WO2019024708A1 - 一种基于可信内核的防攻击数据处理器 - Google Patents

一种基于可信内核的防攻击数据处理器 Download PDF

Info

Publication number
WO2019024708A1
WO2019024708A1 PCT/CN2018/096759 CN2018096759W WO2019024708A1 WO 2019024708 A1 WO2019024708 A1 WO 2019024708A1 CN 2018096759 W CN2018096759 W CN 2018096759W WO 2019024708 A1 WO2019024708 A1 WO 2019024708A1
Authority
WO
WIPO (PCT)
Prior art keywords
kernel
trusted
data processor
switch
switching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/096759
Other languages
English (en)
French (fr)
Chinese (zh)
Inventor
崔晓夏
李春强
侯光恩
陈理
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou C Sky Microsystems Co Ltd
Original Assignee
Hangzhou C Sky Microsystems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou C Sky Microsystems Co Ltd filed Critical Hangzhou C Sky Microsystems Co Ltd
Priority to EP18841743.0A priority Critical patent/EP3663958B1/en
Priority to JP2020502210A priority patent/JP7113887B2/ja
Priority to US16/175,710 priority patent/US10909246B2/en
Publication of WO2019024708A1 publication Critical patent/WO2019024708A1/zh
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/545Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to an attack defense data processor based on a trusted kernel.
  • the security of system information has been guaranteed to a certain extent.
  • safe mode the system truly implements hardware isolation.
  • the system kernel runs at the highest privilege level of the entire system, manages and controls the underlying hardware resources, provides a secure isolation of resource abstraction and access interfaces for upper-layer applications, and is the basis of the entire system.
  • the operating system running the trusted kernel is independent of the operating system running in non-secure mode.
  • the trusted kernel provides services such as secure authentication, encryption and decryption, and sensitive data storage. Physical isolation by hardware security components ensures that operating systems in non-secure mode cannot directly access resources in secure mode, thereby reducing the attack surface.
  • the anti-attack data processor based on the trusted kernel provided by the invention can provide the underlying software protection mechanism and enhance the security of the trusted kernel in the trusted kernel according to the deficiencies of the prior art.
  • the invention provides an attack-proof data processor based on a trusted kernel, which comprises:
  • a trusted kernel exception vector table for providing a processing entry for kernel switching
  • a trusted kernel stack pointer register for storing a trusted kernel stack pointer to a trusted kernel stack space
  • the trusted site including a program status register, a program pointer, and a general purpose register for storing a start kernel flag bit of the kernel switch;
  • the data processor addresses the processing entry of the kernel switch and performs the handoff when the non-trusted kernel performs a kernel switch to the trusted kernel.
  • the processing entry for providing kernel switching includes a kernel switching instruction exception entry and a trusted interrupt processing entry.
  • the trusted kernel is addressed to the processing entry of the kernel switch by a kernel switching instruction, a kernel switching return instruction, or an interrupt response manner, and performs switching.
  • the trusted core when the trusted core performs the handover by using the kernel switch return instruction, it is determined to return the starting kernel or stay in the current kernel according to the flag of the starting kernel of the program status register.
  • the trusted kernel is addressed to the kernel switch instruction exception entry by an entry vector table that is invoked across kernel tasks.
  • the trusted kernel is addressed to the trusted interrupt processing entry by the trusted kernel exception vector table.
  • the trusted kernel when the trusted kernel switches to the non-trusted kernel in response to a non-trusted interrupt, the trusted kernel saves the trusted scene in the trusted kernel stack space;
  • the trusted kernel restores the trusted scene from the trusted kernel stack space.
  • the trusted site is a site before the trusted kernel switches to the non-trusted kernel in response to a non-trusted interrupt.
  • the trusted kernel may be from the trusted kernel The stack space is restored to a trusted site.
  • the trusted site is a site before the trusted kernel actively switches to the non-trusted kernel for the first time.
  • the trusted kernel-based anti-attack data processor provided by the embodiment of the present invention provides an underlying software protection mechanism for all trusted kernel switching entries, which can make the trusted kernel and the non-trusted kernel more secure when switching.
  • FIG. 1 is a schematic diagram of a basic architecture of an attack-based data processor based on a trusted kernel provided by the present invention
  • FIG. 2 is a schematic diagram of operations when a data processor normally executes a kernel switching instruction according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of the operation of the trusted kernel executing the kernel switch return instruction and returning to the trusted kernel after the trusted kernel responds to the non-trusted kernel interrupt according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of an operation of an illegal kernel switching abnormality according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram showing the basic structure of a data processor provided by the present invention. As shown in Figure 1, the data processor includes a trusted kernel exception vector table, a trusted kernel stack pointer register, and a trusted site within the trusted kernel stack space.
  • the trusted kernel exception vector table includes processing entries of two kernel switching, that is, a kernel switching instruction exception entry and a trusted interrupt processing entry, and the data processor can perform a kernel switch of the non-trusted kernel to the trusted kernel.
  • the letter kernel will address the processing entry of the kernel switch and perform the switch according to different methods.
  • the trusted kernel stack pointer register refers to a separate stack pointer owned by the trusted core that points to the trusted kernel stack space; the trusted kernel stack space holds the trusted site, and the trusted scene contains the current trusted kernel context, typically including Program status register, program pointer, general purpose register before the last trusted core switch.
  • the program status register contains the flag bits of the starting core of the kernel switch.
  • the kernel switching mode of the data processor includes a kernel switching instruction, a kernel switching return instruction, and an interrupt response.
  • a kernel switching instruction when performing a kernel switch using the kernel switch return instruction, it is possible to determine whether to return to the start kernel or to stay in the current core according to the start kernel flag position of the program status register.
  • the trusted core is addressed to the kernel switch instruction exception entry according to the entry vector table of the trusted kernel cross-core task call.
  • the trusted core is addressed to the trusted interrupt processing entry based on the trusted kernel exception vector table.
  • FIG. 2 is a schematic diagram showing the operation of a data processor in a normal execution of a kernel switching instruction according to an embodiment of the present invention.
  • the current data processor normally executes kernel switch commands in a non-trusted kernel.
  • the data processor saves the untrusted site located in the untrusted kernel and switches to the trusted kernel through the switching process.
  • the data processor is addressed to the kernel switch instruction exception entry in the exception vector table of the trusted kernel, and the core switch exception processing code of the trusted kernel executes the kernel switch instruction, and returns to the non-trusted kernel through the switching process.
  • the data processor resumes execution after restoring the untrusted site.
  • FIG. 3 is a schematic diagram showing the operation of the trusted kernel executing the kernel switch return instruction and returning to the trusted kernel after the trusted kernel responds to the non-trusted kernel interrupt according to an embodiment of the present invention.
  • the current data processor executes in a trusted kernel.
  • the data processor saves the trusted site to the trusted kernel stack space and switches to the non-trusted kernel to respond to the interrupt through the switching process.
  • the trusted stack pointer register points to the trusted core. Stack space.
  • the interrupt handling function of the non-trusted kernel executes the kernel switching instruction to return the trusted kernel.
  • the data processor resumes execution after restoring the trusted site based on the trusted kernel stack space pointed to by the trusted kernel stack pointer register.
  • FIG. 4 is a schematic diagram showing the operation of an illegal kernel switching abnormality according to an embodiment of the present invention. As shown in the figure, set the trusted kernel in the trusted kernel to switch to the site before the untrusted kernel for the first time, and save the live to the trusted kernel stack space pointed to by the trusted kernel stack pointer register, and then execute the kernel switch instruction. Switch to a non-trusted kernel.
  • the non-trusted kernel modifies the start kernel flag of the program status register and performs a kernel switch return instruction to switch to the trusted kernel execution. After the data processor saves the non-trusted kernel site, it switches to the trusted kernel for execution.
  • the data processor restores the trusted scene based on the trusted kernel stack space pointed to by the trusted kernel stack pointer register. After the data processor executes the illegal kernel switch exception handling code, it can restart or throw an exception, thereby preventing illegal kernel intrusion.
  • the trusted kernel-based anti-attack data processor provided by the embodiment of the present invention provides an underlying software protection mechanism for all trusted kernel switching entries, which can make the trusted kernel and the non-trusted kernel more secure when switching.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
PCT/CN2018/096759 2017-08-01 2018-07-24 一种基于可信内核的防攻击数据处理器 Ceased WO2019024708A1 (zh)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP18841743.0A EP3663958B1 (en) 2017-08-01 2018-07-24 Trusted kernel-based attack-prevention data processor
JP2020502210A JP7113887B2 (ja) 2017-08-01 2018-07-24 トラステッドカーネルベースの耐攻撃データプロセッサ
US16/175,710 US10909246B2 (en) 2017-08-01 2018-10-30 Trusted kernel-based anti-attack data processor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710648239.3 2017-08-01
CN201710648239.3A CN107463856B (zh) 2017-08-01 2017-08-01 一种基于可信内核的防攻击数据处理器

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/175,710 Continuation US10909246B2 (en) 2017-08-01 2018-10-30 Trusted kernel-based anti-attack data processor

Publications (1)

Publication Number Publication Date
WO2019024708A1 true WO2019024708A1 (zh) 2019-02-07

Family

ID=60548019

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/096759 Ceased WO2019024708A1 (zh) 2017-08-01 2018-07-24 一种基于可信内核的防攻击数据处理器

Country Status (5)

Country Link
US (1) US10909246B2 (enExample)
EP (1) EP3663958B1 (enExample)
JP (1) JP7113887B2 (enExample)
CN (1) CN107463856B (enExample)
WO (1) WO2019024708A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10909246B2 (en) 2017-08-01 2021-02-02 C-Sky Microsystems Co., Ltd. Trusted kernel-based anti-attack data processor

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108390856B (zh) * 2018-01-12 2020-09-18 北京奇艺世纪科技有限公司 一种DDoS攻击检测方法、装置及电子设备
CN109033842B (zh) * 2018-07-27 2020-10-16 杭州中天微系统有限公司 数据处理器
CN108985098B (zh) * 2018-07-27 2020-10-13 杭州中天微系统有限公司 数据处理器
CN109063516B (zh) * 2018-07-27 2020-12-04 杭州中天微系统有限公司 数据处理器
CN111552514B (zh) * 2019-02-12 2024-12-06 阿里巴巴集团控股有限公司 一种处理器以及指令执行方法
CN115718444A (zh) * 2022-11-04 2023-02-28 航天科工空间工程发展有限公司 一种基于异构计算机的星务工作模式的切换方法和系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030225817A1 (en) * 2002-06-04 2003-12-04 Prashanth Ishwar Concurrent execution of kernel work and non-kernel work in operating systems with single-threaded kernel
CN106599717A (zh) * 2016-12-01 2017-04-26 杭州中天微系统有限公司 数据处理器
CN106778365A (zh) * 2016-12-01 2017-05-31 杭州中天微系统有限公司 实现延时压栈的装置及处理器
CN107463856A (zh) * 2017-08-01 2017-12-12 杭州中天微系统有限公司 一种基于可信内核的防攻击数据处理器

