CN111586034B

CN111586034B - Data processing system and method

Info

Publication number: CN111586034B
Application number: CN202010368281.1A
Authority: CN
Inventors: 曾露; 王焕东
Original assignee: Loongson Technology Corp Ltd
Current assignee: Loongson Technology Corp Ltd
Priority date: 2020-04-30
Filing date: 2020-04-30
Publication date: 2022-06-03
Anticipated expiration: 2040-04-30
Also published as: CN111586034A

Abstract

The embodiment of the application provides a data processing system and a method, wherein a first trusted interconnection link unit of the data processing system can send a one-way request generated by a first trusted management unit to a second trusted interconnection link unit, and intercept data requests sent by other components in a first data processing subsystem and aiming at the second data processing subsystem, so that data transmitted to the second trusted management unit are all from the trusted first trusted management unit; the second trusted interconnection link unit can send the unidirectional request generated by the second trusted management unit to the first trusted interconnection link unit, and intercept data requests of the first data processing subsystem sent by other components in the second data processing subsystem, so that data transmitted to the first trusted management unit are all from the trusted second trusted management unit, a trusted network space is realized, and safe input and output are guaranteed.

Description

Data processing system and method

Technical Field

The present application relates to the field of processor technologies, and in particular, to a data processing system and method.

Background

With the continuous development of network technology, the rapidity of data transmission brings convenience to the life of people and also brings the problem of network security. The gateway device is one of important devices for solving the network security problem, and for example, a firewall, a unified threat management system, an anti-virus gateway, and the like are common gateway devices at present. The gateway device performs access control on information interaction between the internal network and the external network, thereby realizing functions of data isolation, attack prevention and the like. With the increasing requirements on the performance of gateway devices, based on the combination of trusted computing technology and network security, the idea of creating a "trusted network space" that can have a highly trusted immune environment is proposed.

At present, how to realize a trusted network space and ensure safe input and output is a problem to be solved urgently.

Disclosure of Invention

The embodiment of the application provides a data processing system and a data processing method, which are used for realizing a trusted network space and ensuring safe input and output.

In a first aspect, an embodiment of the present application provides a data processing system, including:

the system comprises a first trusted management unit, a first trusted interconnection link unit, a second trusted interconnection link unit and a second trusted management unit;

the first trusted management unit is connected with a first end of the second trusted interconnection link unit through the first trusted interconnection link unit, and a second end of the second trusted interconnection link unit is connected with the second trusted management unit;

the first trusted management unit is used for generating a one-way request according to a data request sent by terminal equipment in a target area and sending the one-way request to the first trusted interconnection link unit; the data request comprises a read data request and a write data request, and the target area is an insecure area or a secure area;

the first trusted interconnection link unit is used for sending the unidirectional request to the second trusted interconnection link unit when the unidirectional request is determined to be the request sent by the first trusted management unit according to the unidirectional request;

the second trusted interconnection link unit is configured to send the unidirectional request to the second trusted management unit, so that the second trusted management unit responds to the unidirectional request.

In some possible designs, the first trusted interconnecting link unit is further configured to intercept the unidirectional request when it is determined that the unidirectional request is not a request sent by the trusted management unit.

In some possible designs, the first trusted management unit includes a first trusted control subunit, a first trusted memory controller, and a first trusted input output, IO, control subunit;

a first end of the first trusted control subunit is connected with a first end of the first trusted interconnection link unit, and a second end of the first trusted control subunit is connected with an end of the first trusted memory controller;

the first trusted IO control subunit is configured to determine, according to the data request and an isolation device table, whether the terminal device is a terminal device that needs to be subjected to communication isolation; intercepting the data request when the terminal equipment is determined to be equipment needing isolation; when the terminal device is determined to be a device which does not need to be isolated, the data request is sent to the first trusted memory controller, and the first trusted control subunit is instructed to process the data request;

the first trusted control subunit is configured to obtain the data request, generate the unidirectional request according to the data request, and send the unidirectional request to the first trusted interconnection link unit;

and the first trusted memory controller is used for writing data according to the data request and reading data according to the first trusted control subunit.

In some possible designs, the first trusted interlink unit is specifically configured to, according to the unidirectional request, send the unidirectional request to the second trusted interlink unit when it is determined that the unidirectional request is a request sent by the first trusted control subunit.

In some possible designs, the data processing system further includes: the first trusted control subunit is connected with the first memory unit through the first trusted memory controller, and the first memory unit comprises a first memory area and a second memory area;

the first trusted control subunit has read-write permission to the first memory area;

any one or more units in the data processing system except the first trusted control subunit have the read permission to the first memory area and do not have the write permission to the first memory area; or none of the other units in the data processing system except the first trusted control subunit has the read right and the write right to the first memory area.

In some possible designs, the first trusted memory controller, when writing data according to the data request, is specifically configured to: writing the data corresponding to the data request into the second memory area; moving the data corresponding to the data request from the second memory area to the first memory area;

the first trusted memory controller, when reading data according to the first trusted control subunit, is specifically configured to: and when the identification included in the read data request is determined to be the identification of the first trusted control subunit and the read data request hits the target address of the first memory area, reading data from the first memory area and sending the data requested by the read data request to the first trusted control subunit.

In some possible designs, the first trusted memory controller intercepts the read request when determining that the read request includes an identification that is not the identification of the first trusted control subunit.

In some possible designs, the first trusted interconnection link unit is further configured to encrypt the unidirectional request, and send the encrypted unidirectional request to the first trusted interconnection link unit.

In some possible designs, the first trusted IO control subunit is further configured to send an isolated device table update instruction to the first trusted IO control subunit; the isolation device table updating instruction comprises an updated isolation device table or an identifier of a terminal device needing to be added into the isolation device table.

In some possible designs, further comprising: the second end of the first trusted control subunit is connected with the first processing unit, and the second end of the second trusted management unit is connected with the second processing unit;

the first processing unit is used for receiving a data request sent by the terminal equipment of the target area and sending a calling command to the first trusted management unit according to the data request;

the second processing unit is used for responding to the one-way request according to the notification of the second trusted management unit.

In a second aspect, an embodiment of the present application further provides a data processing method, where the method is applied to the data processing system described in any one of the above first aspects, and the method includes:

the first trusted management unit generates a one-way request according to a data request sent by the terminal equipment in the target area and sends the one-way request to the first trusted interconnection link unit; the data request comprises a read data request and a write data request, and the target area is an insecure area or a secure area;

the first trusted interconnection link unit sends the unidirectional request to the second trusted interconnection link unit according to the unidirectional request when determining that the unidirectional request is the request sent by the first trusted management unit;

the second trusted interconnecting link unit sending the one-way request to the second trusted management unit;

the second trusted management unit responds to the one-way request.

In some possible designs, the method further comprises:

and the first trusted interconnection link unit intercepts the one-way request according to the one-way request when determining that the one-way request is not the request sent by the first trusted management unit.

In a third aspect, an embodiment of the present application further provides a data processing system, including: memory, processors, and computer program instructions;

the memory stores the computer program instructions;

the processor executes the computer program instructions to perform the data processing method of any of the second aspects.

In a fourth aspect, an embodiment of the present application further provides a computer-readable storage medium, including: carrying out a procedure; the program is executed by a processor to execute the data processing method of any one of the second aspect.

In a fifth aspect, an embodiment of the present application further provides a program, where the program is executed by a processor to

In a sixth aspect, an embodiment of the present application further provides a chip, where the chip is coupled with a memory in an electronic device, and controls the electronic device to execute the data processing method according to any one of the second aspects.

Optionally, the chip is a processor.

In the embodiment of the application, a first trusted interconnection link unit can send a one-way request generated by a first trusted management unit in a first data processing subsystem to a second trusted interconnection link unit, and the first trusted interconnection link unit intercepts data requests, which are sent by other components in the first data processing subsystem and aim at the second data processing subsystem, so that data transmitted to the second trusted management unit can be guaranteed to be from the trusted first trusted management unit, a trusted network space is realized, and safe input and output are guaranteed.

And the second trusted interconnection link unit can send the unidirectional request generated by the second trusted management unit to the first trusted interconnection link unit, and the second trusted interconnection link unit can intercept data requests, which are sent by other components in the second data processing subsystem and aim at the first data processing subsystem, so that the data transmitted to the first trusted management unit can be ensured to come from the trusted second trusted management unit, a trusted network space is realized, and safe input and output are ensured.

In addition, the data processing system provided by the embodiment of the application can be realized by adopting a single-host structure, thereby ensuring the trusted network space, ensuring the safe input and output, and effectively reducing the cost.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the description below are some embodiments of the present application, and those skilled in the art can obtain other drawings based on the drawings without inventive labor.

FIG. 1 is a block diagram of a data processing system according to an embodiment of the present application;

FIG. 2 is a block diagram of a data processing system according to another embodiment of the present application;

FIG. 3 is a block diagram of a data processing system according to another embodiment of the present application;

fig. 4 is a schematic flowchart of a data processing method according to an embodiment of the present application;

fig. 5 is a schematic flowchart of a data processing method according to another embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.

The gateway device is an important network security device. Common gateway devices include firewalls, unified threat management systems, anti-virus gateways, and the like. These gateway devices usually perform matching filtering on the packet header and the payload based on a Transmission Control Protocol/Internet Protocol (TCP/IP Protocol), so as to perform access Control between the secure area and the non-secure area. If the network attack is based on a TCP/IP protocol, the gateway equipment cannot effectively resist; in addition, the gateway device cannot prevent information from leaking through the network, and therefore, the protection capability is weak, and safe input and output cannot be guaranteed.

Therefore, the idea of creating a "trusted cyberspace" with a highly trusted immune environment based on the combination of trusted computing technology and network security has been proposed.

In the data processing system provided by the scheme, the trusted management units are respectively arranged in the secure area and the non-secure area, and access control between the secure area and the non-secure area is performed through the trusted management units, the trusted management unit of the secure area and the trusted management unit of the non-secure area are trusted units, that is, a request sent by the trusted management unit of the secure area and a request sent by the trusted management unit of the non-secure area are secure, and requests sent by other units except the trusted management unit need to be intercepted, so that a trusted network space is constructed, and secure input and output are ensured.

The data processing system and method provided by the embodiments of the present application are described in detail below with reference to several specific embodiments.

Fig. 1 is a schematic structural diagram of a data processing system according to an embodiment of the present application. As shown in fig. 1, the data processing system 100 shown in the present embodiment includes: a first trusted management unit 101, a first trusted interconnect link unit 102, a second trusted management unit 103, and a second trusted interconnect link unit 104.

In this embodiment, the data processing system 100 includes a first data processing subsystem and a second data processing subsystem, and the first data processing subsystem and the second data processing subsystem are connected. Wherein the first data processing subsystem comprises: a first trusted management unit 101 and a first trusted interconnecting link unit 102, the second data processing subsystem comprising: a second trusted management unit 103 and a second trusted interconnecting link unit 104. In the scheme, if the first data processing subsystem is connected with the terminal equipment of the safe area, the second data processing subsystem is connected with the terminal equipment of the non-safe area; and if the second data processing subsystem is connected with the terminal equipment of the secure area, the first data processing subsystem is connected with the terminal equipment of the non-secure area. In the following embodiments, the terminal device of the insecure area is referred to as a first terminal device, the terminal device of the secure area is referred to as a second terminal device, and this is only an example, and it should be understood that the terminal device of the insecure area may also be a second terminal device, and the terminal device of the secure area may also be a first terminal device, where "first" and "second" in the present solution are relative, and are only used to distinguish two terminal devices, and are not limited to terminal devices.

In the following embodiments, the first data processing subsystem is connected to a terminal device in a non-secure area (i.e., a first terminal device), and the second data processing subsystem is connected to a terminal device in a secure area (i.e., a second terminal device).

The first trusted management unit 101 is connected to a first end of the second trusted interconnecting link unit 104 through the first trusted interconnecting link unit 102, and a second end of the second trusted interconnecting link unit 104 is connected to the second trusted management unit 103.

Optionally, the first trusted interconnect link unit 102 and the second trusted interconnect link unit 104 may be connected by a high-speed bus, which may be, for example, an HT (high-transport) bus or a pcie (peripheral component interconnect express) bus, or other high-speed buses, and the specific type and model of the high-speed bus are not limited in the embodiments of the present application.

Specifically, the first trusted management unit 101 is configured to generate a unidirectional request according to a data request sent by a terminal device in a target area, and send the unidirectional request to the first trusted interconnection link unit 102; the data request can include a read data request and a write data request, and the target area is an insecure area or a secure area.

In this scheme, the first trusted management unit 101 and the second trusted management unit 103 may receive data requests sent by terminal devices in different areas, respectively. If the first trusted management unit 101 is connected with a terminal device of a secure area, the second trusted management unit 103 is connected with a terminal device of a non-secure area; alternatively, the first trusted management unit 101 is connected to a terminal device of a non-secure area, and the second trusted management unit 103 is connected to a terminal device of a secure area.

Specifically, the first trusted management unit 101 is configured to receive that a data request sent by the first terminal device includes data to be processed, where the data to be processed may be network data based on a TCP/IP protocol, and may also be data stored in a storage module included in the terminal device, for example: audio data, picture data, video data, documents, etc., or may also be data obtained by the terminal device through other manners, and the specific type and obtaining manner of the data included in the data request are not limited in this embodiment.

It should be noted that, the first trusted management unit 101 may be connected to one first terminal device, or may be connected to a plurality of first terminal devices, which is not limited in this application. If the first trusted management unit 101 is connected to a first terminal device, the first trusted management unit 101 can process a data request sent by the first terminal device, and can process a data request sent by any unit inside the data processing system for the first terminal device; if the first trusted management unit 101 is connected to a plurality of first terminal devices, the first trusted management unit 101 can process data requests respectively sent by the plurality of first terminal devices, and can process data requests for the plurality of first terminal devices initiated by any unit inside the data processing system. The second trusted management unit 103 is similar to the first trusted management unit 101, and is not described herein again.

The first trusted interconnecting link unit 102 is configured to send the unidirectional request to the second trusted interconnecting link unit 104 when the unidirectional request is determined to be the request sent by the first trusted management unit 101 according to the unidirectional request.

Alternatively, when the first trusted interconnecting link unit 102 determines that the unidirectional request is not a request sent by the first trusted management unit 101 according to the unidirectional request, the unidirectional request is intercepted. In this embodiment, a specific implementation manner of intercepting the unidirectional request is not limited, and the intercepting of the unidirectional request only needs to ensure that the unidirectional request cannot be transmitted to the second trusted interconnection link unit 104.

The second trusted interconnecting link unit 104 is configured to send the unidirectional request to the second trusted management unit 103, so that the second trusted management unit 103 responds to the unidirectional request.

The following describes a process of processing a data request by the data processing system 100, taking as an example that a first terminal device of an insecure area requests data from a second terminal device of a secure area through the data processing system, where the first trusted management unit 101 is a trusted management unit of the insecure area, and the second trusted management unit 103 is a trusted management unit of the secure area:

specifically, the processing procedure for the data request is as follows: the first terminal device of the insecure area transmits a data request (write request) to the first trusted management unit 101 of the data processing system. The first trusted management unit 101 generates a unidirectional request according to the write request, and sends the unidirectional request to the first trusted interconnection link unit 102, wherein the unidirectional request generated by the first trusted management unit 101 includes the identifier of the first trusted management unit 101; the first trusted interconnection link determines whether the one-way request is sent by the first trusted management unit 101 according to the identifier included in the one-way request, and sends the one-way request to the second trusted interconnection link unit 104 when determining that the one-way request is sent by the first trusted management unit 101; the second trusted interconnect link unit 104 receives the one-way request and sends the one-way request to the second trusted management unit 103; the second trusted management unit 103 responds to the one-way request to enable sending of data included in the data request to the second terminal device.

The data processing system provided by the embodiment processes a plurality of data requests in a similar process as the data processing system processes one data request.

It should be noted that, if the second trusted management unit 103 receives a data request sent by the second terminal device of the secure area, the second trusted management unit 103 may generate a unidirectional request according to the data request sent by the second terminal device, and send the unidirectional request to the second trusted interconnection link unit 104, when the second trusted interconnection link unit 104 determines that the unidirectional request is a request sent by the second trusted management unit 103, the unidirectional request is sent to the first trusted interconnection link unit 102, and the first trusted interconnection link unit 102 sends the unidirectional request to the first trusted management unit 101, so that the first trusted management unit 101 responds to the unidirectional request.

The data processing system provided by the embodiment at least has the following beneficial effects:

the first trusted interconnection link unit and the first trusted interconnection link unit can send a one-way request generated by the first trusted management unit in the first data processing subsystem to the second trusted interconnection link unit, and the first trusted interconnection link unit can intercept data requests, which are sent by other units in the first data processing subsystem and aim at the second data processing subsystem, so that data transmitted to the second trusted management unit can be guaranteed to come from the trusted first trusted management unit, a trusted network space is realized, and safe input and output are guaranteed.

The second trusted interconnection link unit and the second trusted interconnection link unit can send the one-way request generated by the second trusted management unit to the first trusted interconnection link unit, and the second trusted interconnection link unit can intercept data requests, which are sent by other units in the second data processing subsystem and aim at the first data processing subsystem, so that the data transmitted to the first trusted management unit can be ensured to be from the trusted second trusted management unit, a trusted network space is realized, and safe input and output are ensured.

Thirdly, the data processing system provided by this embodiment can be implemented by adopting a single host structure, thereby effectively reducing the cost while ensuring the trusted network space and ensuring the safe input and output.

Fourth, in the data processing system provided in this embodiment, access control of the secure area and the non-secure area is performed according to the identity of the trusted management unit, so that even if an attacker initiates an attack based on a TCP/IP protocol, since the identity of the trusted management unit is maintained in the data processing system, the attacker is difficult to obtain the identity of the trusted management unit, and the data processing system intercepts the attack based on the TCP/IP protocol sent by the attacker, thereby effectively defending the attack based on the TCP/IP protocol.

Fig. 2 is a schematic structural diagram of a data processing system according to another embodiment of the present application. The data processing system shown in this embodiment describes, based on the embodiment shown in fig. 1, a specific implementation manner of the first trusted management unit 101 and the second trusted management unit 103 in detail.

Referring to fig. 2, in one possible implementation manner, the first trusted management unit 101 includes: a first trusted control subunit 1011, a first trusted memory controller 1012, and a first trusted IO control subunit 1013.

Wherein a first end of the first trusted control subunit 1011 is connected to a first end of the first trusted interconnect link unit 102, and a second end of the first trusted control subunit 1011 is connected to an end of the first trusted memory controller 1012.

The first trusted IO control subunit 1013 is configured to determine, according to a data request sent by a terminal device and an isolation device table, whether the terminal device is a terminal device that needs to perform communication isolation; when it is determined that the terminal number device is a device that needs to perform communication isolation, the first trusted IO control subunit 1013 intercepts a data request sent by the terminal device, for example, the first trusted IO control subunit 1013 sends a response message to the terminal device, where a field in the response message is data without a specific meaning; when the terminal device is determined to be a terminal device that does not require communication isolation, a data request is sent to the first trusted memory controller 1012 and the first trusted control subunit 1011 is instructed to process the data request.

The isolation device table includes an identifier of a terminal device that needs communication isolation, where the identifier of the terminal device may be a permanent identifier of the terminal device or a temporary identifier of the terminal device.

In practical application, the first trusted control subunit 1011 may be further connected to the first trusted IO control subunit 1011, and the first trusted control subunit 1011 issues the isolated device table to the first trusted IO control subunit 1013.

The first trusted IO control subunit 1013 determines, according to the data request sent by the first terminal device and the isolation device table, whether the terminal device is a terminal device that needs communication isolation, specifically, the terminal device may be matched by querying the isolation device table according to an identifier of the terminal device included in the data request, and if the matching is successful, it is described that the data request sent by the terminal device may bring a security problem, so when the first trusted IO control subunit 1013 determines that the terminal device needs communication isolation, the data request sent by the terminal device is intercepted; if the matching is not successful, it indicates that the terminal device is a secure terminal device, and therefore, the first trusted IO control subunit 1013 sends the data request to the first trusted memory controller 1012, so that the first trusted memory controller 1012 writes the relevant data into the corresponding storage unit, and instructs the first trusted control subunit 1011 to process the data request.

In some possible designs, the first trusted IO control subunit 1013 is connected to the first bridge slice 1014, and the first trusted IO control subunit 1013 receives, through the first bridge slice 1014, a data request sent by a terminal device and a data request sent by the first data processing subsystem to the first terminal device. The first bridge plate 1014 may include an integrated network, a storage interface, or a network and storage interface card extended through a high-speed bus, and the embodiment of the present application is not limited to the type of the first bridge plate 1014.

A first trusted control subunit 1011, configured to obtain, by the first trusted memory controller 1012, data included in the data request, and generate a unidirectional request according to the data included in the obtained data request; and, sending the unidirectional request to the first trusted interconnecting link unit 102.

The first trusted memory controller 1012 is configured to write data according to the data request, and read data according to the data request sent by the first trusted control subunit 1011.

Accordingly, the first trusted interconnecting link unit 102, according to the unidirectional request, when determining that the unidirectional request is the unidirectional request sent by the first trusted control subunit 1011, sends the unidirectional request to the second trusted interconnecting link unit 104; when it is determined that the one-way request is not a one-way request sent by the first trusted control subunit 1011, then the one-way request is intercepted.

The following describes in detail a process of the data processing system 100 for processing a data request by taking an example that a first terminal device of an insecure area sends the data request to a second terminal device of a secure area through the data processing system, where the first trusted management unit 101 is a trusted management unit of the insecure area, and the second trusted management unit 103 is a trusted management unit of the secure area:

specifically, the processing procedure for the data request is as follows: the first terminal device of the insecure area sends a data request to the first trusted IO control subunit 1013 of the data processing system. The first trusted IO control subunit 1013 determines, according to the isolation device table and an identifier of the first terminal device included in the data request, whether the first terminal device is a terminal device that needs to be isolated from communication, and intercepts the data request when it is determined that the first terminal device is a device that needs to be isolated from communication; when the first terminal device is determined to be a terminal device that does not need to perform communication isolation, the data request is sent to a first trusted memory controller 1012; first trusted memory controller 1012 writes data included in the data request to a corresponding memory location; the first trusted IO control subunit 1013 and instructs the first trusted IO control subunit 1011 to process the data request; the first trusted control subunit 1011 reads the data of the data request from the storage unit through the first trusted memory controller 1012 and generates a unidirectional request; the first trusted control subunit 1011 then sends a unidirectional request to the first trusted interconnecting link unit 102; upon determining that the unidirectional request includes the identity of the requestor as the identity of the first trusted control subunit 1011, the first trusted interlink unit 102 sends the unidirectional request to the second trusted interlink unit 104; the first trusted interconnecting link unit 102 intercepts the unidirectional request if it is determined that the unidirectional request includes an identification of a requestor other than the identification of the first trusted control sub-unit 1011. The second trusted interconnecting link unit 104 then sends the received unidirectional request to the second trusted management unit 103, and the second trusted management unit 103 responds to the unidirectional request.

Optionally, on the basis of the embodiment shown in fig. 2, the second trusted management unit 103 may include: a second trusted control subunit 1031, a second trusted memory controller 1032, and a second trusted IO control subunit 1033.

Wherein a first end of the second trusted control subunit 1031 is connected to a second end of the second trusted interconnection link, and a second end of the second trusted control subunit 1031 is connected to an end of the second trusted memory controller 1032.

The second trusted IO control subunit 1033 is configured to determine, according to a data request and an isolation device table sent by a second terminal device in the non-secure area, whether the second terminal device is a terminal device that needs to perform communication isolation; when the second terminal device is determined to be a device that needs to perform communication isolation, the second trusted IO control subunit 1033 intercepts a data request sent by the second terminal device; when it is determined that the second terminal device is a terminal device that does not require communication isolation, the data request is sent to the second trusted memory controller 1032 and the second trusted control subunit 1031 is instructed to process the data request.

Specifically, the isolation device table includes an identifier of a terminal device that needs to perform communication isolation, where the identifier of the terminal device may be a permanent identifier of the terminal device or a temporary identifier of the terminal device.

The second trusted IO control subunit 1033 determines, according to the data request sent by the second terminal device and the isolation device table, whether the second terminal device is a terminal device that needs to be isolated for communication, and specifically, may perform matching by querying the isolation device table according to an identifier of the second terminal device included in the data request, and if the matching is successful, it indicates that the data request of the second terminal device may cause a security problem, and therefore, the second trusted IO control subunit 1033 determines that the second terminal device is a terminal device that needs to be isolated for communication, and intercepts the data request sent by the second terminal device; if the matching is not successful, it indicates that the second terminal device is a secure terminal device, and therefore, the second trusted IO control subunit 1033 sends the data request to the second trusted memory controller 1032, so that the second trusted memory controller 1032 writes the relevant data into the corresponding memory cell, and instructs the second trusted control subunit 1031 to process the data request.

In some possible designs, the second trusted IO control subunit 1033 is connected to the second bridge 1034, and the second trusted IO control subunit 1033 receives, through the second bridge 1034, the data request sent by the second terminal device and receives the data request sent by the second data processing subsystem to the second terminal device. The second bridge 1034 may include an integrated network, storage interface or a network, storage interface card extended through a high-speed bus, and the embodiment of the present application is not limited to the type of the second bridge 1034.

A second trusted control subunit 1031, configured to obtain the data request through the second trusted memory controller 1032 and generate the unidirectional request according to the data request; and, sending the unidirectional request to the first trusted interconnecting link unit 102.

The second trusted memory controller 1032 is configured to write data according to the data request, and read data according to the data request sent by the second trusted control subunit 1031.

Accordingly, the second trusted interconnecting link unit 104, according to the unidirectional request, when determining that the unidirectional request is the unidirectional request sent by the second trusted control subunit 1031, sends the unidirectional request to the first trusted interconnecting link unit 102; when it is determined that the one-way request is not a one-way request sent by second trusted control subunit 1031, the one-way request is intercepted.

On the basis that the second trusted management unit 103 is implemented in the foregoing manner, a processing procedure of a data request sent to a second terminal device in a secure area is similar to a processing procedure of a data request sent to a terminal device in an insecure area by the first trusted management unit 101, and reference may be made to the processing procedure of the data request by the first trusted management unit 101, which is not described herein again.

the first and trusted interconnection link units 102 can send the unidirectional request generated by the first trusted control subunit 1011 in the first data processing subsystem to the second trusted interconnection link unit 104, and the first trusted interconnection link unit 102 intercepts data requests for the second data processing subsystem sent by other units in the first data processing subsystem, so that it can be ensured that data transmitted to the second trusted management unit 103 are all from the trusted first trusted control subunit 1011, thereby implementing a trusted network space and ensuring safe input and output.

The second and second trusted interconnection link units 104 can send the unidirectional request generated by the second trusted control subunit 1031 to the first trusted interconnection link unit 102, and the second trusted interconnection link unit 104 intercepts data requests for the first data processing subsystem sent by other units in the second data processing subsystem, so that it can be ensured that data transmitted to the first trusted management unit 101 are all from the trusted second trusted control subunit 1031, thereby implementing a trusted network space and ensuring safe input and output.

Thirdly, the data processing system provided by this embodiment may be implemented by using a single host structure, so as to ensure secure trusted network space and secure input and output, and effectively reduce cost.

Fourth, the data processing system provided by the present solution performs access control on the secure area and the non-secure area according to the identity of the first trusted control subunit and the second trusted control subunit, so that even if an attacker launches an attack based on the TCP/IP protocol, because the identity of the first trusted control subunit and the identity of the second trusted control subunit are maintained inside the data processing system, the attacker is difficult to obtain the identity of the first trusted control subunit and the second trusted control subunit, and the data processing system intercepts the attack based on the TCP/IP protocol sent by the attacker, thereby effectively defending the attack based on the TCP/IP protocol.

On the basis of the embodiment shown in fig. 2, the data processing system 100 further comprises: a first processing unit 105 and a second processing unit 106.

The first processing unit 105 is connected with the first trusted management unit 101, and the second processing unit 106 is connected with the second trusted management unit 103; the first processing unit 105 is configured to instruct the first trusted management unit 101 to process the data request according to the data request; the second processing unit 106 is configured to instruct, according to the one-way request, the second trusted management unit 106 to respond to the one-way request.

Specifically, the first processing unit 105 may include at least one first processor core 1051, where the at least one first processor core 1051 is connected to the third terminal of the first trusted IO control subunit 1013 and the third terminal of the first trusted IO control subunit 1011, and when the first terminal device sends a data request, the first trusted IO control subunit 1013 sends an interrupt signal to the at least one first processor core 1051 to instruct the at least one first processor core 1051 to process the data request, and the at least one first processor core 1051 calls the first trusted IO control subunit 1011 according to the interrupt signal, so that the first trusted IO control subunit 1031 generates a unidirectional request according to the data request.

The second processing unit 106 comprises at least one second processor core 1061, the at least one second processor core 1061 is connected to the third terminal of the second trusted IO control subunit 1033, and the at least one second processor core 1061 is connected to a third end of the second trusted control subunit 1031, the first trusted interconnection link unit 102 sends a unidirectional request to the second trusted interconnection link unit 104, the second trusted control subunit 1031 sends an interrupt signal to the at least one second processor core 1061 according to the unidirectional request, to instruct at least one second processor core 1061 to respond to the above-described one-way request, and thereafter, at least one second processor core 1061 may transmit, based on the interrupt signal, the data in the one-way request is retrieved by the first trusted control subunit 1031, and the corresponding operation is performed, for example, the data in the unidirectional request is sent to the corresponding trusted application through the second trusted IO control subunit 1033.

It should be understood that, in the embodiment of the present application, specific types of the first processor core and the second processor core are not limited. It should be noted that, the data processing procedure of the second trusted management unit 103 for processing the terminal device of the secure area and sending the terminal device to the first trusted management unit 101 may refer to the above description.

Fig. 3 is a schematic structural diagram of a data processing system according to another embodiment of the present application. The data processing system shown in this embodiment further includes, on the basis of the embodiment shown in fig. 2: a first memory cell 107 and a second memory cell 108.

The first trusted control subunit 1011 is connected to the first memory unit 107 through the first trusted memory controller 1012, and the first memory unit 107 includes a first memory area 1071 (not shown) and a second memory area 1072 (not shown).

The first trusted control subunit 1011 has read and write access to the first memory region 1071. Any one or more units in the data processing system except the first trusted control subunit 1011 have read permission to the first memory area 1071 and do not have write permission to the first memory area 1071; alternatively, none of the units in the data processing system other than the first trusted control subunit 1011 have read permission and write permission to the first memory area 1071.

In this embodiment, the first memory area 1071 is a trusted memory area, and the first memory area 1071 can be configured in two modes:

in the first mode, the first trusted control subunit 1011 has read/write permission to the first memory area 1071, the other units in the first data processing subsystem except the first trusted control subunit 1011 may have read permission to the first memory area 1071, and the other units in the first data processing subsystem except the first trusted control subunit 1011 do not have write permission to the first memory area 1071. All units in the first data processing subsystem have read and write access to the second memory area 1072.

In the second mode, the first trusted control subunit 1011 has read/write permission to the first memory area 1071, and the other units in the first data processing subsystem except for the first trusted control subunit 1011 do not have read/write permission to the first memory area 1071. All units in the first data processing subsystem have read and write access to the second memory area 1072.

In some cases, the two modes described above may coexist. It is only necessary to ensure that only the first trusted control subunit 1011 has write permissions with respect to the first memory region 1071.

In practical applications, the first trusted memory controller 1012 may process a data request for the first memory region 1071 initiated by the first trusted control subunit 1011, where the data request may be a read data request or a write data request, and the first trusted memory controller 1012 may also process data requests for the first memory region 1071 initiated by other units.

In the case of the foregoing embodiment, when the first terminal device sends a data request, the first trusted IO control subunit 1013 sends an interrupt signal to the at least one first processor core 1051 to instruct the at least one first processor core 1051 to process the data request, and the at least one first processor core 1051 invokes the first trusted control subunit 1011 according to the interrupt signal, so that the first trusted control subunit 1031 generates a unidirectional request according to the data request sent by the first terminal device.

In this process, the first trusted control subunit 1011 generates a read data request according to the call command sent by the first processor core 1051, where the read data request is used to acquire data included in the data request sent by the first terminal device stored in the first memory area 1071.

When a data request for the first memory region 1071 generated by the first trusted control subunit 1011 reaches the first trusted memory controller 1012, the first trusted memory controller 1012 first determines whether the request hits the first memory region 1071 according to the received data request, and intercepts the data request if it is determined that the data request does not hit the first memory region 1071; if it is determined that the data request hits the first memory area 1071, determining whether the requester has an access right further according to the identifier of the requester included in the data request; if it is determined that the data request hits in the first memory region 1071 and the requestor has access, the first trusted memory controller 1012 performs the operation corresponding to the data request.

Alternatively, when the data request for the first memory region 1071 generated by the first trusted control subunit 1011 reaches the first trusted memory controller 1012, the first trusted memory controller 1012 may also determine whether the requester has the access right according to the identifier of the requester included in the data request; if the requester does not have the access authority, intercepting the data request; if the requester has the access right, determining whether the data request hits a first memory area 1071; if the requestor has access rights and the data request hits in the first memory region 1071, the operation corresponding to the data request is performed.

For example, after the terminal device in the target area sends the data request to the first trusted IO control subunit 1013, and the first trusted IO control subunit 1013 sends the data request to the first trusted memory controller 1012, the first trusted memory controller 1012 writes data included in the data request into the second memory area 1072, and moves the written data from the second memory area 1072 to the first memory area 1071.

In the scheme, by maintaining the trusted memory area (namely, the first memory area), only the first trusted control subunit in the first memory area has the access right, and other components or units in the first data processing subsystem do not have the access right, the security of the data stored in the first memory area is ensured.

In the above process, the first trusted IO control subunit 1013 instructs the first trusted IO control subunit 1011 to process the data request, and the first trusted IO control subunit 1011 initiates a first request to the first trusted memory controller 1012, where the first request may be a read data request. The first trusted memory controller 1012 first determines whether the first request hits the first memory region 1071 according to the received first request, and if it is determined that the first request hits the first memory region 1071, further determines whether the requester has the access right according to a requester identifier included in the first request, and if it is determined that the requester has the access right, executes an operation corresponding to the first request; if the requester is determined not to have the access right, the first request is intercepted. It should be understood that the first request described herein is a data request generated by the first trusted control subunit 1011 according to the call command of the first processor core 1051 described in the foregoing embodiment.

In one possible implementation, the first trusted memory controller 1012 determines whether the first request hits in the first memory region 1071 by the following method. In particular, a set of address window registers is maintained in first trusted memory controller 1012, which may include a base address register, a mask register, and a remap register. When a first request (the first request includes a request address and an identifier of a requester) sent by the first trusted control subunit 1011 reaches the first trusted memory controller 1012, the first trusted memory controller 1012 performs bitwise and operation on the request address and a mask in a mask register, and if the result after the bitwise and operation is the same as a base address stored in a base address register, it is determined that the first request hits in a first memory region, and a new access address in the hit first memory region can be obtained by: and after carrying out bitwise negation operation on the request address, carrying out bitwise AND operation on the request address and a mask in a mask register, and carrying out bitwise OR operation on a result after the bitwise AND operation and a remapped address, wherein the address obtained after the bitwise OR operation is the new access address. If the first trusted memory controller 1012 performs a bitwise and operation on the request address and the mask in the mask register, and if the result of the bitwise and operation is not the same as the base address stored in the base address register, it is determined that the first request misses in the first memory region.

First trusted memory controller 1012 performs the following calculations:

if (request address & mask ═ base address)

New address & -remapped address & -mask;

else new address is the request address.

Wherein "&" represents bitwise and, "&" represents equal left and right of judgment, "|" represents bitwise or, "& -" represents bitwise negation of the request address and then bitwise and operation is performed with the mask, wherein operation priority of "& -" is higher than "|".

In this embodiment, by setting a trusted memory region, i.e., the first memory region 1071, in the first memory unit 107, only when the first trusted memory controller 1012 determines that the request hits the first memory region 1071 through the above calculation method and the requester has the access right, the first request can be executed, otherwise, the request is intercepted. By such a mechanism, it can be ensured that the data in the first memory area 1071 can be accessed only by the first trusted control subunit 1011, thereby ensuring the security of the data. By the above mechanism, information stored in the first memory area 1071 can be effectively prevented from leaking.

On the basis of the embodiment shown in fig. 3, the data processing system further comprises: second memory cell 108.

The second trusted control subunit 1031 is connected to the second memory unit 108 through the second trusted memory controller 1032, and the second memory unit 108 includes a third memory area 1081 (not shown in the figure) and a fourth memory area 1082 (not shown in the figure).

The second trusted control subunit 1031 has read/write permission to the third memory area 1081. Any one or more units in the data processing system except the second trusted control subunit 1031 have read permission to the third memory area 1081 and do not have write permission to the third memory area 1081; alternatively, none of the other units in the data processing system except the second trusted control subunit 1031 have read and write permissions to the third memory area 1081.

In this embodiment, the third memory area 1081 is a trusted memory area, and the third memory area 1081 can be configured in two modes:

in the first mode, the second trusted control subunit 1031 has the right to read from and write to the third memory area 1081, other units in the second data processing subsystem except the second trusted control subunit 1031 may have the right to read from the third memory area 1081, and other units in the second data processing subsystem except the second trusted control subunit 1031 do not have the right to write to the third memory area 1081. All units in the second data processing subsystem have read-write permission to the fourth memory area 1082.

In the second mode, the second trusted control subunit 1031 has the read-write permission to the third memory area 1081, and the other units in the second data processing subsystem except the second trusted control subunit 1031 do not have the read-write permission to the third memory area 1081. All units in the second data processing subsystem have read-write permission to the fourth memory area 1082.

In some cases, the two modes described above may coexist. It is only necessary to ensure that only the second trusted control subunit 1031 has write permission for the third memory area 1081.

The processing manner of the received request by the second trusted memory controller 1032 is similar to that of the first trusted memory controller 1012, and reference may be made to the detailed description of the first trusted memory controller 1012, which is not repeated herein.

On the basis of the above embodiment, optionally, the first trusted interconnection link unit 1011 may further perform encryption processing on the generated one-way request, and send the encrypted one-way request to the first trusted interconnection link unit. Accordingly, second trusted control subunit 1031 performs decryption processing on the encrypted unidirectional request to obtain the data included in the unidirectional request.

Optionally, the second trusted control subunit 1031 may further perform encryption processing on the generated one-way request, and send the encrypted one-way request to the second trusted interconnection link unit. Accordingly, the first trusted control subunit 1011 performs decryption processing on the encrypted one-way request to obtain the data included in the one-way request.

The first trusted control subunit 1011 and the second trusted control subunit 1031 further improve the security of the data included in the unidirectional request and improve the security of the data processing system by performing encryption processing on the generated unidirectional request.

On the basis of any one of the embodiments in fig. 1 to fig. 3, it should be noted that, in practical applications, the first trusted IO control subunit 1013 can also process the following data request:

1. the first trusted IO control subunit 1013 is further configured to process a data request, initiated by each component in the first data processing subsystem through the first trusted control module, for the first terminal device.

Specifically, the first trusted IO control subunit 1013 determines, according to a data request for the first terminal device sent by a component or unit in the first data processing subsystem and a preset isolation device table, whether the first terminal device to be accessed is a terminal device that needs to be isolated for communication; if the first trusted IO control subunit 1013 determines that the first terminal device to be accessed is a terminal device that needs to be isolated by communication, the first trusted IO control subunit 1013 isolates, by communication, the data request for the first terminal device, which is sent by the unit in the first data processing subsystem; for example, the first trusted IO control subunit 1013 may send a response message to a unit of the first data processing subsystem that initiates a data request, where the format of the response message conforms to the communication protocol requirements adopted by the data processing system, but a field in the response message is data with no specific meaning. Therefore, the data processing system can be ensured to be correctly responded, and the safety of the data processing system is ensured.

If the first trusted IO control subunit 1013 determines that the first terminal device is a terminal device that does not need communication isolation, the first trusted IO control subunit 1013 sends, to the corresponding first terminal device, a data request for the terminal device, which is sent by a unit in the first data processing subsystem.

2. The first trusted IO control subunit 1013 is further configured to process data requests sent by the first terminal device to various components (or units) within the first data processing subsystem.

Specifically, the first trusted IO control subunit 1013 first determines, according to a data request sent by the first terminal device to the first unit in the first data processing subsystem and the first preset isolation device table, whether the first terminal device is a terminal device that needs to be isolated for communication; if the first trusted IO control subunit 1013 determines that the first terminal device is a terminal device that needs to be isolated from communication, the first trusted IO control subunit 1013 isolates the first terminal device from communication; for example, the first trusted IO control subunit 1013 may send, to the first terminal device, a response message that conforms to the requirements of the communication protocol used by the data processing system and the terminal device, but a field in the response message is data with no specific meaning. Therefore, the data processing system can be ensured to be correctly responded, and the safety of the data processing system is ensured. In addition, the access of other first terminal equipment to the first data processing subsystem is not influenced by adopting the mode.

If the first trusted IO control subunit 1013 determines that the first terminal device is a terminal device that does not need communication isolation, the first trusted IO control subunit 1013 sends, to a corresponding first unit in the first data processing subsystem, a data request that is sent by the first terminal device and is sent to the first data processing subsystem.

3. The first trusted IO control subunit 1013 is further configured to process an interrupt request (the interrupt request may include an interrupt message packet and an interrupt line) sent by the first terminal device to the first data processing subsystem.

Specifically, the first trusted IO control subunit 1013 is configured to send an interrupt request sent by the first terminal device to a corresponding first processor core in the first data processing subsystem, so that the first processor core responds to the interrupt request.

The first trusted IO control subunit 1013 processes, in the above manner, the data request sent by the first terminal device, the data request of the first terminal device and the interrupt request sent by the first terminal device by a component or unit in the first data processing subsystem, so that the security of the data processing system is ensured.

The second trusted IO control subunit 1033 may also process a data request initiated by each component or unit in the second data processing subsystem through the second trusted control subunit 1031 for the second terminal device, process a data request sent by the second terminal device for a component or unit in the second data processing subsystem, and process an interrupt request sent by the second terminal device to the second data processing subsystem (the interrupt request may include an interrupt message packet and an interrupt line). The specific implementation manner of the second trusted IO control subunit 1033 for processing the data request is similar to that of the first trusted IO control subunit 1013, and reference may be made to the detailed description of the first trusted IO control subunit 1013, and details are not repeated here.

Fig. 4 is a flowchart of a data processing method according to an embodiment of the present application. The data processing method shown in fig. 4 may be applied to the data processing system shown in the embodiment of fig. 1. Referring to fig. 4, the method of the present embodiment includes:

s101, the first trusted management unit generates a one-way request according to a data request sent by the terminal equipment in the target area.

S102, the first trusted management unit sends the one-way request to the first trusted interconnection link unit.

S103, the first credible interconnection link unit judges whether the one-way request is a request sent by the first credible management unit according to the one-way request.

When the one-way request is determined to be the request sent by the first trusted management unit, S104 is executed; when it is determined that the one-way request is not a request sent by the first trusted management unit, S104' is performed.

And S104, the first credible interconnection link unit sends the one-way request to the second credible interconnection link unit.

S104', the first trusted interconnecting link unit intercepts the unidirectional request.

And S105, the second trusted interconnection link unit sends the one-way request to the second trusted management unit.

And S106, the second trusted management unit responds to the one-way request.

The data processing method provided by the embodiment has at least the following beneficial effects:

the first trusted interconnection link unit and the first trusted interconnection link unit can send a one-way request generated by the first trusted management unit in the first data processing subsystem to the second trusted interconnection link unit, and the first trusted interconnection link unit can intercept data requests, which are sent by other components in the first data processing subsystem and aim at the second data processing subsystem, so that data transmitted to the second trusted management unit can be guaranteed to come from the trusted first trusted management unit, a trusted network space is realized, and safe input and output are guaranteed.

The second trusted interconnection link unit and the second trusted interconnection link unit can send the one-way request generated by the second trusted management unit to the first trusted interconnection link unit, and the second trusted interconnection link unit can intercept data requests, which are sent by other components in the second data processing subsystem and aim at the first data processing subsystem, so that the data transmitted to the first trusted management unit can be ensured to be from the trusted second trusted management unit, a trusted network space is realized, and safe input and output are ensured.

Third, the data processing method provided in this embodiment can be implemented by a data processing system implemented by a single host structure, and effectively reduces the cost while implementing a trusted network space and ensuring secure input and output.

The fourth and the third embodiments of the present invention provide a data processing method, specifically, access control is performed on a secure area and an insecure area according to the identity identifiers of the first trusted control subunit and the second trusted control subunit, so that even if an attacker launches an attack based on a TCP/IP protocol, since the identity identifiers of the first trusted control subunit and the second trusted control subunit are maintained inside the data processing system, the attacker is difficult to obtain the identity identifiers of the first trusted control subunit and the second trusted control subunit, and the data processing system intercepts the attack based on the TCP/IP protocol sent by the attacker, thereby effectively defending the attack based on the TCP/IP protocol.

Fig. 5 is a flowchart of a data processing method according to another embodiment of the present application. The data processing method shown in fig. 5 may be applied to the data processing system in the embodiment shown in fig. 2 or fig. 3. Referring to fig. 5, the method of the present embodiment includes:

s201, the first trusted IO control subunit receives a data request sent by terminal equipment in a target area.

S202, the first trusted IO control subunit judges whether the terminal equipment is the terminal equipment needing communication isolation or not according to the isolation equipment table and the data request. If not, executing S203; if so, S203' is executed.

S203, the first trusted IO control subunit instructs the first trusted memory controller to write the data included in the data request into the first memory module.

Specifically, the first trusted memory controller may write data corresponding to the data request into the second memory region according to the data request, and then move the data corresponding to the data request from the second memory region to the first memory region, so that the first trusted control subunit obtains the data corresponding to the data request from the first memory region.

And S203', the first credible IO control subunit intercepts the data request sent by the terminal equipment.

S204, the first trusted IO control subunit sends an interrupt signal to at least one first processor core.

Correspondingly, the at least one first processor core receives an interrupt signal sent by the first trusted IO control subunit. The interrupt signal is used to instruct the first processor core to process the data request.

It should be noted that the execution sequence of S203 and S204 may not be sequential.

S205, the at least one first processor core sends a calling command to the first trusted control subunit according to the interrupt signal.

Correspondingly, the first trusted control subunit receives a call command sent by the at least one first processor core, where the call command is used to instruct the first trusted control subunit to process the data request.

S206, the first trusted control subunit sends a first request to the first trusted memory controller according to the calling command.

Correspondingly, the first trusted memory controller receives a first request sent by the first trusted control subunit, where the first request is used to acquire data corresponding to the data request stored in the first memory area.

S207, the first trusted memory controller determines whether the identifier of the requester in the first request is the same as the identifier of the first trusted control module.

If the identity of the requester in the first request is the same as the identity of the first trusted control subunit, S208 is performed, and if the identity of the requester in the first request is different from the identity of the first trusted control subunit, S208' is performed.

S208, the first trusted memory controller determines whether the first request hits in the first memory region.

If it is determined that the first request hits the first memory area, S209 is executed; if it is determined that the first request does not hit in the first memory region, S209' is performed.

It should be noted that, in some cases, it may also be determined whether the first request hits the first memory area, and then it is determined whether the identifier of the requester in the first request is the same as the identifier of the first trusted control subunit, so as to determine whether to send the data corresponding to the data request to the first trusted control subunit. The manner described in this embodiment is only exemplary and does not limit the execution order.

S209, the first trusted memory controller sends the data corresponding to the data request to the first trusted control subunit.

S209', the first trusted memory controller intercepts the first request.

In one possible implementation, the first trusted memory controller may return a response message to the first trusted control subunit, where a key field in the response message is filled with data without a specific meaning.

S210, the first trusted control subunit generates a one-way request according to data corresponding to the data request.

S211, the first trusted control subunit sends a unidirectional request to the first trusted interconnection link unit, wherein the unidirectional request includes an identifier of the first trusted control subunit.

S212, the first trusted interconnecting link unit determines whether the unidirectional request is a request sent by the first trusted control subunit.

If the one-way request is determined to be a request sent by the first trusted control subunit, S213 is executed; if it is determined that the one-way request is not a request transmitted by the first trusted control subunit, S213' is performed.

And S213, the first credible interconnection link unit sends a one-way request to the second credible interconnection link unit.

S213' the first trusted interconnect link unit intercepts the unidirectional request.

And S214, the second trusted interconnection link unit controls the second trusted memory controller to write the data corresponding to the unidirectional request into the third memory area according to the unidirectional request.

S215, the second trusted interconnecting link unit informs the second trusted control subunit to respond to the unidirectional request.

Specifically, in the above process, the first trusted control subunit may maintain a queue pointer of a receive buffer in the second data processing subsystem, and the first trusted control subunit sends data to the second trusted management unit through the first trusted interconnection link and stores the data in a trusted memory area of the second memory unit through control of the second trusted management unit; then, the second trusted control subunit sends the received data, the address and the size of the receiving cache sent by the first trusted control, modifies the pointer of the receiving cache, and sets an interrupt bit; the second trusted control subunit processes the data by invoking the processor by means of the interrupt, e.g. sending the data to a trusted application.

In the scheme, the cache pointer received by the second trusted control subunit is maintained by the first trusted control subunit, and the first trusted control subunit informs the second trusted control subunit to process the data, so that the process ensures that the data of the second data processing subsystem can only be written by the first trusted control subunit, and the safety of the data is ensured.

Third, by setting the trusted memory area in the memory area, the embodiment of the application can acquire the data in the trusted memory area only when the request hits the trusted memory area and the identifier of the requester meets the preset condition, thereby ensuring the security of the data.

The data processing method provided by the fourth embodiment can be implemented by a data processing system implemented by a single host structure, so that the trusted network space is implemented, the secure input and output are ensured, and the cost is effectively reduced.

The fifth and the data processing method provided by this embodiment specifically perform access control on the secure area and the insecure area according to the identifiers of the first trusted control subunit and the second trusted control subunit, so that even if an attacker launches an attack based on the TCP/IP protocol, because the identifiers of the first trusted control subunit and the second trusted control subunit are maintained inside the data processing system, the attacker is difficult to obtain the identifiers of the first trusted control subunit and the second trusted control subunit, and the data processing system intercepts the attack based on the TCP/IP protocol sent by the attacker, thereby effectively defending the attack based on the TCP/IP protocol.

It should be noted that, in some embodiments, the first trusted control subunit may further perform encryption processing on the unidirectional request, and send the encrypted unidirectional request to the first trusted interconnecting link unit, so as to further improve the security of the data.

In this embodiment of the present application, a specific implementation manner of the encryption processing is not limited, and the encryption processing may be performed on the unidirectional request in a signature manner, or may be performed on data in the unidirectional request by encrypting the data in the unidirectional request, so as to obtain the encrypted unidirectional request.

It should be noted that, if the processing procedure of the data request sent to the first data processing subsystem by the second data processing subsystem is similar to the above procedure, the detailed description in the foregoing embodiments may be referred to, and is not repeated herein.

It should be noted that, contents that are not described in detail in the embodiments of fig. 4 and 5 may refer to the description of the embodiments of fig. 1 to 3.

An embodiment of the present application further provides a computer-readable storage medium, including: computer program instructions; the computer program instructions, when executed by a processor, are adapted to implement aspects of any of the above-described method embodiments.

The embodiment of the present application further provides a program, and when the program is executed by a processor, the program executes the technical solution in any of the above method embodiments.

The embodiment of the present application further provides a chip, where the chip is coupled with a memory in an electronic device, and controls the electronic device to execute the data processing method shown in any of the above method embodiments.

Optionally, the chip is a processor.

Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.

Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims

1. A data processing system, comprising: the system comprises a first trusted management unit, a first trusted interconnection link unit, a second trusted interconnection link unit and a second trusted management unit;

the first trusted interconnection link unit is used for generating a one-way request according to a data request sent by terminal equipment in a target area and sending the one-way request to the first trusted interconnection link unit; the data request comprises a read data request and a write data request, and the target area is an insecure area or a secure area; the first trusted management unit is further configured to generate the one-way request when determining, according to the data request, that the terminal device is a terminal device that does not need communication isolation;

2. The data processing system of claim 1, wherein the first trusted interconnect link unit is further configured to intercept the unidirectional request when it is determined that the unidirectional request is not a request sent by the trusted management unit.

3. The data processing system of claim 1, wherein the first trusted management unit comprises a first trusted control subunit, a first trusted memory controller, and a first trusted Input Output (IO) control subunit;

the first trusted IO control subunit is configured to determine, according to the data request and an isolation device table, whether the terminal device is a terminal device that needs communication isolation; intercepting the data request when the terminal equipment is determined to be equipment needing isolation; when the terminal device is determined to be a device which does not need to be isolated, the data request is sent to the first trusted memory controller, and the first trusted control subunit is instructed to process the data request;

and the first trusted memory controller is used for writing data according to the data request and reading data according to the indication of the first trusted control subunit.

4. A data processing system according to claim 3, wherein the first trusted interlink unit is configured to, in response to the unidirectional request, send the unidirectional request to the second trusted interlink unit upon determining that the unidirectional request is a request sent by the first trusted control subunit.

5. The data processing system of claim 3, further comprising: the first trusted control subunit is connected with the first memory unit through the first trusted memory controller, and the first memory unit comprises a first memory area and a second memory area;

any one or more units in the data processing system except the first trusted control subunit have the read permission to the first memory area and do not have the write permission to the first memory area; or, any other unit except the first trusted control subunit in the data processing system does not have the read permission and the write permission to the first memory area.

6. The data processing system of claim 5, wherein the first trusted memory controller, when writing data according to the data request, is specifically configured to: writing the data corresponding to the data request into the second memory area; moving the data corresponding to the data request from the second memory area to the first memory area;

the first trusted memory controller is configured to, when reading data according to the first trusted control subunit, specifically: and when the identification included in the read data request is determined to be the identification of the first trusted control subunit and the read data request hits the target address of the first memory area, reading data from the first memory area and sending the data requested by the read data request to the first trusted control subunit.

7. The data processing system of any of claims 3 to 6, wherein the first trusted interconnect link unit is further configured to encrypt the unidirectional request and send the encrypted unidirectional request to the first trusted interconnect link unit.

8. The data processing system of any of claims 3 to 6, wherein the first trusted IO control subunit is further configured to send an isolated device table update instruction to the first trusted IO control subunit; and the isolation device table updating instruction comprises an updated isolation device table or an identifier of the terminal device needing to be added into the isolation device table.

9. The data processing system of any of claims 1 to 6, further comprising: the first processing unit is connected with the first trusted management unit, and the second processing unit is connected with the second trusted management unit;

the first processing unit is used for indicating the first trusted management unit to process the data request according to the data request;

the second processing unit is used for indicating the second trusted management unit to respond to the one-way request according to the one-way request.

10. A data processing method applied to the data processing system of any one of claims 1 to 9, the method comprising:

the second trusted management unit responds to the one-way request.

11. A computer-readable storage medium, comprising: carrying out a procedure;

the program is executed by a processor to perform the data processing method as claimed in claim 10 above.

12. A chip, wherein the chip is coupled to a memory in an electronic device, and wherein the electronic device is controlled to perform the data processing method of claim 10.