KR20130093804A - Apparatus and method for secure and consistent runtime based confidential execution of application services - Google Patents

Abstract

PURPOSE: A runtime providing apparatus and a method for application service sealing execution provide a security virtualization interface layer for application service data requiring security consumption, and thereby maximize security of application service execution or application service data consumption. CONSTITUTION: A security virtualization interface layer (310) has an application service received through a user space (300) use hardware resources (450) and kernel services (432) of the lower part of a kernel space (340). A container parser (410) separates a virtualization security code and an application service from a service container received from a service providing server (100). A security virtualization interface generator (412) uses the virtualization security code and service policy to produce security virtualization interface. A virtualization service injector (414) stacks the application service in a VM (Virtual Machine) (420) through the security virtualization interface layer according to a policy in the security virtualization interface. [Reference numerals] (AA) Start; (BB) End; (S500) Receive a service container; (S502) Classification by Information in the service container; (S504) Deliver a virtualization security code and relevant information to an SVIF generator; (S506) Deliver a service(service data) to a VS injector; (S508) Generate a virtual interface after requesting and receiving a service policy; (S510) Separate application for the service required?; (S512) Request and receive the application; (S514) Inject the application service(application) to a virtual machine using a security virtualization interface; (S516) Is the security virtualization interface using code verification abnormal?; (S518) Request the implement or consumption of the application service(application); (S520) Stop the application service(application)

Description

Apparatus and Method for Secure and Consistent Runtime Based Confidential Execution of Application Services}

The present invention relates to service virtualization, virtualization interface, and virtual machine technology to ensure that an application service or application service data delivered to a user device by a service provider can be performed or consumed in a secure and consistent execution environment. Separate secure virtualization on top of the virtual machine to deploy application services in conjunction with and to ensure that the application service processes or separate processes consuming application service data access to internal resources through kernel services. Apparatus and method for providing a runtime layer and including a virtual machine technology for allowing a received application service or application service data to be executed or consumed regardless of the operating system and hardware platform of the terminal. One will.

In general, application services over the Internet have been protected by focusing on determining the subject of execution, that is, whether a user has the proper authority to use the application service. In addition, with the explosion of various types of user terminals capable of performing application services in recent years, the conventional application service security technology has been developed and implemented a lot of technologies for the protection of the application service itself, such as encryption, concealment, etc. , The three main issues of 'terminal stand-alone execution consistency', 'secure system resource access', and 'confidential execution and consumption of application services' are inadequate research and development. The reality is that the Consolidated User Experience cannot be provided to the user.

On the other hand, in order to support the execution or consumption of application services and application service data regardless of the operating system and hardware specifications of the terminal, it is possible to provide the application service and application service data depending on the virtual machine in general, There is still a fatal problem that execution information is easily exposed to other processes in user mode, such as malware, viruses, byte extractors, reverse engineering tools, and the like.

In addition, to ensure secure system resource access, conventional services and data protection technologies are designed to operate only on specific operating systems or hardware platforms. Indeed, in order to make it difficult to access the security-related information, such as the secret key or certificate of the terminal, which is loaded at the time of manufacture of the terminal, the user's application can install the security software at the level of a hardware platform such as a kernel or a hardware chip. When interworking with technology, the confidentiality of execution is guaranteed by executing application services using only unique protocols defined by service providers. However, using the execution code update and runtime API application hooking (Application Programming Interface Hooking), the problem that the malicious design process can penetrate into the security domain can only be accessed by a specific application service operating in the administrator or privileged mode. There is no. In addition, such an application service protection method greatly acts as a deterrent to the consistency of execution and consumption of application services and application service data.

In general, the operating system should provide security functions such as to prevent sensitive data of an application running under the management and control of the operating system from being accessed by other applications such as hacking programs, malicious code, and the like. However, as the operating system has to cover not only general purpose PCs but also various devices (special purpose), and as more advanced functions are loaded, security problems and areas that can be solved within the operating system are also complicated, providing sufficient security. The situation is getting harder.

Therefore, it is possible to meet 'terminal standalone execution consistency', 'secure system resource access', and 'secret execution and consumption of application services' beyond the conventional techniques for securing users suitable for application service execution or application service data consumption. There is a great demand for new technology.

Method and apparatus for secure processing of confidential content in a virtual machine of a Korean Patent Application Processor (Publication No. 2010-0066404) include a secure virtual machine system, method and computer program implemented on a processor provided to process content of a third party. Product ', using a secure virtual machine with a graphics processing unit (GPU) to provide a secure execution environment for the video decoder hardware to handle key processing and stream parsing, thereby providing It protects the flow of unprotected content and keys through it, and delivers a program that generates a content decryption key to the virtual machine to create a secure compliant decoder for authorized content on the GPU. The technology is described.

In view of the above-described needs, an object of the present invention is to control resource access so that a process using an application service or application service data can access a kernel service or hardware resource only by an authorized method, and a user terminal. It is to provide a runtime providing apparatus and method that guarantees the consistency of the execution of application services or the consumption of application service data regardless of the specification, and can support the confidentiality of the execution or consumption of application services and application service data.

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

According to an aspect of the present invention, the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention connects a user area and a kernel area, and an application service received through the user area has a kernel under the kernel area. A security virtualization interface layer for utilizing services and hardware resources, a container parser for separating virtualization security code and application services from the service container upon receiving a service container including a virtualization security code from a service providing server; A security virtualization interface generator for requesting and receiving a service policy related to a policy issuing server, and generating a security virtualization interface using the virtualization security code and the service policy, and the application server according to the rules described in the security virtualization interface; A scan through the secure virtual interface layer is characterized in that it comprises a virtualization service injectors for loading the virtual machine.

An apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention may include an inflow event handler for receiving the service container from the service providing server and providing the service container to the container parser, and at the request of the security virtualization interface generator. A policy search handler for accessing a policy issuing server, receiving a service policy, and providing the service policy to the secure virtualization interface generator, and performing a search in an application database when a separate application for executing or consuming the application service is required. And an application search handler for extracting a separate application.

In the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present disclosure, the secure virtualization interface generator may include the application service or a specific application consuming the same using the secure virtualization code through the secure virtualization interface layer. Extracts an interface rule for accessing a kernel service and a hardware resource in a kernel region, extracts a constraint rule for controlling access of the application service or a specific application program consuming the same from the service policy, and then extracts the extracted interface rule and the constraint rule It is characterized in that for generating the secure virtualization interface.

In the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention, the virtualization service injector may be configured as a native programming language supported by an operating system or a hardware standard by the application service or a specific application program consuming the same. In the case of the specification, the application service or the specific application program consuming the same may be delivered to the kernel service through the security virtualization interface layer.

In the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention, the virtual machine may include a library for interpreting the application service received through the security virtualization interface layer or a specific application program consuming the same. And a virtual library and a virtualization service interpreter for interpreting the application service received through the security virtualization interface layer or a specific application program consuming the same based on the core library.

In the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention, the virtualization service injector may be configured as a native programming language supported by an operating system or a hardware standard by the application service or a specific application program consuming the same. If not produced in the standard, it is characterized in that the application service or a specific application program consuming it is converted to a bytecode form and then delivered to the virtualization service interpreter.

In the apparatus for providing a runtime for secretly executing an application service according to an embodiment of the present invention, the virtualization service interpreter may call the native system call when the kernel service or hardware resource access is required when executing the application service or a specific application program consuming the application service. It generates and delivers to the kernel region.

In the runtime providing apparatus for executing the application service confidentiality according to an embodiment of the present invention, the kernel region determines whether the access is a trusted access by checking the suitability of the native system call received from the virtualization service interpreter. And a virtualization service monitor for allowing or blocking access to the kernel service or hardware resource of the native system call.

In the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention, the kernel region further includes a cached translation store for storing a security virtualization interface for the application service generated by the security virtualization interface generator. Characterized in that.

In the apparatus for providing a runtime for confidentiality of an application service according to an embodiment of the present invention, the kernel region may be generated by the secure virtualization interface generator by the secure service application or the specific application program consuming the same. And a virtualization service monitor for monitoring whether to generate a native system call only to a specific kernel service or hardware resource authorized according to the secured virtualization interface.

In the apparatus for providing a runtime for confidentially executing an application service according to an embodiment of the present invention, the kernel region may include a cached translation store that stores a secure virtualization interface of a specific application service or application, and secure virtualization stored in the cached translation store. And a virtualization service monitor for controlling access to a kernel service or a hardware resource of the application service or an application program for consuming the application based on an interface.

The apparatus for providing a runtime for confidentially executing an application service according to an exemplary embodiment of the present invention may further include an outflow event handler that processes an execution result of the application service or an application program for consuming the same to be output through a hardware resource. do.

According to another aspect of the present invention, a method of providing a runtime for confidentiality of an application service according to an embodiment of the present invention comprises the steps of: receiving a service container including a virtualization security code from an external service providing server; Separating a security code from an application service, requesting and receiving a service policy related to the service, from a policy issuing server, generating a security virtualization interface based on the virtualization security code and the service policy; And loading the application service into the virtual machine through the security virtualization interface layer according to the rules described in the security virtualization interface.

In accordance with another aspect of the present invention, there is provided a method of providing a runtime for confidentiality of an application service, including determining whether the application service requires a separate application program through the generated security virtualization interface, and as a result of the determination, the separate application program If necessary, the method may further include searching for and obtaining the separate application program from an application database, and the loading may include loading the obtained application program or application service on the virtual machine.

The generating of the secure virtualization interface in the runtime providing method for executing the confidentiality of the application service according to an embodiment of the present invention may include the application service or a specific application program consuming the secure virtualization code using the secure virtualization code. Extracting an interface rule for accessing a kernel service and a hardware resource of the kernel region through a layer, extracting a constraint rule for controlling access of the application service or a specific application program consuming the same from the service policy; And generating the secure virtualization interface using the extracted interface rule and the constraint rule.

The loading in the runtime providing method for executing the confidentiality of the application service according to an embodiment of the present invention includes performing a code verification on the security virtualization interface to determine whether there is an abnormality of the security virtualization interface, and the security virtualization interface. Loading the application service or the application consuming the application into the virtual machine if there is no error, and stopping the execution of the application service or the application consuming the application if the security virtualization interface has an error. It is characterized by including.

In the method of providing a runtime for confidentially executing an application service according to an embodiment of the present disclosure, the loading may include determining whether the application service or an application program consuming the same is written in a native programming language or standard, and determining the content. As a result, the step of delivering a native system call for the application service or the application that consumes it to a kernel region if it is written in a native programming language or standard, and if the result is not written in the native programming language or standard, the application service Or converting an application program consuming the same into a bytecode form and delivering the same to the kernel region through the virtual machine.

In the method of providing a runtime for confidentiality of an application service according to an embodiment of the present invention, the step of delivering a native system call for an application program to the kernel region through the virtual machine may include: Interpreting an application based on a pre-stored core library, and requesting a native system call to the kernel region when accessing a kernel service or a hardware resource is required when executing the application service or an application consuming the application. It features.

In accordance with another aspect of the present invention, there is provided a method of providing a runtime for confidentiality of an application service, including determining whether a trusted access is made through a suitability check of the native system call in the kernel region that receives the native system call, and the trusted Allowing access to the kernel service or hardware resource of the native system call only in the case of an access.

According to an embodiment of the present invention, an application service execution is provided by providing a secure virtualization interface layer that allows a process and data to enter a kernel mode for application services requiring confidential execution or application service data requiring confidential consumption. Alternatively, the confidentiality of application service data consumption can be maximized.

In addition, the present invention by using the virtualization service monitor to control the execution of the application service or the consumption of application service data in the form of the process execution in the form defined in the virtualization security code and service policy, thereby preventing indiscriminate access to the kernel service or hardware resources Not only can we do this, but we can use the resources of the process in a more stable way.

The present invention may provide an advantage of using a conventional virtual machine without any modification by defining and utilizing a secure virtualization interface layer on the virtual machine.

As a result, the operator can provide technical collateral for the secure and consistent use of the provided application services or application service data, that is, secure service code generation and service policy generation and secure virtual interface runtime software, and the received application services at the user terminal. Alternatively, the relevant process of application service data can reliably access kernel services and hardware resources as defined by secure virtual code and service policies.

In addition, a user may execute an application service or consume data of an application service independently of an operating system and a hardware platform of a terminal by using an existing virtual machine such as a Java virtual machine.

1 is a conceptual diagram illustrating a system structure in which an application service or application service data is distributed in a service container form based on providing a secure and consistent runtime environment according to an embodiment of the present invention;
2 is a diagram illustrating a service container structure applied to an embodiment of the present invention;
FIG. 3 illustrates the concept of virtualization of kernel system resources based on the relationship between application services in the user domain, virtual machines in the runtime domain, and system resources in the kernel domain, and illustrates how the execution of the application service is constructed from a runtime perspective. Conceptual diagram,
4 is a block diagram illustrating an internal configuration of a runtime system supporting safe and consistent execution and consumption of an application service or application service data centering on a user terminal according to an exemplary embodiment of the present invention.
5 is a flowchart illustrating a process before an application service is injected into a virtual machine through a secure virtualization interface according to the present embodiment;
6 is a flowchart illustrating a process of generating a security virtualization interface by extracting an interface rule and an access restriction rule from a security virtualization code and a policy according to the present embodiment;
7 is a flowchart illustrating a process of performing an application service monitoring for a native system call when a kernel service or a hardware resource is requested after entry into a runtime according to the present embodiment.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. Is provided to fully convey the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.

Each block of the accompanying block diagrams and combinations of steps of the flowchart may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus so that the instructions, which may be executed by a processor of a computer or other programmable data processing apparatus, And means for performing the functions described in each step are created. These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. It is also possible for the instructions stored in to produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of each step of the block diagram. Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.

Also, each block or each step may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative embodiments, the functions mentioned in the blocks or steps may occur out of order. For example, the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.

Hereinafter, referring to the accompanying drawings, a resource access control is performed such that a process using an application service or application service data can access a kernel service or a hardware resource only by an authorized method, and specifications of a user terminal, such as an operating system or a hardware platform. It describes a method and apparatus for ensuring the consistency of execution of application services or consumption of application service data, and to support the confidentiality of application services and application service data.

Prior to the description of an embodiment of the present invention, a system structure in which an application service or application service data is distributed will be described with reference to FIG. 1.

1 is a diagram conceptually illustrating a system structure in which an application service or application service data is distributed in the form of a service container based on providing a secure and consistent runtime environment according to an embodiment of the present invention. The container 110, the IP network 120, the user terminal 130, and the policy issuing server 140 may be included.

The service providing server 100 is a server operated by a reliable service provider, and may perform functions such as creating, synthesizing, and distributing elements of the service container 110.

The service container 110 refers to a standard for distributing an application service or application service data to the user terminal 130 by the service providing server 100. In particular, the application container or application service data may be secured in the user terminal 130. An application service distribution structure that supports consistent, confidential execution or consumption. As shown in FIG. 2, the specific format of the service container 110 may include a security virtualization code (SV Code) 150, an application service (or application service data) (Service or Service Data) 152, Meta data 154 and extension fields 156 may be included.

The secure virtualization code 150 allows the virtualization service injector to implement a secure virtualization interface layer to enable the application service or application service data to be executed or consumed from three perspectives: 'secure kernel resource access, consistent execution environment assurance, and confidential execution support'. This refers to the code that defines the interworking guidelines when injecting virtualization services into runtime or kernel areas. In particular, in the embodiment of the present invention through the secure virtualization interface layer, a code containing a specification on how the virtualization service injector loads the process instance of the application service or the process instance of the application using the application service data to the virtual machine. The security virtualization code 150 is defined.

Application service 152 is used as a concept encompassing all applications, program code, video, music files, text files, images, etc. In particular, the secure virtualization code 150 and the application service 152 is a trusted service As generated, synthesized, and issued by the provisioning server 100, it is assumed that they are mutually coupled by a predetermined cryptographic method such as code signing, message authentication, and the like.

The metadata 154 is a field for storing additional information related to the application service 152 or the application service data, and may be freely configured according to the application service creation and distribution rule of the service provider 100.

The extended field 156 refers to a field that can be additionally used as required by the service provider 100 in addition to the aforementioned metadata 154 field.

The IP network 120 refers to a wired / wireless communication network based on TCP / IP such as the Internet, and may provide a communication path and method between each entity.

The user terminal 130 includes service virtualization software (SVS), and processes application services and application service data which are not provided in the form of a service container according to a general method, or processes the service container 110 according to the present invention. It can be processed according to the embodiment.

In addition, the user terminal 130 may execute an application service from a runtime perspective using a kernel system, which will be described with reference to FIG. 3.

FIG. 3 illustrates the concept of virtualization of kernel system resources based on the relationship between application services in the user domain, virtual machines in the runtime domain, and system resources in the kernel domain, and illustrates how the execution of the application service is constructed from a runtime perspective. Conceptual diagram.

As shown in FIG. 3, the conceptual diagram of instance execution of a runtime based application service process includes a user space 300, a security virtualization interface layer 310, a service virtualization software 320, a virtualization service monitor 330, and a kernel. It may include a structure such as the region 340.

The user area 300 refers to a logical area in which an application service or application service data and other information necessary to perform or consume it are placed before being loaded into the processor and memory areas. Accordingly, the user area 300 may include a service 302, service data 302, an application program 304, and the like.

It is assumed that service 302 collectively refers to any type of single software, program code, data, or a logical process consisting of a combination thereof that can be executed or consumed using a conventional computing device. In addition, for convenience of explanation, the former is divided into application services and application service data, and the former is described later as an object of execution and the latter is described below as an object of consumption.

The service data 304 refers to an application service to be consumed for the purpose of distinguishing it from the service 302 to be executed.

The application program 304 may be used as a means of helping the consumption of application service data 304.

The Security Virtualization Interface Layer (SVIF Layer) 310 is an interface layer for the virtualized execution of the application 306 that facilitates the execution of the application service 302 and the application service data 304. In order to access the secure virtualization interface layer 310, a procedure of extracting the secure virtualization code in the service container 150 and obtaining the secure virtualization interface from the service policy must be preceded, and the secure virtualization interface layer 310 is a resource. Access abstraction and access code validation may provide runtime confidentiality for the application service 302 and the application service data 304.

The service virtualization software 320 includes a runtime area that loads and executes an application 306 for executing an application service 302 or application service data 304 on a processor and a memory. It may serve as a bridge between the user space 300 and the kernel space 340.

The service virtualization software 320 may be comprised of a processor 322, a virtual machine process 324, a service instance 326, and the like.

Process 322 includes general purpose processors used in conventional computing devices, such as central processing units (CPUs) and special purpose processors designed for security purposes, such as microcontrol units (MCUs), security chips (SCs), and the like. It may include.

The virtual machine process (VM Process) 324 is loaded into the process 322, and a plurality of virtual machine processes 324 may be loaded independently of the process 322.

In addition, the virtual machine process 324 may provide runtime consistency such that the application service 302 and the application service data 304 may be executed and consumed regardless of the operating system or hardware specifications of the user terminal 130.

The service instance SI (SI) is a separate application 306 for processing the application service 302 and the application service data 304 is loaded into the internal instance of the virtual machine process 324 to run It means the logical form when it becomes.

The Virtual Service Monitor (VS Monitor) 330 is a service instance 326 loaded and executed in the virtual machine process 324 to check the suitability of access rights when the resource request of the kernel area 340, the runtime security Provide a surname.

Kernel space (Kernel Space, 340) refers to the area where the system libraries (System Libraries) commonly provided by the operating system.

The virtualized resources 342 may refer to kernel resources formed in the form of a system library existing in the kernel region 340. Examples of kernel resources include services that perform file I / O, network I / O, memory management, and process management.

In addition, in the embodiment of the present invention, since resources under the kernel are abstracted through the secure virtualization interface layer 310, the virtual machine process 324 based service virtualization software 320, and the virtualization service monitor 330, the kernel resource is abstracted. Can be defined as virtualization resources.

An internal configuration of such a runtime system will be described with reference to FIG. 4.

4 is a block diagram illustrating an internal configuration of a runtime system supporting secure and consistent execution and consumption of an application service or application service data centering on a user terminal according to an embodiment of the present invention. User realm 300 including container parser 410, SVIF generator 412 and VS injector 414, secure virtualization interface layer 310, VS interpreter 422 and core that associate user real and runtime realms Service area 340, operating system 440, hardware resources including service virtualization software 320, library 424, virtualization service monitor 330, cached translation store 430, and kernel services 432. 450 and the outflow event handler 460.

As shown in FIG. 4, the inflow event handler 400 detects an application service or application service data introduced through the IP network 120 and informs the container parser 410 of the received application service. It can perform the function of delivering service or application service data.

When the Policy Retrieval Handler 402 requests the policy specification, the Policy Retrieval Handler 402 accesses the policy issuing server 140 through the IP network 120 to retrieve the policy statement (service policy). It can play the role of receiving.

The application database 404 serves as a storage for managing applications and operates as an entity outside the user terminal 130 as shown in FIG. 4, or as a storage inside the user terminal 130. Can function.

The Application Retrieval Handler (406) retrieves the appropriate application by searching the application database (404) when a separate application is required to execute or consume the received application service or application service data. To the VS injector 414.

The outflow event handler 408 may perform a function of processing an execution result of an application service or an application program through the hardware output device 450.

The container parser 410 separates and recognizes internal information constituting the service container as shown in FIG. 2 received through the inflow event handler 400, interprets metadata, and secures virtualization code 150. ) Can be passed to the SVIF generator 412 and the application service or application service data 152 to the VS injector 414. Accordingly, the container parser 410 is responsible for pre-processing required for executing and consuming application services or application service data.

The SVIF generator 412 may receive the secure virtualization code from the container parser 410 and then request and receive the relevant service policy specification from the policy search handler 402. The SVIF generator 412 extracts interface rules for accessing kernel services and system resources through the secure virtualization interface layer 310 to a specific application consuming an application service or application service data from the secure virtualization code. After extracting a constraint rule for controlling access of an application service or a specific application program from the extracted two rules can be synthesized to create a secure virtualization interface. In other words, the SVIF generator 412 may create a method in the form of a secure virtualization interface that communicates with an application service or a specific kernel service or hardware resource allowed for a particular application.

This secure virtualization interface not only ensures consistent and confidential access to kernel resources, but also supports the trusted execution and consumption of application services and application service data.

When the VS injector 414 receives the secure virtualization interface from the SVIF generator 412, it requests and receives a specific application related to the application service or application service data from the container parser 410 or the application search handler 406. The application service or application is then injected into the VS interpreter 422 of the virtual machine 420 via the secure virtualization interface layer 310 in accordance with the constraint rules described in the secure virtualization interface. That is, a function for allowing an application service or an application to be loaded into the virtual machine 420 may be implemented on the virtualization service injection from an execution point of view.

In addition, the VS injector 414, if the application service or application is produced in a native programming language (Native Programming Language) or a specification supported by the operating system 440 or hardware resources 450 standard, it is a virtual machine 420 The native system call can be forwarded directly to the kernel service 432 via the secure virtualization interface layer 310 without loading into the VS resolver 422 of the. However, even though the kernel service 432 and the hardware resource 450 are accessed through such a path, in the embodiment of the present invention, the virtual service monitor 330 may monitor and control the access thereof.

The security virtualization interface layer 330 is a program that can be implemented in software. The secure virtualization interface layer 330 serves as a relay between the user domain 300 and the kernel domain 340. The kernel service 432 and the hardware resource 450 under the region 340 may be abstracted to provide a function.

In addition, the security virtualization interface layer 330 may perform a function of controlling only an application service or an application program having a security virtualization interface issued by the SVIF generator 412 to be injected into the lower part of the kernel.

The virtual machine 420 may be implemented in a process type such as a general Java virtual machine. That is, when a request for execution (interpretation) of an application service or application is requested, the virtual machine 420 executes a virtual machine process instance in a form of loading the application service or application in a privileged mode. Accordingly, the virtual machine 420 may be loaded on the processor 322 independently according to a request, and each virtual machine 420 may operate independently, so that an application service or an individual virtual machine process may process the request. Application programs can be kept confidential in their execution.

In an embodiment of the present invention, a virtual machine 420 including a VS interpreter (VS Interpreter) 420 and a core library (424), which will be described later, is referred to as a runtime or service virtualization software. .

The VS interpreter 422 receives the application service or the application through the secure virtualization interface layer 310 in the form of bytecode, interprets it, and serves as the core of the virtual machine 420. Function block.

The core library 424 means a set of libraries essential for the performance of the VS interpreter 422. That is, the VS interpreter 422 may actually perform an application service or application received through the secure virtualization interface layer 310 based on the core library 424. In detail, the VS interpreter 422 loads an individual virtual machine process 324 containing each application service or service instance 326 of the application onto the process 322 as mentioned in FIG. 3. You will actually run your application service or application.

The virtualization service monitor 330 is a particular kernel service 432 or hardware resource 450 that is authorized by an application service or application injected by the VS injector 414 according to the secure virtualization interface issued by the SVIF generator 412. ) Can only be used to monitor native system calls.

In addition, the virtualization service monitor 330 may store and manage a secure virtualization interface for a specific application service or application in the cached translation store 430 if necessary for any time. In other words, the virtualization service monitor 330 may control access to system resources of an application service or an application by referring to a security virtualization interface that functions as a security hardening guide.

Cached Translation Repository 430 refers to a confidential space that stores a secure virtualization interface of frequently used application services or applications. Upon request of the virtualization service monitor 330, the cached translation store 430 may return a suitable secure virtualization interface.

Kernel Services 432 refers to a set of file input / output, network input / output, memory management, process management, etc. which are commonly provided by a general operating system.

Operating system 440 refers to a logical set of common functions of system software for managing system hardware and executing application software such as Windows, Linux, Android, and Unix.

The hardware resource 450 is a concept encompassing an input device, an output device, a storage device, a network device, a bus device, a memory device, a processor device, and the like, which are required to operate the computing device.

In the above embodiment, since the trusted service providing server 100 creates a service container in the embodiment of the present invention, in FIG. 4 as described above, the application service and the application service data through the security virtualization interface and the virtual machine 420. In order to speed up the processing, the code verification procedure for the secure virtualized code and application service or application service data is not performed. However, since the security virtualization code or service (service data) may be forged after the service container distribution, a code verification procedure may be added to the security virtualization interface layer 310 and operated as necessary.

The set of container parser 410, SVIF generator 412, VS injector 414, virtual machine 420, and virtualization service monitor 330 mentioned in the embodiment of the present invention is a service virtualization system. And abbreviated as runtime system.

In addition, although FIG. 4 assumes a structure in which the runtime system is located at the top of the kernel region 340, when a more special purpose confidential execution environment is required, the virtual machine 420 is implemented and mounted inside the kernel region 340. Can be.

A process of operating the service runtime system having the above-described structure will be described with reference to FIGS. 5 to 7.

5 to 7 are flowcharts illustrating a series of processes for safe or consistent execution or consumption thereof after receiving an application service or application service data from a user terminal equipped with a service virtualization system. .

5 is a flowchart illustrating a process before an application service is injected into a virtual machine through a secure virtualization interface according to the present embodiment. However, the present embodiment is illustrated on the assumption that only an application using an application service or application service data is executed in a virtual machine, and in the case of an application service or an application written in a native programming language or standard, Can be performed.

As shown in FIG. 5, the container parser 410 receives a new application service, that is, a service container 110 (S500), extracts metadata from the received service container, and interprets the metadata. The security virtualization code, service (service data), and additional information as described above are extracted and classified (S502).

The container parser 410 delivers the secure virtualization code and related information (metadata and additional information, etc.) to the SVIF generator 412 (S504), and also delivers the service (service data) to the VS injector 414 (S506). do.

The SVIF generator 412 requests and receives a related service policy from the policy search handler 402, and generates a secure virtualization interface from the service policy and the secure virtualization code (S508). The secure virtualization interface thus generated is passed to the VS injector 414.

The VS injector 414 determines whether the corresponding application service requires a separate application through the generated security virtualization interface (S510).

As a result of the determination of S510, when the application service requires a separate application, that is, when the application service data is to be consumed by the terminal, the VS injector 414 may transmit a separate application related to the application service data to the application search handler 406. When requesting a program search request, the application search handler 406 searches for the application in the application database 360 and returns it to the VS injector 414 (S512).

The VS injector 414 refers to the security virtualization interface generated through the above process and transfers it to the security virtualization interface layer 310 to inject an application service or program into the virtual machine 420. Accordingly, the secure virtualization interface layer 310 injects an application service or application program into the virtual machine 420 (S514).

Meanwhile, the security virtualization interface layer 310 performs code verification on the received security virtualization interface to determine whether the security virtualization interface is abnormal (S516).

As a result of the determination in S516, when there is no error in the security virtualization interface, that is, when the code verification is successful, the virtual machine 420 receives a request for execution or consumption of an application service or an application (S518).

As a result of the determination in S516, when there is an error in the security virtualization interface, that is, when the code verification of the security virtualization interface fails, the virtual machine 420 rejects the execution-consumption request of the application service or the application and stops execution (S520). .

6 is a flowchart illustrating a process of generating a security virtualization interface by extracting an interface rule and an access restriction rule from a security virtualization code and a policy according to the present embodiment.

As shown in FIG. 6, the SVIF generator 412 receives the service policy and security virtualization code from the policy search handler 402 and the container parser 410, respectively (S600).

Next, the SVIF generator 412 extracts a kernel service or hardware resource interfacing rule from the secure virtualization code (S602), and obtains a kernel service or hardware resource access constraint rule from the service policy (S604).

Then, the SVIF generator 412 first understands the access authority history extracted from the service policy, and based on this, the virtualization service interfacing specification, that is, the distinction between the allowed access and the non-accessible part of the interfacing rule extracted from the virtualization code, that is, Create a secure virtualization interface (S606).

7 is a flowchart illustrating a process of performing an application service monitoring for a native system call when a kernel service or a hardware resource is requested after entry into a runtime according to the present embodiment.

As illustrated in FIG. 7, the VS injector 414 determines whether an application service or an application is written in a native programming language or standard (S700).

 If the S700 determines that the application service or application is written in the native programming language or standard, the VS injector 414 supports the native application service or application to be independently executed in the user mode runtime environment (S702). In response to the request of the native application service or application, the native system call is transferred to the kernel service 432 (S704).

If the S700 determines that the application service or application is not written in the native programming language or standard, the VS interpreter 422 of the virtual machine 420 may designate a separate application for performing the application service or application service data in the form of bytecodes. (S706).

Then, the VS interpreter 422 calls the core library 424 necessary libraries for performing the application service or the application service data and uses them (S708).

The VS interpreter 422 requests a native system call (S710) when the kernel service 432 or the hardware resource 450 needs to be accessed when performing an application service or application service data.

The virtualization service monitor 330 stores and manages the secure virtualization interface in the cached translation store 430 when necessary (S712), and then checks the suitability of the native system call generated from the VS interpreter 422 (S714) to be trusted. It is determined whether the approach (S716).

If it is determined in S716 that the virtual access service 330 is determined to be a trusted access, the virtual service monitor 330 allows the kernel service 432 resource entry of the native system call (S718). If it is determined as an untrusted access, the kernel service of the native system call is determined. In operation S720, the resource entry is blocked and the application service stop command is transmitted to the VS interpreter 422 to stop the application service execution.

As described above, according to an embodiment of the present invention, a security virtualization interface layer is provided to enable the process and data to enter the kernel mode for application services requiring confidential execution or application service data requiring confidential consumption. Thus, the confidentiality of application service execution or application service data consumption can be maximized.

In addition, according to an embodiment of the present invention, by using the virtualization service monitor to control the execution of the application service or the consumption of the application service data in the form of the process execution in the form defined in the virtualization security code and service policy, indiscriminate kernel service or hardware resources To prevent access.

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, You will understand. For example, those skilled in the art can change each component, etc. according to the application field, or combine or substitute the disclosed embodiment in the form which is not expressly disclosed in the Example of this invention, This also limits the scope of this invention. It does not escape. Therefore, it should be understood that the above-described embodiments are to be considered in all respects as illustrative and not restrictive, and that these modified embodiments are included in the technical idea described in the claims of the present invention.

100: service providing server 110: service container
120: IP network 130: user terminal
140: policy issuing server 300: user area
310: secure virtualization interface layer 320: service virtualization software
330: virtualization service monitor 340: kernel area
400: Inflow Event Handler 402: Policy Search Handler
404: Application database 406: Application search handler
408: outflow event handler 410: container parser
412 SVIF Generator 414 VS Injector
420: virtual machine 422: VS interpreter
424 Core Library 430 Cached Translation Repository
432 kernel service 440 operating system
450: hardware resources

Claims (19)

A security virtualization interface layer that connects a user domain and a kernel domain, and enables an application service received through the user domain to use kernel services and hardware resources under the kernel domain;
Receiving a service container including a virtualization security code from a service providing server, the container parser separating the virtualization security code and an application service from the service container;
A security virtualization interface generator for requesting and receiving a service policy related to the service for use by a policy issuing server, and generating a security virtualization interface using the virtualization security code and the service policy;
And a virtualization service injector for loading the application service into the virtual machine through the secure virtualization interface layer according to the rules described in the secure virtualization interface.
Device that provides runtime for running application service confidentiality. The method of claim 1,
An inflow event handler for receiving the service container from the service providing server and providing the service container to the container parser;
A policy search handler for accessing the policy issuing server to receive a service policy and providing the service policy to the security virtualization interface generator according to a request of the security virtualization interface generator;
And an application search handler for extracting the separate application by performing a search in an application database when a separate application for executing or consuming the application service is required.
Device that provides runtime for running application service confidentiality. The method of claim 1,
The secure virtualization interface generator,
By using the security virtualization code, the application service or a specific application program consuming the same extracts an interface rule for accessing a kernel service and a hardware resource of the kernel region through the security virtualization interface layer, and from the service policy, the application service. Or after extracting a constraint rule for controlling a connection of a specific application program consuming the same, generating the security virtualization interface using the extracted interface rule and the constraint rule.
Device that provides runtime for running application service confidentiality. The method of claim 1,
The virtualization service injector,
When the application service or a specific application consuming the same is produced in a native programming language or standard supported by an operating system or a hardware standard, the application service or the specific application consuming the same through the secure virtualization interface layer. To deliver to the kernel service
Device that provides runtime for running application service confidentiality. The method of claim 1,
The virtual machine includes:
A core library storing a library required for interpretation of the application service received through the secure virtualization interface layer or a specific application consuming the same;
And a virtualization service interpreter that interprets the application service received through the secure virtualization interface layer or a specific application consuming the same based on the core library.
Device that provides runtime for running application service confidentiality. The method of claim 5, wherein
The virtualization service injector,
If the application service or a specific application consuming the same is not produced in a native programming language or standard supported by an operating system or a hardware standard, converting the application service or the specific application consuming the same into bytecode form. And then forwarding it to the virtualization service interpreter.
Device that provides runtime for running application service confidentiality. The method of claim 5, wherein
The virtualization service analyzer may generate the native system call and deliver the generated native system call to the kernel region when the kernel service or hardware resource access is required when executing the application service or a specific application program consuming the application service.
Device that provides runtime for running application service confidentiality. The method of claim 7, wherein
The kernel region is,
A virtualization service monitor that checks whether the native system call received from the virtualization service interpreter is a trusted access, and permits or blocks access to the kernel service or hardware resource of the native system call according to the determination result Characterized in that it comprises
Device that provides runtime for running application service confidentiality. The method of claim 8,
The kernel region is,
And a cached translation store for storing a secure virtualization interface for the application service generated by the secure virtualization interface generator.
Device that provides runtime for running application service confidentiality. The method of claim 1,
The kernel region is,
The application service injected through the secure virtualization interface layer or a specific application consuming it generates a native system call only to a specific kernel service or hardware resource authorized according to the secure virtualization interface generated by the secure virtualization interface generator. Further comprising a virtualization service monitor for monitoring whether
Device that provides runtime for running application service confidentiality. The method of claim 1,
The kernel region is,
A cached translation store that stores a secure virtualization interface for a specific application service or application,
And a virtualization service monitor controlling access to a kernel service or a hardware resource of the application service or an application program for consuming the application based on a secure virtualization interface stored in the cached translation store.
Device that provides runtime for running application service confidentiality. The method of claim 1,
And an outflow event handler that processes an execution result of the application service or an application program for consuming the same to be output through a hardware resource.
Device that provides runtime for running application service confidentiality. Receiving a service container including a virtualization security code from an external service provision server;
Separating the virtualized security code and the application service from the service container;
Requesting and receiving a service policy related to the service provided to a policy issuing server;
Generating a secure virtualization interface based on the virtualization security code and the service policy;
Loading the application service into a virtual machine via a secure virtualization interface layer according to the rules described in the secure virtualization interface;
How to provide a runtime for running application service confidentiality. The method of claim 13,
Determining whether the application service requires a separate application through the generated security virtualization interface;
In response to the determination, if the separate application is required, the method may further include searching for and obtaining the separate application from an application database.
The loading may include loading the obtained application program or application service on the virtual machine.
How to provide a runtime for running application service confidentiality. The method of claim 13,
Generating the secure virtualization interface,
Extracting an interface rule for accessing a kernel service and a hardware resource of the kernel region through the secure virtualization interface layer by the secured virtualization interface layer using the secure virtualization code;
Extracting a constraint rule from the service policy to control access of the application service or a specific application program consuming the application service;
Generating the secure virtualization interface by using the extracted interface rule and the constraint rule.
How to provide a runtime for running application service confidentiality. The method of claim 13,
The loading step,
Performing code verification on the security virtualization interface to determine whether there is an abnormality of the security virtualization interface;
Loading the application service or an application consuming the application into the virtual machine when the secure virtualization interface is intact;
Stopping the execution of the application service or the application program consuming the abnormality in the security virtualization interface.
How to provide a runtime for running application service confidentiality. The method of claim 13,
The loading step,
Determining whether the application service or the application program consuming the application service is written in a native programming language or standard;
As a result of the determination, when a native programming language or standard is written, delivering a native system call for the application service or an application consuming the same to a kernel region;
If it is not written in a native programming language or standard, converting the application service or an application program consuming the same into a bytecode form and delivering the same to a kernel region through the virtual machine;
How to provide a runtime for running application service confidentiality. The method of claim 17,
Delivering a native system call for the application service or an application consuming the same to the kernel region through the virtual machine,
Interpreting the application service in the form of byte code or an application consuming the same based on a pre-stored core library;
Requesting a native system call to the kernel region when accessing a kernel service or a hardware resource is required when executing the application service or the application program consuming the application service.
How to provide a runtime for running application service confidentiality. The method of claim 18,
Determining whether it is a trusted access by checking suitability of the native system call in the kernel region that receives the native system call;
Allowing the native system call to enter the kernel service or hardware resource only in the case of the trusted access.
How to provide a runtime for running application service confidentiality.

Images