WO2024011708A1

WO2024011708A1 - Method for transmitting data among multiple cpus

Info

Publication number: WO2024011708A1
Application number: PCT/CN2022/113506
Authority: WO
Inventors: 黄策
Original assignee: 黄策
Priority date: 2022-07-15
Filing date: 2022-08-19
Publication date: 2024-01-18
Also published as: CN115208673A

Abstract

A method for transmitting data among multiple CPUs. The method comprises: multiple CPUs share one RAM used for transmitting data; a data bus of the RAM is connected to a control module, and then the control module is connected to a data bus of each CPU; the control module may be a traffic light type control module or an intelligent control module; during a period of time, the data bus of the RAM is exclusively occupied and used by only one CPU; and the CPU exclusively occupying the data bus of the RAM performs data read/write operation on the RAM within the exclusive occupation time. The method has the advantages that: 1) viruses will not be able to steal, detect and tamper with transmitted data by using security vulnerabilities of an operating system and an application system; and (2) data transmission between two CPUs will not depend on a communication protocol any more. Communication protocol security vulnerabilities are thus fully eliminated.

Description

A way to transfer data between multiple CPUs

Technical field

The present invention relates to a method of transmitting data between multiple CPUs.

Background technique

Data transfer is a basic function of all IT applications. Generally speaking, data transmission can be divided into two categories: one is called inter-chip transmission (Type I), that is, data is transmitted between two or more CPUs. One type is called on-chip transmission (Type II), that is, data is transmitted between different processes or tasks on the same CPU.

Type I data transmission, the most typical user experience is data transmission between various terminal applications (such as various APPs on mobile phones) and remote servers.

For type II data transmission, the most typical user experience is that applications on various terminals transmit data from one application or process to another through the "clipboard".

For any application built on the operating system, it faces two security vulnerabilities based on type I and type II data transmission:

Vulnerability 1: Viruses exploit security vulnerabilities in operating systems and application systems to monitor, steal, and tamper with data transmitted through Type I. The direct consequence of this vulnerability is the leakage of data on the poisoned terminal. Stealing data through the "clipboard" is one of the most common ways of data leakage.

Vulnerability 2: The virus will exploit security vulnerabilities in the operating system and infect from one CPU to another through type I data transmission. The direct consequence of this vulnerability is that the virus spreads on a terminal in cyberspace.

Observing all cases of virus harm, we can find that the virus will inevitably exploit the two security vulnerabilities in type I and type II data transmission to form a complete attack chain. If the above two security holes are effectively blocked, the entire virus attack chain will be completely interrupted. But until today, the industry has not found a way to effectively block the above two security vulnerabilities.

Contents of the invention

In order to completely block the two security loopholes that applications based on operating systems must have during the data transmission process, the present invention provides a method for direct data transmission in multiple CPUs, which is used to block operating systems and applications. There are two security holes that are bound to exist on the system.

The method provided by the present invention to block two security holes is:

Multiple CPUs share a RAM used for data transmission; data transmitted between the multiple CPUs is transmitted through the RAM. The data bus of the RAM is connected to the data buses of the plurality of CPUs through a control module. In any period of time, one and only one of the CPUs obtains the exclusive right to use the data bus of the RAM through the control module. The CPU that has obtained exclusive usage rights can perform data read/write operations on the RAM. During this period, the data bus of the RAM is completely isolated from the data buses of other CPUs. The control module has two types: traffic light control module and intelligent control module.

The traffic light type control module is composed of a control module and an information module; the control module realizes the acquisition and release of control rights of each CPU to the RAM data bus. The information indicated by the information module includes but is not limited to the current usage status of the data bus, RAM data status information and other information. According to the instructions of the signal light and in accordance with the established usage rules, each CPU monopolizes or releases the data bus of the RAM, and writes or reads data into the RAM.

The intelligent control module includes a CPU, which is identified as the control CPU. The data bus controlling the CPU is not electrically connected in any way to the RAM data bus. Neither the controlling CPU can read the data on the RAM. Each CPU obtains control rights of the RAM data bus under the scheduling of the controlling CPU by applying to or accepting control instructions from the controlling CPU. The scheduling of controlling the CPU's use of the RAM data bus by each CPU includes but is not limited to implementing the following functions:

Function 1: Each CPU sends a request message for using the RAM data bus to the control CPU, and uses the RAM data bus within the time period set by the control CPU.

Function 2: After each CPU finishes using the RAM data bus, it reports usage completion information to the control CPU.

Function 3: Each CPU receives the instruction from the control CPU to read the data on the RAM, and reads the data on the RAM within the time period set by the control CPU.

The advantages of the data transmission method are:

Advantage 1: Currently, data transmission between two or more CPUs must be based on the same communication protocol. The transmission method described in the present invention provides a data transmission method based on shared RAM in addition to the traditional data transmission mode based on communication protocols. This enables data transmission between two or more CPUs, especially between CPUs using different operating systems, without a communication protocol. This completely solves the security vulnerabilities in communication protocols that have long plagued the IT industry. As a result, all attack methods based on communication protocol security vulnerabilities are invalidated.

Advantage 2: For a multi-CPU system that uses the method of the present invention for data transmission, a virus that invades one of the CPUs will no longer be able to invade or infect another CPU through security holes in the operating system and application system. At the same time, data transferred to other CPUs cannot be stolen.

Detecting and investigating the running status and related parameters of the infected CPU are necessary preparatory actions for virus attacks. For a multi-CPU system that adopts the data transmission method of the present invention, it will undoubtedly greatly increase the difficulty of detecting the operating status and related parameters of each CPU on the entire system if a virus infects one of the CPUs in the multi-CPU system. .

Advantage 3: Vulnerabilities 1 and 2, which have troubled the IT industry for many years and have never been effectively blocked, will be permanently closed due to the use of the solution of the present invention.

Advantage 4: This provides a completely new communication method for data transmission between multiple CPUs on the same board that does not require a communication protocol.

This invention is the first technical solution in the industry that can completely block data transmission security loopholes.

Description of drawings

Figure 1: Multi-CPU connection diagram for serial inter-chip transmission (Type I).

Figure 2: Multi-CPU connection diagram for parallel inter-chip transfer (Type I).

Figure 3: CPU connection diagram for on-chip transfer (Type II).

Figure 4: Connection diagram of a three-CPU traffic light control module.

Figure 5: Connection diagram of an intelligent control module.

Figure 6: A schematic diagram of the encrypted keyboard and core sensitive data management solution of a mobile APP with a three-CPU traffic light control module evolved from Figure 3.

Figure 7: Schematic structural diagram of a new firewall evolved from Figure 5.

Detailed ways

Figure 1 is a schematic diagram of the connection of multiple CPUs for serial inter-chip transmission (Type I).

The connection between a mobile phone and a server is a typical representation of the connection diagram in Figure 1 in daily life.

Among them: "CPU1+RAM1" constitutes the basic architecture of the mobile phone. "CPUn+RAMn" constitutes the basic architecture of the server. "CPUi+RAMi(i=2, 3,...n-1" constitutes the basic architecture of the router. The data transmission process of the mobile phone transmitting data to the server is that the mobile phone transmits the data to router 2, and router 2 transmits the data to Router 3... until "Router n-1" transmits the data to the server. Through the reverse process of the above process, the server can transmit the data to the mobile phone. In this data transmission method, viruses that invade the mobile phone and router will It is possible to use vulnerability 1 and vulnerability 2 to steal the communication data between the mobile phone and the server.

Of course, the connection method in Figure 1 can also be used on an electronic version containing multiple CPUs.

Figure 2 is a schematic diagram of a multi-CPU connection for parallel inter-chip transmission (Type I).

In the connection method of Figure 2, multiple CPUs are connected through a common data bus, and within a certain period of time, point-to-point or single-point-to-multipoint data transmission is realized.

Figure 3 is a schematic diagram of the CPU connection for on-chip transmission (Type II).

A mobile phone is a typical representation of the connection diagram in Figure 3. Under this connection diagram, data is transferred between different applications and processes on the same mobile phone. Two typical performances. Performance 1: The verification code of the verification SMS is entered into the verification code input page through the "clipboard". Performance 2: Under the influence of the operating system, the data block is written from RAM address 1 to address 2.

It should be noted that

First: In an IT system, the data transmission method based on the schematic diagrams in Figure 1, Figure 2, and Figure 3 is ubiquitous.

Second: In the schematic diagrams of Figure 1 and Figure 2, most of the applications running on the operating system of each CPU complete data transmission through the communication protocol provided by the operating system. The most typical ones are various mobile APPs, which complete data transmission between the same servers through the tcp/ip protocol.

Third: No matter what operating system is running on the CPU in Figures 1 and 2, it must adhere to the same communication protocol.

Fourth: For a successful virus attack, the attack chain must include the following three attack methods, and these three attack methods all achieve their attack purposes.

Method 1: In Figure 3, the virus that invades CPU1 uses security vulnerabilities in the operating system and application system to detect the infected device.

Means 2: The virus that invades CPU1 in Figures 1 and 2 uses security vulnerabilities in the operating system and application system to transmit the detected data to the remote server, and iteratively infects based on the detected data. viruses to amplify their attack power.

Method 3: The virus that invaded CPU1 in Figures 1 and 2 takes advantage of security vulnerabilities in the operating system and application system to infect and invade other CPUs to expand the number of devices infected by the virus.

In other words, for the defender, as long as it can effectively defend against one of the three attack methods, it can implement effective defense against virus attacks. However, judging from the reality of many years of network security offensive and defensive battles, defenders have yet to find a long-term effective defense solution. What is frustrating is that due to the development and advancement of technology, security vulnerabilities in operating systems and application systems are constantly being discovered.

Figure 4 is a schematic connection diagram of a three-CPU traffic light control module.

In Figure 4, data transmission between CPUs is carried out through the RAM of the traffic light control module. The data to be transferred by the source CPU is written to RAM during its exclusive use of the RAM data bus. The target CPU reads the data in RAM during its exclusive use of the RAM data bus. The read and write operations of each CPU are carried out according to the control information given on the traffic light type control module.

Figure 5 is a connection diagram of an intelligent control module.

In Figure 5, each CPU obtains control of the RAM data bus under the control of CPU scheduling, writes the data that needs to be transmitted into the RAM, or reads the received data from the RAM.

What needs special explanation is:

First: In Figures 4 and 5, data transmission between CPUs is performed through RAM. There is no data bus between the control CPU and RAM. This mechanically ensures that the control CPU can never read the data in RAM.

Second: data transmission between CPUs will no longer rely on communication protocols, which allows the operating system on the CPU used in the application scenario of the present invention to slim down the system. Invent the communication protocol removal for the application scenario. For users, they will never need to worry about the impact of security vulnerabilities in the communication protocols in the operating system.

The content of the present invention will be described in detail below with reference to specific embodiments.

Example 1: Encrypted keyboard and core sensitive data management solution for mobile APP.

The following threats always threaten the security of various mobile apps.

Threat 1: Security vulnerabilities in mobile operating systems are always key points and exploitable resources for attackers. Since the advent of smartphones, all mobile apps have always been under the threat of security vulnerabilities in the mobile operating system.

Threat 2: Keyboard input in mobile APPs and core sensitive data that ensures the safe operation of mobile APPs are not only the target of mobile phone viruses, but also the target of attacks by some bad APPs or APPs infected by viruses.

Today, all property-related apps are plagued by the above two threats.

Figure 3 shows the basic architecture of a mobile phone. Years of offensive and defensive practice have proven that if the mobile phone architecture does not make fundamental changes, the above two threats cannot be fundamentally eliminated. In other words, both mobile APP users and network application providers are always under the shadow of two threats.

Figure 6 is a new mobile phone architecture evolved from Figure 4. The main business functions of the APP are implemented on CPU1. CPU2 implements the processing of core sensitive data in the APP business. CPU3 is used to manage core sensitive data.

Taking the mobile online banking APP as an example, operations such as login, query, and startup of online banking business functions are all completed on CPU1 through key1. Core sensitive data such as login account identification ID is stored on CPU3. CPU2 is used to process the input, encryption, and decryption of transfer business information. Enter the relevant parameters that need to be entered to complete this work from key2.

Under this architecture, CPU2 can achieve the following security features as long as it uses a CPU without an operating system or other technical means to ensure that CPU2 will never be infected by viruses:

Security feature 1: Viruses or bad APPs that invade CPU1 will never be able to detect the data entered on key2.

Security feature 2: Viruses or bad APPs that invade CPU1 will never be able to detect the data working process of a core sensitive data processor composed of CPU2.

Security feature 3: Viruses or bad APPs that invade CPU1 will never be able to steal core sensitive data such as the login account identification ID managed by CPU3.

Security Feature 4: The data leakage caused by poor operating system memory management in Figure 3 will never occur on CPU2 in Figure 6.

Embodiment 2: A new architecture firewall

Firewall is the standard equipment currently used to separate the internal and external networks and ensure the security of the internal network. Various firewalls can basically be divided into Figure 1, Figure 2, and Figure 3. Regardless of the structure, security vulnerabilities in operating systems and application systems always exist. The industry has yet to find a method that can effectively block security vulnerabilities in firewall operating systems and application systems for a long time.

The connection diagram in Figure 5 can be expanded to Figure 7 to form a new architecture firewall.

In the firewall with the architecture of Figure 7, the control CPU and CPU3 need to use CPUs without operating systems to ensure that the control CPU and CPU3 will never be infected by viruses. This ensures that viruses that invade CPU1, CPU2, and CPUn will never be able to detect the working status of the control CPU and CPU3.

In the firewall with the architecture of Figure 7, CPU1 and CPU2 respectively control two external network communication lines. When two firewalls with the architecture in Figure 7 transmit data through the public network, the transmitted data is divided into two parts and transmitted through two data channels controlled by CPU1 and CPU2 respectively. Two data channels, each with a different network operator, is the preferred solution in this embodiment. The data channels of two different operators can ensure that when the attacker intercepts data on the public network, all data cannot be intercepted at any intrusion point. CPU3 controls a data channel with high security level and small data traffic, such as Beidou SMS. This data channel is mainly used to transmit important write-off sensitive short data such as passwords and data verification. CPUn controls intranet data communication.

When two communication points communicate through the firewall of the architecture in Figure 7, the transmission process is as follows:

Step 1: The data sent from the intranet is transmitted to CPU3 through RAM under the control of CPUn. CPU3 splits the data into two data streams and transmits them to CPU1 and CPU2 respectively through RAM. During the transmission process, CPU3 calculates the check values of the two data streams and the total data stream respectively. And the check value is transmitted to CPU3 of the receiver firewall in the structure of Figure 7 through a data channel with high security level and small data traffic controlled by CPU3, such as Beidou SMS.

Step 2: CPU1 and CPU2 of the receiver firewall in the structure of Figure 7 send the two received data streams to CPU3 through RAM. CPU3 uses the check value of the two received data streams and the total data stream for verification. If the verification passes, the combined total data stream will be transmitted to CPUn through RAM, and CPUn will send the total data stream to the intranet. If the verification fails, the received data will be discarded.

Compared with all firewalls currently in service, the biggest advantages of the firewall in the Figure 7 architecture are:

Priority 1: Control the technical characteristics of CPU and CPU3 to ensure that these two CPUs will not be infected by viruses. For viruses that invade CPU1 and CPU2, the complete transmission data cannot be detected; for viruses that invade CPUUn, the data splitting/aggregation work at CPU3 cannot be detected.

Advantage 2: The internal network and the external network now have a clear technical boundary. Security vulnerabilities in current and future operating systems cannot cross this clear technical boundary.

Advantage 3: Traditional software modularization uses the implemented software functions as the main division index. The firewall with the structure of Figure 7 first uses the CPU as the division index. When doing the overall design, you must first confirm how many CPUs are needed and what functions are implemented on each CPU. Later upgrades, maintenance, and iterations are carried out with the CPU as the basic unit. This kind of modularization is clearer and easier to maintain.

Claims

A method for transmitting data between multiple CPUs, characterized in that: the plurality of CPUs share a RAM for transmitting data; the data transmitted between the multiple CPUs passes through the RAM Complete data transmission; the data bus of the RAM is connected to the data buses of the multiple CPUs through a control module; in any time period, one and only one of the CPUs can obtain access to the RAM through the control module The CPU that has obtained the exclusive right to use the data bus can perform data read/write operations on the RAM; during this period, the data bus of the RAM is completely isolated from the data buses of other CPUs; so The control modules mentioned above include two types: traffic light control module and intelligent control module.
The method according to claim 1, characterized in that: the traffic light type control module is composed of a control module and an information module; the control module realizes the acquisition and release of control rights of each CPU on the RAM data bus; the information module indicates The information includes but is not limited to the status information currently occupied or released by the data bus of the RAM, the information that the data in the RAM needs to be read, etc.; each CPU needs to query the RAM data bus before using the RAM. state, it can only be used when it is idle.
The method according to claim 1, characterized in that: the intelligent control module includes a CPU, which is identified as the control CPU; the data bus of the control CPU is the same as the data bus of the RAM, and there is no arbitrary form of Electrical connection; each CPU obtains control rights of the RAM data bus under the scheduling of the control CPU by applying to the control CPU or accepting control instructions from the control CPU; the control CPU has the right to use the RAM data bus for each CPU Scheduling includes but is not limited to implementing the following functions:

Function 1: Each CPU sends a request message for using the RAM data bus to the control CPU, and uses the RAM data bus within the time period set by the control CPU;

Function 2: After each CPU finishes using the RAM data bus, it reports usage completion information to the CPU on the intelligent control module;

Function 3: Each CPU receives the instruction from the control CPU to read the data on the RAM, and reads the data on the RAM within the time period set by the control CPU;