CN115982699A - Malicious attack defense method, device, equipment and medium based on secure memory - Google Patents
Malicious attack defense method, device, equipment and medium based on secure memory Download PDFInfo
- Publication number
- CN115982699A CN115982699A CN202211634211.1A CN202211634211A CN115982699A CN 115982699 A CN115982699 A CN 115982699A CN 202211634211 A CN202211634211 A CN 202211634211A CN 115982699 A CN115982699 A CN 115982699A
- Authority
- CN
- China
- Prior art keywords
- program
- target
- memory
- secure memory
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a malicious attack defense method based on a secure memory, which relates to the technical field of computers and comprises the following steps: sending a target program to be executed to a safety operation loader which is designed for a safety memory in advance through an operating system; establishing each program directory corresponding to a target program by using a safe operation loader, modifying target attributes corresponding to preset storage areas with the same quantity as the program directories in a safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; and the target attribute setting corresponding to each preset storage area in the secure memory is changed from readable, writable and read-only through an operating system so as to defend malicious attacks when a target program runs. The method and the device modify the target attribute of the preset storage area for storing the program directory into read-only, and prevent malicious codes from invading so as to reduce malicious attacks in program operation.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a malicious attack defense method, a malicious attack defense device, malicious attack defense equipment and malicious attack defense media based on a secure memory.
Background
Currently, in the existing computer system, the internal memory is used as a storage space for running codes and data, and provides equal operation capabilities, such as reading and writing operations, for all user programs, all system programs and processes, all data, malicious codes and data. If the malicious code is disguised as data, the external communication is mixed into the memory through the system, and the malicious attack can be carried out on the program which is currently running, so that the running of the program is seriously influenced.
In summary, how to reduce malicious attacks in the program running process is a problem to be solved urgently at present.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, a device and a medium for defending against malicious attacks based on a secure memory, which can reduce malicious attacks during a program running process. The specific scheme is as follows:
in a first aspect, the present application discloses a malicious attack defense method based on a secure memory, including:
sending a target program to be executed to a safety operation loader which is designed for a safety memory in advance through an operating system;
creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one;
and modifying the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read only through the operating system so as to defend malicious attacks when the target program runs.
Optionally, the sending, by the operating system, the target program to be executed to a safe operation loader pre-designed for the safe memory includes:
carrying out encryption operation and/or signature operation on a target program to be executed through an operating system to obtain an operated program, and sending the operated program to a safety operation loader which is designed for a safety memory in advance;
and carrying out decryption operation and/or signature verification operation on the operated program through the operating system to obtain the target program.
Optionally, the signature operation and the signature verification operation are performed by using an MD5 algorithm.
Optionally, before sending the target program to be executed to the safe operation loader pre-designed for the safe memory through the operating system, the method further includes:
and setting the target attributes corresponding to all the preset storage areas in the secure memory as read-only.
Optionally, the creating, by using the safe operation loader, each program directory corresponding to the target program includes:
determining each important program segment in the target program;
creating a program catalog corresponding to each important program segment by using the safe operation loader; the program catalog has corresponding important program segments and target attributes of the important program segments; the target attribute is one of read-only, write-only, readable-writable and read-write-prohibited.
Optionally, before sending the target program to be executed to the safe operation loader pre-designed for the safe memory through the operating system, the method further includes:
and designing the safe operation loader for the safe memory based on the operation interface of the safe memory.
Optionally, the number of the program directories is not greater than the number of idle internal registers in the ASIC chip of the secure memory; the internal registers correspond to the preset storage areas one by one.
In a second aspect, the present application discloses a malicious attack defense apparatus based on a secure memory, including:
the catalog establishing module is used for establishing each program catalog corresponding to the target program by utilizing the safe operation loader;
the first attribute modification module is used for modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the secure memory from read-only to readable and writable through an operating system;
the mapping module is used for mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one;
and the second attribute modification module is used for modifying the target attribute corresponding to each preset storage area in the secure memory from readable writable to read-only through the operating system so as to defend malicious attacks when the target program runs.
In a third aspect, the present application discloses an electronic device comprising a processor and a memory; when the processor executes the computer program stored in the memory, the malicious attack defense method based on the secure memory is realized.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the secure memory-based malicious attack defense method disclosed above.
Therefore, the target program to be executed is sent to the safe operation loader which is designed for the safe memory in advance through the operating system; creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one; and modifying the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read only through the operating system so as to defend malicious attacks when the target program runs. Therefore, the program directories corresponding to the target programs are respectively stored in the preset storage areas of the secure memory, and the target attributes corresponding to the preset storage areas are modified to be read-only, so that malicious codes are prevented from being invaded, malicious attacks are prevented, and the malicious attacks in the program running process are reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a malicious attack defense method based on a secure memory according to the present application;
fig. 2 is a flowchart of a specific malicious attack defense method based on a secure memory according to the present application;
fig. 3 is a structural diagram of a malicious attack defense device based on a secure memory according to the present application;
fig. 4 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Currently, in the existing computer system, the internal memory is used as a storage space for running codes and data, and provides equal operation capabilities, such as reading and writing operations, for all user programs, all system programs and processes, all data, malicious codes and data. If the malicious code is disguised as data, the external communication is mixed into the memory through the system, and the malicious attack can be carried out on the program which is currently running, so that the running of the program is seriously influenced.
In order to overcome the problems, the application provides a malicious attack defense scheme based on a secure memory, which can reduce malicious attacks in the program running process.
Referring to fig. 1, an embodiment of the present application discloses a malicious attack defense method based on a secure memory, including:
step S11: and sending the target program to be executed to a safe operation loader which is designed for the safe memory in advance through the operating system.
In this embodiment of the present application, before sending, by the operating system, the target program to be executed to the safe operation loader pre-designed for the secure memory, the method further includes: and designing the safe operation loader for the safe memory based on the operation interface of the safe memory.
Step S12: creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one to one.
In the embodiment of the application, the secure memory is a secure memory which is provided with a target attribute for the corresponding preset storage area through a memory mount directory, and the target attribute is one of read-only, write-only, readable-writable and read-write-prohibited. It is noted that the target attributes of the target mount directory rollup may be changed in real-time. In this embodiment of the present application, before sending, by the operating system, the target program to be executed to the safe operation loader pre-designed for the safe memory, the method further includes: and setting the target attributes corresponding to all the preset storage areas in the secure memory as read-only to prevent the contents except the target program from entering the preset storage areas.
In this embodiment of the application, the creating, by using the safe operation loader, each program directory corresponding to the target program includes: determining each important program segment in the target program; establishing a program catalog corresponding to each important program segment by using the safe operation loader; the program catalog has corresponding important program segments and target attributes of the important program segments; the target attribute is one of read-only, write-only, readable-writable and read-write-prohibited. It should be noted that, the present application only needs to create the corresponding program catalog according to the important program segments in the target program, and does not need to target the whole target program.
It should be noted that, the loader receives the Operating System message, obtains the program information to be executed, applies for a code space of a corresponding size, i.e., establishes a program directory, maps the memory in a file form, maps the original memory copy into a file copy, and the data space in the running process is still allocated by the OS (Operating System) according to a conventional method.
It should be noted that the safe operation loader deployment technology (establishing a program directory, and mapping a memory in a file form) specifically includes: and when the executable program is opened and copied, adding the mapping address of the secure memory into the data structure of the file to enable the memory code segment and the secure memory device to complete associated mapping.
In this embodiment of the present Application, the number of the program directories is not greater than the number of idle internal registers in an ASIC (Application Specific Integrated Circuit) chip of the secure memory; the internal registers correspond to the preset storage areas one to one. It should be noted that the security device (preset storage area) of one physical host is limited by the number of internal registers of the secure memory ASIC, and if the number of internal registers is 6, 6 important program segments can be stored; in a specific embodiment, the first program has 1 target program segment, the second program has 2 target program segments, and the third program has 3 target program segments, and at this time, the secure memory may exist and operate the first program, the second program, and the third program at the same time, that is, the secure memory in a large space can load a plurality of programs and operate at the same time.
Step S13: and modifying the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read only through the operating system so as to defend malicious attacks when the target program runs.
In the embodiment of the application, the target attribute corresponding to each preset storage area in the secure memory is changed from readable, writable and read-only through the operating system, so that a malicious program is prevented from entering the preset storage area to carry out malicious attack.
In the embodiment of the application, a program is run, from a user initiating an operation to a step of copying the program to a memory by an operating system at a hard disk position where the program is located, then initializing a running environment, creating a process ID (identification), and the like. However, during the program running process, loading of a link library and other programs is inevitable, the libraries and programs need to be copied through a secure memory interface, the libraries or programs and the secure memory file system can be managed by creating or modifying file header information and index information of the libraries or programs which are already in the memory, and the libraries or programs and the secure memory file system are uniformly managed by the secure memory file system, so that the secure running process management is performed. In addition, after the normal program is executed, or when the execution process is forcibly killed by a user or an operating system, the secure operation exit needs to be performed, that is, the program process ID and the associated process ID are still processed and released by the operating system according to a conventional method, and the release of the program code is managed, operated and released by the secure memory device.
Therefore, the target program to be executed is sent to the safe operation loader which is designed for the safe memory in advance through the operating system; creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one; and modifying the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read only through the operating system so as to defend malicious attacks when the target program runs. Therefore, the program directories corresponding to the target programs are respectively stored in the preset storage areas of the secure memory, and the target attributes corresponding to the preset storage areas are modified to be read-only, so that malicious codes are prevented from being invaded, malicious attacks are prevented, and the malicious attacks in the program running process are reduced.
Referring to fig. 2, an embodiment of the present application discloses a specific malicious attack defense method based on a secure memory, including:
step S21: carrying out encryption operation and/or signature operation on a target program to be executed through an operating system to obtain an operated program, and sending the operated program to a safety operation loader which is designed for a safety memory in advance; and carrying out decryption operation and/or signature verification operation on the operated program through the operating system to obtain the target program.
In the embodiment of the application, in the process of sending the target program to be executed to the safe operation loader designed in advance for the safe memory through the operating system, the target program may be attacked by a malicious program, so that the target program summarized in the sending process needs to be protected, and the identity and the authority of the program to be loaded can be verified by using a password verification and signature technology in combination with other technologies such as an operating system white list besides the loader technology; specifically, the method comprises the following steps: the method comprises the steps of carrying out encryption and/or signature operation on a target program to be executed through an operating system to obtain an operated program, sending the operated program to a safe operation loader which is designed for a safe memory in advance, and carrying out decryption and/or signature verification operation on the operated program to obtain the target program.
In a specific embodiment, an encrypted program is obtained by performing encryption operation on a target program to be executed through an operating system, and the encrypted program is sent to a safe operation loader which is designed for a safe memory in advance; and decrypting the encrypted program in the safe operation loader by the operating system to obtain the target program.
It should be noted that, by means of encryption and decryption, the target program is prevented from being attacked maliciously.
In another specific embodiment, a first hash value of a target program to be executed is calculated through an operating system, and the target program and the first hash value are sent to a safety operation loader which is designed for a safety memory in advance; calculating a second hash value of a preset program acquired by the safe operation loader through the operating system, and judging whether the second hash value is consistent with the first hash value or not; and if the preset words are consistent, the preset words are the target program. It is noted that the first hash value and the second hash value are calculated using the MD5 algorithm. It should be noted that the purpose of signature and verification is to ensure the integrity of the program, to avoid that an illegal process or a tampered program breaks into a secure memory when the secure memory is operated, and the signature data is stored in a TEE (Trusted Execution Environment) secure Execution Environment.
It should be noted that, by means of signature and signature verification, the verification target program is not changed.
It should be noted that, the target program can be prevented from being attacked by encryption and decryption and combination of signature and verification, and the target program is confirmed to be unchanged; specifically, the method comprises the following steps: calculating a first hash value of a target program to be executed through an operating system, encrypting the target program and the first hash value to obtain encrypted data, and sending the encrypted data to a safety operation loader which is pre-designed for a safety memory; decrypting the encrypted data in the safe operation loader through the operating system to obtain a preset program and the first hash value; calculating a second hash value of a preset program acquired by the safe operation loader through the operating system, and judging whether the second hash value is consistent with the first hash value or not; and if the preset program is consistent with the target program, the preset program is the target program.
Step S22: creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one to one.
For a more specific processing procedure of step S22, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Step S23: and changing the target attribute corresponding to each preset storage area in the secure memory from readable and writable to read-only through the operating system so as to defend malicious attacks when the target program runs.
For a more specific processing procedure of step S23, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the method comprises the steps that an operating system carries out encryption operation and/or signature operation on a target program to be executed to obtain an operated program, and the operated program is sent to a safe operation loader which is designed for a safe memory in advance; carrying out decryption operation and/or signature verification operation on the operated program through the operating system to obtain the target program; creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one; and changing the target attribute corresponding to each preset storage area in the secure memory from readable and writable to read-only through the operating system so as to defend malicious attacks when the target program runs. Therefore, the program directories corresponding to the target programs are respectively stored in the preset storage areas of the secure memory, and the target attributes corresponding to the preset storage areas are modified to be read-only, so that malicious codes are prevented from being invaded, malicious attacks are prevented, and the malicious attacks in the program running process are reduced; in addition, the target program is ensured to be safe through encryption operation and/or signature operation and decryption operation and/or signature verification operation.
The method for defending malicious attacks based on the secure memory is described by taking the virtual machine as an example, the virtual machine can be regarded as a program, the secure memory device is mapped to the virtual machine through a device virtualization technology, the memory is provided for the virtual machine, not only can the defense of the malicious attacks of the virtual machine be realized, but also two times of conversion from a virtual machine logic address to a virtual machine physical address and from the virtual machine physical address to a host machine logic address can be avoided, and the memory service can be directly provided for the virtual machine through device virtualization.
It should be noted that, when a normal Virtual Machine accesses a memory, a Virtual Address GVA (Guest Virtual Address) on the Virtual Machine is first converted into a physical Address GPA of the Virtual Machine through an MMU (memorymanagementement unit) page table of the Virtual Machine, then the Virtual Machine manager VMM (Virtual Machine Monitor) converts the GPA into a Virtual Address HVA (host Virtual Address) of a host according to a well-defined mapping table, and finally the host converts the Virtual Address HVA into a real physical Address HPA according to the MMU page table of the host, that is, GVA- > GPA- > HVA- > HPA. After the secure memory is virtualized, when an application process on the virtual Machine accesses the memory, the link of VMM conversion of an intermediate virtual Machine manager can be saved, the virtual Machine manager is changed into GVA-HPA, and the secure memory is adapted to KVM (Kernel-based Vitual Machine) and QEMU (Quick EMULATOR) through the secure memory virtualization drive in the process of memory virtualization, so that the secure memory area is directly mapped to the virtual Machine. It should be noted that, taking a virtual machine as an example to illustrate a malicious attack defense method based on a secure memory, the method is generally as follows: 1. assuming that the secure memory is mounted to directory a in the file system, the virtual machine continues to mount directory a as a directory in the file system of the virtual machine, so that the virtual machine can operate the secure memory. 2. When the virtual machine based on the secure memory device runs, the functions of the secure memory can be used to put some data or programs needing protection into the secure memory.
Referring to fig. 3, an embodiment of the present application discloses a malicious attack defense device based on a secure memory, including:
an object program sending module 11, configured to send an object program to be executed to a safe operation loader pre-designed for a safe memory through an operating system;
a catalog creation module 12, configured to create, by using the safe operation loader, each program catalog corresponding to the target program;
a first attribute modification module 13, configured to modify, by an operating system, the target attributes corresponding to the same number of preset storage areas as the program directory in the secure memory from read-only to readable and writable;
the mapping module 14 is configured to map each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one;
a second attribute modification module 15, configured to modify, by using the operating system, the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read-only, so as to defend malicious attacks when the target program runs.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the target program to be executed is sent to the safe operation loader which is designed for the safe memory in advance through the operating system; creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one; and modifying the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read only through the operating system so as to defend malicious attacks when the target program runs. Therefore, the program directories corresponding to the target programs are respectively stored in the preset storage areas of the secure memory, and the target attributes corresponding to the preset storage areas are modified to be read-only, so that malicious codes are prevented from being invaded, malicious attacks are prevented, and the malicious attacks in the program running process are reduced.
Further, an electronic device is provided in the embodiments of the present application, and fig. 4 is a block diagram of the electronic device 20 according to an exemplary embodiment, which should not be construed as limiting the scope of the application.
Fig. 4 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, an input output interface 24, a communication interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps of the secure memory-based malicious attack defense method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 25 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 24 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, and the storage 22 is used as a non-volatile storage that may include a random access memory as a running memory and a storage purpose for an external memory, and the storage resources on the storage include an operating system 221, a computer program 222, and the like, and the storage manner may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device on the electronic device 20 on the source host and the computer program 222, and the operating system 221 may be Windows, unix, linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the secure memory-based malicious attack prevention method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
In this embodiment, the input/output interface 24 may specifically include, but is not limited to, a USB interface, a hard disk reading interface, a serial interface, a voice input interface, a fingerprint input interface, and the like.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the secure memory-based malicious attack defense method disclosed above.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
A computer-readable storage medium as referred to herein includes a Random Access Memory (RAM), a Memory, a Read-only Memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a magnetic or optical disk, or any other form of storage medium known in the art. Wherein, the computer program realizes the malicious attack defense method based on the secure memory when being executed by a processor. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the malicious attack defense method based on the secure memory disclosed by the embodiment, so that the description is relatively simple, and the relevant points can be obtained by referring to the description of the method part.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the components and steps of the various examples have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The method, the device, the equipment and the medium for defending against the malicious attack based on the secure memory are introduced in detail, a specific example is applied in the text to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A malicious attack defense method based on a secure memory is characterized by comprising the following steps:
sending a target program to be executed to a safety operation loader which is designed for a safety memory in advance through an operating system;
creating each program directory corresponding to the target program by using the safe operation loader, modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the safe memory from read-only to readable and writable by using an operating system, and then mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one;
and modifying the target attribute corresponding to each preset storage area in the secure memory from being readable and writable to being read only through the operating system so as to defend malicious attacks when the target program runs.
2. The method for defending against malicious attacks based on a secure memory according to claim 1, wherein the step of sending the target program to be executed to a secure operation loader pre-designed for the secure memory through an operating system comprises:
carrying out encryption operation and/or signature operation on a target program to be executed through an operating system to obtain an operated program, and sending the operated program to a safety operation loader which is designed for a safety memory in advance;
and carrying out decryption operation and/or signature verification operation on the operated program through the operating system to obtain the target program.
3. The method of claim 2, wherein the signing operation and the verifying operation are performed using an MD5 algorithm.
4. The method for defending against malicious attacks based on a secure memory according to claim 1, wherein before the target program to be executed is sent to a secure operation loader pre-designed for the secure memory by an operating system, the method further comprises:
and setting the target attributes corresponding to all the preset storage areas in the secure memory as read-only.
5. The method for defending against malicious attacks based on secure memory according to claim 1, wherein the creating each program directory corresponding to the target program by using the secure operation loader comprises:
determining each important program segment in the target program;
creating a program catalog corresponding to each important program segment by using the safe operation loader; the program catalog has corresponding important program segments and target attributes of the important program segments; the target attribute is one of read-only, write-only, readable-writable and read-write-prohibited.
6. The method for defending against malicious attacks based on a secure memory according to claim 1, wherein before the target program to be executed is sent to a secure operation loader pre-designed for the secure memory by an operating system, the method further comprises:
and designing the safe operation loader for the safe memory based on the operation interface of the safe memory.
7. The method of claim 1, wherein the number of program directories is not greater than the number of internal registers free in an ASIC chip of the secure memory; the internal registers correspond to the preset storage areas one to one.
8. A malicious attack defense device based on a secure memory is characterized by comprising:
the target program sending module is used for sending a target program to be executed to a safe operation loader which is designed for the safe memory in advance through an operating system;
the catalog establishing module is used for establishing each program catalog corresponding to the target program by utilizing the safe operation loader;
the first attribute modification module is used for modifying the target attributes corresponding to the preset storage areas with the same number as the program directories in the secure memory from read-only to readable and writable through an operating system;
the mapping module is used for mapping each program directory to each preset storage area in a file form by using the safe operation loader; the program directories correspond to the preset storage areas one by one;
and the second attribute modification module is used for modifying the target attribute corresponding to each preset storage area in the secure memory from readable writable to read-only through the operating system so as to defend malicious attacks when the target program runs.
9. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the secure memory-based malicious attack prevention method according to any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements a secure memory-based malicious attack prevention method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211634211.1A CN115982699A (en) | 2022-12-19 | 2022-12-19 | Malicious attack defense method, device, equipment and medium based on secure memory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211634211.1A CN115982699A (en) | 2022-12-19 | 2022-12-19 | Malicious attack defense method, device, equipment and medium based on secure memory |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115982699A true CN115982699A (en) | 2023-04-18 |
Family
ID=85971622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211634211.1A Pending CN115982699A (en) | 2022-12-19 | 2022-12-19 | Malicious attack defense method, device, equipment and medium based on secure memory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115982699A (en) |
-
2022
- 2022-12-19 CN CN202211634211.1A patent/CN115982699A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9989043B2 (en) | System and method for processor-based security | |
| JP6142027B2 (en) | System and method for performing protection against kernel rootkits in a hypervisor environment | |
| US9747172B2 (en) | Selective access to executable memory | |
| CN109800050B (en) | Memory management method, device, related equipment and system of virtual machine | |
| KR101946982B1 (en) | Process Evaluation for Malware Detection in Virtual Machines | |
| US8220029B2 (en) | Method and system for enforcing trusted computing policies in a hypervisor security module architecture | |
| US9424430B2 (en) | Method and system for defending security application in a user's computer | |
| US8904552B2 (en) | System and method for protecting data information stored in storage | |
| US20110289294A1 (en) | Information processing apparatus | |
| EP3287932B1 (en) | Data protection method and device | |
| JP4975127B2 (en) | Apparatus for providing tamper evidence to executable code stored on removable media | |
| JP5346608B2 (en) | Information processing apparatus and file verification system | |
| KR20030082485A (en) | Saving and retrieving data based on symmetric key encryption | |
| KR20030082484A (en) | Saving and retrieving data based on public key encryption | |
| JP2002318719A (en) | Highly reliable computer system | |
| CN114402295A (en) | Secure runtime system and method | |
| EP3178032B1 (en) | Embedding secret data in code | |
| EP3785149B1 (en) | Memory assignment for guest operating systems | |
| Zhao et al. | A private user data protection mechanism in trustzone architecture based on identity authentication | |
| US9398019B2 (en) | Verifying caller authorization using secret data embedded in code | |
| KR20200041639A (en) | In-vehicle software update system and method for controlling the same | |
| CN115879064A (en) | Program running method and device, processor, chip and electronic equipment | |
| CN115982699A (en) | Malicious attack defense method, device, equipment and medium based on secure memory | |
| US20240037217A1 (en) | Digital content management through on-die cryptography and remote attestation | |
| JP4953385B2 (en) | Device for preventing leakage of application execution files and configuration files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |