WO2021098823A1 - Appareil d'isolation de mémoire, procédé d'isolation de mémoire et dispositif apparenté - Google Patents

Appareil d'isolation de mémoire, procédé d'isolation de mémoire et dispositif apparenté Download PDF

Info

Publication number
WO2021098823A1
WO2021098823A1 PCT/CN2020/130419 CN2020130419W WO2021098823A1 WO 2021098823 A1 WO2021098823 A1 WO 2021098823A1 CN 2020130419 W CN2020130419 W CN 2020130419W WO 2021098823 A1 WO2021098823 A1 WO 2021098823A1
Authority
WO
WIPO (PCT)
Prior art keywords
process identifier
secret key
data
physical address
memory
Prior art date
Application number
PCT/CN2020/130419
Other languages
English (en)
Chinese (zh)
Inventor
骆华敏
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021098823A1 publication Critical patent/WO2021098823A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Definitions

  • This application relates to the field of computer technology, and in particular to a memory isolation device, a memory isolation method, and related equipment.
  • the commonly used memory isolation method is as follows: by creating a two-level address mapping table, the virtual address space of each application (application) is isolated. If the address mapping relationship (address mapping table) is not known, the corresponding address cannot be obtained. Physical address, it is impossible to achieve the corresponding storage area access. As long as the address mapping table is protected so that each application cannot directly access and modify the storage area, the memory isolation between each application is realized. However, the address mapping table used by the current memory isolation method is protected based on a software mechanism. It is possible to modify the address mapping table to achieve corresponding access and crack the memory isolation. There is still a high security risk. . Therefore, how to improve the security of memory isolation between different applications needs to be solved urgently.
  • the embodiments of the present application provide a memory isolation device, a memory isolation method, and related equipment, which realize memory isolation between various processes and improve data security.
  • an embodiment of the present application provides a memory isolation device, which may include: a memory scrambling unit and a memory controller; and a memory scrambling unit for receiving a first process identifier (PID) transmitted by the bus. ), the first physical address and the first data, where the first application program corresponds to one or more processes, the operating system assigns a unique process identifier to each process, and the first process identifier corresponds to the first application program.
  • PID process identifier
  • a physical address is the physical address corresponding to the first virtual address applied for by the first application program, and the first data is the data to be written into the storage area by the first application program; the memory scrambling unit is also configured to be based on the first process identifier Derive the secret key from the first physical address to generate the first secret key. For example, use the MD5 Message-Digest Algorithm (MD5 Message-Digest Algorithm) to derive the secret key of the first process identifier and the first physical address, and the generated length is 128 bits.
  • the first secret key of (binary digit, BIT); the memory scrambling unit is also used to scramble the first data with the first secret key to generate second data; the memory controller is used to write the second data The storage area corresponding to the first physical address.
  • an independent memory scrambling unit is introduced in the memory isolation device to scramble data according to the process identifier corresponding to each application program. To ensure the safety of the written data.
  • the data is scrambled based on an independent memory scrambling unit, which can realize hardware-level memory security isolation. Since each application program corresponds to one or more processes, each process corresponds to a unique process identifier. Because different processes are configured with different process identifiers, different processes cannot read the scrambled data from each other, which realizes memory isolation between each process.
  • the memory isolation device may further include: a trusted processor, configured to receive the first process identifier and the first virtual address, and the first process The identifier and the first virtual address are assigned by the operating system to the first application when the user triggers the start of the first application or the first application starts automatically; the trusted processor is also used to bind the first process identifier And the first virtual address to obtain the first binding relationship.
  • the trusted processor may bind the first process identifier and the first virtual address in the form of a process identifier-virtual address mapping table; trusted processing The device is also used to store the first binding relationship in a register of the smart engine.
  • the register can be integrated in the smart engine or externally connected to the smart engine, which is not limited here.
  • the smart engine receives the binding relationship requested by the application program, specifically, by receiving the process identifier sent by the application program and the virtual address corresponding to the process identifier. This is to ensure that when the application program instructs the smart engine to perform a write operation, the acquired process identifier is applied for in advance by the application program, and the process identifier corresponds to the virtual address used in the write operation. Ensure the security of data.
  • the memory isolation device further includes: the smart engine and a memory management unit MMU (memory management unit); the memory management unit MMU is used to connect the first The virtual address is mapped to the first physical address; the smart engine is used to obtain the first process identifier corresponding to the first virtual address based on the first binding relationship, and send the first physical address, the first process identifier, and the first data To the memory scrambling unit.
  • MMU memory management unit
  • the data processing instruction and virtual address are sent to the smart engine.
  • the smart engine reads the data according to the virtual address and processes the data based on the data processing instruction before writing the processed data
  • the smart engine obtains the process identifier corresponding to the virtual address according to the binding relationship between the virtual address and the storage. If the virtual address sent by the application program does not have a corresponding process identifier, the data cannot be correctly written into the storage area corresponding to the virtual address. For example, writing the data of the first process into the storage area of the second process can be avoided.
  • the memory isolation device may include: a trusted processor, which is also used to check whether the first virtual address only corresponds to the first process identifier; trusted processing The device is also used to determine that the first binding relationship is legal when the first virtual address only corresponds to the first process identifier, that is, the process identifier bound to the first virtual address is not found in the binding relationship set, or The process identifier bound to the first virtual address is found to be the first process identifier. Then the trusted processor stores the first binding relationship.
  • the first binding relationship may be stored in a register of the smart engine, or stored in a register connected to the smart engine.
  • the smart engine checks whether the binding relationship applied by each application is legal, that is, each virtual address applied for by the same application is uniquely bound with a process identifier corresponding to the application. Under the premise of legality, store the binding relationship. When the application needs to write data, the smart engine obtains the process identifier corresponding to the virtual address according to the virtual address and the binding relationship. It is ensured that a segment of virtual address can only be uniquely bound with one process identifier, and it is avoided that a segment of virtual address is bound to multiple process identifiers at the same time, which ensures the reliability of the binding relationship and further improves the security of memory isolation.
  • the memory isolation device may include: a memory scrambling unit, specifically configured to: perform secret encryption based on the first process identifier, the first physical address, and the random number.
  • the key is derived, and the first secret key is generated.
  • the first secret key is generated. For example: 1. Directly use the process identifier and physical address for secret key derivation; 2. Use the random number to expand the process identifier to generate the expanded process identifier, then use the expanded process identifier and physical address for secret Key derivation; 3. Use random numbers to expand the physical address to generate an expanded process identifier, use the expanded process identifier and process identifier to derive the key, and so on.
  • the secret key is derived based on the random number, process identifier and physical address, so that the generated secret key has higher security.
  • the memory isolation device may include: a memory scrambling unit, specifically configured to: use a random number to expand the first process identifier to generate the expanded first Process identifier; based on the expanded first process identifier, the first physical address and the random number, the secret key is derived to generate the first secret key.
  • the memory scrambling unit uses the expanded first process identifier, random number and physical address to derive a secret key to generate a secret key, and a variety of different encryption algorithms can be used for secret key derivation.
  • the bit width of the random number used can be 64 bits wide.
  • the secret key is derived based on the random number, process identifier and physical address, so that the generated secret key has higher security.
  • the memory isolation device may include: a binding relationship set is stored in a register of the smart engine, and the binding relationship set includes multiple sets of binding relationships, and the same Each virtual address applied by the application program is uniquely bound with a process identifier corresponding to the application program; when any application program has data processing requirements, the data processing instruction and virtual address are sent to the intelligent engine.
  • the smart engine generates a read command, reads data from the memory area corresponding to the virtual address, and processes the data.
  • the smart engine is used to receive the first read address, where the first read address is the virtual address sent by the application; in other words, the smart engine generates a read command based on the data processing instruction and the virtual address sent by the application, and the read command includes the first Read address, the first read address is the virtual address sent by the application program.
  • the smart engine is also used to obtain the second process identifier corresponding to the first read address based on the binding relationship set and the first read address; the MMU is used to map the first read address to the second physical address; the smart engine, It is also used to send the second process identifier and the second physical address to the memory scrambling unit; the memory scrambling unit is also used to derive a secret key based on the second process identifier and the second physical address to generate a second secret key ; The memory scrambling unit is also used to descramble the data stored in the storage area corresponding to the second physical address based on the second secret key.
  • the intelligent engine correctly reads the target data; further, the intelligent The engine processes the target data according to the data processing instructions of the application program to obtain the processed data; further, the intelligent engine sends the processed data, the second process identifier corresponding to the virtual address, and the second physical address to the memory plus
  • the scrambling unit is stored in the storage area corresponding to the second physical address after the secret key of the memory scrambling unit is derived and the data is scrambled.
  • the memory isolation device may include: a memory scrambling unit, specifically configured to perform a secret key based on a second process identifier, a second physical address, and a random number Derive, generate the second secret key.
  • the specific method for the memory scrambling unit to generate the second secret key is consistent with the method for generating the first secret key.
  • the method of generating the first secret key use a random number to expand the first process identifier, and generate the expanded first process identifier; perform the secret key based on the expanded first process identifier, the first physical address, and the random number Derive, generate the first secret key.
  • the method for generating the second secret key is specifically: using a random number to expand the second process identifier, and generating an expanded second process identifier; and performing secret based on the expanded second process identifier, the second physical address, and the random number.
  • the key is derived to generate the second secret key.
  • the scrambled data stored in the memory requires the correct secret key to be read correctly.
  • the virtual address and process identifier when reading data is different from the virtual address and process identifier when writing data, the scrambled data cannot be read correctly. Therefore, data security can be effectively guaranteed.
  • an embodiment of the present application provides a memory isolation method, which may include: receiving a first process identifier, a first physical address, and first data transmitted by a bus, where the first application program corresponds to one or more processes , The operating system assigns a unique process identifier to each process, the first process identifier corresponds to the first application, the first physical address is the physical address corresponding to the first virtual address applied for by the first application, and the first data Is the data to be written into the storage area of the first application; derives the secret key based on the first process identifier and the first physical address to generate the first secret key, for example: use MD5 Message-Digest Algorithm to A process identifier and a first physical address are key-derived to generate a first secret key with a length of 128 bits (binary digit, BIT); use the first secret key to scramble the first data to generate second data; The second data is written into the storage area corresponding to the first physical address.
  • the data is scrambled according to the process identifier corresponding to each application program.
  • process identifier corresponding to each application program.
  • each process corresponds to a unique process identifier. Because different processes are configured with different process identifiers, different processes cannot read the scrambled data from each other, which realizes memory isolation between each process.
  • the method may further include: receiving the first process identifier and the first virtual Address, the first process identifier and the first virtual address are assigned by the operating system to the first application when the user triggers the start of the first application or the first application is self-starting; the first process identifier is bound to the first application A virtual address is used to obtain the first binding relationship.
  • the first process identifier and the first virtual address can be bound in the form of a process identifier-virtual address mapping table; the first binding relationship is stored.
  • the process identifier sent by the application program and the virtual address corresponding to the process identifier This is to ensure that when the application program instructs the smart engine to perform a write operation, the acquired process identifier is applied for in advance by the application program, and the process identifier corresponds to the virtual address used in the write operation. Ensure the security of data.
  • the method may further include: mapping the first virtual address to the first physical address; and obtaining based on the first binding relationship
  • the first process identifier corresponding to the first virtual address, and the first physical address, the first process identifier, and the first data are sent.
  • the application program has data processing requirements
  • the data is read according to the virtual address, and the data is processed based on the data processing instruction, and then the processed data is written into the storage area corresponding to the virtual address.
  • the process identifier corresponding to the virtual address is obtained. If the virtual address sent by the application program does not have a corresponding process identifier, the data cannot be correctly written into the storage area corresponding to the virtual address. For example, writing the data of the first process into the storage area of the second process can be avoided.
  • the method may further include: checking whether the first virtual address is Only corresponds to the first process identifier; when the first virtual address only corresponds to the first process identifier, it is determined that the first binding relationship is legal, that is, the process identifier bound to the first virtual address is not found in the binding relationship set Or find the process identifier bound to the first virtual address as the first process identifier. Then the first binding relationship is stored. By checking whether the binding relationship applied by each application program is legal, that is, each virtual address applied for by the same application program is uniquely bound with a process identifier corresponding to the application program.
  • the process identifier corresponding to the virtual address is obtained according to the virtual address and the binding relationship. It is ensured that a segment of virtual address can only be uniquely bound with one process identifier, and it is avoided that a segment of virtual address is bound to multiple process identifiers at the same time, which ensures the reliability of the binding relationship and further improves the security of memory isolation.
  • deriving a secret key based on the first process identifier and the first physical address to generate the first secret key may include: based on the first process identifier, The first physical address and the random number are derived from the secret key to generate the first secret key. For example: 1. Directly use the process identifier and physical address for secret key derivation; 2. Use the random number to expand the process identifier to generate the expanded process identifier, then use the expanded process identifier and physical address for secret Key derivation; 3. Use random numbers to expand the physical address to generate an expanded process identifier, use the expanded process identifier and process identifier to derive the key, and so on. There is no limitation here.
  • the secret key is derived based on the random number, process identifier and physical address, so that the generated secret key has higher security.
  • generating the first secret key based on the first process identifier, the first physical address, and the random number to generate the first secret key may include: using random number expansion
  • the first process identifier generates the expanded first process identifier; the secret key is derived based on the expanded first process identifier, the first physical address and the random number, and the first secret key is generated.
  • the memory scrambling unit uses the expanded first process identifier, random number and physical address to derive a secret key to generate a secret key, and a variety of different encryption algorithms can be used for secret key derivation.
  • the bit width of the random number used can be 64 bits wide.
  • the secret key is derived based on the random number, process identifier and physical address, so that the generated secret key has higher security.
  • the memory isolation method may further include: when any application has data processing requirements, receiving a first read address, which is a virtual address; based on binding Define the relationship set and the first read address, and obtain the second process identifier corresponding to the first read address; the binding relationship set includes multiple sets of binding relationships, and each virtual address applied for by the same application program corresponds to one application program.
  • the process identifier is uniquely bound; the first read address is mapped to the second physical address; the secret key is derived based on the second process identifier and the second physical address to generate the second secret key; the second physical address is paired based on the second secret key
  • the data stored in the storage area corresponding to the address is descrambled.
  • the second secret key for descrambling the data is the same as the first secret key for scrambling the data
  • the data can be successfully descrambled.
  • the target data can be read correctly. Since different processes have different process identifiers, after scrambling the data based on the process identifier uniquely bound to the process, only the read operation with the same identifier can correctly read the data written by the process. Therefore, cross-access data between different processes is avoided, data isolation between different processes is realized, and the security of memory isolation is improved.
  • the memory isolation method may include: deriving a secret key based on the second process identifier, the second physical address, and a random number, and generating the second secret key.
  • the specific method of generating the second secret key is consistent with the method of generating the first secret key.
  • the method of generating the first secret key use a random number to expand the first process identifier, and generate the expanded first process identifier; perform the secret key based on the expanded first process identifier, the first physical address, and the random number Derive, generate the first secret key.
  • the method for generating the second secret key is specifically: using a random number to expand the second process identifier, and generating an expanded second process identifier; and performing secret based on the expanded second process identifier, the second physical address, and the random number.
  • the key is derived to generate the second secret key.
  • the scrambled data stored in the memory requires the correct secret key to be read correctly.
  • the virtual address and process identifier when reading data is different from the virtual address and process identifier when writing data, the scrambled data cannot be read correctly. Therefore, data security can be effectively guaranteed.
  • an embodiment of the present application provides a memory isolation device, and the memory isolation device has the function of realizing the foregoing second aspect or any one of the possible implementation methods of the second aspect.
  • This function can be realized by hardware, or by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above-mentioned functions, such as a receiving module, a processing module, and a storage module.
  • an embodiment of the present application provides a memory isolation device.
  • the memory isolation device includes at least one processor and a memory.
  • the memory stores computer instructions that can run on the processor. When the computer instructions are When the processor executes, the processor executes the method described in the foregoing second aspect or any one of the possible implementation manners of the second aspect.
  • the embodiments of the present application provide a terminal device, which includes at least one processor, a memory, a communication port, a display, and a computer executable instruction stored in the memory and running on the processor.
  • the processor executes the method described in the foregoing second aspect or any one of the possible implementation manners of the second aspect.
  • the embodiments of the present application provide a computer-readable storage medium storing one or more computer-executable instructions.
  • the processor executes the second aspect or The method described in any one of the possible implementations of the second aspect.
  • the embodiments of the present application provide a computer program product (or computer program) that stores one or more computer-executable instructions.
  • the processor executes the foregoing The second aspect or any one of the possible implementation methods of the second aspect.
  • the present application provides a chip system including a processor for supporting terminal devices to implement the functions involved in the above aspects.
  • the chip system further includes a memory, and the memory is used to store necessary program instructions and data of the terminal device.
  • the chip system can be composed of chips, and can also include chips and other discrete devices.
  • the technical effects brought about by the third to eighth aspects or any one of the possible implementation manners may refer to the technical effects brought about by the second aspect or the different possible implementation manners of the second aspect, which will not be repeated here.
  • the memory scrambling unit and the trusted processor are independent of each other, and the data is scrambled according to the process identifier corresponding to each application program. To ensure the safety of the written data. It can realize hardware-level memory security isolation. Since each application program corresponds to one or more processes, and each process corresponds to a unique process identifier, the memory isolation between each process is realized.
  • FIG. 1 is a schematic diagram of an exemplary architecture provided by an embodiment of the application
  • FIG. 2a is a schematic structural diagram of a memory isolation device proposed in an embodiment of the application.
  • 2b is a schematic structural diagram of a memory isolation device proposed in an embodiment of the application.
  • 2c is a schematic structural diagram of a memory isolation device proposed in an embodiment of the application.
  • 2d is a schematic structural diagram of a memory isolation device proposed in an embodiment of the application.
  • FIG. 3 is a schematic diagram of an embodiment of a memory isolation method proposed in an embodiment of the application.
  • FIG. 4 is a schematic diagram of an embodiment of a memory isolation method proposed in an embodiment of the application.
  • FIG. 5 is a schematic diagram of a secret key derivation process according to an embodiment of the application.
  • FIG. 6 is a schematic diagram of an application scenario proposed by an embodiment of the application.
  • FIG. 7 is a schematic flowchart of an application scenario proposed in an embodiment of the application.
  • FIG. 8 is a schematic diagram of an embodiment of a memory isolation device in an embodiment of the application.
  • FIG. 9 is a schematic diagram of another embodiment of a memory isolation device in an embodiment of this application.
  • FIG. 10 is a schematic diagram of an embodiment of a terminal device provided by an embodiment of the application.
  • the embodiments of the present application provide a memory isolation device, a memory isolation method, and related equipment.
  • a memory scrambling unit By adding a memory scrambling unit, the memory scrambling unit and the trusted processor are independent of each other, according to the correspondence of each application program.
  • the process identifier of the data is scrambled. To ensure the safety of the written data. It can realize hardware-level memory security isolation. Since each application program corresponds to one or more processes, and each process corresponds to a unique process identifier, the memory isolation between each process is realized.
  • the service processing method provided in the embodiments of the present application can be applied to terminal devices, which can be referred to as mobile phones, tablet personal computers, laptop computers, digital cameras, and personal digital assistants (personal digital assistants).
  • assistant, PDA personal digital assistants
  • navigation device mobile internet device (mobile internet device, MID), wearable device (wearable device), smart watch, smart bracelet, etc.
  • mobile internet device mobile internet device
  • MID mobile internet device
  • wearable device wearable device
  • smart watch smart bracelet, etc.
  • the system that the terminal device can carry can include Or other operating systems, etc., the embodiment of the present application does not impose any limitation on this.
  • FIG. 1 is a schematic diagram of an exemplary architecture provided by an embodiment of the present application.
  • the terminal device can be logically divided into a hardware layer, an operating system, and an application layer.
  • the hardware layer includes hardware resources such as memory, microcontroller units, modems, Wi-Fi modules, sensors, and positioning modules.
  • the hardware layer can also include system-on-a-chip (SoC).
  • SoC system-on-a-chip
  • the core of the terminal device is the system-on-chip, and the integrated components of the system-on-chip include but are not limited to the following:
  • the central processing unit is the computing core and control unit of a computer or a processor chip.
  • the CPU can be used to execute software instructions.
  • the intelligent engine may also be called an AI (artificial intelligence, artificial intelligence) processor, and the intelligent engine may specifically be a neural-network processing unit (NPU) or a tensor processor.
  • NPU neural-network processing unit
  • tensor processing unit, TPU intelligent processing unit
  • IPU intelligent processing unit
  • GPU graphics processing unit
  • the intelligent engine can be a processing chip running artificial intelligence algorithms, which is usually implemented by application specific integrated circuits (ASIC), field-programmable gate array (FPGA), or GPU implementation is not limited here; for example, the smart engine can adopt a systolic array structure. In this array structure, data is rhythmically distributed among the processing units of the array in a predetermined "pipeline" manner. flow". In the process of data flow, multiple processing units simultaneously process the data flowing through the processing unit in parallel, so the intelligent engine using the systolic array structure can achieve a high parallel processing speed.
  • AI artificial intelligence, artificial intelligence
  • the smart engine includes a register that can store data.
  • the register may be a high-speed storage component with a limited storage capacity.
  • the smart engine can also be externally connected to a register that can store data.
  • Memory management unit Usually user-written applications are oriented to virtual memory.
  • the variable address in the application program is usually a virtual address (virtual address).
  • the memory management unit MMU will map the virtual address to a real physical address (physical address), and then pass the memory The controller accesses the physical address to obtain data.
  • Memory controller uses the memory controller to exchange data between the memory and the CPU.
  • the memory may include the memory required when the program is running.
  • the memory may be random access memory (RAM), and RAM includes double-rate synchronous dynamic random access memory (double data rate, DDR), DDR2, DDR3, DDR4, and the upcoming DDR5 in the future.
  • DDR double-rate synchronous dynamic random access memory
  • the system-on-chip may also include other components, such as a digital signal processor (digital signal process, DSP).
  • DSP refers to a chip capable of implementing digital signal processing technology.
  • the inside of the DSP chip adopts the Harvard structure with separate program and data, has a dedicated hardware multiplier, widely adopts pipeline operation, and provides special DSP instructions, which can be used to quickly implement various digital signal processing algorithms.
  • GPU also known as display core, visual processor, and display chip, is a microprocessor that specializes in image computing on personal computers, workstations, game consoles, and some mobile terminal devices (such as tablet computers, smart phones, etc.). and many more.
  • FIG. 1 only exemplifies the system-on-chip, and the system-on-chip may also integrate components such as memory, sensors, or Wi-Fi modules.
  • the system on chip as shown in FIG. 1 can also integrate fewer components.
  • the system on chip only includes a central processing unit, an intelligent engine, and a memory management unit.
  • the types of components included in the system-on-chip are not limited here.
  • the application layer includes one or more applications (application, APP), which can be any type of application such as social applications, e-commerce applications, browsers, multimedia applications, and navigation applications. It can also be a scene recognition model. And applications such as artificial intelligence algorithms.
  • application as a software middleware between the hardware layer and the application layer, is the system software that manages and controls hardware and software resources.
  • the operating system includes a kernel, a hardware abstraction layer (HAL), a library and runtime, and a framework.
  • the kernel is used to provide underlying system components and services, such as: power management, memory management, thread management, hardware drivers, etc.; hardware drivers include Wi-Fi drivers, sensor drivers, positioning module drivers, etc.
  • the hardware abstraction layer encapsulates the kernel driver, provides an interface to the framework, and shields low-level implementation details.
  • the hardware abstraction layer runs in user space, while the kernel driver runs in kernel space.
  • the library and runtime are also called runtime libraries, which provide the required library files and execution environment for executable programs at runtime.
  • Libraries and runtimes include Android runtime (ART) and libraries.
  • ART is a virtual machine or virtual machine instance that can convert bytecode of an application into machine code.
  • Libraries are program libraries that provide support for executable programs at runtime, including browser engines (such as webkit), script execution engines (such as JavaScript engines), graphics processing engines, and so on.
  • the framework is used to provide various basic public components and services for applications in the application layer, such as window management, location management, and so on.
  • the framework can include phone manager, resource manager, or location manager, etc.
  • the terminal device may include fewer or more components than shown in FIG. 1, and the terminal device shown in FIG. 1 only includes components related to multiple implementations disclosed in the embodiments of the present application. .
  • the memory-isolated device can be partially deployed in the system-on-chip and partly deployed in the hardware layer other than the system-on-chip; the memory-isolated device can also be all deployed in the hardware layer other than the system-on-chip; the memory Isolated devices can also all be deployed in a system-on-chip.
  • the memory isolation device is all deployed on a system-on-chip for example. It should be noted that the specific composition of the memory isolation device in the above-mentioned different deployment methods is similar, and will not be repeated here. Based on the system-on-chip in the system architecture shown in FIG.
  • FIG. 2a is a schematic structural diagram of a memory isolation device according to an embodiment of the application.
  • the memory scrambling unit is used for: when writing data to the memory, scrambling the data written into the memory; when reading data from the memory, descrambling the read data.
  • the memory scrambling unit includes a collection of hardware and firmware, and can be in an independent package form, or can be an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA) Such chips are integrated with other types of chips.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a trusted processor is a general term for a type of central processing unit with security functions.
  • the trusted processor is used to detect the legitimacy of the binding relationship.
  • the specific process please refer to the subsequent embodiments.
  • the trusted processor involved in this application there are specifically two optional implementation methods, which are specifically as follows:
  • TEE trusted execution environment
  • the Trusted Execution Environment is a safe area within the central processing unit.
  • the trusted execution environment runs in an independent environment and runs in parallel with the operating system.
  • the trusted execution environment ensures the confidentiality and integrity of the code and data loaded in the TEE.
  • TEE is more secure than rich execution environment (REE).
  • Trusted applications running in the TEE can access all the functions of the device's central processing unit and memory.
  • the hardware isolation property of the TEE itself protects the TEE from application programs in the main operating system.
  • the implementation of TEE can be supported through the "TrustZone Hardware Technology" of "ARM”.
  • FIG. 2c is a schematic structural diagram of a memory isolation device proposed in an embodiment of the application.
  • the trusted processor includes an original central processing unit and an independent security processor, and the original central processing unit and the security processor jointly implement the functions of the trusted processor.
  • the secure processor refers to a processor with a design that can prevent logical attacks, physical attacks, and application attacks, as well as logical hardware and firmware that exhibits cognitive, immune, configuration, and protection technologies and capabilities.
  • the basic architecture of the secure processor is based on the reconfigurable processor plus trusted computing, computer immune system, physical detection, and cryptographic system.
  • the memory isolation device proposed in the embodiment of the present application specifically includes a smart engine.
  • the intelligent engine is used to read data from the target storage area according to the image processing request of the application, process the data, and write the processed data back to the target storage area; exemplary, when the application has image processing requirements, Send the image processing request (or image processing instruction) and address information to the smart engine.
  • the address information includes the virtual address of the storage area where the data to be processed is stored.
  • the smart engine reads the data to be processed from the area indicated by the address information, and further , The smart engine processes the data to be processed according to the image processing request to obtain processed image data; further, the smart engine writes the processed image data into the storage area indicated by the address information.
  • the smart engine is When reading the data to be processed, a read command can be generated.
  • the read address contained in the read command is the virtual address sent by the application.
  • the intelligent engine obtains the process corresponding to the virtual address from the stored binding relationship based on the virtual address.
  • the smart engine determines the physical address corresponding to the virtual address through the memory management unit.
  • the intelligent engine sends the process identifier and physical address to the memory scrambling unit.
  • the memory scrambling unit derives the key based on the process identifier and the physical address to obtain the descrambling key; the memory scrambling unit is based on the descrambling key
  • the data in the storage area corresponding to the physical address is descrambled.
  • the smart engine successfully obtains the data to be processed; further, the smart engine processes the data to be processed according to the image processing request to obtain the processing
  • the smart engine sends the physical address, processed data, and process identifier to the memory scrambling unit.
  • the memory scrambling unit derives a scrambling key based on the physical address and the process identifier, scrambles the processed data based on the scrambling key, and writes the scrambled data back to the target storage area .
  • the central processing unit can also send the data to the memory scrambling unit, and the memory scrambling unit scrambles the data and then writes it to the target storage area, or sends the read address to the memory scrambling unit ,
  • the memory scrambling unit descrambles the data and reads the descrambled data.
  • FIG. 2d is a schematic structural diagram of a memory isolation device proposed in an embodiment of this application.
  • the smart engine is connected to the smart engine MMU
  • the central processing unit is connected to the central processing unit MMU
  • the security processor is connected to the security processor MMU (not shown in the figure).
  • the central processing unit or security processor
  • the central processing unit (or security processor) MMU obtains the physical address corresponding to the read and write operation, and the memory scrambling unit scrambles the data involved in the read and write operation Or descrambling, the specific method is similar to that of the smart engine executing the read and write operation instructions output by the trusted processor, and will not be repeated here.
  • the memory isolation method proposed by the embodiment of the present application is introduced with reference to the accompanying drawings.
  • the memory isolation method proposed in the embodiment of the present application specifically involves two stages of data reading and data writing. The descriptions are made separately below.
  • FIG. 3 is a schematic diagram of an embodiment of a memory isolation method proposed in an embodiment of this application.
  • the memory isolation method proposed in this application includes:
  • a process identifier is allocated to the first application.
  • the first application is taken as an example for description.
  • the first application program is any application program running in the terminal device.
  • the operating system assigns a process identifier (PID) to the first application program.
  • PID process identifier
  • the first application program corresponds to one or more processes, and the operating system assigns a unique process identifier to each process.
  • the allocated process identifier is called the first process identifier.
  • the first process identifier is 80.
  • the first application program runs on a trusted processor. It should be noted that either the first application program is running on the TEE (or secure processor) of the trusted processor, or the first application program is running on the REE (or central processing unit) of the trusted processor. ⁇ ), not limited here.
  • the first application program also applies for a virtual address from the operating system, and the first application program uses the applied virtual address as a destination address for read and write operations.
  • the first application program applies to the operating system for a virtual address, and the operating system allocates the first virtual address to the first application program.
  • the first application program applies for a binding relationship.
  • the trusted processor when the first application is started, it also needs to apply to the trusted processor for a binding relationship, and the binding relationship specifically refers to the correspondence between a virtual address and a process identifier. Take the first binding relationship applied for by the first application program as the corresponding relationship between the first virtual address and the first process identifier as an example for description. After receiving the first process identifier and the first virtual address, the trusted processor detects whether the first virtual address only corresponds to the first process identifier. Specifically, from the binding relationship set stored by the terminal device, it is detected whether the first virtual address is bound to other process identifiers other than the first process identifier, and the binding relationship set includes multiple sets of binding relationships.
  • Each virtual address applied for by the same application is uniquely bound with a process identifier corresponding to the application. If the first virtual address only corresponds to the first process identifier, the trusted processor determines that the binding relationship between the first process identifier and the first virtual address is legal, and obtains the first binding relationship.
  • the trusted processor determines that the first binding relationship is illegal, and the first application application fails.
  • the trusted processor determines that the first binding relationship is legal, that is, in the binding relationship set, the process identifier bound to the first virtual address is not found, or the process identifier bound to the first virtual address is found. The first process identifier. Then the trusted processor stores the first binding relationship, and the first binding relationship serves as a subset of the binding relationship set.
  • the binding relationship can be stored in a register of the smart engine, or stored in a register connected to the smart engine.
  • the binding relationship set can be stored in the register of the smart engine in the form of an address table, as shown in Table 1:
  • Binding relationship Virtual address Process identifier First binding relationship 0x20000000 80 Second binding relationship 0x30000000 80 Third binding relationship 0x40000000 90
  • the binding relationship can also be applied to the trusted processor by the driver software.
  • the first application program initiates a read and write operation request, and needs to apply to the driver to call the binding relationship.
  • the first application uses the binding relationship of the call to initiate read and write operations.
  • the first application program needs to write the first data.
  • a trusted processor running the first application program instructs the smart engine to initiate a write operation.
  • the trusted processor sends the first data that needs to be written to the smart engine through the bus, and the destination address for writing the first data: the first virtual address.
  • the smart engine obtains the first process identifier corresponding to the first virtual address based on the stored first binding relationship and the received first virtual address.
  • the smart engine sends the first virtual address to the memory management unit MMU, and the memory management unit maps the first virtual address to the corresponding first physical address.
  • the memory management unit maps the first virtual address to the first physical address, and the specific steps are as follows: the memory management unit stores a virtual address-to-physical address mapping record, and the mapping record may be recorded in the MMU page table format. In the memory management unit, after receiving the first virtual address, the memory management unit searches the MMU page table for the physical address corresponding to the first virtual address, and the determined physical address is called the first physical address.
  • the smart engine sends the first physical address, the first data, and the first process identifier to the memory scrambling unit.
  • the memory scrambling unit after the memory scrambling unit receives the first physical address, the first data, and the first process identifier from the smart engine through the bus, it derives the secret key based on the first process identifier and the first physical address to generate the first physical address, the first data, and the first process identifier.
  • a key the secret key derivation includes a variety of different methods.
  • MD5 Message-Digest Algorithm MD5 Message-Digest Algorithm
  • the generated length is 128 bits (binary digit).
  • BIT bit
  • AES advanced encryption standard
  • DES data encryption standard
  • TDEA triple data encryption algorithm
  • RSA algorithm RSA algorithm
  • FIG. 5 is a secret key proposed in this embodiment of the application. Schematic diagram of the derived process.
  • step D1 the memory scrambling unit uses a cyclic redundancy check algorithm (cyclic redundancy check, CRC) to generate a random number.
  • CRC cyclic redundancy check
  • the bit width of the generated random number may be 32 bits (bit).
  • the random number generated in step D1 can be referred to as the first random number.
  • any of the following algorithms can also be used to generate random numbers: TDEA algorithm, Blowfish algorithm, RC5 algorithm, or international data encryption algorithm (IDEA), etc.
  • the terminal equipment updates the random number every interval. For example, every time the terminal device is powered on or reset, the memory scrambling unit updates the random number once.
  • step D2 after generating a random number (first random number), the memory scrambling unit uses the random number to expand the process identifier. Specifically, the first random number and the process identifier are used to generate the expanded process identifier.
  • the bit width of the expanded process identifier is at least 32 bits (bit).
  • a random number is used to expand the first process identifier to generate the expanded first process identifier.
  • step D3 the memory scrambling unit uses the expanded process identifier, random number, and physical address to derive a secret key to generate a secret key, and a variety of different encryption algorithms can be used for secret key derivation.
  • the random number used when deriving the secret key can be either the first random number generated in step D1 or other random numbers.
  • the bit width of the random number used in step D3 may be 64 bits wide. Taking the embodiment corresponding to FIG. 3 as an example, the memory scrambling unit derives a secret key based on the expanded first process identifier, random number, and first physical address to generate the first secret key.
  • the secret key is derived based on the random number, the process identifier and the physical address, so that the generated secret key has higher security.
  • various secret key derivation methods may also be used in the embodiment of the present application to derive the secret key of the process identifier and the physical address. For example: 1. Directly use the process identifier and physical address for secret key derivation; 2. Use the random number to expand the process identifier to generate the expanded process identifier, then use the expanded process identifier and physical address for secret Key derivation; 3. Use random numbers to expand the physical address to generate an expanded process identifier, use the expanded process identifier and process identifier to derive the key, and so on. There is no limitation here.
  • the memory scrambling unit when the memory scrambling unit derives the secret key based on the first process identifier, the first physical address and the random number, and generates the first secret key.
  • the memory scrambling unit uses the first secret key to scramble the first data to generate scrambled second data.
  • the second data needs to be descrambled with the first secret key before the correct information can be read.
  • the memory controller writes the second data into the storage area corresponding to the first physical address based on the second data generated by the memory scrambling unit and the first physical address.
  • the storage area corresponding to the first physical address is the first memory block in the memory. Then the memory controller writes the second data into the first memory block.
  • the terminal device introduces a memory scrambling unit to scramble the data according to the process identifier corresponding to each application program.
  • the data is scrambled based on an independent memory scrambling unit, which can realize hardware-level memory security isolation. Since each application program corresponds to one or more processes, each process corresponds to a unique process identifier. Because different processes are configured with different process identifiers, different processes cannot read the scrambled data from each other, which realizes memory isolation between each process. At the same time, without the need to create a two-level address mapping table, memory isolation between various processes is realized, and the complexity of memory management is effectively reduced under the premise of ensuring data security.
  • the smart engine checks whether the binding relationship applied by each application is legal, that is, each virtual address applied for by the same application is uniquely bound with a process identifier corresponding to the application. Under the premise of legality, store the binding relationship. When the application needs to write data, the smart engine obtains the process identifier corresponding to the virtual address according to the virtual address and the binding relationship. The security of the source of the process identifier is guaranteed. Further improve the security of memory isolation.
  • FIG. 4 is a schematic diagram of an embodiment of a memory isolation method proposed in an embodiment of this application.
  • the memory isolation method proposed in this application includes:
  • a trusted processor running the application program instructs the smart engine to initiate a read operation. Specifically, the trusted processor sends the first read address to the smart engine. The smart engine obtains the second process identifier corresponding to the first read address based on the binding relationship set stored in the smart engine register and the first read address. The smart engine sends the first read address to the memory management unit MMU, and the memory management unit maps the first read address to the corresponding second physical address.
  • the memory management unit maps the first read address to the second physical address.
  • the specific method is similar to step 303, and will not be repeated here.
  • the smart engine sends the second physical address and the second process identifier to the memory scrambling unit.
  • the memory scrambling unit derives a secret key based on the second process identifier and the second physical address, and the generated secret key is called the second secret key.
  • the specific key derivation method is similar to the aforementioned step 304, and will not be repeated here.
  • the memory controller reads data from the storage area corresponding to the second physical address.
  • the memory scrambling unit uses the second secret key to descramble the data.
  • the data can be descrambled correctly and read successfully The scrambled data.
  • the read operation is a legal operation. Since different processes have different process identifiers, after scrambling the data based on the process identifier uniquely bound to the process, only the read operation with the same identifier can correctly read the data written by the process. Therefore, cross-access data between different processes is avoided, data isolation between different processes is realized, and the security of memory isolation is improved.
  • the first read address when the first read address is consistent with the first virtual address, and the second process identifier is consistent with the first process identifier, the first read address mapped to the first If the physical address is consistent with the second physical address mapped by the first virtual address, the second secret key can successfully descramble the second data generated after the first secret key is scrambled.
  • the scrambled data stored in the memory can be read correctly only if the correct secret key is used.
  • the scrambled data cannot be read correctly. Therefore, data security can be effectively guaranteed.
  • FIG. 6 is the application scenario proposed in this embodiment of the application.
  • FIG. 7 is a schematic flowchart of an application scenario proposed in an embodiment of this application.
  • the trusted processor includes a central processor and a security processor that are independent of each other (the hardware structure shown in Figure 2c).
  • the first application program and the second application program run on the central processing unit.
  • the first application program is "camera”
  • the first application program is used to obtain an image through an image sensor, and the image is called a first image (without image processing);
  • the first application program has a "meitu "Function, when the first application uses the "Meitu” function, the first application instructs the smart engine to process the image in the terminal device, for example, instructs the smart engine to process the first image to generate the second image (Image after image processing).
  • step 701 first, when the first application program is started, the operating system respectively allocates a corresponding process identifier and virtual address to the first application program. For example, in FIG. 6, a first process identifier (PID1) and a first virtual address are allocated to a first application program.
  • the first virtual address is a virtual address segment, and the first virtual address corresponds to memory block 1 in the memory.
  • the first application program applies to the security processor for a binding relationship.
  • the first application program sends PID1 and the first virtual address to the security processor through a software interface and driver.
  • the security processor obtains the stored binding relationship set from the register (not shown in the figure) connected to the smart engine, and based on the binding relationship set, detects whether the first virtual address only corresponds to PID1 (or is not bound to other process identifiers) symbol). If the first virtual address only corresponds to the first process identifier, the security processor determines that the binding relationship between PID1 and the first virtual address is legal, and obtains the first binding relationship.
  • the security processor When the security processor obtains the first binding relationship, the security processor sends the first binding relationship to the smart engine, and the smart engine stores the first binding relationship in a register, and the first binding relationship serves as the binding relationship. A subset of the set of defined relations.
  • the second application application binding relationship is similar to the first application application binding relationship, and will not be repeated here.
  • step 703 after the first application acquires the first image through the image sensor, the user instructs the first application to perform "beauty" processing on the first image.
  • the first application program needs to process the first image to generate the second image.
  • the first image needs to be stored in the first virtual address.
  • the first application program sends the data (first data) corresponding to the first image and the destination address (first virtual address) of the first data to the smart engine through a software interface and a driver.
  • the smart engine After the smart engine receives the first virtual address and the first data, it obtains the first process identifier (PID1) corresponding to the first virtual address through the binding relationship set, and maps the first virtual address through the memory management unit to obtain the first physical address.
  • PID1 first process identifier
  • the smart engine sends the first physical address, PID1 and first data (first image) to the memory scrambling unit through the memory management unit.
  • first image first data
  • the first image is scrambled by the memory scrambling unit and then written into the memory block 1. In this case, there is no need to pass through Smart engine.
  • the memory scrambling unit generates the first secret key based on the first physical address and PID1, and the specific method for deriving the secret key is similar to the aforementioned step 304, and will not be repeated here.
  • the memory scrambling unit uses the first secret key to process the first image to generate scrambled second data, which is stored in the memory block 1 through the memory controller.
  • step 704 since the first application program also needs to process the first image, a second image is generated. Therefore, the first application program instructs the smart engine to read the first image stored in the memory block 1.
  • the details are as follows: the first application program sends a sum processing instruction and a first virtual address to the smart engine, the first virtual address is used to indicate the address of the storage area where the first image is stored, and the processing instruction is used to instruct the smart engine to What processing is performed on an image; the smart engine obtains PID1 corresponding to the first virtual address from the stored binding relationship according to the first virtual address, and maps the first virtual address to the first physical address based on the MMU; further, The intelligent engine sends PID1 and the first physical address to the memory scrambling unit, the memory scrambling unit derives the secret key, and uses the secret key to descramble the second data in the memory block 1 to obtain the first image (the first image).
  • One data ).
  • the smart engine processes the first image based on the processing instructions, and after generating the second image, the smart engine can write the second image back to the memory block 1.
  • the details are as follows: the second image, the first physical address and PID1 are sent to the memory scrambling unit.
  • the memory scrambling unit derives the secret key based on the first physical address and PID1, and scrambles the second image.
  • the memory controller stores the scrambled second image in the memory block 1 corresponding to the first physical address.
  • the storage area (memory block 1) allocated to the first application program can only be used by the first application program, and the data stored in the memory block 1 can only be used by the first application program.
  • the key is scrambled, and the key is derived based on PID1 and the first physical address. Therefore, only the first application program can read the data stored in the memory block 1 correctly. For example, if the process identifier assigned by the second application program is PID2, and the virtual address is the second virtual address, the second application program cannot generate a secret key that can read the memory block 1.
  • the above-mentioned memory isolation device includes hardware structures and/or software modules corresponding to each function.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
  • the embodiment of the present application may divide the memory isolation device into functional modules according to the foregoing method examples.
  • each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software function modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • FIG. 8 is a schematic diagram of an embodiment of the memory isolation device in the embodiment of this application.
  • the memory isolation device 80 includes:
  • the receiving module 801 is configured to receive a first process identifier, a first physical address, and first data, where the first process identifier corresponds to the first application program, and the first physical address is the first application program The physical address corresponding to the virtual address, and the first data is data to be written into the storage area by the first application;
  • the processing module 802 is configured to derive a secret key based on the first process identifier and the first physical address received by the receiving module 801, and generate a first secret key;
  • the processing module 802 is further configured to use the first secret key to scramble the first data to generate second data;
  • the processing module 802 is further configured to write the second data into the storage area corresponding to the first physical address.
  • the storage area corresponding to the first physical address is located in the storage module 803.
  • the receiving module 801 is further configured to receive the first process identifier and the first virtual address
  • the processing module 802 is further configured to bind the first process identifier received by the receiving module 801 and the first virtual address to obtain the first binding relationship.
  • the storage module 803 is also configured to store the first binding relationship obtained by the processing module 802.
  • the processing module 802 includes a register, and the first binding relationship is stored in the register of the processing module 802.
  • the memory isolation device further includes a sending module 804;
  • the processing module 802 is further configured to map the first virtual address received by the receiving module 801 to the first physical address;
  • the processing module 802 is further configured to obtain the first process identifier corresponding to the first virtual address based on the first binding relationship stored by the storage module 803;
  • the sending module 804 is configured to send the first process identifier, the first physical address, and the first data.
  • the processing module 802 is further configured to check whether the first virtual address received by the receiving module 801 only corresponds to the first process identifier;
  • the processing module 802 is further configured to determine that the first binding relationship is legal when the first virtual address only corresponds to the first process identifier, and store the first binding relationship.
  • the processing module 802 is specifically configured to derive a secret key based on the first process identifier, the first physical address, and a random number to generate the first secret key.
  • the processing module 802 is specifically configured to use a random number to expand the first process identifier to generate the expanded first process identifier;
  • the processing module 802 is specifically configured to derive a secret key based on the expanded first process identifier, the first physical address, and the random number generated by the processing module 802 to generate the first secret key.
  • the receiving module 801 is further configured to receive a first read address, where the first read address is a virtual address;
  • the processing module 802 is further configured to obtain the second process identifier corresponding to the first read address based on the binding relationship set and the first read address received by the receiving module 801; the binding relationship set includes multiple sets of binding relationships, and the same application Each virtual address requested by the program is uniquely bound to a process identifier corresponding to the application;
  • the processing module 802 is further configured to map the first read address received by the receiving module 801 to a second physical address;
  • the processing module 802 is further configured to derive a secret key based on the second process identifier and the second physical address obtained by the processing module 802 to generate a second secret key;
  • the processing module 802 is further configured to descramble the data stored in the storage area corresponding to the second physical address based on the second secret key generated by the processing module 802.
  • the processing module 802 is further configured to derive a secret key based on the first process identifier, the second physical address, and a random number to generate a second secret key.
  • the processing module 802 is specifically configured to use a random number to expand the second process identifier to generate an expanded second process identifier
  • the processing module 802 is specifically configured to derive the key based on the expanded second process identifier, the second physical address, and the random number generated by the processing module 802 to generate the second key.
  • the memory isolation device 80 scrambles the data according to the process identifier corresponding to each application program. To ensure the safety of the written data. Since each application program corresponds to one or more processes, each process corresponds to a unique process identifier. Because different processes are configured with different process identifiers, different processes cannot read the scrambled data from each other, which realizes memory isolation between each process. At the same time, without the need to create a two-level address mapping table, memory isolation between various processes is realized, and the complexity of memory management is effectively reduced under the premise of ensuring data security.
  • FIG. 9 is a schematic diagram of another embodiment of the memory isolation device in the embodiment of the present application.
  • the memory isolation device 90 includes:
  • the memory isolation device 90 includes: a memory scrambling unit 901 and a memory controller 902;
  • the memory scrambling unit 901 is configured to receive the first process identifier, the first physical address, and the first data transmitted by the bus, where the first process identifier corresponds to the first application program, and the first physical address is the first application program The physical address corresponding to the applied first virtual address, and the first data is data to be written into the storage area by the first application;
  • the memory scrambling unit 901 is further configured to derive a secret key based on the first process identifier and the first physical address to generate a first secret key;
  • the memory scrambling unit 901 is further configured to use the first secret key to scramble the first data to generate second data;
  • the memory controller 902 is configured to write the second data into the storage area corresponding to the first physical address.
  • the memory isolation device 90 further includes: a trusted processor 903 and a smart engine 904;
  • the trusted processor 903 is configured to receive the first process identifier and the first virtual address
  • the trusted processor 903 is further configured to bind the first process identifier and the first virtual address to obtain the first binding relationship;
  • the trusted processor 903 is also configured to store the first binding relationship in a register of the smart engine 904.
  • the memory isolation device 90 further includes: a memory management unit MMU905;
  • the memory management unit MMU905 is used to map the first virtual address to the first physical address
  • the smart engine 904 is configured to obtain the first process identifier corresponding to the first virtual address based on the first binding relationship, and send the first physical address, the first process identifier, and the first data to the memory scrambling unit 901.
  • the trusted processor 903 is further configured to check whether the first virtual address only corresponds to the first process identifier
  • the trusted processor 903 is further configured to determine that the first binding relationship is valid when the first virtual address only corresponds to the first process identifier, and store the first binding relationship in the register of the smart engine 904.
  • the memory scrambling unit 901 is specifically configured to:
  • the secret key is derived based on the first process identifier, the first physical address and the random number, and the first secret key is generated.
  • the memory scrambling unit 901 is specifically configured to:
  • the secret key is derived based on the expanded first process identifier, the first physical address and the random number, and the first secret key is generated.
  • a binding relationship set is stored in the register of the smart engine 904, and the binding relationship set includes multiple sets of binding relationships.
  • Each virtual address applied for by the same application program corresponds to an application program.
  • the smart engine 904 is also used to receive a first read address, where the first read address is a virtual address;
  • the smart engine 904 is further configured to obtain a second process identifier corresponding to the first read address based on the binding relationship set and the first read address;
  • MMU905 used to map the first read address to the second physical address
  • the smart engine 904 is further configured to send the second process identifier and the second physical address to the memory scrambling unit 901;
  • the memory scrambling unit 901 is further configured to derive a secret key based on the second process identifier and the second physical address to generate a second secret key;
  • the memory scrambling unit 901 is further configured to descramble the data stored in the storage area corresponding to the second physical address based on the second secret key.
  • the memory scrambling unit 901 is specifically configured to derive a secret key based on the second process identifier, the second physical address and the random number to generate the second secret key.
  • the memory scrambling unit 901 is specifically configured to:
  • the secret key is derived based on the expanded second process identifier, the second physical address and the random number, and the second secret key is generated.
  • FIG. 10 is a schematic diagram of an embodiment of a terminal device provided by an embodiment of the application.
  • the terminal device includes: a radio frequency (RF) circuit 1010, a memory 1020, an input unit 1030, a display unit 1040, a sensor 1050, an audio circuit 1060, a wireless fidelity (WiFi) module 1070, a processor 1080, and power supply 1090 and other components.
  • RF radio frequency
  • a memory 1020 the terminal device includes: a radio frequency (RF) circuit 1010, a memory 1020, an input unit 1030, a display unit 1040, a sensor 1050, an audio circuit 1060, a wireless fidelity (WiFi) module 1070, a processor 1080, and power supply 1090 and other components.
  • WiFi wireless fidelity
  • the RF circuit 1010 can be used for receiving and sending signals during the process of sending and receiving information or talking. In particular, after receiving the downlink information of the base station, it is processed by the processor 1080; in addition, the designed uplink data is sent to the base station.
  • the RF circuit 1010 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (LNA), a duplexer, and the like.
  • the RF circuit 1010 can also communicate with the network and other devices through wireless communication.
  • the above-mentioned wireless communication can use any communication standard or protocol, including but not limited to Global System of Mobile Communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division) Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), Email, Short Messaging Service (SMS), etc.
  • GSM Global System of Mobile Communication
  • GPRS General Packet Radio Service
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • Email Short Messaging Service
  • the memory 1020 may be used to store software programs and modules.
  • the processor 1080 executes various functional applications and data processing of the terminal device by running the software programs and modules stored in the memory 1020.
  • the memory 1020 may mainly include a program storage area and a data storage area.
  • the program storage area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.;
  • the data (such as audio data, phone book, etc.) created by the use of the terminal device, etc.
  • the memory 1020 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
  • the input unit 1030 can be used to receive inputted number or character information, and generate key signal input related to user settings and function control of the terminal device.
  • the input unit 1030 may include a touch panel 1031 and other input devices 1032.
  • the touch panel 1031 also called a touch screen, can collect user touch operations on or near it (for example, the user uses any suitable objects or accessories such as fingers, stylus, etc.) on the touch panel 1031 or near the touch panel 1031. Operation), and drive the corresponding connection device according to the preset program.
  • the touch panel 1031 may include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the user's touch position, detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and then sends it To the processor 1080, and can receive and execute the commands sent by the processor 1080.
  • the touch panel 1031 can be implemented in multiple types such as resistive, capacitive, infrared, and surface acoustic wave.
  • the input unit 1030 may also include other input devices 1010.
  • the other input device 1010 may include, but is not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackball, mouse, and joystick.
  • the display unit 1040 may be used to display information input by the user or information provided to the user and various menus of the terminal device.
  • the display unit 1040 may include a display panel 1041.
  • the display panel 1041 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), etc.
  • the touch panel 1031 can cover the display panel 1041. When the touch panel 1031 detects a touch operation on or near it, it is sent to the processor 1080 to determine the type of the touch event, and then the processor 1080 responds to the touch event. The type provides corresponding visual output on the display panel 1041.
  • the touch panel 1031 and the display panel 1041 are used as two independent components to implement the input and input functions of the terminal device, in some embodiments, the touch panel 1031 and the display panel 1041 can be integrated And realize the input and output functions of terminal equipment.
  • the terminal device may also include at least one sensor 1050, such as a light sensor, a motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor.
  • the ambient light sensor can adjust the brightness of the display panel 1041 according to the brightness of the ambient light.
  • the proximity sensor can close the display panel 1041 and the display panel 1041 when the terminal device is moved to the ear. / Or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in various directions (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used for applications that recognize the posture of the terminal device (such as horizontal and vertical screen switching, Related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.; as for the terminal equipment can also be configured with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc., here No longer.
  • the audio circuit 1060, the speaker 1061, and the microphone 1062 can provide an audio interface between the user and the terminal device.
  • the audio circuit 1060 can transmit the electric signal after the conversion of the received audio data to the speaker 1061, which is converted into a sound signal by the speaker 1061 for output; on the other hand, the microphone 1062 converts the collected sound signal into an electric signal, and the audio circuit 1060 After being received, it is converted into audio data, and then processed by the audio data output processor 1080, and then sent to another terminal device via the RF circuit 1010, or the audio data is output to the memory 1020 for further processing.
  • WiFi is a short-distance wireless transmission technology.
  • terminal devices can help users send and receive emails, browse web pages, and access streaming media. It provides users with wireless broadband Internet access.
  • FIG. 10 shows the WiFi module 1070, it is understandable that it is not a necessary component of the terminal device and can be omitted as required.
  • the processor 1080 is the control center of the terminal device. It uses various interfaces and lines to connect various parts of the entire terminal device. It runs or executes software programs and/or modules stored in the memory 1020, and calls data stored in the memory 1020. , Perform various functions of the terminal equipment and process data, so as to monitor the terminal equipment as a whole.
  • the processor 1080 may include one or more processing units; preferably, the processor 1080 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, application programs, etc. , The modem processor mainly deals with wireless communication. It is understandable that the foregoing modem processor may not be integrated into the processor 1080.
  • the processor 1080 is configured to: receive a first process identifier, a first physical address, and first data, where the first process identifier corresponds to a first application program, and the first physical address is The physical address corresponding to the first virtual address applied for by the first application, and the first data is data to be written into the storage area by the first application;
  • the second data is written into the storage area corresponding to the first physical address.
  • processor 1080 is also used for:
  • processor 1080 is also used for:
  • processor 1080 is also used for:
  • the first binding relationship is legal, and the first binding relationship is stored.
  • processor 1080 is specifically configured to:
  • a secret key is derived based on the first process identifier, the first physical address, and a random number, and the first secret key is generated.
  • processor 1080 is specifically configured to:
  • processor 1080 is also used for:
  • the binding relationship set includes multiple sets of binding relationships, and each virtual application applied for by the same application The addresses are uniquely bound with a process identifier corresponding to the application program;
  • processor 1080 is specifically configured to:
  • a secret key is derived based on the first process identifier, the second physical address, and the random number to generate the second secret key.
  • processor 1080 is specifically configured to:
  • a secret key is derived based on the expanded second process identifier, the second physical address, and the random number to generate the second secret key.
  • the terminal device also includes a power supply 1090 (such as a battery) for supplying power to various components.
  • a power supply 1090 (such as a battery) for supplying power to various components.
  • the power supply can be logically connected to the processor 1080 through a power management system, so that functions such as charging, discharging, and power management are realized through the power management system.
  • the terminal device may also include a camera, a Bluetooth module, etc., which will not be repeated here.
  • the present application also provides a chip system, which includes a processor, which is used to support the aforementioned terminal device to realize its related functions, for example, to receive or process the data involved in the aforementioned method embodiment.
  • the chip system further includes a memory, and the memory is used to store necessary program instructions and data of the terminal device.
  • the chip system can be composed of chips, or include chips and other discrete devices.
  • a computer-readable storage medium stores computer-executable instructions.
  • the device executes the above-mentioned figure. The method described in the part of the embodiment from 3 to 7.
  • a computer program product in another embodiment, includes computer-executable instructions, and the computer-executable instructions are stored in a computer-readable storage medium; at least one processor of the device can be accessed from a computer
  • the read storage medium reads the computer-executed instruction, and at least one processor executes the computer-executed instruction to make the device execute the method described in the above-mentioned partial embodiments of FIGS. 3 to 7.
  • the device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physically separate.
  • the physical unit can be located in one place or distributed across multiple network units. Some or all of the modules can be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the connection relationship between the modules indicates that they have a communication connection between them, which can be specifically implemented as one or more communication buses or signal lines.
  • this application can be implemented by means of software plus necessary general hardware.
  • it can also be implemented by dedicated hardware including dedicated integrated circuits, dedicated CPUs, dedicated memory, Dedicated components and so on to achieve.
  • all functions completed by computer programs can be easily implemented with corresponding hardware.
  • the specific hardware structures used to achieve the same function can also be diverse, such as analog circuits, digital circuits or special-purpose circuits. Circuit etc.
  • software program implementation is a better implementation in more cases.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a readable storage medium, such as a computer floppy disk. , U disk, mobile hard disk, ROM, RAM, magnetic disk or optical disk, etc., including several instructions to make a computer device execute the method described in each embodiment of this application.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be from a website, a computer, or a memory-isolated device , Computing equipment or data center through wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, memory isolation device, computing equipment Or data center for transmission.
  • the computer-readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a training device or a data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • one embodiment or “an embodiment” mentioned throughout the specification means that a specific feature, structure, or characteristic related to the embodiment is included in at least one embodiment of the present application. Therefore, the appearances of "in one embodiment” or “in an embodiment” in various places throughout the specification do not necessarily refer to the same embodiment. In addition, these specific features, structures or characteristics can be combined in one or more embodiments in any suitable manner. It should be understood that in the various embodiments of the present application, the size of the sequence number of the above-mentioned processes does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not correspond to the embodiments of the present application. The implementation process constitutes any limitation.
  • system and “network” in this article are often used interchangeably in this article.
  • the term “and/or” in this article is only an association relationship describing the associated objects, which means that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, exist alone B these three situations.
  • the character "/" in this text generally indicates that the associated objects before and after are in an "or” relationship.
  • B corresponding to A means that B is associated with A, and B can be determined according to A.
  • determining B based on A does not mean that B is determined only based on A, and B can also be determined based on A and/or other information.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are merely illustrative, for example, the division of units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated. To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium.
  • Including several instructions to make a computer device (which can be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods in the various embodiments of the present application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention se rapporte à un procédé d'isolation de mémoire, à un procédé d'isolation de mémoire et à un dispositif apparenté. L'appareil comprend : une unité de brouillage de mémoire et un dispositif de commande de mémoire. L'unité de brouillage de mémoire est utilisée pour recevoir un premier identifiant de processus, une première adresse physique et des premières données ; l'unité de brouillage de mémoire est en outre utilisée pour effectuer une dérivation de clé secrète sur la base du premier identifiant de processus et de la première adresse physique pour générer une première clé secrète ; l'unité de brouillage de mémoire est en outre utilisée pour brouiller les premières données en utilisant la première clé secrète pour générer des secondes données. Le dispositif de commande de mémoire est utilisé pour écrire les secondes données dans une zone de stockage correspondant à la première adresse physique. Selon des modes de réalisation de la présente invention, des données sont brouillées au moyen d'une unité de brouillage de mémoire indépendante selon l'identifiant de processus correspondant à chaque application. Une isolation de sécurité de mémoire au niveau du matériel peut être obtenue. La sécurité des données est améliorée.
PCT/CN2020/130419 2019-11-21 2020-11-20 Appareil d'isolation de mémoire, procédé d'isolation de mémoire et dispositif apparenté WO2021098823A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911149698.2 2019-11-21
CN201911149698.2A CN112825041A (zh) 2019-11-21 2019-11-21 一种内存隔离的装置、内存隔离方法和相关设备

Publications (1)

Publication Number Publication Date
WO2021098823A1 true WO2021098823A1 (fr) 2021-05-27

Family

ID=75907349

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/130419 WO2021098823A1 (fr) 2019-11-21 2020-11-20 Appareil d'isolation de mémoire, procédé d'isolation de mémoire et dispositif apparenté

Country Status (2)

Country Link
CN (1) CN112825041A (fr)
WO (1) WO2021098823A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113268353A (zh) * 2021-06-11 2021-08-17 海光信息技术股份有限公司 一种提供可信内存的方法、装置、处理器芯片和电子设备
CN114115732A (zh) * 2021-11-10 2022-03-01 深圳Tcl新技术有限公司 数据处理方法、装置及系统
CN116150740B (zh) * 2023-04-17 2023-12-12 杭州鸿钧微电子科技有限公司 资源隔离方法、装置、芯片系统及电子设备

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034972A (zh) * 2006-02-15 2007-09-12 耶德托存取公司 提供加扰内容的方法和系统
CN106062768A (zh) * 2014-02-28 2016-10-26 超威半导体公司 处理系统中信息的密码保护
CN109214219A (zh) * 2017-07-01 2019-01-15 英特尔公司 用于使用压缩加密进行的存储器重放防止的技术
CN109844751A (zh) * 2016-10-19 2019-06-04 超威半导体公司 处理系统中的直接存储器访问授权
US10326744B1 (en) * 2016-03-21 2019-06-18 EMC IP Holding Company LLC Security layer for containers in multi-tenant environments
US10404674B1 (en) * 2017-02-28 2019-09-03 Amazon Technologies, Inc. Efficient memory management in multi-tenant virtualized environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034972A (zh) * 2006-02-15 2007-09-12 耶德托存取公司 提供加扰内容的方法和系统
CN106062768A (zh) * 2014-02-28 2016-10-26 超威半导体公司 处理系统中信息的密码保护
US10326744B1 (en) * 2016-03-21 2019-06-18 EMC IP Holding Company LLC Security layer for containers in multi-tenant environments
CN109844751A (zh) * 2016-10-19 2019-06-04 超威半导体公司 处理系统中的直接存储器访问授权
US10404674B1 (en) * 2017-02-28 2019-09-03 Amazon Technologies, Inc. Efficient memory management in multi-tenant virtualized environment
CN109214219A (zh) * 2017-07-01 2019-01-15 英特尔公司 用于使用压缩加密进行的存储器重放防止的技术

Also Published As

Publication number Publication date
CN112825041A (zh) 2021-05-21

Similar Documents

Publication Publication Date Title
WO2021098823A1 (fr) Appareil d'isolation de mémoire, procédé d'isolation de mémoire et dispositif apparenté
US10078599B2 (en) Application access control method and electronic apparatus implementing the same
EP2975528A1 (fr) Dispositif électronique et procédé de gestion de la mémoire d'un tel dispositif
WO2021036706A1 (fr) Procédé d'opération d'application de confiance et procédé et appareil de traitement d'informations et d'attribution de mémoire
WO2018228199A1 (fr) Procédé d'autorisation et dispositif associé
KR102224553B1 (ko) 키 저장 방법, 키 관리 방법 및 디바이스
JP2016517241A (ja) ストレージデバイスによって支援されるインライン暗号化および暗号化解除
WO2020238248A1 (fr) Procédé de stockage de données, appareil et dispositif
US20150128068A1 (en) Method for operating message application and electronic device implementing the same
WO2018201991A1 (fr) Procédé de traitement de données, système, appareil, support d'informations et dispositif
JP2017091543A (ja) マルチプロセッサによって共有されるメモリを含むマルチプロセッサシステム、及び該システムの動作方法
WO2020042769A1 (fr) Procédé et appareil de transmission d'informations d'image, et support de stockage et dispositif électronique
TW201942784A (zh) 資料加密、解密方法及裝置
US20190296893A1 (en) Techniques for cipher system conversion
WO2021022729A1 (fr) Procédé et appareil d'attribution de permissions racine, support de stockage, et dispositif terminal
WO2021135574A1 (fr) Procédé et appareil de stockage de données, et équipement terminal
US20210034763A1 (en) Splitting Sensitive Data and Storing Split Sensitive Data in Different Application Environments
WO2022161182A1 (fr) Procédé et appareil informatiques de confiance basés sur un flux de données
KR102180529B1 (ko) 어플리케이션 접근 제어 방법 및 이를 구현하는 전자 장치
WO2020134833A1 (fr) Procédé, dispositif, équipement et système de partage de données
US10897355B2 (en) Electronic device and method for operating the same
KR102240526B1 (ko) 전자 장치의 컨텐츠 다운로드 방법 및 그 전자 장치
US10740252B2 (en) Serial peripheral interface filter for processor security
US10114542B2 (en) Method for controlling function and electronic device thereof
KR20170059082A (ko) 파일 조작 처리 방법 및 이를 지원하는 전자 장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20890126

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20890126

Country of ref document: EP

Kind code of ref document: A1