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4519032A (en) * 1982-06-09 1985-05-21 At&T Bell Laboratories Memory management arrangement for microprocessor systems
GB2396034B (en) * 2002-11-18 2006-03-08 Advanced Risc Mach Ltd Technique for accessing memory in a data processing apparatus
FR2937439B1 (fr) * 2008-10-17 2012-04-20 Commissariat Energie Atomique Procede d'execution deterministe et de synchronisation d'un systeme de traitement de l'information comportant plusieurs coeurs de traitement executant des taches systemes.
KR102012436B1 (ko) * 2012-09-17 2019-08-20 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. 화상형성장치, 구동 제어 방법, 및 컴퓨터 판독가능 기록매체
JP2014089652A (ja) * 2012-10-31 2014-05-15 Toshiba Corp 情報処理装置
CN103176855A (zh) * 2013-03-15 2013-06-26 中兴通讯股份有限公司 消息交互处理方法及装置
US10867032B2 (en) * 2014-09-17 2020-12-15 Irdeto B.V. Generating and executing protected items of software
US9870467B2 (en) * 2015-03-27 2018-01-16 Intel Corporation Apparatus and method for implementing a forked system call in a system with a protected region
CN106775971B (zh) * 2016-12-02 2020-01-31 杭州中天微系统有限公司 数据处理装置
US10367639B2 (en) * 2016-12-29 2019-07-30 Intel Corporation Graphics processor with encrypted kernels
US10565141B1 (en) * 2018-08-28 2020-02-18 Dell Products L.P. Systems and methods for hiding operating system kernel data in system management mode memory to thwart user mode side-channel attacks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030225817A1 (en) * 2002-06-04 2003-12-04 Prashanth Ishwar Concurrent execution of kernel work and non-kernel work in operating systems with single-threaded kernel
CN106599717A (zh) * 2016-12-01 2017-04-26 杭州中天微系统有限公司 数据处理器
CN106778365A (zh) * 2016-12-01 2017-05-31 杭州中天微系统有限公司 实现延时压栈的装置及处理器
CN107463856A (zh) * 2017-08-01 2017-12-12 杭州中天微系统有限公司 一种基于可信内核的防攻击数据处理器

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3663958A4 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10909246B2 (en) 2017-08-01 2021-02-02 C-Sky Microsystems Co., Ltd. Trusted kernel-based anti-attack data processor

Also Published As

Publication number Publication date
EP3663958A4 (en) 2020-07-22
EP3663958B1 (en) 2023-06-21
JP2020529063A (ja) 2020-10-01
US10909246B2 (en) 2021-02-02
CN107463856A (zh) 2017-12-12
EP3663958A1 (en) 2020-06-10
US20190073477A1 (en) 2019-03-07
CN107463856B (zh) 2020-06-16
JP7113887B2 (ja) 2022-08-05

Similar Documents

Publication Publication Date Title
WO2019024708A1 (zh) 一种基于可信内核的防攻击数据处理器
US10860718B2 (en) Protecting computer systems used in virtualization environments against fileless malware
JP6857193B2 (ja) 仮想化環境においてネットワークトラフィックを解読するためのシステムおよび方法
US9842207B2 (en) Mobile device with multiple security domains
TWI475388B (zh) 保護代理及特權模式
KR101019937B1 (ko) 보안 운영 시스템 스위칭
US10095862B2 (en) System for executing code with blind hypervision mechanism
EP3761208A1 (en) Trust zone-based operating system and method
US10146940B2 (en) Multiple hardware-separated computer operating systems within a single processor computer system to prevent cross-contamination between systems
CN111753311B (zh) 超线程场景下安全进入可信执行环境的方法及装置
CN108154032B (zh) 具有内存完整性保障功能的计算机系统信任根构建方法
US9904782B2 (en) Synchronous execution of designated computing events using hardware-assisted virtualization
CN102521531B (zh) 基于硬件虚拟化的密码保护系统
TW200842646A (en) Protecting operating-system resources
US20160147993A1 (en) Securing secret data embedded in code against compromised interrupt and exception handlers
US12254087B2 (en) Translation lookaside buffer (TLB) poisoning attacks on secure encrypted virtualization
WO2013067243A1 (en) Mobile device with multiple security domains
CN103996004A (zh) 一种基于虚拟化的高可用系统设计方法
KR20140071205A (ko) 하이퍼바이저를 이용한 프로세스 메모리 보안 시스템 및 방법
CN112363797B (zh) 一种虚拟机安全运行方法、电子设备及存储介质
CN109063516B (zh) 数据处理器
CN108985098B (zh) 数据处理器
Chang et al. A trustenclave-based architecture for ensuring run-time security in embedded terminals
CN109033842B (zh) 数据处理器
CN119343664A (zh) 用于对处于生产模式的处理器的机密虚拟机进行调试的方法和装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18841743

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020502210

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018841743

Country of ref document: EP

Effective date: 20200302