CN112286635B - Thermal migration method and device and electronic equipment - Google Patents
Thermal migration method and device and electronic equipment Download PDFInfo
- Publication number
- CN112286635B CN112286635B CN202011185459.5A CN202011185459A CN112286635B CN 112286635 B CN112286635 B CN 112286635B CN 202011185459 A CN202011185459 A CN 202011185459A CN 112286635 B CN112286635 B CN 112286635B
- Authority
- CN
- China
- Prior art keywords
- migration
- source
- key
- target
- enclave
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a device for thermal migration and electronic equipment, wherein the method comprises the following steps: presetting a first extended instruction set and a first migration key register; generating a source migration master key, and storing the source migration master key into a first migration key register based on a storage instruction; reading a source migration master key based on the enclave resource moving-out instruction, encrypting a enclave memory page to be migrated, and moving out the encrypted enclave memory page to be migrated; and sending the migration data to the target host. The technical scheme stores the migration master key into a safe and credible migration key register by using a storage instruction, so that the migration master key is prevented from being leaked; and then, the enclave resource moving-out instruction is utilized to encrypt the enclave memory page to be migrated based on the migration master key, so that the security of data in the enclave memory can be ensured, and the virtual manager also has the right to send the encrypted enclave memory page to be migrated to the target host, thereby realizing the hot migration of the enclave memory page.
Description
Technical Field
The present invention relates to the field of a thermal migration technology, and in particular, to a thermal migration method, an apparatus, an electronic device, and a computer-readable storage medium.
Background
The SGX (Software Guard Extensions) by Intel is a set of extended instruction sets implemented after a sixth generation CPU. To achieve this goal, SGX enables a user application to open up a protected memory space, commonly referred to as an EPC (Enclave Page Cache), in an Enclave address space.
However, applying SGX to cloud computing presents a challenging problem: existing SGX VMMs (Virtual Machine Manager, a higher privileged software) do not provide live migration. Typically, in managed migration, a source VMM transfers memory pages of an entire VM (Virtual machine) to a target VMM until VMs in different physical machines (source and target hosts) are consistent. The target VMM then starts the migrated VM and the source VMM stops the VM. To do so, the hosted live migration VMM for the SGX-enabled VM should transmit the enclave memory page to the destination host.
However, the VMM cannot transmit the enclave page as usual because the SGX prevents the VMM from directly accessing the PRM (reserved Random Memory). The official SGX developer guide of the intel corporation of 2016 provides a guide for migrating enclave data across platforms, but the guide cannot be applied to migrating other enclave pages besides enclave data, and cannot effectively implement live migration.
Disclosure of Invention
In order to solve the existing technical problems, embodiments of the present invention provide a method and an apparatus for thermal migration, an electronic device, and a computer-readable storage medium.
In a first aspect, an embodiment of the present invention provides a method for thermal migration, including:
presetting a first extended instruction set, and adding a first migration key register, wherein the first extended instruction set comprises a storage instruction and an enclave resource moving-out instruction;
generating a source migration master key according to a communication message between the source migration master key and a target host, and storing the source migration master key into the first migration key register based on the storage instruction;
reading the source migration master key in the first migration key register based on the enclave resource moving-out instruction, encrypting a memory page to be migrated according to the source migration master key, and moving out the encrypted memory page to be migrated based on the enclave resource moving-out instruction;
and sending migration data to the target host, wherein the migration data comprises the encrypted enclave memory page to be migrated.
In a second aspect, an embodiment of the present invention further provides a method for thermal migration, including:
presetting a second extended instruction set, and adding a second migration key register, wherein the second extended instruction set comprises a storage instruction and an enclave resource loading instruction;
generating a target migration master key according to a communication message between the source host and the source host, and storing the target migration master key into the second migration key register based on the storage instruction;
acquiring migration data sent by the source host, and reading the target migration master key in the second migration key register based on the enclave resource loading instruction; the migration data comprise encrypted enclave memory pages to be migrated of the source host;
and decrypting the migration data according to the target migration master key, and extracting and storing the enclave memory page to be migrated.
In a third aspect, an embodiment of the present invention further provides a device for thermal migration, including:
the first preset module is used for presetting a first extended instruction set and adding a first migration key register, wherein the first extended instruction set comprises a storage instruction and an enclave resource moving-out instruction;
the source migration master key processing module is used for generating a source migration master key according to a communication message between the source migration master key and a target host, and storing the source migration master key into the first migration key register based on the storage instruction;
a resource moving-out module, configured to read the source migration master key in the first migration key register based on the enclave resource moving-out instruction, encrypt a to-be-migrated enclave memory page according to the source migration master key, and move out the encrypted to-be-migrated enclave memory page based on the enclave resource moving-out instruction;
and the sending module is used for sending migration data to the target host, wherein the migration data comprises the encrypted enclave memory page to be migrated.
In a fourth aspect, an embodiment of the present invention further provides an apparatus for thermal migration, including:
the second preset module is used for presetting a second extended instruction set and adding a second migration key register, wherein the second extended instruction set comprises a storage instruction and an enclave resource loading instruction;
the target migration master key processing module generates a target migration master key according to the communication message with the source host, and stores the target migration master key into the second migration key register based on the storage instruction;
a resource loading module, configured to obtain migration data sent by the source host, and read the target migration master key in the second migration key register based on the enclave resource loading instruction; the migration data comprise encrypted enclave memory pages to be migrated of the source host; and decrypting the migration data according to the target migration master key, and extracting and storing the enclave memory page to be migrated.
In a fifth aspect, an embodiment of the present invention provides an electronic device, including a bus, a transceiver, a memory, a processor, and a computer program stored on the memory and executable on the processor, where the transceiver, the memory, and the processor are connected via the bus, and the computer program, when executed by the processor, implements the steps in the method for performing a thermal migration according to any one of the above-mentioned methods.
In a sixth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the method for live migration described in any one of the above.
According to the method, the device, the electronic equipment and the computer readable storage medium for live migration provided by the embodiment of the invention, the migration key register and the instruction extension set containing the storage instruction and the enclave resource moving-out instruction are set, and the migration master key is stored into the safe and credible migration key register by using the storage instruction, so that the migration master key is prevented from being leaked; and then, the enclave resource moving-out instruction is utilized to encrypt the enclave memory page to be migrated based on the migration master key and move the enclave memory page out. Because the moved-out enclave memory page to be migrated is encrypted, the security of data in the enclave memory can be ensured, and the virtual manager is also allowed to transmit the encrypted enclave memory page to the target host, so that the enclave memory page is migrated in a hot mode. The mode can ensure the data security while realizing the heat transfer; and the method is suitable for all types of enclave memory pages, and can realize complete migration.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or the background art of the present invention, the drawings required to be used in the embodiments or the background art of the present invention will be described below.
FIG. 1 illustrates a flow chart of a method of thermomigration provided by an embodiment of the present invention;
FIG. 2 illustrates another flow chart of a method of thermomigration provided by an embodiment of the present invention;
FIG. 3 is a diagram illustrating a generation process of a migration master key according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a framework of a host according to an embodiment of the present invention;
FIG. 5 illustrates an overall flow diagram of a method of thermomigration provided by an embodiment of the present invention;
FIG. 6 is a schematic diagram of an embodiment of the present invention;
FIG. 7 is a schematic diagram illustrating another embodiment of a thermophoresis apparatus according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device for performing a method of thermomigration according to an embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described below with reference to the drawings.
As known from the SGX technology, the EPC (Enclave Page Cache) manages in units of pages, that is, the EPC is a set of Enclave memory pages that load application data and codes, and the size of each Enclave memory Page (also referred to as EPC Page) is generally fixed, and is generally 4KB. Meanwhile, the SGX also defines various data structures, such as SECS (SGX Enclave Control Structure), EPCM (Enclave Page cache Map), PCMD (Page Crypto MetaData), and the like.
Specifically, SGX maintains the fabric SECS using one EPC page alone per EPC; the SECS records metadata of each EPC page, including sensitive information such as cryptographic measures. Therefore, the structure SECS can only be accessed and modified by the SGX management mechanism of the CPU, and any other secure or non-secure code cannot access it.
The EPCM is a data structure stored in the EPC that implements access control, maintains an entry address for the EPC, and contains a state table that tracks page metadata within the EPC. Specifically, the EPCM contains basic information for each EPC Page, such as whether the Page has been used, the owner of the Page, the Page Type (PT), address mapping and permission attributes, etc.; the page type includes PT _ SECS, PT _ REG, PT _ TCS, etc., the address mapping is an entry address of the EPC page, and the Processor (Processor) can access the corresponding EPC page by querying the EPCM, that is, the Processor can use the EPCM to track the contents in the EPC.
The PCMD is encrypted metadata associated with the paged out EPC page, including an enclave ID, MAC (Message Authentication Code), and the like for the evicted EPC page. The PCMD is used to track the associated metadata for those pages purged from the EPC, which provides the processor with sufficient information to validate, decrypt, and reload the paged EPC pages.
The embodiment of the invention provides a method for hot migration, which is suitable for migrating an enclave memory page (namely an EPC page) of a Source Host (Source Host) to an enclave memory space of a target Host (Destination Host) to realize hot migration of the enclave memory page. Specifically, the method for live migration provided by this embodiment may be executed by a source host, and fig. 1 shows a flowchart of the method for live migration. As shown in fig. 1, the method includes:
step 101: a first extended instruction set is preset, and a first migration key register is added, wherein the first extended instruction set comprises a storage instruction and an enclave resource moving-out instruction.
In the embodiment of the present invention, on the basis of the SGX technology, a set of extended instruction set, that is, a first extended instruction set is added, where the first extended instruction set includes an extended storage instruction (denoted as eptkey in this embodiment) and an extended Enclave resource move out (ESE) instruction. Meanwhile, a Migration Key Register (MKR) for storing a Key is added, that is, a first Migration Key Register, which is a trusted Register and cannot be accessed by other entities (such as a virtual machine manager VMM) except for a designated enclave and an SGX-enabled Processor (SGX-enabled Processor).
Step 102: and generating a source migration master key according to the communication message with the target host, and storing the source migration master key into the first migration key register based on the storage instruction.
In the embodiment of the present invention, when the enclave memory page of the source host needs to be migrated to the target host, communication needs to be performed between the source host and the target host, and a corresponding Migration Master Key (MMK) is generated based on a communication message between the source host and the target host, that is, the source host may generate the source Migration Master Key MMK S . The source migration master key MMK may then be stored based on the store instruction (EPUTKEY) in the first extended instruction set S And storing the key into a first safe and credible migration key register.
Alternatively, the source host and the target host may generate respective migration master keys from key exchange messages therebetween. Specifically, the "generating a source migration master key according to a communication message with a target host" may include steps A1 to A4:
step A1: generating a source key exchange message msg S And performs local authentication to generate a source REPORT S 。
In this embodiment of the present invention, if the source host needs to migrate an Enclave memory page in an Enclave (ME) to be migrated to the target host, the source host may generate a source key exchange message msg S (ii) a In particular, the enclave to be migrated (hereinafter abbreviated ME) may be by a source host S ) Generating the source key exchange message msg S . Meanwhile, the SGX-based local authentication scheme may generate a REPORT (REPORT) of the source host, i.e., a source REPORT S (ii) a Specifically, an ereprt instruction may be invoked for local authentication.
Step A2: REPORT source S Reference enclave QE sent to local S Reporting of a REPORT at the source S Receiving reference enclave QE when valid S Returned source reference structure QUOTE S 。
In an embodiment of the invention, the REPORT is reported at the source S After generation, the source host's enclave ME to be migrated S I.e., a referenced enclave (hereinafter abbreviated as QE) that may be local to a source host S ) Initiating a request; then QE S Verifying the Source REPORT S Whether valid, when it is, the source reference structure QUOTE is generated S And returns to the ME S . Among them, a reference Enclave (QE) is a special Enclave in SGX technology.
Step A3: exchanging source keys for message msg S And the source reference structure QUOTE S And sending the data to the target host.
Step A4: receiving target key exchange message msg fed back by target host D And an object reference structure QUOTE D In the object reference structure QUOTE D When valid, exchanging message msg according to source key S Exchanging message msg with target key D A source migration master key is generated.
In the embodiment of the invention, the source host exchanges the source key with the message msg S And a source reference structure QUOTE S And sending the data to the target host for remote authentication. If the remote authentication is passed, the target host will return the corresponding key exchange message and the QUOTE structure body (QUOTE), i.e. the target key exchange message msg, to the source host D And an object reference structure QUOTE D . The source host can then verify the target reference structure QUOTE D If it is valid, the message msg can be exchanged according to the source key S Exchanging message msg with target key D Generating a source migration master key MMK S . Then, the source host's enclave ME to be migrated S The store instruction EPUTKEY can be executed to store the MMK S Storing into a first migration key register. Among them, remote authentication and verification QUOTE structure quite is a mature technology in SGX and will not be described in detail here.
Optionally, a MIGRATION attribute (migratio) is set in the SGX enclave control structure (i.e. SECS), and only the enclave ME to be migrated has the right to change the attribute value of the MIGRATION attribute. Specifically, before the step 102 "storing the source migration master key into the first migration key register based on the storage instruction", the method further includes the steps B1-B2:
step B1: the attribute value of the migration attribute is modified to allow storage.
And step B2: and when the attribute value of the migration attribute is storage permission, storing the source migration master key into the first migration key register based on the storage instruction.
In the embodiment of the invention, the MIGRATION attribute is added in the SECS to ensure that only the ME can call the storage instruction EPUTKEY. Specifically, at initialization time, the LE (Launch Enclave) checks whether there are other Enclaves to initialize the migratio attribute; in this embodiment, the extended instruction set specifies that only the ME is qualified to obtain einitttoken (virtual machine initialization token) to authorize modification of the attribute value of the MIGRATION attribute, that is, the attribute value may be modified to allow storage, for example, migratio is modified to True, which corresponds to the allowed modification. The SGX-enabled processor will reject the store instruction epitkey for the enclave with migratio = False, thereby ensuring that only the store epitkey for ME will be executed.
Step 103: and reading the source migration master key in the first migration key register based on the enclave resource moving-out instruction, encrypting the enclave memory page to be migrated according to the source migration master key, and moving out the encrypted enclave memory page to be migrated based on the enclave resource moving-out instruction.
In the embodiment of the invention, the first migration key register stores the source migration master key MMK S At this time, the SGX-enabled processor reads the MMK (source migration master key) in the SGX-enabled processor based on an enclave resource carry-out instruction (namely an ESE instruction) in the extended instruction set S And then, the enclave memory page to be migrated can be encrypted, and then the encrypted enclave memory page to be migrated can be moved out, that is, the encrypted enclave memory page to be migrated is moved out from the safe and reliable EPC to other non-safe and untrusted memory spaces. Wherein the encryption process is a symmetric encryption process. In this embodiment, the ESE command can be used to perform a plurality of operations such as reading, encrypting, and moving out.
Optionally, migration may be performed in this exampleThe main key is used as an encryption key to directly encrypt the memory page of the enclave to be migrated, for example, the source host encrypts the memory page according to the MMK S And directly encrypting the memory page of the enclave to be migrated. Or, the migration master key may be preprocessed, and then, the encryption processing is performed based on the preprocessed result; specifically, the step 103 of "performing encryption processing on the enclave page to be migrated according to the source migration master key" may include steps C1 to C2:
step C1: generation of Source migration Key MK from Source migration Master Key S And source initial vector IV S And MK S =KDF(MMK S ,C MK ),IV S =KDF(MMK S ,C IV ) (ii) a Wherein, MMK S Migrating master keys for sources, C MK To migrate key constants, C IV KDF (-) represents a key generation function for the initial vector constant, which may be a function owned by SGX itself, or may be custom, e.g., defined as an exponential function, etc.
And step C2: and encrypting the memory page of the enclave to be migrated according to the source migration key and the source initial vector.
Step 104: and sending migration data to the target host, wherein the migration data comprises the encrypted enclave memory page to be migrated.
In the embodiment of the present invention, after the encrypted enclave memory page to be migrated is moved out to another memory space, since the virtual manager VMM has authority to manage the other memory space, the virtual manager VMM may send the encrypted enclave memory page to be migrated to the target host, thereby implementing live migration on the source host side. And the target host receives the encrypted enclave memory page to be migrated, and can complete the whole live migration process after corresponding processing.
According to the method for the hot migration provided by the embodiment of the invention, the migration key register and the instruction extension set containing the storage instruction and the enclave resource moving-out instruction are arranged, and the migration master key is stored into the safe and credible migration key register by using the storage instruction, so that the migration master key is prevented from being leaked; and then, the enclave resource moving-out instruction is utilized to encrypt the enclave memory page to be migrated based on the migration master key and move the enclave memory page out. Because the moved-out enclave memory page to be migrated is encrypted, the security of data in the enclave memory can be ensured, and the virtual manager is also allowed to transmit the encrypted enclave memory page to the target host, so that the enclave memory page is migrated in a hot mode. The mode can ensure the data security while realizing the heat transfer; and the method is suitable for all types of enclave memory pages, and can realize complete migration.
On the basis of the foregoing embodiment, before the step 104 "migrating data to a target host", the method further includes a process of determining the migrated data, where the process specifically includes:
step D1: and respectively allocating corresponding first addresses and second addresses to the enclave memory page to be migrated and page encryption metadata corresponding to the enclave memory page to be migrated in a local untrusted memory.
In the embodiment of the invention, when a memory page needing to be moved out exists, whether the memory page belongs to an EPC page is judged firstly; if so, the memory page is a to-be-migrated enclave memory page, and at this time, a first address and a second address are allocated in the local untrusted memory, where the two addresses are used to store the to-be-migrated enclave memory page and corresponding page encryption metadata (PCMD), respectively. Wherein the untrusted memory is not enclave memory, which is accessible by the VMM.
Step D2: and storing the encrypted enclave memory page to be migrated to the first address, storing page encryption metadata to the second address, and generating migration data according to the encrypted enclave memory page to be migrated and the page encryption metadata.
In the embodiment of the present invention, a processor of a source host may access an enclave memory page to be migrated (i.e., an EPC page) by querying the EPCM, and determine a page type of the enclave memory page to be migrated; if the page type of the enclave memory page to be migrated is PT _ REG or PT _ TCS, search for the SECS, and generate a corresponding MAC header (MAC header) based on the metadata of the enclave memory page to be migrated recorded in the SECS. If the page type of the enclave memory page to be migrated is not PT _ REG or PT _ TCS, if the page type is PT _ SECS, it indicates that the enclave memory page to be migrated stores SECS, and at this time, an MAC body (MAC body) of the enclave memory page to be migrated may be directly set, for example, the MAC body is obtained through calculation according to EPCM; a complete MAC may be generated based on the MAC header and the MAC body. After determining the MAC of the enclave memory page to be migrated, the MAC determined at this time may be stored in the PCMD (the PCMD includes the MAC), so as to complete the PCMD, and then the PCMD may be stored in the second address, and the PCMD may be sent to the target host as a part of the migration data.
Based on the same inventive concept, the embodiment of the invention also provides a method for performing the hot migration by the target host. Referring to fig. 2, the method of thermomigration includes:
step 201: and presetting a second extended instruction set, and adding a second migration key register, wherein the second extended instruction set comprises a storage instruction and an enclave resource loading instruction.
In the embodiment of the present invention, the target Host and the source Host are both a Host (Host), and both the source Host and the target Host may set an extended instruction set and a Migration Key Register (MKR) to implement live migration; as described above, the source host sets the first extended instruction set and the first migration key register, and the corresponding target host sets the second extended instruction set and adds the second migration key register. Specifically, the second set of extended instructions includes a store instruction (EPUTKEY) and an Enclave resource load (ESL) instruction. The storage instruction is substantially the same as the storage instruction in the first extended instruction set, and is used for storing the Migration Master Key (MMK) in the Migration Key Register (MKR). The second migration key register is essentially the same as the first migration key register described above, and is a trusted register.
Step 202: and generating a target migration master key according to the communication message with the source host, and storing the target migration master key into a second migration key register based on the storage instruction.
In the embodiment of the invention, when the enclave memory page of the source host needs to be migrated to the target host, the target host and the source host communicate with each other, a corresponding Migration Master Key (MMK) can be generated based on the communication message between the target host and the source host,that is, the target host can generate the target migration master key MMK D . The target migration master key MMK may then be stored based on the store instruction (EPUTKEY) in the second extended instruction set D And storing the key into a second migration key register which is safe and credible.
Similar to the above-described process of generating the source migration master key, i.e., the communication message is specifically referred to as a key exchange message, the corresponding migration master key may be generated according to the key exchange message between the source host and the target host. Optionally, the "generating a target migration master key according to a communication message with a source host" specifically includes:
step E1: generating a target Key exchange message msg D And performing local authentication to generate a target REPORT D 。
Step E2: REPORT the target D Reference enclave QE sent to local D At the target REPORT REPORT D Receiving reference enclave QE when valid D Returned target reference structure QUOTE D 。
In the embodiment of the invention, the target host generates a target key exchange message msg D REPORT on target D Object reference Structure QUOTE D With the source host generating a source key exchange message msg S Source REPORT S Source reference structure QUOTE S The process is substantially the same, and is not described herein.
Step E3: exchanging target key with message msg D And an object reference structure QUOTE D And sending the data to the source host.
Step E4: receiving source key exchange message msg fed back by source host S And the source reference structure QUOTE S In the source-referencing structure QUOTE S When valid, exchanging message msg according to source key S Exchanging message msg with target key D And generating a target migration master key.
In the embodiment of the invention, the target host can exchange the target key with the message msg D And an object reference structure QUOTE D Sending to the source host to enable the source host to verify the target referenceStructure QUOTE D Whether valid, and then exchange message msg based on source key S Exchanging message msg with target key D And generating a source migration master key, which can be seen in detail in the step A4. Likewise, the source host will exchange the source key with the message msg S And the source reference structure QUOTE S Sending to the target host, which can verify the source reference structure QUOTE S Whether it is valid and, if it is valid, exchanges messages msg according to the source key S Exchanging message msg with target key D And generating a target migration master key. That is, under normal conditions, the source migration master key and the target migration master key are the same, so that the secure migration of the enclave memory page can be subsequently realized based on a symmetric encryption manner.
Specifically, the process of generating the target migration master key and the source migration master key may be as shown in fig. 3. In FIG. 3, H S Represents the Source Host (Source Host), H D Indicating a Destination Host (Destination Host); VMM (virtual machine monitor) S VMM representing a source host, VMM D A VMM representing a target host; ME Host is ME Host, and Processor represents Processor. H S And H D After Initialization (Initialization), interaction can be realized, and then the required migration master keys are generated respectively.
Step 203: acquiring migration data sent by a source host, and reading a target migration master key in a second migration key register based on an enclave resource loading instruction; and the migration data comprises encrypted enclave memory pages to be migrated of the source host.
Step 204: and decrypting the migration data according to the target migration master key, and extracting and storing the enclave memory page to be migrated.
In the embodiment of the present invention, the source host sends migration data to the local target host, where the migration data includes an encrypted enclave memory page (EPC page) to be migrated of the source host. At this time, the SGX-enabled processor reads the target migration master key MMK therein based on an enclave resource load instruction (i.e., ESL instruction) in the extended instruction set D Then, the migration data can be decrypted to determine the enclave memory page to be migrated in the source hostAnd the target host is enabled to safely acquire the enclave memory page to be migrated of the source host, so that the enclave memory page to be migrated of the source host is stored in the EPC of the target host, and migration of the enclave memory page is realized. In this embodiment, based on the ESL instruction, a plurality of actions such as reading, decrypting, storing, and the like can be implemented.
The step 204 "decrypting the migration data according to the target migration master key specifically includes:
step F1: generating target migration key MK according to target migration master key D And a target initial vector IV D And MK D =KDF(MMK D ,C MK ),IV D =KDF(MMK D ,C IV ) (ii) a Wherein, MMK D Migrating master keys for targets, C MK To migrate key constants, C IV KDF (-) represents the key generation function for the initial vector constants.
Step F2: and decrypting the migration data according to the target migration key and the target initial vector.
In this embodiment, the process of generating the target migration key and the target initial vector is the same as the process of generating the source migration key and the source initial vector in the above steps C1-C2, and details are not described here. Due to target migration key MMK D And source migration key MMK S The target migration key is the same as the source migration key, and the target initial vector is the same as the source initial vector.
According to the method for hot migration provided by the embodiment of the invention, the migration key register and the instruction extension set containing the storage instruction and the enclave resource loading instruction are set, and the migration master key is stored into the safe and credible migration key register by using the storage instruction, so that the migration master key is prevented from being leaked; and then, decrypting the migration data sent by the source host based on the migration master key by using the enclave resource loading instruction. Because the moved-out enclave memory page to be migrated is encrypted, the security of the data in the enclave memory can be ensured. The mode can ensure the data security while realizing the heat migration; and the method is suitable for all types of enclave memory pages, and can realize complete migration.
On the basis of the above embodiment, the migration data further includes page encryption metadata (PCMD) corresponding to the enclave page to be migrated. The method provided by the embodiment further comprises the following steps:
step G1: and respectively allocating a third address and a fourth address corresponding to the encryption metadata of the memory page and the page of the enclave to be migrated in the local enclave memory space.
Step G2: and after the migration data is decrypted according to the target migration master key, storing the extracted enclave memory page to be migrated into a third address, and storing the extracted page encryption metadata into a fourth address.
In the embodiment of the invention, when a target host receives a memory page sent by a source host, whether the memory page is an EPC page is judged firstly; if so, steps 201-204, etc. described above may be performed. Specifically, at this time, in the enclave memory space of the target host, the input addresses, that is, the third address and the fourth address, of the enclave memory page to be migrated and the page encryption metadata are allocated. The enclave memory space is a memory space in the target host used for storing EPC pages, and may be divided into a plurality of EPC pages.
And then, storing the encrypted migration data into the enclave memory of the target host (for example, the encrypted migration data can be stored into the third address and the fourth address), then executing decryption processing in the enclave memory, and finally storing the corresponding enclave memory page to be migrated and page encryption metadata into the third address and the fourth address.
Specifically, an Enclave Page Cache Map (EPCM) of the target host is searched, so that EPC pages corresponding to the third address and the fourth address in the target host can be accessed; meanwhile, the MAC body of the EPC page is set based on metadata of the EPCM (which is information related to the enclave page itself). In addition, the migration data further includes page encryption metadata (PCMD), and the PCMD includes an MAC of the enclave memory page to be migrated, so that the MAC of the target host EPC page may be compared with the MAC of the enclave memory page to be migrated, and if the MAC of the target host EPC page and the MAC of the enclave memory page to be migrated are the same, the migration process is normal, and at this time, the enclave memory page to be migrated may be stored to the third address; meanwhile, the EPCM of the target host is set to perfect the EPCM of the host. The process of performing authentication based on MAC is prior art and will not be described in detail here.
In addition, as will be understood by those skilled in the art, in one migration process, the source host may migrate the memory page to the target host, and in other migration processes, the source host may also serve as a target host of another host, that is, migration data such as enclave memory pages of another host is migrated to the source host. At this time, the source host needs to store migration data sent by another host in the local EPC, and at this time, an enclave resource load instruction needs to be set in the extended instruction set, that is, the first extended instruction set further includes: the enclave resource loads instructions. At this time, the live migration method executed by the source host further includes:
step H1: and generating a target migration master key according to communication messages with other hosts, and storing the target migration master key into the first migration key register based on the storage instruction.
Step H2: acquiring migration data sent by other hosts, and reading a target migration master key in a second migration key register based on the enclave resource loading instruction; and the migration data comprises encrypted enclave memory pages to be migrated of other hosts.
Step H3: and decrypting the migration data sent by other hosts according to the target migration master key, and extracting and storing the enclave memory pages to be migrated of other hosts.
In the embodiment of the present invention, when the source host executes the steps H1 to H3, the process of the source host is substantially the same as the process of the target host executing the steps 202 to 204, and will not be described in detail here. Similarly, the target host may also be used as a source host in other migration processes, that is, the second extended instruction set may also include an enclave resource removal instruction. The first and second extended instruction sets are substantially identical, and the two extended instruction sets may be identical.
Specifically, the source host or the target host in the present embodiment is substantially the same, and the framework thereof can be seen from fig. 4. Wherein, the gray area indicates that it is trusted (trusted), such as a trusted memory, an instruction executed in the trusted memory, etc.; white areas indicate that it is untrusted (untrusted). Further, a single arrow "→" indicates register READ/WRITE (READ/WRITE), and a double arrow "→" indicates instruction execution.
The overall flow of the thermomigration method is described in detail below by way of an example. The source host and the target host are both provided with an extended instruction set and a migration key register. Referring to fig. 5, the method includes:
step 501: source host generates source key exchange message msg S And performs local authentication to generate a source REPORT S 。
Step 502: the source host REPORTs the source REPORT S Quote enclave QE sent to local S Reporting at the Source S Receiving reference enclave QE when valid S Returned source reference structure QUOTE S 。
Step 503: source host exchanging source key with message msg S And the source reference structure QUOTE S And sending the data to the target host.
Step 504: target host generates target key exchange message msg D And performing local authentication to generate a target REPORT D 。
Step 505: target host REPORTs target D Quote enclave QE sent to local D At the target REPORT REPORT D Receiving reference enclave QE when valid D Returned object reference Structure QUOTE D 。
Step 506: target host exchanges target key with message msg D And an object reference structure QUOTE D And sending the data to the source host.
In the embodiment of the present invention, the steps 501 to 503 and the steps 504 to 506 are executed in the source host and the target host, respectively, and the specific execution order is not limited in this embodiment.
Step 507: the source host receives a target key exchange message msg fed back by the target host D And object reference Structure QUOTE D In the object reference structure QUOTE D When valid, exchanging message msg according to source key S And target key exchangeMessage msg D A source migration master key is generated.
Step 508: and the source host stores the source migration master key into the first migration key register based on the storage instruction.
Step 509: when the hot migration is needed, the source host reads the source migration master key in the first migration key register based on the enclave resource carry-out instruction, encrypts the enclave memory page to be migrated according to the source migration master key, and carries out the encrypted enclave memory page to be migrated based on the enclave resource carry-out instruction.
Step 510: and the source host sends the migration data to the target host, wherein the migration data comprises the encrypted enclave memory page to be migrated.
Step 511: the target host receives the source key exchange message msg fed back by the source host S And the source reference structure QUOTE S Referencing the structure QUOTE at the source S When valid, exchanging message msg according to source key S Exchanging message msg with target key D And generating a target migration master key.
Step 512: and the target host acquires the migration data sent by the source host and reads the target migration master key in the second migration key register based on the enclave resource loading instruction.
Step 513: and decrypting the migration data according to the target migration master key, and extracting and storing the memory page of the enclave to be migrated.
According to the method for hot migration provided by the embodiment of the invention, the migration key register and the instruction extension set containing the storage instruction, the enclave resource moving-out instruction and the enclave resource loading instruction are arranged, and the migration master key is stored in the safe and credible migration key register by using the storage instruction, so that the migration master key is prevented from being leaked; and then, the enclave resource moving-out instruction is utilized to encrypt the enclave memory page to be migrated based on the migration master key and move the enclave memory page out. Because the moved out enclave memory page to be migrated is encrypted, the security of data in the enclave memory can be ensured, and the virtual manager also has the right to send the encrypted enclave memory page to be migrated to the target host; and the target host decrypts the memory page to be migrated based on the enclave resource loading instruction and stores the decrypted memory page into the local enclave memory, so that the hot migration of the enclave memory page is realized. The mode can ensure the data security while realizing the heat transfer; and the method is suitable for all types of enclave memory pages, and can realize complete migration.
The method for thermal migration provided by the embodiment of the invention is described above in detail, and the method can also be implemented by a corresponding device.
Fig. 6 is a schematic structural diagram of a thermomigration device according to an embodiment of the present invention. The apparatus for live migration may be specifically disposed on the source host side, as shown in fig. 6, and the apparatus for live migration includes:
a first preset module 61, configured to preset a first extended instruction set, and add a first migration key register, where the first extended instruction set includes a storage instruction and an enclave resource moving instruction;
a source migration master key processing module 62, configured to generate a source migration master key according to a communication message with a target host, and store the source migration master key into the first migration key register based on the storage instruction;
a resource moving-out module 63, configured to read the source migration master key in the first migration key register based on the enclave resource moving-out instruction, encrypt a to-be-migrated enclave memory page according to the source migration master key, and move out the encrypted to-be-migrated enclave memory page based on the enclave resource moving-out instruction;
a sending module 64, configured to send migration data to the target host, where the migration data includes the encrypted enclave page to be migrated.
On the basis of the foregoing embodiment, the source migration master key processing module 62 generates the source migration master key according to the communication message with the target host, including:
generating a source key exchange message msg S And performs local authentication to generate a source REPORT S ;
Reporting the source REPORT S Reference enclave QE sent to local S At the source REPORT S Receive the referenced enclave QE when active S Returned source reference structure QUOTE S ;
Exchanging the source key for a message msg S And said source reference structure QUOTE S Sending the data to a target host;
receiving a target key exchange message msg fed back by the target host D And an object reference structure QUOTE D In said object reference structure QUOTE D When the source key is valid, exchanging messages msg according to the source key S Exchanging a message msg with said target key D A source migration master key is generated.
On the basis of the above embodiment, the SGX enclave control structure is provided with a migration attribute, and only the enclave to be migrated has the right to change the attribute value of the migration attribute; and the device also comprises a modification module;
before the source migration master key processing module 62 stores the source migration master key into the first migration key register based on the storage instruction, the modification module is configured to: and modifying the attribute value of the migration attribute to be allowed to be stored.
When the attribute value of the migration attribute is storage permission, the source migration master key processing module 62 stores the source migration master key into the first migration key register based on the storage instruction.
On the basis of the foregoing embodiment, the encrypting the to-be-migrated enclave memory page by the resource moving-out module 63 according to the source migration master key includes:
generating source migration key MK according to source migration master key S And source initial vector IV S And MK S =KDF(MMK S ,C MK ),IV S =KDF(MMK S ,C IV ) (ii) a Wherein, MMK S Migrating master keys for sources, C MK To migrate key constants, C IV KDF (-) represents a key generation function for the initial vector constant;
and encrypting the memory page of the enclave to be migrated according to the source migration key and the source initial vector.
On the basis of the embodiment, the device further comprises a migration data generation module;
before the sending module 64 sends the migration data to the target host, the migration data generating module is configured to:
respectively allocating a corresponding first address and a corresponding second address to the enclave memory page to be migrated and page encryption metadata corresponding to the enclave memory page to be migrated in a local untrusted memory;
and storing the encrypted enclave memory page to be migrated to the first address, storing the page encryption metadata to the second address, and generating migration data according to the encrypted enclave memory page to be migrated and the encrypted page encryption metadata.
On the basis of the above embodiment, the first extended instruction set further includes: an enclave resource load instruction; the device also comprises a loading module; the loading module is used for:
generating a target migration master key according to communication messages with other hosts, and storing the target migration master key into the first migration key register based on the storage instruction;
acquiring migration data sent by the other hosts, and reading the target migration master key in the second migration key register based on the enclave resource loading instruction; the migration data comprises encrypted enclave memory pages to be migrated of the other hosts;
and decrypting the migration data sent by the other host according to the target migration master key, and extracting and storing the enclave memory page to be migrated of the other host.
An embodiment of the present invention further provides a device for performing a thermal migration, where the device for performing a thermal migration may be specifically disposed on a target host side, as shown in fig. 7, and the device includes:
a second preset module 71, configured to preset a second extended instruction set, and add a second migration key register, where the second extended instruction set includes a storage instruction and an enclave resource loading instruction;
the target migration master key processing module 72 generates a target migration master key according to the communication message with the source host, and stores the target migration master key into the second migration key register based on the storage instruction;
a resource loading module 73, configured to obtain migration data sent by the source host, and read the target migration master key in the second migration key register based on the enclave resource loading instruction; the migration data comprise encrypted enclave memory pages to be migrated of the source host; and decrypting the migration data according to the target migration master key, and extracting and storing the enclave memory page to be migrated.
On the basis of the foregoing embodiment, the target migration master key processing module 72 generates a target migration master key according to a communication message with the source host, including:
generating a target Key exchange message msg D And performing local authentication to generate a target REPORT D ;
Reporting the target REPORT D Reference enclave QE sent to local D At the target REPORT REPORT D Receive the referenced enclave QE when active D Returned target reference structure QUOTE D ;
Exchanging the target key for a message msg D And said object reference structure QUOTE D Sending the data to a source host;
receiving source key exchange message msg fed back by the source host S And a source reference structure QUOTE S In said source reference structure QUOTE S When valid, exchanging message msg according to the source key S Exchanging message msg with said target key D And generating a target migration master key.
On the basis of the foregoing embodiment, the resource loading module 73 performs decryption processing on the migration data according to the target migration master key, including:
generating a target migration key MK according to the target migration master key D And a target initial vector IV D And MK D =KDF(MMK D ,C MK ),IV D =KDF(MMK D ,C IV ) (ii) a Wherein, MMK D Migrating master keys for targets, C MK To migrate key constants, C IV KDF (-) represents a key generation function for the initial vector constant;
and decrypting the migration data according to the target migration key and the target initial vector.
On the basis of the above embodiment, the migration data further includes page encryption metadata corresponding to the enclave page to be migrated; the device also comprises a migration data processing module, wherein the migration data processing module is used for:
respectively allocating a third address and a fourth address corresponding to the enclave memory page to be migrated and the page encryption metadata in a local enclave memory space;
and after the migration data is decrypted according to the target migration master key, storing the extracted enclave page to be migrated to the third address, and storing the page encryption metadata to the fourth address.
According to the device for hot migration provided by the embodiment of the invention, the migration key register and the instruction extension set comprising the storage instruction, the enclave resource unloading instruction and the enclave resource loading instruction are arranged, and the migration master key is stored into the safe and credible migration key register by using the storage instruction, so that the migration master key is prevented from being leaked; and then, the enclave resource moving-out instruction is utilized to encrypt the enclave memory page to be migrated based on the migration master key and move the enclave memory page out. Because the moved out enclave memory page to be migrated is encrypted, the security of data in the enclave memory can be ensured, and the virtual manager also has the right to send the encrypted enclave memory page to be migrated to the target host; and the target host decrypts the memory page to be migrated based on the enclave resource loading instruction and stores the decrypted memory page into the local enclave memory, so that the hot migration of the enclave memory page is realized. The mode can ensure the data security while realizing the heat transfer; and the method is suitable for all types of enclave memory pages, and can realize complete migration.
In addition, an embodiment of the present invention further provides an electronic device, which includes a bus, a transceiver, a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the transceiver, the memory, and the processor are connected via the bus, and when the computer program is executed by the processor, each process of the foregoing embodiment of the method for performing a thermomigration is implemented, and the same technical effect can be achieved, and details are not repeated here to avoid repetition.
Specifically, referring to fig. 8, an electronic device according to an embodiment of the present invention includes a bus 1110, a processor 1120, a transceiver 1130, a bus interface 1140, a memory 1150, and a user interface 1160.
In an embodiment of the present invention, the electronic device further includes: a computer program stored on the memory 1150 and executable on the processor 1120, the computer program when executed by the processor 1120 performs the processes of the method embodiments of live migration described above.
A transceiver 1130 for receiving and transmitting data under the control of the processor 1120.
In embodiments of the invention in which a bus architecture (represented by bus 1110) is used, bus 1110 may include any number of interconnected buses and bridges, and bus 1110 may connect various circuits including one or more processors, represented by processor 1120, and a memory, represented by memory 1150.
Bus 1110 represents one or more of any of several types of bus structures, including a memory bus, and memory controller, a peripheral bus, an Accelerated Graphics Port (AGP), a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include: an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, a Video Electronics Standards Association (VESA), a Peripheral Component Interconnect (PCI) bus.
The bus 1110 may also connect various other circuits such as peripherals, voltage regulators, or power management circuits to provide an interface between the bus 1110 and the transceiver 1130, as is well known in the art. Therefore, the embodiments of the present invention will not be further described.
The transceiver 1130 may be one element or may be multiple elements, such as multiple receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. For example: the transceiver 1130 receives external data from other devices, and the transceiver 1130 transmits data processed by the processor 1120 to other devices. Depending on the nature of the computer system, a user interface 1160 may also be provided, such as: touch screen, physical keyboard, display, mouse, speaker, microphone, trackball, joystick, stylus.
It is to be appreciated that in embodiments of the invention, the memory 1150 may further include memory located remotely with respect to the processor 1120, which may be coupled to a server via a network. One or more portions of the above-described networks may be an ad hoc network (ad hoc network), an intranet (intranet), an extranet (extranet), a Virtual Private Network (VPN), a Local Area Network (LAN), a Wireless Local Area Network (WLAN), a Wide Area Network (WAN), a Wireless Wide Area Network (WWAN), a Metropolitan Area Network (MAN), the Internet (Internet), a Public Switched Telephone Network (PSTN), a plain old telephone service network (POTS), a cellular telephone network, a wireless fidelity (Wi-Fi) network, and combinations of two or more of the above. For example, the cellular telephone network and the wireless network may be a global system for Mobile Communications (GSM) system, a Code Division Multiple Access (CDMA) system, a Worldwide Interoperability for Microwave Access (WiMAX) system, a General Packet Radio Service (GPRS) system, a Wideband Code Division Multiple Access (WCDMA) system, a Long Term Evolution (LTE) system, an LTE Frequency Division Duplex (FDD) system, an LTE Time Division Duplex (TDD) system, a long term evolution-advanced (LTE-a) system, a Universal Mobile Telecommunications (UMTS) system, an enhanced Mobile Broadband (eMBB) system, a mass Machine Type Communication (mtc) system, an Ultra Reliable Low Latency Communication (urrllc) system, or the like.
It is to be understood that the memory 1150 in embodiments of the present invention can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. Wherein the nonvolatile memory includes: read-Only Memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), or Flash Memory.
The volatile memory includes: random Access Memory (RAM), which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as: static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), double Data Rate Synchronous Dynamic random access memory (Double Data Rate SDRAM, DDRSDRAM), enhanced Synchronous DRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DRRAM). The memory 1150 of the electronic device described in the embodiments of the invention includes, but is not limited to, the above and any other suitable types of memory.
In an embodiment of the present invention, memory 1150 stores the following elements of operating system 1151 and application programs 1152: an executable module, a data structure, or a subset thereof, or an expanded set thereof.
Specifically, the operating system 1151 includes various system programs such as: a framework layer, a core library layer, a driver layer, etc. for implementing various basic services and processing hardware-based tasks. Applications 1152 include various applications such as: media Player (Media Player), browser (Browser), used to implement various application services. Programs that implement methods in accordance with embodiments of the present invention can be included in application programs 1152. The application programs 1152 include: applets, objects, components, logic, data structures, and other computer system executable instructions that perform particular tasks or implement particular abstract data types.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements each process of the foregoing embodiment of the method for thermal migration, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The computer-readable storage medium includes: permanent and non-permanent, removable and non-removable media may be tangible devices that retain and store instructions for use by an instruction execution apparatus. The computer-readable storage medium includes: electronic memory devices, magnetic memory devices, optical memory devices, electromagnetic memory devices, semiconductor memory devices, and any suitable combination of the foregoing. The computer-readable storage medium includes: phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), non-volatile random access memory (NVRAM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic tape cartridge storage, magnetic tape disk storage or other magnetic storage devices, memory sticks, mechanically encoded devices (e.g., punched cards or raised structures in a groove having instructions recorded thereon), or any other non-transmission medium useful for storing information that may be accessed by a computing device. As defined in embodiments of the present invention, the computer-readable storage medium does not include transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses traveling through a fiber optic cable), or electrical signals transmitted through a wire.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, electronic device and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electrical, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to solve the problem to be solved by the embodiment of the invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present invention may be substantially or partially contributed by the prior art, or all or part of the technical solutions may be embodied in a software product stored in a storage medium and including instructions for causing a computer device (including a personal computer, a server, a data center, or other network devices) to execute all or part of the steps of the methods of the embodiments of the present invention. And the storage medium includes various media that can store the program codes as listed in the foregoing.
The above description is only a specific implementation of the embodiments of the present invention, but the scope of the embodiments of the present invention is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the embodiments of the present invention, and should be covered by the scope of the embodiments of the present invention. Therefore, the protection scope of the embodiments of the present invention shall be subject to the protection scope of the claims.
Claims (12)
1. A method of thermomigration, comprising:
presetting a first extended instruction set, and adding a first migration key register, wherein the first extended instruction set comprises a storage instruction and an enclave resource moving-out instruction;
generating a source migration master key according to a communication message between the source migration master key and a target host, and storing the source migration master key into the first migration key register based on the storage instruction;
reading the source migration master key in the first migration key register based on the enclave resource moving-out instruction, encrypting a memory page to be migrated according to the source migration master key, and moving out the encrypted memory page to be migrated based on the enclave resource moving-out instruction;
sending migration data to the target host, wherein the migration data comprises the encrypted enclave memory page to be migrated;
the generating a source migration master key according to the communication message with the target host comprises:
generating a source key exchange message msg S And performs local authentication to generate a source REPORT S ;
Reporting the source REPORT S Reference enclave QE sent to local S Reporting the REPORT at the source S Receive the reference enclave QE when valid S Returned source reference structure QUOTE S ;
Exchanging the source key by a message msg S And said source reference structure QUOTE S Sending the data to a target host;
receiving a target key exchange message msg fed back by the target host D And an object reference structure QUOTE D At said object reference structure QUOTE D When valid, exchanging message msg according to the source key S Exchanging message msg with said target key D A source migration master key is generated.
2. The method according to claim 1, wherein a migration attribute is set in the SGX enclave control structure, and only the enclave to be migrated has the right to change the attribute value of the migration attribute;
prior to the storing the source migration master key into the first migration key register based on the store instruction, the method further includes:
modifying the attribute value of the migration attribute to allow storage;
and when the attribute value of the migration attribute is storage permission, storing the source migration master key into the first migration key register based on the storage instruction.
3. The method according to claim 1, wherein the encrypting the enclave page to be migrated according to the source migration master key includes:
generating source migration key MK according to source migration master key S And the source initial vector IV S And MK S =KDF(MMK S ,C MK ),IV S =KDF(MMK S ,C IV ) (ii) a Wherein, MMK S Migrating master keys for sources, C MK To migrate key constants, C IV KDF (-) represents a key generation function for the initial vector constant;
and encrypting the memory page of the enclave to be migrated according to the source migration key and the source initial vector.
4. The method of claim 1, further comprising, prior to said sending migration data to said target host:
respectively allocating corresponding first addresses and second addresses to the enclave memory page to be migrated and page encryption metadata corresponding to the enclave memory page to be migrated in a local untrusted memory;
and storing the encrypted enclave memory page to be migrated to the first address, storing the page encryption metadata to the second address, and generating migration data according to the encrypted enclave memory page to be migrated and the encrypted page encryption metadata.
5. The method of any of claims 1-4, wherein the first extended instruction set further comprises: an enclave resource load instruction;
the method further comprises the following steps:
generating a target migration master key according to communication messages with other hosts, and storing the target migration master key into the first migration key register based on the storage instruction;
acquiring migration data sent by the other hosts, and reading the target migration master key in the first migration key register based on the enclave resource loading instruction; the migration data comprises encrypted enclave memory pages to be migrated of the other hosts;
and decrypting the migration data sent by the other host according to the target migration master key, and extracting and storing the enclave memory page to be migrated of the other host.
6. A method of thermomigration, comprising:
presetting a second extended instruction set, and adding a second migration key register, wherein the second extended instruction set comprises a storage instruction and an enclave resource loading instruction;
generating a target migration master key according to a communication message between the source host and the source host, and storing the target migration master key into the second migration key register based on the storage instruction;
acquiring migration data sent by the source host, and reading the target migration master key in the second migration key register based on the enclave resource loading instruction; the migration data comprise encrypted enclave memory pages to be migrated of the source host;
decrypting the migration data according to the target migration master key, and extracting and storing the enclave memory page to be migrated;
the generating a target migration master key according to the communication message with the source host includes:
generating a target Key exchange message msg D And performing local authentication to generate a target REPORT D ;
Reporting the target REPORT D Reference enclave QE sent to local D At the target REPORT D Receive the reference enclave QE when valid D Returned target reference structure QUOTE D ;
Exchanging the target key for a message msg D And said object reference structure QUOTE D Sending to a source host;
receiving source key exchange message msg fed back by the source host S And the source reference structure QUOTE S In said source reference structure QUOTE S When valid, exchanging message msg according to the source key S Exchanging message msg with said target key D And generating a target migration master key.
7. The method according to claim 6, wherein the decrypting the migration data according to the target migration master key comprises:
generating a target migration key MK according to the target migration master key D And a target initial vector IV D And MK D =KDF(MMK D ,C MK ),IV D =KDF(MMK D ,C IV ) (ii) a Wherein, MMK D Migrating master keys for targets, C MK To migrate key constants, C IV KDF (-) represents a key generation function for the initial vector constant;
and decrypting the migration data according to the target migration key and the target initial vector.
8. The method according to claim 6 or 7, wherein the migration data further comprises page encryption metadata corresponding to the enclave page to be migrated;
the method further comprises the following steps:
respectively allocating a third address and a fourth address corresponding to the enclave memory page to be migrated and the page encryption metadata in a local enclave memory space;
and after the migration data is decrypted according to the target migration master key, storing the extracted enclave page to be migrated to the third address, and storing the page encryption metadata to the fourth address.
9. A thermophoresis apparatus, comprising:
the first preset module is used for presetting a first extended instruction set and adding a first migration key register, wherein the first extended instruction set comprises a storage instruction and an enclave resource moving-out instruction;
the source migration master key processing module is used for generating a source migration master key according to a communication message between the source migration master key and a target host, and storing the source migration master key into the first migration key register based on the storage instruction;
a resource moving-out module, configured to read the source migration master key in the first migration key register based on the enclave resource moving-out instruction, encrypt a to-be-migrated enclave memory page according to the source migration master key, and move out the encrypted to-be-migrated enclave memory page based on the enclave resource moving-out instruction;
a sending module, configured to send migration data to the target host, where the migration data includes the encrypted enclave memory page to be migrated;
the source migration master key processing module generates a source migration master key according to a communication message with a target host, and the method comprises the following steps:
generating a source key exchange message msg S And performs local authentication to generate a source REPORT S ;
Reporting the source REPORT S Reference enclave QE sent to local S Reporting at the sourceREPORT S Receive the reference enclave QE when valid S Returned source reference structure QUOTE S ;
Exchanging the source key for a message msg S And said source reference structure QUOTE S Sending the data to a target host;
receiving a target key exchange message msg fed back by the target host D And object reference Structure QUOTE D In said object reference structure QUOTE D When the source key is valid, exchanging messages msg according to the source key S Exchanging message msg with said target key D A source migration master key is generated.
10. A thermophoresis apparatus, comprising:
the second preset module is used for presetting a second extended instruction set and adding a second migration key register, wherein the second extended instruction set comprises a storage instruction and an enclave resource loading instruction;
the target migration master key processing module generates a target migration master key according to the communication message with the source host, and stores the target migration master key into the second migration key register based on the storage instruction;
a resource loading module, configured to obtain migration data sent by the source host, and read the target migration master key in the second migration key register based on the enclave resource loading instruction; the migration data comprise encrypted enclave memory pages to be migrated of the source host; decrypting the migration data according to the target migration master key, and extracting and storing the enclave memory page to be migrated;
the target migration master key processing module generates a target migration master key according to a communication message with a source host, and the method comprises the following steps:
generating a target Key exchange message msg D And performing local authentication to generate a target REPORT D ;
Reporting the target REPORT D Reference enclave QE sent to local D At the target report REPORT D Receive the reference enclave QE when valid D Returned target reference structure QUOTE D ;
Exchanging the target key for a message msg D And said object reference structure QUOTE D Sending the data to a source host;
receiving source key exchange message msg fed back by the source host S And the source reference structure QUOTE S In said source reference structure QUOTE S When the source key is valid, exchanging messages msg according to the source key S Exchanging message msg with said target key D And generating a target migration master key.
11. An electronic device comprising a bus, a transceiver, a memory, a processor and a computer program stored on the memory and executable on the processor, the transceiver, the memory and the processor being connected via the bus, characterized in that the computer program realizes the steps in the method of thermomigration according to any one of claims 1 to 8 when executed by the processor.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps in the method of thermomigration according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011185459.5A CN112286635B (en) | 2020-10-29 | 2020-10-29 | Thermal migration method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011185459.5A CN112286635B (en) | 2020-10-29 | 2020-10-29 | Thermal migration method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112286635A CN112286635A (en) | 2021-01-29 |
| CN112286635B true CN112286635B (en) | 2022-10-25 |
Family
ID=74353004
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011185459.5A Active CN112286635B (en) | 2020-10-29 | 2020-10-29 | Thermal migration method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112286635B (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9639706B2 (en) * | 2015-02-19 | 2017-05-02 | International Business Machines Corporation | Inter-virtual machine communication |
| CN107924321B (en) * | 2015-09-25 | 2022-01-18 | 英特尔公司 | Nested virtualization for virtual machine exit |
| US10534724B2 (en) * | 2015-12-24 | 2020-01-14 | Intel Corporation | Instructions and logic to suspend/resume migration of enclaves in a secure enclave page cache |
| CN108306740B (en) * | 2018-01-22 | 2020-07-31 | 华中科技大学 | Intel SGX state consistency protection method and system |
| CN109460281B (en) * | 2018-09-17 | 2021-02-26 | 华为技术有限公司 | Virtual machine management method and device of cloud platform |
| CN110120869B (en) * | 2019-03-27 | 2022-09-30 | 上海隔镜信息科技有限公司 | Key management system and key service node |
-
2020
- 2020-10-29 CN CN202011185459.5A patent/CN112286635B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112286635A (en) | 2021-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11088846B2 (en) | Key rotating trees with split counters for efficient hardware replay protection | |
| US11770368B2 (en) | Techniques for shared private data objects in a trusted execution environment | |
| CN109844751B (en) | Method and processor for providing information isolation | |
| US11239994B2 (en) | Techniques for key provisioning in a trusted execution environment | |
| US10102152B2 (en) | Protecting a memory from unauthorized access | |
| US9607177B2 (en) | Method for securing content in dynamically allocated memory using different domain-specific keys | |
| US11061710B2 (en) | Virtual machine exit support by a virtual machine function | |
| US10496841B2 (en) | Dynamic and efficient protected file layout | |
| US20170033930A1 (en) | Techniques to secure computation data in a computing environment | |
| US20180285560A1 (en) | System, Apparatus And Method For Providing Locality Assertion Between A Security Processor And An Enclave | |
| US10372628B2 (en) | Cross-domain security in cryptographically partitioned cloud | |
| KR20050085678A (en) | Attestation using both fixed token and portable token | |
| JP7486530B2 (en) | Method, system, and program for accessing shared confidential information in a controlled container environment | |
| US10528746B2 (en) | System, apparatus and method for trusted channel creation using execute-only code | |
| WO2022161182A1 (en) | Trusted computing method and apparatus based on data stream | |
| WO2020000491A1 (en) | File storage method and apparatus, and storage medium | |
| CN112286635B (en) | Thermal migration method and device and electronic equipment | |
| CN113496016A (en) | Memory access method, system-on-chip and electronic equipment | |
| US20220198074A1 (en) | Secure Transient Buffer Management | |
| KR102421318B1 (en) | A device for managing multiple accesses to a system-on-a-chip security module of an apparatus | |
| TWI791995B (en) | Software protection method and system thereof | |
| US11722299B1 (en) | Spatially-bound cryptographic storage | |
| US20240070091A1 (en) | Isolation of memory regions in trusted domain | |
| US20200327072A1 (en) | Secure-ats using versing tree for reply protection | |
| CN117744117A (en) | Authority setting method, authority setting device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |