CN113821790A - Industrial credible computing dual-system architecture implementation method based on Trustzone - Google Patents
Industrial credible computing dual-system architecture implementation method based on Trustzone Download PDFInfo
- Publication number
- CN113821790A CN113821790A CN202110992719.8A CN202110992719A CN113821790A CN 113821790 A CN113821790 A CN 113821790A CN 202110992719 A CN202110992719 A CN 202110992719A CN 113821790 A CN113821790 A CN 113821790A
- Authority
- CN
- China
- Prior art keywords
- module
- measurement
- tee
- kernel
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000005259 measurement Methods 0.000 claims abstract description 122
- 230000007246 mechanism Effects 0.000 claims abstract description 57
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 230000005540 biological transmission Effects 0.000 claims abstract description 16
- 238000001514 detection method Methods 0.000 claims abstract description 13
- 230000004044 response Effects 0.000 claims abstract description 6
- 230000008569 process Effects 0.000 claims description 41
- 238000004891 communication Methods 0.000 claims description 22
- 238000012546 transfer Methods 0.000 claims description 11
- 238000011217 control strategy Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000012795 verification Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 6
- 238000013175 transesophageal echocardiography Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 235000003642 hunger Nutrition 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000037351 starvation Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000006378 damage Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an industrial trusted computing dual-system architecture implementation method based on Trustzone, aiming at the problems that sensitive application is put into TEE to bring burden to a trusted computing base, the TEE cannot be actively executed in coordination with the TEE to occupy a CPU for a long time, and the performance problems brought by message and data transmission between REE and TEE, and the trusted dual-system architecture is designed based on the Trustzone structure. Based on the framework designed by the invention, a dynamic measurement mechanism and a reverse rollback detection mechanism are designed. And the dynamic measurement mechanism carries out safety measurement on the sensitive application to ensure the safety of the operation time of the sensitive application. Meanwhile, a monitoring module in the safety world is designed to periodically measure and move to a function module of the kernel, the kernel function module which is verified to be credible measures the function module of the common world user mode, and the safety of service provided by the function module is guaranteed. The reverse backspacing mechanism implements the response after the attack, changes the method of restarting the whole system once suffering the attack, improves the system efficiency and is more suitable for industrial control equipment.
Description
Technical Field
The invention relates to an industrial credible computing dual-system architecture implementation method based on Trustzone, belonging to the technical field of credible computing dual-system architectures.
Background
With the rapid development of computer and communication technologies, embedded systems have been widely used in industrial control environments. Some key operations in ARM-based industrial control devices, such as cryptographic calculations, increase the need for a secure execution environment. Sensitive applications in industrial control devices are often attacked by attackers during running, for example, code segments of the sensitive applications located in kernel space are tampered, so that sensitive data is leaked or the sensitive applications are abnormal. The occurrence of these attacks poses a great threat to the safety of industrial control equipment, and once the attacks are suffered, serious consequences can be caused. However, firewall technologies relying only on passive defense and intrusion detection technologies based on traffic analysis, which cannot intervene, have low reliability, and cannot guarantee the authenticity of the authentication module itself, cannot address the above threats.
In the face of infinite attacks, the appearance of the Trustzone technology ensures the safety of the system to a certain extent. The Trustzone technology divides an Execution Environment into a universal Execution Environment (REE) and a Trusted Execution Environment (TEE), and realizes logical isolation of the two Execution environments. The REE realizes the part of normal system function; the TEE provides security protection for the hardware and software in the REE. The TEE may actively access the REE to provide security protection for the hardware and software therein, e.g., to do metrology work on the general world. The REE cannot access the TEE, so compared with a common software integrity protection method, a security mechanism in a security-first architecture runs in the TEE and is isolated from the REE, so that an attack in the REE cannot bypass the security mechanism. The totality of protection mechanisms in a computer system, called Trusted Computing Base (TCB), are collectively responsible for enforcing a security policy. Therefore, a security mechanism is set in the TEE, a security policy is implemented, and active measurement work is performed on the application in the REE, so that the safety of the application can be ensured to a certain extent. Once the security mechanism finds that an attack occurs, it intervenes with a control strategy, thereby ensuring the security of the REE.
However, Trustzone technology has the following problems: first, some security devices place sensitive applications inside the TEE based on security requirements, placing a burden on the TCB. With the increase of sensitive applications built into TEEs, the size of TCBs will also increase. Moreover, since the TEE lacks the operating system services required for the applications to function properly, the TCB undoubtedly takes a significant burden, whether to rewrite the code of sensitive applications or to integrate these services in the TEE. Secondly, the security service cannot be executed actively in cooperation with the TEE, and the problem that the CPU is occupied by the TEE for a long time is caused. Most of the existing Trustzone basic security services are passively executed, and if an active operation capability is required to be provided, a complex REE-TEE switching mechanism needs to be designed, so that higher priority is set for TEE, and interference caused by REE interruption is reduced. However, at the same time, the problem that the normal operation of the process in the REE is affected because the CPU is occupied by the TEE for a long time is generated. In addition, message and data transmission between the REE and the TEE may cause certain performance problems. The message transmission between the two execution environments needs to undergo world switching, and the data transmission needs to create and destroy the shared memory. The measurement work is performed once, and multiple times of world switching and shared memory creating and destroying operations are required, so that certain burden is undoubtedly increased for the system.
In conclusion, the double-system architecture based on the Trustzone technology can meet the idea of safety requirements of industrial control equipment, changes the original double-system architecture aiming at the existing problems of Trustzone, and provides a new idea and thought. Therefore, the invention provides an industrial credible computing dual-system architecture implementation method based on Trustzone.
Disclosure of Invention
In order to solve the problems of reducing TCB burden, coordinating TEE to actively execute security service and occupying CPU for a long time with TEE and reducing performance overhead under the condition of ensuring the safety of industrial control equipment, the invention changes the traditional dual-system architecture based on the idea of Trustzone dual-system architecture, moves sensitive applications and main function modules in a safety execution environment to the common world and an inner core, and the safety execution environment only comprises a credible reference library for storing a credible reference value and a monitoring module for ensuring the safety of the moved function module. The method solves the existing problems of Trustzone, utilizes an OPTEE design to realize a functional module, and periodically carries out dynamic measurement on sensitive application in REE so as to ensure the safety of the REE. The invention provides a reverse rollback detection mechanism for the condition that the existing attack response method for restarting the whole system is not suitable for industrial control scenes.
In order to achieve the purpose of the invention, the invention designs an industrial Trusted computing binary system architecture based On Trustzone, designs two Execution environments of REE _ I (Rich Execution Environment _ Industry) and TEE _ I (TrustedExecutionEnvironmentIndustry), and designs four main modules of CA (client Application), TAOC (Trusted Application On the client), TA (Trusted Application) and Kernal. A dynamic measurement mechanism and a reverse fallback detection mechanism are proposed based on the architecture. And carrying out security measurement on the sensitive application through a dynamic measurement mechanism, and implementing the response after the attack through a reverse rollback detection mechanism.
An industrial trusted computing double-system architecture based on Trustzone. The architecture comprises four main modules of CA, TAOC, TA and Kernal:
a CA module. The CA module is located in REE _ I and runs sensitive applications in the common world to complete normal computing work of the CA module.
A TAOC module. The TAOC module is positioned in the REE _ I, operates in a function module in the common world, controls the application in the CA module, measures the application by calling a measurement module in Kernal, and judges whether the application is credible or not, so that the safety of the application is guaranteed. The TAOC module includes a control submodule shifted out in the TEE _ I and a decision submodule. The control submodule is used for realizing a control mechanism and a control strategy in the active mechanism and implementing a corresponding control strategy for the application according to a judgment result; the judgment submodule is used for realizing a judgment mechanism and a judgment strategy in the active mechanism and judging whether the measurement value meets the expectation.
And 3, a TA module. The TA module is located in the TEE _ I and is a functional module deployed in the TEE _ I, and the TA module comprises a trusted reference library and a monitoring module. The credible reference stock puts reference information of the measurement abstract; the monitoring module is used for ensuring the safety of the function module moved to Kernal.
A Kernal module. The Kernal module is located in the kernel, and is a functional module running in the kernel, and performs dynamic measurement on the application in the CA module and the module in the TAOC, and delivers the measurement result to the TAOC module for judgment. The Kernal module includes a measurement submodule, a communication submodule, and an OP-TEE messaging submodule. The measurement submodule is a core module and is used for realizing a measurement mechanism and a measurement strategy in the active mechanism; the communication sub-module is used for information transmission between the kernel and the user space; the OP-TEE message transfer submodule is used for information transmission between the ordinary world and the secure world and is a message transfer module under an OPEE mechanism.
A dynamic metric mechanism. The dynamic measurement mechanism is used for dynamically measuring the code segments of the sensitive application and the functional module when the sensitive application and the functional module run, and judging whether the states of the sensitive application and the functional module are credible or not. The dynamic measurement of the sensitive application is completed by a TAOC module and a Kernal module, a measurement abstract value is obtained by collecting the corresponding code segment of the sensitive application and carrying out hash operation on the corresponding code segment, and the measurement abstract value is compared with a credible reference base stored in a TEE _ I to judge whether the state of the sensitive application is credible. The dynamic measurement of the functional module is carried out before the measurement sensitive application, so that the provided service is not credible any more after the functional module is attacked. The dynamic measurement of the function module is divided into two parts, namely the dynamic measurement of the TAOC module and the dynamic measurement of the Kernal module. The dynamic measurement of the TAOC module is performed by the Kernal module, and the dynamic measurement of the Kernal module is performed by the monitoring module in the TA module. Since the monitoring module is located in the TEE _ I, it defaults to absolute trust, and the dynamic metric thus serves as a trusted starting point of the trusted chain, and the module or application passing the trusted certificate serves as a trusted node on the trusted chain. The trust is transmitted to the Kernal module, the TAOC module and the sensitive application trusted nodes in turn by the trusted starting point, and the measurement of the whole process is completed. In the process, when the TAOC module or the Kernal module is determined to be untrusted, it proves that the TAOC module or the Kernal module is attacked, and a reverse rollback detection mechanism needs to be called for recovery, so that normal operation of the system is ensured.
A reverse fallback detection mechanism. The reverse rollback mechanism is an attack response mode adopted after a functional module is attacked in the system operation process. In the running process of the REE _ I, once the functional module is found to be attacked, the functional module is backed to the nearest trusted node through a reverse back-off detection mechanism to appear. And the trust takes the point as a trusted starting point, restarts the attacked module, and transfers the trust downwards until the security state of the whole system is recovered.
The invention provides an industrial credible computing dual-system architecture implementation method based on Trustzone. The traditional Trustzone architecture is changed, most of function modules are moved out of the secure world and placed in the common world and the kernel, and the safety of the moved function modules is guaranteed by the monitoring module in the secure world, so that the burden of TCB is reduced to a certain extent, the problem that the CPU is occupied for a long time by actively executing security service and TEE is solved, the world switching frequency is reduced, and the system performance is improved. In addition, the invention also provides a dynamic measurement mechanism and a reverse rollback detection mechanism based on the designed architecture, thereby ensuring the safe operation of the system.
Drawings
FIG. 1 is a general architecture diagram of the present invention.
FIG. 2 is a flow diagram of dynamic metrics for sensitive applications.
FIG. 3 is a flowchart of a metrics submodule acquisition code segment.
Fig. 4 is a schematic flow diagram of a monitoring module.
FIG. 5 is a schematic diagram of a dynamic metrology flow for the TAOC module.
Fig. 6 is a flow chart of a reverse fallback detection mechanism.
FIG. 7 is a schematic diagram of performance analysis of the original Trustzone architecture.
FIG. 8 is a schematic of a performance analysis of the present invention.
FIG. 9 is a flow chart of an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to specific embodiments shown in the drawings.
FIG. 1 is a general architecture diagram of Trustzone-based trusted computing dual architecture of the present invention, as shown in FIG. 1.
The invention designs two execution environments of REE _ I and TEE _ I by using a double-body system architecture of Trustzone, wherein the REE _ I realizes the part of normal system function, and the TEE _ I is a credible execution environment, executes and stores sensitive data and provides safety service. The invention designs four main modules of CA (client Application), TAOC (trusted Application On the client), TA (trusted Application) and Kernal:
a CA module. And the CA module runs the sensitive application in the REE _ I to complete the normal calculation work of the application.
A TAOC module. The TAOC module is a functional module running in the REE _ I, controls the application in the CA module, measures the application by calling a measurement module in Kernal, and judges whether the application is credible or not, so that the safety of the application is guaranteed. The TAOC module includes a control submodule shifted out in the TEE _ I and a decision submodule. The control submodule is used for realizing a control mechanism and a control strategy in the active mechanism and implementing a corresponding control strategy for the application according to a judgment result; the judgment submodule is used for realizing a judgment mechanism and a judgment strategy in the active mechanism and judging whether the measurement value meets the expectation.
And 3, a TA module. The TA module is a functional module deployed in the TEE _ I and comprises a trusted reference library and a monitoring module. The credible reference stock puts reference information of the measurement abstract; the monitoring module is used for ensuring the safety of the function module moved to Kernal.
A Kernal module. The Kernal module is a functional module running in the kernel, dynamically measures the application in the CA module and the module in the TAOC, and delivers the measurement result to the TAOC module for judgment. The Kernal module includes a measurement submodule, a communication submodule, and an OP-TEE messaging submodule. The measurement submodule is a core module and is used for realizing a measurement mechanism and a measurement strategy in the active mechanism; the communication sub-module is used for information transmission between the kernel and the user space; the OP-TEE message transfer submodule is used for information transmission between REE _ I and TEE _ I and is a message transfer module under an OPEE mechanism.
Under the framework, the static measurement mechanism is completed in two stages and is used for guaranteeing the integrity of the system at the power-on time. The first half of the static measurement is the trusted verification from firmware boot to the completion of the TEE _ I load, and the second half is the trusted verification of the TEE _ I to the completion of the REE _ I system and application load.
In the first half, the secure origin of the dual-system secure boot is a section of code section fixed in a Read Only Memory (ROM) in the CPU core, which is loaded into a Static Random Access Memory (SRAM) during the boot process, so we default to be trusted. The first step of the first half stage is to utilize the on-chip trusted code segment to carry out security check on a basic input/output system (BIOS) of the system; after the verification is passed, starting and loading the BIOS, and carrying out security check on an operating system boot component (OSLoader) by the BIOS; and after the OSLoader verification passes the loading, performing verification boot on the operating system of the TEE _ I. And starting the TEE _ I after passing the verification, and finishing the boot authentication of the first half stage.
The boot authentication of the latter half starts with the authentic TEE _ I. The TEE _ I completes the verification operation on the REE _ I before loading the REE _ I by an OPEE mechanism, monitors the behavior of the REE _ I in the starting process of the REE _ I, and can be started after the TEE _ I is verified successfully. After the REE _ I is started, the verification of the functional module in the kernel is completed by the monitoring module in the TEE _ I. And after the functional module in the kernel is authenticated as credible, the functional module in the REE _ I user mode is subjected to measurement authentication. Finally, the measurement authentication is carried out on the application to be started, and the application can be allowed to be started after the authentication passes.
The architecture moves most functional modules in the TEE _ I to the REE _ I and the kernel, and relieves the burden of the TCB to a certain extent. Meanwhile, the CPU is prevented from being occupied by measurement for a long time, and active safety protection is carried out on the sensitive application during the running period. The acquisition of the measurement data is carried out at REE _ I, so that the world switching times required by the measurement work are reduced, and the performance overhead is reduced.
FIG. 2 is a flow diagram of dynamic metrics for sensitive applications, as shown in FIG. 2.
To describe the measurement process, firstly, the measured entity and the data interaction process are formally described as follows:
the measured entity quadruplet is defined as EM ═ target, identifier, state, data >. Wherein, target is a measured target and can be a user mode application process ClientAP or a functional module FM transplanted out of a secure world; the identifier is a unique identifier of the measured target, and can be a process number pid or a module name m _ name; the state is the state of the measured target, has three values of trusted, untrusted and null, and respectively represents that the state of the measured target is a credible state, an untrusted state and an unmeasured state; the data is transmission data, and is a hash value calculated by the measurement module or a credible reference value from a credible reference library.
The interactive process of measuring the target information is defined as
And the control submodule sends information of the measurement target to the measurement submodule in a period of t seconds. Wherein, the specific information of the target is represented by a four-tuple of the measured entity. When the state of the measured target is null, the control module issues a measurement work for the measurement target.
The interaction process of the metric values is defined as the following two cases:
representing the delivery of the metric values by the metric module to the message module. At this time, the state of the measured target is set to null; and storing the hash value calculated by the measurement module in the transmission data.
Representing the delivery of the metric values by the message module to the decision module.
The interaction process of the credible reference value is defined as
Representing the transfer of the trusted reference value from the trusted reference library to the judgment module. The measured target is null, and the credible reference value in the credible reference library is stored in the transmission data.
The interactive process of the judgment result is defined as
The state of the measured target is represented by the transfer from the judging module to the control module, and the state value is credible or incredible.
The following describes a dynamic measurement process for sensitive applications in detail according to the above-mentioned formalized language description:
And step 22, after receiving the process number, the measurement module acquires a code segment of a corresponding process space according to the process number, and performs hash calculation on the acquired code segment to acquire a measurement value.
In step 28, the control module restarts the metered application.
And step 210, storing the metric value obtained by the first calculation in the security file as a credible reference value, and ending.
Fig. 3 is a schematic flow diagram of a measurement sub-module obtaining code segment, as shown in fig. 3, including:
and step 31, the measurement submodule obtains a structure task _ struct corresponding to the process descriptor according to the obtained process number.
And 32, obtaining a memory descriptor structure mm _ struct corresponding to the process according to the process descriptor.
And step 33, obtaining start-stop positions start _ code and end _ code of the process code segment by accessing the mm _ struct.
In step 34, in order to map the code segment to an accessible memory region, a memory region is applied for by using kzalloc.
And step 35, mapping the code segment to the applied memory area through the mapping function.
And step 36, reading the code segment by accessing the memory area of the application.
Fig. 4 is a schematic diagram of a monitoring module work flow, and as shown in fig. 4, the monitoring module measures the function module moved to the kernel to ensure the service provided by the kernel is safe and reliable. The primary measurement step comprises:
and step 41, acquiring the kernel symbol name of the measured kernel module.
And step 42, accessing the kernel code segment address corresponding to the symbol in the kernel symbol list according to the kernel symbol name.
And 43, transmitting the obtained kernel module code segment to the monitoring module.
And step 44, the monitoring module measures the code segment to obtain a measurement value.
And step 46, reading the credible reference value in the credible reference library.
And step 47, judging whether the measurement result is credible or not by comparing the measurement value with the credible reference value. If so, it is ended, if not, step 48 is performed.
And step 410, storing the first measurement result as a trusted reference value into the security file, and ending.
Fig. 5 is a schematic diagram of a dynamic measurement flow for the TAOC module, as shown in fig. 5, including:
in step 51, the measurement module obtains a process number corresponding to the measured module.
And step 54, switching the world to TEE _ I, and acquiring a trusted reference value from the trusted reference library.
And step 55, switching back to REE _ I, comparing the measurement value with the credible reference value, and judging whether the measurement result is credible. If so, it is ended, if not, step 56 is performed.
And step 57, creating a security file in the trusted reference library.
And step 58, storing the first measurement result as a credible reference value into the security file, and ending.
Fig. 6 is a schematic flow chart of a reverse fallback detection mechanism, as shown in fig. 6, including:
and step 61, judging whether the attacked module is the TAOC module. If so, step 62 is performed, and if not, step 66 is performed.
At step 62, the control module transfers control to the metrics module in the kernel.
And step 63, restarting the attacked module in the TAOC under the control of the measurement module.
And step 64, controlled by the measurement module, restarting the sensitive application.
And step 65, recovering the measurement work and the control right of the TAOC module to the sensitive application.
At step 66, the control module transfers control to the monitoring module.
And step 67, the monitoring module controls and restarts the attacked module in the kernel.
The monitoring module controls the restart of the affected ones of the TAOC modules, step 68.
In step 69, the monitoring module controls the restart of the sensitive application.
The metrology work and control of sensitive applications is restored, step 610.
FIG. 7 is a schematic diagram of performance analysis of the original Trustzone architecture.
Under the Trustzone mechanism, the time overhead of world switching, registering and destroying the shared memory is experienced by the CA calling TA. When the CA calls the TEE end service, world switching is carried out, and a shared memory is registered in a memory of the REE end;the control module of the TEE end sends the control strategy to the measurement module and needs to communicate among the modules; a measurement module of the TEE end obtains a code segment by going to an REE end kernel, and needs to undergo world switching and communication between a user mode and a kernel mode; when the size of the code segment to be acquired is M and the size of the shared memory for transmitting data is Mg, experience is requiredSecond world switching. After the measurement module finishes measurement, the measurement value is transmitted to the judging module, the judging module is used for obtaining a credible reference value by the TBDB, and the judging module sends the result to the control module to be subjected to inter-module communication; and after executing a corresponding strategy according to the judgment result, the control module needs to destroy the shared memory, perform world switching and return to the REE end. In the process, 2 × 1+ n world switching, 1 register shared memory operation, 1 destroy shared memory operation, 5 inter-module communication and 2 × n inter-kernel mode and user mode communication are needed. Since most of the measurement is completed at the TEE, if the TEE performs a large amount of calculation and occupies the TA of the CPU for a long time, the interruption request from the REE is masked, which may cause the starvation phenomenon of the process at the REE due to long-time waiting. However, if the priority of the REE-side process is appropriately increased to reduce the occurrence of the "starvation" phenomenon, and some REE interrupts are responded during the TA operation, the overhead of at least two times of world switching is brought about each time of interrupt response, and the performance of the system is greatly influenced.
FIG. 8 is a schematic of a performance analysis of the present invention.
The present invention performs one measurement job with the following overhead: the control submodule sends a measurement request to a measured process and the measured process returns to a PID number of the control module, which brings overhead of communication between modules; the communication between the control submodule and the measurement submodule in the kernel brings the overhead of the communication between the user mode and the kernel; the control sub-module sends the measurement value to the judgment sub-module, which brings overhead of inter-module communication; the judgment submodule acquires or writes the TBDB into a credible reference value to bring the expenses of two times of world switching, one time of shared memory registration and one time of shared memory destruction; the judgment sub-module returns the judgment result to the control sub-module, which brings about overhead of communication between the modules. When n times of data transmission are carried out, the whole process needs to go through 2 times of world switching, 1 time of shared memory registration, 1 time of shared memory destruction, 4 times of inter-module communication and 2 x n times of kernel mode and user mode communication. Because most of the measurement is completed at the REE end, when the external interruption is processed to avoid the phenomenon of 'starvation', the world switching is not needed, and the influence on the system performance is reduced.
It should be understood that although the description is made in terms of embodiments, not every embodiment includes only a single embodiment, and such description is for clarity only, and those skilled in the art will recognize that the embodiments described herein may be combined as appropriate, and implemented as would be understood by those skilled in the art.
The above-listed series of detailed descriptions are merely specific illustrations of possible embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent embodiments or modifications that do not depart from the technical spirit of the present invention should be included within the scope of the present invention.
Claims (4)
1. An industrial credible computing double-system architecture implementation method based on Trustzone is characterized by comprising the following steps: an industrial trusted computing double-system architecture based on Trustzone moves sensitive applications and most of functional modules for guaranteeing the safety of REE out of TEE, and places the TEE into REE and a kernel, wherein the TEE only comprises a trusted reference library for storing a trusted reference value and a monitoring submodule for guaranteeing the safety of the moved functional modules; designing two execution environments of REE _ I and TEE _ I, and designing four main modules of CA, TAOC, TA and Kernal; the CA module is positioned in the REE _ I and runs sensitive application in the ordinary world to finish normal calculation work; the TAOC module is positioned in the REE _ I, operates a function module in the common world, controls the application in the CA module, measures the application by calling a measurement module in Kernal, and judges whether the application is credible or not, so that the safety of the application is guaranteed; the TAOC module comprises a control submodule and a judgment submodule which are moved out of the TEE _ I; the control submodule is used for realizing a control mechanism and a control strategy in the active mechanism and implementing a corresponding control strategy for the application according to a judgment result; the judgment submodule is used for realizing a judgment mechanism and a judgment strategy in the active mechanism and judging whether the measurement value meets the expectation; the TA module is positioned in the TEE _ I, is a functional module deployed in the TEE _ I and comprises a trusted reference library and a monitoring module; the credible reference stock puts reference information of the measurement abstract; the monitoring module is used for ensuring the safety of the function module moved to Kernal; the Kernal module is a functional module running in the kernel, dynamically measures the application in the CA module and the module in the TAOC, and delivers the measurement result to the TAOC module for judgment; the Kernal module is positioned in the kernel, is a functional module running in the kernel, dynamically measures the application in the CA module and the module in the TAOC, and delivers the measurement result to the TAOC module for judgment; the Kernal module comprises a measurement submodule, a communication submodule and an OP-TEE message transmission submodule; the measurement submodule is a core module and is used for realizing a measurement mechanism and a measurement strategy in the active mechanism; the communication sub-module is used for information transmission between the kernel and the user space; the OP-TEE message transfer submodule is used for information transmission between the ordinary world and the secure world and is a message transfer module under an OPETE mechanism; a dynamic measurement mechanism and a reverse rollback detection mechanism are provided based on the framework; and carrying out security measurement on the sensitive application through a dynamic measurement mechanism, and implementing the response after the attack through a reverse rollback detection mechanism.
2. The Trustzone-based industrial trusted computing dual-system architecture implementation method according to claim 1, characterized in that: defining an execution flow of the dynamic measurement of the sensitive application based on the architecture, comprising the following steps:
step 21, the control module sends a measurement request for the measured process in the CA module to the measurement module in the kernel
Step 22, after receiving the process number, the measurement module acquires a code segment of a corresponding process space according to the process number, and performs hash calculation on the acquired code segment to acquire a measurement value;
step 23, judging whether the measurement work is carried out on the application for the first time; if yes, go to step 29, if not, go to step 24;
step 24, the measurement module sends the measurement result to the communication module
Step 25, the communication module transmits the measurement result to the judgment module in the user state
Step 26, the control module sends a control strategy to the judgment module, and the judgment module obtains a trusted reference value from a trusted reference library in the TEE _ I under the control of the control module
Step 27, the judging module obtains a judging result by comparing the measurement value with the credible reference value, and transmits the judging result to the control module If the result is authentic, it is ended, if not, step 28 is executed;
step 28, the control module restarts the measured application;
step 29, creating a security file in the trusted reference library;
and step 210, storing the metric value obtained by the first calculation in the security file as a credible reference value, and ending.
3. The Trustzone-based industrial trusted computing dual-system architecture implementation method according to claim 1, characterized in that: the method for measuring the kernel function module by the monitoring module based on the framework comprises the following execution flows:
step 41, obtaining the kernel symbol name of the measured kernel module;
step 42, accessing the kernel code segment address corresponding to the symbol in the kernel symbol list according to the kernel symbol name;
43, transmitting the obtained kernel module code segment to a monitoring module;
step 44, the monitoring module measures the code segment to obtain a measurement value;
step 45, judging whether to measure the measured module for the first time; if yes, go to step 49, if not, go to step 46;
step 46, reading a credible reference value in a credible reference library;
step 47, judging whether the measurement result is credible or not by comparing the measurement value with a credible reference value; if yes, then end, if not, then go to step 48;
step 48, calling a reverse rollback mechanism to restart the attacked and affected modules;
step 49, creating a security file in the trusted reference library;
and step 410, storing the first measurement result as a trusted reference value into the security file, and ending.
4. The Trustzone-based industrial trusted computing dual-system architecture implementation method according to claim 1, characterized in that: the method for measuring the REE user mode functional module by the kernel module based on the framework comprises the following execution flows:
step 51, the measurement module obtains a process number corresponding to the measured module;
step 52, the measurement module measures the process to obtain a measurement value;
step 53, judging whether to measure the process for the first time; if yes, go to step 57, if not, go to step 54;
step 54, switching the world to TEE _ I, and acquiring a trusted reference value from a trusted reference library;
step 55, switching back to REE _ I, comparing the measurement value with the credible reference value, and judging whether the measurement result is credible; if yes, then end, if not, then go to step 56;
step 56, calling a reverse rollback mechanism to restart the attacked and affected modules;
step 57, creating a security file in the trusted reference library;
and step 58, storing the first measurement result as a credible reference value into the security file, and ending.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110992719.8A CN113821790B (en) | 2021-08-27 | 2021-08-27 | Industrial trusted computing dual-system architecture implementation method based on Trustzone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110992719.8A CN113821790B (en) | 2021-08-27 | 2021-08-27 | Industrial trusted computing dual-system architecture implementation method based on Trustzone |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113821790A true CN113821790A (en) | 2021-12-21 |
CN113821790B CN113821790B (en) | 2023-12-29 |
Family
ID=78913593
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110992719.8A Active CN113821790B (en) | 2021-08-27 | 2021-08-27 | Industrial trusted computing dual-system architecture implementation method based on Trustzone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113821790B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114462051A (en) * | 2022-04-12 | 2022-05-10 | 中电云数智科技有限公司 | Trusted computing system and method based on trusted computing environment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109086100A (en) * | 2018-07-26 | 2018-12-25 | 中国科学院信息工程研究所 | A kind of high safety is credible mobile terminal safety architectural framework and security service method |
CN111353162A (en) * | 2020-03-26 | 2020-06-30 | 中国人民解放军国防科技大学 | TrustZone kernel-based asynchronous execution active trusted computing method and system |
-
2021
- 2021-08-27 CN CN202110992719.8A patent/CN113821790B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109086100A (en) * | 2018-07-26 | 2018-12-25 | 中国科学院信息工程研究所 | A kind of high safety is credible mobile terminal safety architectural framework and security service method |
CN111353162A (en) * | 2020-03-26 | 2020-06-30 | 中国人民解放军国防科技大学 | TrustZone kernel-based asynchronous execution active trusted computing method and system |
Non-Patent Citations (1)
Title |
---|
王晓;赵军;张建标;: "基于可信软件基的虚拟机动态监控机制研究", 信息网络安全, no. 02, pages 7 - 13 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114462051A (en) * | 2022-04-12 | 2022-05-10 | 中电云数智科技有限公司 | Trusted computing system and method based on trusted computing environment |
Also Published As
Publication number | Publication date |
---|---|
CN113821790B (en) | 2023-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109871695B (en) | Trusted computing platform with computing and protection parallel dual-architecture | |
US11089016B2 (en) | Secure system on chip | |
US11443034B2 (en) | Trust zone-based operating system and method | |
US8413230B2 (en) | API checking device and state monitor | |
CN110414235B (en) | Active immune double-system based on ARM TrustZone | |
US8214900B1 (en) | Method and apparatus for monitoring a computer to detect operating system process manipulation | |
CN109086100A (en) | A kind of high safety is credible mobile terminal safety architectural framework and security service method | |
RU2723665C1 (en) | Dynamic reputation indicator for optimization of computer security operations | |
CN113051034B (en) | Container access control method and system based on kprobes | |
CN112818327A (en) | TrustZone-based user-level code and data security credibility protection method and device | |
CN112182560B (en) | Efficient isolation method, system and medium for Intel SGX interior | |
CN113448682B (en) | Virtual machine monitor loading method and device and electronic equipment | |
CN101599113A (en) | Driven malware defence method and device | |
CN113821790A (en) | Industrial credible computing dual-system architecture implementation method based on Trustzone | |
CN115879099A (en) | DCS controller, operation processing method and protection subsystem | |
CN112446029A (en) | Trusted computing platform | |
US20220092189A1 (en) | Implementation of Trusted Computing System Based on Master Controller of Solid-State Drive | |
CN115422554B (en) | Request processing method, compiling method and trusted computing system | |
CN112363797B (en) | Virtual machine safe operation method, electronic equipment and storage medium | |
CN112269995A (en) | Trusted computing platform for parallel computing and protection of smart power grid environment | |
WO2022093186A1 (en) | Code execution using trusted code record | |
CN112269996A (en) | Dynamic measurement method of block chain main node-oriented active immune trusted computing platform | |
Hong et al. | A dual‐system trusted computing node construction method based on ARM multi‐core CPU architecture | |
WO2023029835A1 (en) | Method for protecting kernel thread, and terminal and computer readable storage medium | |
Liu et al. | TZEAMM: An Efficient and Secure Active Measurement Method Based on TrustZone |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |