| CN107463856B (zh) * | 2017-08-01 | 2020-06-16 | 杭州中天微系统有限公司 | 一种基于可信内核的防攻击数据处理器 |
| US10565141B1 (en) * | 2018-08-28 | 2020-02-18 | Dell Products L.P. | Systems and methods for hiding operating system kernel data in system management mode memory to thwart user mode side-channel attacks |
-
2017
- 2017-08-01 CN CN201710648239.3A patent/CN107463856B/zh active Active
-
2018
- 2018-07-24 EP EP18841743.0A patent/EP3663958B1/en active Active
- 2018-07-24 WO PCT/CN2018/096759 patent/WO2019024708A1/zh not_active Ceased
- 2018-07-24 JP JP2020502210A patent/JP7113887B2/ja active Active
- 2018-10-30 US US16/175,710 patent/US10909246B2/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004171563A (ja) | 2002-11-18 | 2004-06-17 | Arm Ltd | データ処理装置内のメモリへアクセスするための技術 |
| CN106599717A (zh) | 2016-12-01 | 2017-04-26 | 杭州中天微系统有限公司 | 数据处理器 |
Also Published As
| Publication number | Publication date |
|---|---|
| EP3663958A4 (en) | 2020-07-22 |
| EP3663958B1 (en) | 2023-06-21 |
| JP2020529063A (ja) | 2020-10-01 |
| US10909246B2 (en) | 2021-02-02 |
| CN107463856A (zh) | 2017-12-12 |
| EP3663958A1 (en) | 2020-06-10 |
| US20190073477A1 (en) | 2019-03-07 |
| CN107463856B (zh) | 2020-06-16 |
| WO2019024708A1 (zh) | 2019-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7113887B2 (ja) | トラステッドカーネルベースの耐攻撃データプロセッサ | |
| Tiburski et al. | Lightweight security architecture based on embedded virtualization and trust mechanisms for IoT edge devices | |
| US10257170B2 (en) | Systems and methods for decrypting network traffic in a virtualized environment | |
| Jin et al. | Architectural support for secure virtualization under a vulnerable hypervisor | |
| US9904782B2 (en) | Synchronous execution of designated computing events using hardware-assisted virtualization | |
| US20110209219A1 (en) | Protecting User Mode Processes From Improper Tampering or Termination | |
| US10360386B2 (en) | Hardware enforcement of providing separate operating system environments for mobile devices | |
| CN102521531B (zh) | 基于硬件虚拟化的密码保护系统 | |
| CN108154032B (zh) | 具有内存完整性保障功能的计算机系统信任根构建方法 | |
| CN106603498A (zh) | 事件上报方法及装置 | |
| CN103996004A (zh) | 一种基于虚拟化的高可用系统设计方法 | |
| CN112363797B (zh) | 一种虚拟机安全运行方法、电子设备及存储介质 | |
| Pouraghily et al. | Hardware support for embedded operating system security | |
| CN108985098B (zh) | 数据处理器 | |
| CN109063516B (zh) | 数据处理器 | |
| CN113127149A (zh) | 一种基于自省技术的虚拟机安全监控方法及系统 | |
| Koga et al. | SSdetector: Secure and Manageable Host-based IDS with SGX and SMM | |
| US10019576B1 (en) | Security control system for protection of multi-core processors | |
| CN109033842B (zh) | 数据处理器 | |
| KR102698638B1 (ko) | 하드웨어 기반 격리 실행을 제공하는 마이크로 아키텍쳐 | |
| CN109190383A (zh) | 访问指令的处理方法、装置及设备 | |
| Iwano et al. | Keyspector: Secure Monitoring of IoT Devices Using RISC-V Keystone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20210706 |
|
| A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20210706 |
|
| A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20220323 |
|
| A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20220406 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20220622 |
|
| TRDD | Decision of grant or rejection written | ||
| A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20220706 |
|
| A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20220726 |
|
| R150 | Certificate of patent or registration of utility model |
Ref document number: 7113887 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |