CN107526969B - Method and device for determining IP (Internet protocol) core security level - Google Patents
Method and device for determining IP (Internet protocol) core security level Download PDFInfo
- Publication number
- CN107526969B CN107526969B CN201610446930.9A CN201610446930A CN107526969B CN 107526969 B CN107526969 B CN 107526969B CN 201610446930 A CN201610446930 A CN 201610446930A CN 107526969 B CN107526969 B CN 107526969B
- Authority
- CN
- China
- Prior art keywords
- attribute information
- security
- core
- target
- intellectual property
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
本申请提供了一种确定IP核安全级别的方法及装置,方法包括:获取目标IP核的目标属性信息,该目标属性信息包括多类属性信息,多类属性信息中各类属性信息对目标IP核安全性的影响程度不同;基于预先设定的IP核的属性信息与安全值的对应关系确定与目标属性信息的安全值;利用目标属性信息的安全值,基于预先设定的安全分级规则确定目标IP核的安全级别。本申请提供的确定IP核安全级别的方法及装置可对IP核的安全性进行评估,通过对IP核的安全评估,能提高具有IP核的信息计算系统的安全性和可靠性。
The present application provides a method and device for determining the security level of an IP core. The method includes: acquiring target attribute information of a target IP core, where the target attribute information includes multiple types of attribute information, and each type of attribute information in the multiple types of attribute information has an impact on the target IP core. The degree of influence of nuclear security is different; the security value of the target attribute information is determined based on the corresponding relationship between the attribute information of the IP core and the security value; the security value of the target attribute information is used to determine the security classification rule based on the preset The security level of the target IP core. The method and device for determining the security level of an IP core provided by the present application can evaluate the security of the IP core, and through the security evaluation of the IP core, the security and reliability of the information computing system with the IP core can be improved.
Description
技术领域technical field
本发明涉及芯片设计及测试技术领域,尤其涉及一种确定IP核安全级别的方法及装置。The invention relates to the technical field of chip design and testing, and in particular, to a method and device for determining the security level of an IP core.
背景技术Background technique
随着移动互联网以及物联网的发展,消费电子、航空航天、金融和医疗领域中大量应用了嵌入式计算系统,而片上系统(System on Chip,SoC)是构成嵌入式计算系统的重要组成部分。With the development of mobile Internet and Internet of Things, embedded computing systems are widely used in consumer electronics, aerospace, finance and medical fields, and System on Chip (SoC) is an important part of embedded computing systems.
为了适应系统规模越来越庞大,功能越来越复杂的应用场景,SoC中大量复用第三方的知识产权(Intellectual Property,IP)核组件来提高设计效率。基于IP核复用技术的设计方法已成为弥补设计生产效率和芯片密度之间的差距,以及快速进入市场的最有效的方法。根据统计,一款SoC上IP核的数量可以达到上百个,IP核的大量应用大大缩短了片上系统的设计时间,加速了相关产品的上市。In order to adapt to application scenarios with increasingly larger system scale and more complex functions, a large number of third-party intellectual property (Intellectual Property, IP) core components are reused in the SoC to improve design efficiency. The design method based on IP core reuse technology has become the most effective method to bridge the gap between design productivity and chip density, and to enter the market quickly. According to statistics, the number of IP cores on a SoC can reach hundreds, and the large-scale application of IP cores has greatly shortened the design time of the SoC and accelerated the launch of related products.
然而,由于IP核来源不同,SoC上大量IP核的应用无疑增加了芯片的风险,尤其是对安全性高度敏感的信息计算系统。信息计算系统不仅要求集成大量不同来源的IP核的SoC满足功能的正确性,还应确保其使用的安全性。然而,在实际设计中,不同IP核的供应者所提供的测试验证环境和可信程度参差不齐,虽然国际上有关集成电路IP设计、可用性、可复用性及质量评估及其标准化等工作从上世纪90年代后期就开始启动,但当前尚无IP核安全性评估的相关标准,而协同验证技术和主流EDA工具没有特殊针对安全性考虑的部分,只对代码覆盖率和功能进行验证。However, due to the different sources of IP cores, the application of a large number of IP cores on SoCs undoubtedly increases the risk of chips, especially for information computing systems that are highly sensitive to security. The information computing system not only requires the SoC integrating a large number of IP cores from different sources to satisfy the correctness of the function, but also to ensure the safety of its use. However, in actual design, the test and verification environment and reliability provided by different IP core suppliers vary, although the international work on integrated circuit IP design, usability, reusability, quality assessment and its standardization It has been started since the late 1990s, but there is currently no relevant standard for IP nuclear safety assessment, and co-verification technology and mainstream EDA tools do not have special security considerations, and only verify code coverage and functions.
越来越多的研究表明,非可信的第三方IP的使用可能会引入恶意代码或恶意电路如硬件木马等,其会对片上可信模块或核心内容进行直接或间接的攻击,可能引起不同程度的安全信息泄露,甚至包括最核心的密钥和密码泄露等,严重影响整个信息系统的可靠性。由此可见,对于IP核的安全评估是亟需解决的问题。More and more studies have shown that the use of untrusted third-party IP may introduce malicious code or malicious circuits such as hardware Trojans, etc., which will directly or indirectly attack the on-chip trusted modules or core content, which may cause different The degree of security information leakage, even including the core key and password leakage, seriously affects the reliability of the entire information system. It can be seen that the security assessment of IP core is an urgent problem to be solved.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明提供了一种确定IP核安全级别的方法及装置,用以实现IP核的安全评估,进而提高使用IP核的计算系统的安全性和可靠性,其技术方案如下:In view of this, the present invention provides a kind of method and device for determining IP core security level, in order to realize the security assessment of IP core, and then improve the security and reliability of the computing system using IP core, its technical scheme is as follows:
一种确定IP核安全级别的方法,所述方法包括:A method for determining an IP core security level, the method comprising:
获取目标IP核的目标属性信息,所述目标属性信息包括多类属性信息,所述多类属性信息中各类属性信息对所述目标IP核安全性的影响程度不同;Obtaining target attribute information of the target IP core, the target attribute information includes multiple types of attribute information, and the various types of attribute information in the multiple types of attribute information have different degrees of influence on the security of the target IP core;
基于预先设定的IP核的属性信息与安全值的对应关系确定与所述目标属性信息的安全值;Determine the security value of the target attribute information based on the preset correspondence between the attribute information of the IP core and the security value;
利用所述目标属性信息的安全值,基于预先设定的安全分级规则确定所述目标IP核的安全级别。Using the security value of the target attribute information, the security level of the target IP core is determined based on a preset security classification rule.
其中,所述利用所述目标属性信息的安全值,基于预先设定的安全分级规则确定所述目标IP核的安全级别,包括:Wherein, the use of the security value of the target attribute information to determine the security level of the target IP core based on a preset security classification rule includes:
通过所述多类属性信息中的第一类属性信息中各个属性信息的安全值,基于预先设定的二元分级规则确定所述目标IP核的安全级别,所述第一类属性信息预先设定对所述目标IP核安全性的影响程度最高的属性信息,所述二元分级规则为将所述目标IP核的安全级别划分为两级的分级规则;The security level of the target IP core is determined based on a preset binary classification rule by using the security value of each attribute information in the first type of attribute information in the multi-type attribute information, and the first type of attribute information is preset Determine the attribute information with the highest degree of influence on the security of the target IP core, and the binary classification rule is a classification rule that divides the security level of the target IP core into two levels;
或者,通过所述多类属性信息中各类属性信息中的各个属性信息的安全值基于预先设定的多元分级规则确定所述目标IP核的安全级别,所述多元分级规则为将所述目标IP核的安全级别划分为多级的分级规则,所述多级大于两级。Alternatively, the security level of the target IP core is determined based on the security value of each attribute information in the various types of attribute information in the multi-type attribute information based on a preset multi-level classification rule, and the multi-level classification rule is to classify the target IP core. The security level of the IP core is divided into multi-level hierarchical rules, and the multi-level is greater than two levels.
其中,所述通过所述多类属性信息中的第一类属性信息中各个属性信息的安全值,基于预先设定的二元分级规则确定所述目标IP核的安全级别,包括:Wherein, determining the security level of the target IP core based on a preset binary classification rule by using the security value of each attribute information in the first type of attribute information in the multi-type attribute information includes:
判断所述第一类属性信息中是否有至少一个属性信息的安全值为第一安全值,并且有至少一个属性信息的安全值为第二安全值;Judging whether there is at least one attribute information whose security value is the first security value in the first type of attribute information, and whether there is at least one attribute information whose security value is the second security value;
如果是,则确定所述目标IP核的级别为指示所述目标核为不安全IP核的级别;If yes, then determine that the level of the target IP core is the level indicating that the target core is an unsafe IP core;
如果否,则确定所述目标IP核的级别为指示所述目标IP核为安全IP核的级别。If not, the level of the target IP core is determined to be a level indicating that the target IP core is a secure IP core.
其中,所述多类属性信息包括:第一类属性信息、第二类属性信息和第三类属性信息,所述第一类属性信息对所述目标IP核安全性的影响程度高于所述第二类属性信息,所述第二类属性信息对所述目标IP核安全性的影响程度高于所述第三类属性信息;The multi-type attribute information includes: first-type attribute information, second-type attribute information, and third-type attribute information, and the impact degree of the first-type attribute information on the security of the target IP core is higher than that of the The second type of attribute information, the degree of influence of the second type of attribute information on the security of the target IP core is higher than that of the third type of attribute information;
则所述通过所述多类属性信息中各类属性信息中的各个属性信息的安全值,基于预先设定的多元分级规则确定所述目标IP核的安全级别,包括:Then, the security level of the target IP core is determined based on a preset multi-level classification rule by the security value of each attribute information in the various types of attribute information in the multi-type attribute information, including:
当所述第一类属性信息中的至少一个属性信息的安全值为第一安全值时,确定所述目标IP核的安全级别为第一级别;When the security value of at least one attribute information in the first type of attribute information is the first security value, determining that the security level of the target IP core is the first level;
当所述第一类属性信息中的各个属性信息的安全值均不是所述第一安全值,且所述第一类属性信息中的至少两个属性信息的安全值均为第二安全值时,确定所述目标IP核的安全级别为第二级别;When the security value of each attribute information in the first type of attribute information is not the first security value, and the security values of at least two attribute information in the first type of attribute information are both the second security value , determine that the security level of the target IP core is the second level;
当所述第一类属性信息中的各个属性信息的安全值均不是第一安全值,且所述第一类属性信息中只有一个属性信息的安全值为第二安全值时,或者,当第一类属性信息中的各个属性信息的安全值均不是第一安全值也不是第二安全值,且所述第二类属性信息中有至少一个属性信息的安全值为第一安全值或第二安全值时,确定所述目标IP核的安全级别为第三级别;When the security value of each attribute information in the first type of attribute information is not the first security value, and the security value of only one attribute information in the first type of attribute information is the second security value, or, when the first security value is The security value of each attribute information in the type of attribute information is neither the first security value nor the second security value, and the security value of at least one attribute information in the second type of attribute information is the first security value or the second security value. When the security value is determined, the security level of the target IP core is determined to be the third level;
当所述第一类属性信息和所述第二类属性信息中的各个属性信息的安全值均不是第一安全值,也均不是第二安全值,且所述第一属性信息、所述第二类属性信息和所述第三属性信息中有不多于两个的属性信息的安全值为第三预设值时,确定所述目标IP核的安全级别为第四级别;When the security value of each attribute information in the first type of attribute information and the second type of attribute information is neither the first security value nor the second security value, and the first attribute information, the first When the security value of no more than two types of attribute information and the third attribute information has a third preset value, determine that the security level of the target IP core is the fourth level;
当所述第一属性信息、所述第二属性信息和所述第三属性信息中各个属性信息的安全值均不是第一安全值、均不是第二安全值、也均不是第三预设值时,确定所述目标IP核的安全级别为第五级别;When the security value of each attribute information in the first attribute information, the second attribute information and the third attribute information is not the first security value, neither the second security value nor the third preset value When, it is determined that the security level of the target IP core is the fifth level;
其中,属性信息的安全值为所述第一安全值表明所述属性信息为安全性最差的属性信息,属性信息为所述第二安全值表明所述属性信息为安全性次差的属性信息,属性信息为所述第三全值表明所述属性信息为安全性第三差的属性信息,所述第五级别指示所述目标IP核的安全性最高,所述第四级别、所述第三级别、所述第二级别和所述第一级别所指示的安全性逐渐降低。The security value of the attribute information is the first security value indicating that the attribute information is the attribute information with the worst security, and the attribute information is the second security value indicating that the attribute information is the attribute information with the next worst security. , the attribute information is the third full value indicating that the attribute information is the attribute information with the third worst security, the fifth level indicates that the security of the target IP core is the highest, the fourth level, the third The security indicated by the third level, the second level and the first level is gradually reduced.
其中,所述第一类属性信息包括:所述目标IP核的获得渠道、所述目标IP核的提供者安全级别和所述目标IP核的应用领域;Wherein, the attribute information of the first type includes: the acquisition channel of the target IP core, the security level of the provider of the target IP core, and the application field of the target IP core;
所述第二类属性信息包括:所述目标IP核与标准的符合度、所述目标IP核的交付项、所述目标IP核的功能信息和所述目标IP核的工作模式;The second type of attribute information includes: the degree of compliance of the target IP core with the standard, the delivery item of the target IP core, the function information of the target IP core and the working mode of the target IP core;
所述第三类属性信息为所述目标属性信息中除所述第二类属性信息和所述第三类属性信息之外的属性信息。The third type of attribute information is attribute information other than the second type of attribute information and the third type of attribute information in the target attribute information.
一种确定IP核安全级别的装置,所述装置包括:属性信息获取模块、安全值确定模块和安全级别确定模块;A device for determining the security level of an IP core, the device comprising: an attribute information acquisition module, a security value determination module and a security level determination module;
所述属性信息获取模块,用于获取目标IP核的目标属性信息,所述目标属性信息包括多类属性信息,所述多类属性信息中各类属性信息对所述目标IP核安全性的影响程度不同;The attribute information acquisition module is used to acquire target attribute information of the target IP core, the target attribute information includes multiple types of attribute information, and the influence of various types of attribute information in the multiple types of attribute information on the security of the target IP core varying degrees;
所述安全值确定模块,用于基于预先设定的IP核的属性信息与安全值的对应关系确定与所述属性信息获取模块获取的所述目标属性信息的安全值;The security value determination module is configured to determine the security value of the target attribute information obtained by the attribute information acquisition module based on the preset correspondence between the attribute information of the IP core and the security value;
所述安全级别确定模块,用于利用所述安全值确定模块确定的所述目标属性信息的安全值,基于预先设定的安全分级规则确定所述目标IP核的安全级别。The security level determination module is configured to use the security value of the target attribute information determined by the security value determination module to determine the security level of the target IP core based on a preset security classification rule.
其中,所述安全级别确定模块包括:第一确定模块或者第二确定模块;Wherein, the security level determination module includes: a first determination module or a second determination module;
所述第一确定模块,用于通过所述多类属性信息中的第一类属性信息中各个属性信息的安全值,基于预先设定的二元分级规则确定所述目标IP核的安全级别,其中,所述第一类属性信息为所述多类属性信息中对所述目标IP核安全性的影响程度最高的属性信息,所述二元分级规则为将所述目标IP核的安全级别划分为两级的分级规则;The first determining module is configured to determine the security level of the target IP core based on a preset binary classification rule through the security value of each attribute information in the first type of attribute information in the multi-type attribute information, The first type of attribute information is the attribute information that has the highest impact on the security of the target IP core among the multiple types of attribute information, and the binary classification rule is to classify the security level of the target IP core A two-level grading rule;
所述第二确定模块,用于通过所述多类属性信息中各类属性信息中的各个属性信息的安全值基于预先设定的多元分级规则确定所述目标IP核的安全级别,所述多元分级规则为将所述目标IP核的安全级别划分为多级的分级规则,所述多级大于两级。The second determination module is configured to determine the security level of the target IP core based on a preset multi-level classification rule by using the security value of each attribute information in the various types of attribute information in the multi-type attribute information. The classification rule is a classification rule for dividing the security level of the target IP core into multiple levels, and the multiple levels are greater than two levels.
其中,所述第一确定模块包括:判断子模块和确定子模块;Wherein, the first determining module includes: a judging sub-module and a determining sub-module;
所述判断子模块,用于判断所述第一类属性信息中是否有至少一个属性信息的安全值为第一安全值,并且有至少一个属性信息的安全值为第二安全值,其中,属性信息的安全值为所述第一安全值表明所述属性信息为安全性最差的属性信息,属性信息为所述第二安全值表明所述属性信息为安全性次差的属性信息;The judging submodule is used for judging whether there is at least one attribute information whose security value is the first security value, and whether there is at least one attribute information whose security value is the second security value in the first type of attribute information, wherein the attribute The security value of the information is that the first security value indicates that the attribute information is the attribute information with the worst security, and the attribute information is the second security value that indicates that the attribute information is the attribute information that is the second worst in security;
所述确定子模块,用于当所述判断子模块判断出所述第一类属性信息中有至少一个属性信息的安全值为第一安全值,并且有至少一个属性信息的安全值为第二安全值时,确定所述目标IP核的级别为指示所述目标核为不安全IP核的级别,否则确定所述目标IP核的级别为指示所述目标IP核为安全IP核的级别。The determining sub-module is used for when the determining sub-module determines that the security value of at least one attribute information in the first type of attribute information is the first security value, and the security value of at least one attribute information is the second security value. When the security value is set, the level of the target IP core is determined to be a level indicating that the target core is an unsafe IP core; otherwise, the level of the target IP core is determined to be a level that indicates that the target IP core is a secure IP core.
其中,所述多类属性信息包括:第一类属性信息、第二类属性信息和第三类属性信息,所述第一类属性信息对所述目标IP核安全性的影响程度高于所述第二类属性信息,所述第二类属性信息对所述目标IP核安全性的影响程度高于所述第三类属性信息;The multi-type attribute information includes: first-type attribute information, second-type attribute information, and third-type attribute information, and the impact degree of the first-type attribute information on the security of the target IP core is higher than that of the The second type of attribute information, the degree of influence of the second type of attribute information on the security of the target IP core is higher than that of the third type of attribute information;
则所述第二确定模块包括:第一确定子模块、第二确定子模块、第三确定子模块和第四确定子模块;The second determination module includes: a first determination sub-module, a second determination sub-module, a third determination sub-module and a fourth determination sub-module;
所述第一确定子模块,用于当所述第一类属性信息中的至少一个属性信息的安全值为第一安全值时,确定所述目标IP核的安全级别为第一级别;The first determining submodule is configured to determine that the security level of the target IP core is the first level when the security value of at least one attribute information in the first type of attribute information is the first security value;
所述第二确定子模块,用于当所述第一类属性信息中的各个属性信息的安全值均不是所述第一安全值,且所述第一类属性信息中的至少两个属性信息的安全值均为第二安全值时,确定所述目标IP核的安全级别为第二级别;The second determination submodule is used for when the security value of each attribute information in the first type of attribute information is not the first security value, and at least two attribute information in the first type of attribute information When the security value of is the second security value, it is determined that the security level of the target IP core is the second level;
所述第三确定子模块,用于当所述第一类属性信息中的各个属性信息的安全值均不是第一安全值,且所述第一类属性信息中只有一个属性信息的安全值为第二安全值时,或者,当第一类属性信息中的各个属性信息的安全值均不是第一安全值也不是第二安全值,且所述第二类属性信息中有至少一个属性信息的安全值为第一安全值或第二安全值时,确定所述目标IP核的安全级别为第三级别;The third determination sub-module is used when the security value of each attribute information in the first type of attribute information is not the first security value, and the security value of only one attribute information in the first type of attribute information is not the first security value. When the second security value, or, when the security value of each attribute information in the first type of attribute information is neither the first security value nor the second security value, and the second type of attribute information has at least one attribute information When the security value is the first security value or the second security value, determine that the security level of the target IP core is the third level;
所述第四确定子模块,用于当所述第一类属性信息和所述第二类属性信息中的各个属性信息的安全值均不是第一安全值,也均不是第二安全值,且所述第一属性信息、所述第二类属性信息和所述第三属性信息中有不多于两个的属性信息的安全值为第三预设值时,确定所述目标IP核的安全级别为第四级别;The fourth determination sub-module is configured to be used when the security values of each attribute information in the first type of attribute information and the second type of attribute information are neither the first security value nor the second security value, and When the security value of no more than two attribute information in the first attribute information, the second type attribute information and the third attribute information has a third preset value, determine the security of the target IP core The level is the fourth level;
所述第五确定子模块,用于当所述第一属性信息、所述第二属性信息和所述第三属性信息中各个属性信息的安全值均不是第一安全值、均不是第二安全值、也均不是第三预设值时,确定所述目标IP核的安全级别为第五级别;The fifth determination sub-module is used for when the security value of each attribute information in the first attribute information, the second attribute information and the third attribute information is neither the first security value nor the second security value When the value is not the third preset value, it is determined that the security level of the target IP core is the fifth level;
其中,属性信息的安全值为所述第一安全值表明所述属性信息为安全性最差的属性信息,属性信息为所述第二安全值表明所述属性信息为安全性次差的属性信息,属性信息为所述第三全值表明所述属性信息为安全性第三差的属性信息,所述第五级别指示所述目标IP核的安全性最高,所述第四级别、所述第三级别、所述第二级别和所述第一级别所指示的安全性逐渐降低。The security value of the attribute information is the first security value indicating that the attribute information is the attribute information with the worst security, and the attribute information is the second security value indicating that the attribute information is the attribute information with the next worst security. , the attribute information is the third full value indicating that the attribute information is the attribute information with the third worst security, the fifth level indicates that the security of the target IP core is the highest, the fourth level, the third The security indicated by the third level, the second level and the first level is gradually reduced.
其中,所述第一类属性信息包括:所述目标IP核的获得渠道、所述目标IP核的提供者安全级别和所述目标IP核的应用领域;Wherein, the attribute information of the first type includes: the acquisition channel of the target IP core, the security level of the provider of the target IP core, and the application field of the target IP core;
所述第二类属性信息包括:所述目标IP核与标准的符合度、所述目标IP核的交付项、所述目标IP核的功能信息和所述目标IP核的工作模式;The second type of attribute information includes: the degree of compliance of the target IP core with the standard, the delivery item of the target IP core, the function information of the target IP core and the working mode of the target IP core;
所述第三类属性信息为所述目标属性信息中除所述第二类属性信息和所述第三类属性信息之外的属性信息。The third type of attribute information is attribute information other than the second type of attribute information and the third type of attribute information in the target attribute information.
上述技术方案具有如下有益效果:The above-mentioned technical scheme has the following beneficial effects:
本发明提供的确定IP核安全级别的方法及装置,首先获取目标IP核的目标属性信息,该目标属性信息包括按对目标IP核安全性的影响程度高低划分的多类属性信息,然后基于预先设定的IP核的属性信息与安全值的对应关系确定与目标属性信息的安全值,最后利用目标属性信息的安全值,基于预先设定的安全分级规则确定所述目标IP核的安全级别。本发明提供的方法及装置可实现对IP核、具有IP核的信息计算系统的安全性和可靠性的评估,通过对IP核的安全性可靠性评估,能提高具有IP核的信息计算系统的安全性和可靠性。The method and device for determining the security level of an IP core provided by the present invention first obtain the target attribute information of the target IP core. The set correspondence between the attribute information of the IP core and the security value determines the security value of the target attribute information. Finally, the security value of the target attribute information is used to determine the security level of the target IP core based on the preset security classification rules. The method and device provided by the present invention can realize the evaluation of the security and reliability of the IP core and the information computing system with the IP core. By evaluating the security and reliability of the IP core, the reliability of the information computing system with the IP core can be improved Safety and reliability.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to the provided drawings without creative work.
图1为本发明实施例提供的确定IP核安全级别的方法的流程示意图;1 is a schematic flowchart of a method for determining an IP core security level provided by an embodiment of the present invention;
图2为本发明实施例提供的确定IP核安全级别的装置的结构示意图。FIG. 2 is a schematic structural diagram of an apparatus for determining a security level of an IP core provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
本发明实施例提供了一种确定IP核安全级别的方法,请参阅图1,示出了该方法的流程示意图,该方法可以包括:An embodiment of the present invention provides a method for determining the security level of an IP core. Please refer to FIG. 1, which shows a schematic flowchart of the method. The method may include:
步骤S101:获取目标IP核的目标属性信息。Step S101: Obtain target attribute information of the target IP core.
其中,目标属性信息包括多类属性信息,多类属性信息按对目标IP核安全性的影响程度高低划分,即多类属性信息中各类属性信息对目标IP核安全性的影响程度不同。Among them, the target attribute information includes multiple types of attribute information, and the multiple types of attribute information are divided according to the degree of influence on the security of the target IP core, that is, each type of attribute information in the multiple types of attribute information has different degrees of influence on the security of the target IP core.
步骤S102:基于预先设定的IP核的属性信息与安全值的对应关系确定与目标属性信息的安全值。Step S102: Determine the security value with the target attribute information based on the preset correspondence between the attribute information of the IP core and the security value.
步骤S103:利用目标属性信息的安全值,基于预先设定的安全分级规则确定目标IP核的安全级别。Step S103: Using the security value of the target attribute information, the security level of the target IP core is determined based on a preset security classification rule.
本发明提供的确定IP核安全级别的方法及装置,首先获取目标IP核的目标属性信息,然后基于预先设定的IP核的属性信息与安全值的对应关系确定与目标属性信息的安全值,最后利用目标属性信息的安全值,基于预先设定的安全分级规则确定所述目标IP核的安全级别。本发明实施例提供的确定IP核安全级别的方法可对IP核的安全性进行评估,通过对IP核的安全评估,能提高具有IP核的信息计算系统的安全性和可靠性。The method and device for determining the security level of an IP core provided by the present invention first obtain the target attribute information of the target IP core, and then determine the security value with the target attribute information based on the preset correspondence between the attribute information of the IP core and the security value, Finally, using the security value of the target attribute information, the security level of the target IP core is determined based on a preset security classification rule. The method for determining the security level of the IP core provided by the embodiment of the present invention can evaluate the security of the IP core, and through the security evaluation of the IP core, the security and reliability of the information computing system with the IP core can be improved.
在上述实施例中,目标IP核的属性信息可以包括目标IP核的来源信息、功能信息和使用场景信息。In the above embodiment, the attribute information of the target IP core may include source information, function information and usage scenario information of the target IP core.
进一步的,目标IP核的来源信息可以包括目标IP核的提供者的安全级别、目标IP核的发布时间、目标IP核的获得渠道、目标IP核与标准符合度以及目标IP核交付项。Further, the source information of the target IP core may include the security level of the provider of the target IP core, the release time of the target IP core, the acquisition channel of the target IP core, the compliance of the target IP core with the standard, and the delivery item of the target IP core.
其中,目标IP核的提供者的安全级别的划分策略有两种,第一种为二元策略,第二种为多元策略。Among them, there are two strategies for dividing the security level of the provider of the target IP core, the first is a binary strategy, and the second is a multiple strategy.
二元策略,即将目标IP核提供者分为可信的(用T表示)和非可信的(用U表示)。其中,可信的提供者包括自主开发、密切合作的共有开发者、经过权威第三方认证机构认证的提供者、其他高度可信任部门的开发者。非可信的提供者包括公开网络下载得到、一般合作伙伴、未经认证的企业开发者、未经认证的个人开发者、敏感单位提供者、其他不明来源的提供者。Binary strategy, that is, the target IP core provider is divided into trusted (denoted by T) and untrusted (denoted by U). Among them, trusted providers include self-developed, closely cooperated co-developers, providers certified by authoritative third-party certification agencies, and developers from other highly trusted departments. Untrusted providers include public network downloads, general partners, uncertified enterprise developers, uncertified individual developers, sensitive unit providers, and other providers from unknown sources.
多元策略,即将提供者按合作安全程度分为完全可信(用FT表示)、已认证(用AU表示)、不确定(用UN表示)、可能怀疑(用PS表示)和高度怀疑(用HS表示)。完全可信的提供者为自主开发、密切合作的共有开发者,不受任何外界因素影响直接获得IP核的提供者。已认证的提供者为经过权威第三方认证机构认证的提供者、其他高度可信任部门的开发者,受到一定外界因素影响,但仍能顺利获得认证IP的提供者(如商业关系)。不确的提供者为公开网络下载得到声称已认证的来源,一般合作伙伴(初次合作或间接合作,认证过程未完成或认证单位不权威)。可能怀疑的提供者为公开网络下载得到但未声称有任何认证的来源,未经认证的企业开发者、未经认证的个人开发者。高度怀疑的提供者为敏感单位提供者(前期接触有不良记录或者曾有被举报记录,敏感库列表成员)、其他不明来源的提供者。Multivariate strategy, that is, according to the degree of cooperation security, the providers are divided into fully trusted (represented by FT), authenticated (represented by AU), uncertain (represented by UN), possibly suspicious (represented by PS) and highly suspicious (represented by HS) express). A fully trusted provider is a co-developer with independent development and close cooperation, and a provider who directly obtains IP cores without being affected by any external factors. Certified providers are providers certified by authoritative third-party certification agencies, and developers from other highly trusted departments. They are affected by certain external factors, but can still successfully obtain certified IP providers (such as business relationships). The inaccurate provider is the source that claims to be certified for the public network download, the general partner (initial cooperation or indirect cooperation, the certification process is not completed or the certification unit is not authoritative). Suspected providers are sources that are downloaded from the public network but do not claim to have any certification, uncertified enterprise developers, and uncertified individual developers. Highly suspected providers are sensitive unit providers (with bad records or reported records in previous contacts, members of the sensitive database list), and other providers from unknown sources.
目标IP核的发布时间,表明目标IP核正式获得的时间。如果是自主开发或密切合作者共同开发的IP核,以最终版本发布的时间为准。其他来源的应由提供者提供IP核发布时间,无法获得时间戳的IP核即使通过认证,也应该在原有安全等级上做降档处理。The release time of the target IP core indicates the time when the target IP core is officially obtained. If it is an IP core developed independently or jointly developed by a close collaborator, the time when the final version is released shall prevail. For IP cores from other sources, the provider should provide the release time of IP cores. IP cores that cannot obtain timestamps should be downgraded to the original security level even if they pass the certification.
目标IP核的获得渠道,表明IP是通过何种方式得到的,该属性应与提供者属性相匹配。The acquisition channel of the target IP core indicates how the IP is obtained. This attribute should match the provider attribute.
目标IP核与标准符合度,参考标准规范有国际上的VSIA体系、国内的CSIP体系等,指明具体遵循的是何种标准的何种版本。如没有按照任何标准进行开发,则与标准符合度为不符合。The target IP core conforms to the standard, and the reference standard specification includes the international VSIA system, the domestic CSIP system, etc., indicating which version of the standard to follow. If it is not developed according to any standard, it is not in compliance with the standard.
目标IP核的交付项,参考VSIA和CSIP对交付项的要求,分别对软核和硬核做出规定(固核的参考硬核)。将软核交付项分为以下几类:文档交付项、系统设计交付项、逻辑设计交付项、测试交付项、功能验证交付项、代码检查交付项、时序与功耗分析交付项。将硬核交付项分为以下几类:文档交付项、电路设计交付项、模型交付项、功能验证交付项、测试交付项和硅验证交付项。For the deliverables of the target IP core, refer to the requirements of VSIA and CSIP for deliverables, and specify the soft core and hard core respectively (referring to the hard core of the solid core). Divide soft core deliverables into the following categories: Documentation deliverables, System design deliverables, Logic design deliverables, Test deliverables, Functional verification deliverables, Code review deliverables, Timing and power analysis deliverables. Divide hard core deliverables into the following categories: documentation deliverables, circuit design deliverables, model deliverables, functional verification deliverables, test deliverables, and silicon verification deliverables.
根据可交付项的强制类型将可交付项分为以下几类:强制(Mandatory,M)、条件强制(Conditional Mandatory,CM)、推荐(Recommended,R)和条件推荐(ConditionalRecommended,CR)。其中,条件强制CM由具体的应用环境决定,推荐R能够提升设计质量和精度,减少集成时间,条件推荐CR应指出所规定的条件,在条件满足情况下,能提高设计质量和精度,减少集成时间等。Deliverables are classified into the following categories according to their mandatory types: Mandatory (M), Conditional Mandatory (CM), Recommended (Recommended, R), and Conditional Recommended (CR). Among them, the conditional mandatory CM is determined by the specific application environment. The recommended R can improve the design quality and accuracy and reduce the integration time. The conditional recommendation CR should point out the specified conditions. If the conditions are met, it can improve the design quality and accuracy and reduce the integration time. time etc.
进一步的,目标IP核的功能信息包括类别信息、结构信息、功能信息、性能信息和形式信息。其中,类别信息用于表明IP核的种类,属于硬核、固核还是软核,结构信息用于表明IP核的结构特征,如数字IP可以划分为总线或非总线结构,结构信息可指明总线类型,功能信息明确说明该IP的功能分类,性能信息表明IP核性能的一切可量化指标,形式信息大多只对硬核有效,包括一切与工艺和最终硅验证后相关的结果,软核只需要提供可综合网表的门数,输入数据和地址总线的位数等。Further, the function information of the target IP core includes category information, structure information, function information, performance information and form information. Among them, the category information is used to indicate the type of IP core, whether it is a hard core, a solid core or a soft core, and the structure information is used to indicate the structural characteristics of the IP core. For example, digital IP can be divided into bus or non-bus structure, and the structure information can indicate the bus. Type and function information clearly indicate the functional classification of the IP, and performance information indicates all quantifiable indicators of IP core performance. Most of the formal information is only valid for hard cores, including all results related to process and final silicon verification. Soft cores only need Provides the number of gates of the synthesizable netlist, the number of bits of the input data and address bus, etc.
进一步的,目标IP核的使用场景包括工作模式、验证环境和目标定位。其中,工作模式用于指出目标IP核在实际使用中的模式分类及定义,例如,主从、读写、全工作/休眠,且说明各个模式之间的转换条件,可通过状态机图描述。验证环境用于指明具有哪些外部验证的条件,匹配了哪些验证文件,或已经有哪些验证报告,指明使用的工具版本。目标定位用于明确目标IP核的使用领域,按照安全级别进行分类,可分为共用IP核,专用IP核,安全敏感领域IP核,非安全敏感领域IP核。Further, the usage scenarios of the target IP core include working mode, verification environment and target positioning. Among them, the working mode is used to indicate the mode classification and definition of the target IP core in actual use, such as master-slave, read-write, full work/sleep, and to describe the transition conditions between each mode, which can be described by a state machine diagram. The validation environment is used to indicate which external validation conditions are present, which validation files are matched, or which validation reports already exist, indicating the tool version used. Target positioning is used to clarify the use field of the target IP core. It is classified according to the security level and can be divided into shared IP cores, dedicated IP cores, security-sensitive IP cores, and non-security-sensitive IP cores.
在上述实施例中,对上述属性信息按对目标IP核安全性的影响程度高低划分为多类,获得多类属性信息。In the above-mentioned embodiment, the above-mentioned attribute information is divided into multiple types according to the degree of influence on the security of the target IP core, and multiple types of attribute information are obtained.
在一种可能的实现方式中,可依据对目标IP核安全性的影响程度高低将目标IP核的多个属性信息划分为三类属性信息,分别为第一类属性信息、第二类属性信息和第三类属性信息。其中,第一类属性信息为特别重要属性信息,第二类属性信息为重要属性信息,第三类属性信息为一般属性信息。In a possible implementation manner, the multiple attribute information of the target IP core can be divided into three types of attribute information according to the degree of influence on the security of the target IP core, which are the first type of attribute information and the second type of attribute information respectively. and the third type of attribute information. The first type of attribute information is particularly important attribute information, the second type of attribute information is important attribute information, and the third type of attribute information is general attribute information.
具体的,第一类属性信息可以包括目标IP核提供者的安全级别、目标IP核的获取渠道、目标IP核的应用领域,第二类属性信息可以包括目标IP核与标准符合度、目标IP核的交付项、目标IP核的功能、目标IP核的类别、目标IP核的工作模式,除上述属性信息外的其它属性信息则为第三类属性信息。Specifically, the first type of attribute information may include the security level of the target IP core provider, the acquisition channel of the target IP core, and the application field of the target IP core, and the second type of attribute information may include the target IP core and standard compliance degree, target IP core The deliverables of the core, the function of the target IP core, the category of the target IP core, the working mode of the target IP core, and other attribute information other than the above attribute information are the third type of attribute information.
在获取到目标IP核的目标属性信息即多类属性信息后,基于预先设定的IP核属性信息与安全值的对应关系确定目标属性信息的安全值。After acquiring the target attribute information of the target IP core, that is, the multi-type attribute information, the security value of the target attribute information is determined based on the preset correspondence between the IP core attribute information and the security value.
在本实施例中,可预先设定IP核属性信息与安全值的对应关系如下:In this embodiment, the corresponding relationship between the IP core attribute information and the security value can be preset as follows:
(一)特别重要属性信息(1) Special important attribute information
1、对于“IP核提供者级别”这一属性信息:1. For the attribute information of "IP core provider level":
对于二元策略而言,如果IP核提供者的安全级别为可信的(T),则安全值为A,如果IP核提供者的安全级别为非可信的(U),则安全值为E。对于多元策略而言,如果IP核提供者的安全级别为完全可信(FT),则安全值为A、如果IP核提供者的安全级别为已认证(AU),则安全值为B,如果IP核提供者的安全级别为不确定(UN),则安全值为C,如果IP核提供者的安全级别为可能怀疑(PS),则安全值为D,如果IP核提供者的安全级别为高度怀疑(HS),则安全值为E。For the binary strategy, if the security level of the IP core provider is trusted (T), the security value is A; if the security level of the IP core provider is untrusted (U), the security value is E. For multiple strategies, if the security level of the IP core provider is fully trusted (FT), the security value is A; if the security level of the IP core provider is authenticated (AU), the security value is B, if If the security level of the IP core provider is Uncertain (UN), the security value is C; if the security level of the IP core provider is Suspected (PS), the security value is D; if the security level of the IP core provider is High Suspicion (HS), a safe value of E.
2、对于“IP核的获得渠道”这一属性信息:2. For the attribute information of "IP core acquisition channel":
如果是自主研发(O),则安全值为A,如果是购买版权(P),则安全值为B,如果是从开放环境获得(F),则安全值为D。If it is self-developed (O), the security value is A, if it is purchased copyright (P), the security value is B, and if it is obtained from an open environment (F), the security value is D.
3、对于“IP核的目标定位”这一属性信息:3. For the attribute information of "target positioning of IP core":
如果是非安全敏感领域专用IP,则安全值为B,如果是非安全敏感领域共用IP,则安全值为C,如果是安全敏感领域专用IP,则安全值为D,如果是安全敏感领域共用IP,则安全值为E。If it is a dedicated IP in a non-security-sensitive area, the security value is B; if it is a shared IP in a non-security-sensitive area, the security value is C; if it is a dedicated IP in a security-sensitive area, the security value is D; if it is a shared IP in a security-sensitive area, The safe value is E.
(二)重要属性信息:(2) Important attribute information:
1、对于“与标准符合度”这一属性信息:1. For the attribute information of "conformity with the standard":
如果完全符合标准(用TM表示),则安全值为A,如果部分符合标准(用PM表示),则安全值为B,如果不符合标准(用NM表示),则安全值为C。The safety value is A if the standard is fully complied with (denoted by TM), the safety value is B if the standard is partially met (denoted by PM), and C if the standard is not met (denoted by NM).
2、对于“交付项”这一属性信息:2. For the attribute information of "deliverable item":
如果所有项目齐全,则安全值为A,如果所有M项和CM项齐全,则安全值为B,否则安全值为C。If all items are complete, the safety value is A, if all M and CM items are complete, the safety value is B, otherwise the safety value is C.
3、对于“IP核的功能”这一属性信息:3. For the attribute information of "IP core function":
如果IP核的功能为物理标准单元,则安全值为A,如果IP核的功能为处理器,则安全值为B,如果IP核的功能为固定功能IP和普通接口IP,则安全值为C,如果IP核的功能为以太网/USB/其他高速接口和控制器,则安全值为D,如果IP核的功能为存储器/加解密等IP,则安全值为E。If the function of the IP core is a physical standard unit, the security value is A, if the function of the IP core is a processor, the security value is B, and if the function of the IP core is fixed function IP and common interface IP, the security value is C , if the function of the IP core is Ethernet/USB/other high-speed interfaces and controllers, the security value is D, and if the function of the IP core is IP such as memory/encryption and decryption, the security value is E.
4、对于“IP核类别”这一属性信息:4. For the attribute information of "IP core category":
如果IP核是硬核,则安全值为A,如果IP核为软核或固核,则安全值为B。If the IP core is a hard core, the security value is A, and if the IP core is a soft core or a solid core, the security value is B.
5、对于“IP核的工作模式”这一属性信息:5. For the attribute information of "working mode of IP core":
如果按主从模式分,则主机安全值为A,从机安全值为B,如果按读写情况分,则只读安全值为A,只写安全值为B,可读写安全值为C,如果按工作/休眠状态分,有休眠态,安全值为A,没有休眠态,安全值为B。If it is divided according to the master-slave mode, the master security value is A, the slave security value is B, if it is divided according to the read-write situation, the read-only security value is A, the write-only security value is B, and the read-write security value is C. , if according to the working/sleep state, there is a sleep state, the safety value is A, and there is no sleep state, and the safety value is B.
(三)一般属性信息(3) General attribute information
对于一般属性信息中的各个属性信息而言,如果有某一属性信息,则属性信息的安全值为B,如果没有该属性信息,则安全值为C,例如,如果IP核的属性信息中结构信息空缺,则将结构信息的安全值确定为C,如果结构信息不空缺,则结构信息的安全值为B。For each attribute information in the general attribute information, if there is a certain attribute information, the security value of the attribute information is B; if there is no such attribute information, the security value is C. For example, if the structure of the attribute information of the IP core is If the information is vacant, the security value of the structural information is determined to be C; if the structural information is not vacant, the security value of the structural information is B.
在获得目标属性信息之后,可基于上述属性信息与安全值的对应关系确定目标属性信息的安全值,进而利用目标属性信息的安全值,基于预先设定的安全分级规则确定目标IP核的安全级别。After obtaining the target attribute information, the security value of the target attribute information can be determined based on the corresponding relationship between the above attribute information and the security value, and then the security value of the target attribute information can be used to determine the security level of the target IP core based on the preset security classification rules .
在本实施例中,利用目标属性信息的安全值,基于预先设定的安全分级规则确定目标IP核的安全级别的实现方式有多种。In this embodiment, there are various implementations for determining the security level of the target IP core based on a preset security classification rule by using the security value of the target attribute information.
在一种可能的实现方式中,可通过多类属性信息中的第一类属性信息(即特别重要的属性信息)中各个属性信息的安全值,基于预先设定的二元分级规则确定目标IP核的安全级别。其中,二元分级规则为将目标IP核的安全级别划分为两级的分级规则。In a possible implementation manner, the target IP may be determined based on a preset binary classification rule by using the security value of each attribute information in the first type of attribute information (that is, the particularly important attribute information) in the multi-type attribute information nuclear safety level. The binary classification rule is a classification rule for dividing the security level of the target IP core into two levels.
进一步的,通过多类属性信息中的第一类属性信息中各个属性信息的安全值,基于预先设定的第一安全分级规则确定目标IP核的安全级别的实现过程可以包括:判断第一类属性信息中是否有至少一个属性信息的安全值为第一安全值,并且有至少一个属性信息的安全值为第二安全值,如果是,则确定目标IP核的级别为指示目标核为不安全IP核的级别,否则确定目标IP核的级别为指示目标IP核为安全IP核的级别。其中,第一属性信息存在至少一个安全值为第一安全值的属性信息和至少一个安全值为第二安全值的属性信息表明第一类属性信息中存在至少一个安全性最差的属性信息和至少一个安全性次差的属性信息。Further, through the security value of each attribute information in the first type of attribute information in the multi-type attribute information, the implementation process of determining the security level of the target IP core based on the preset first security classification rule may include: judging the first type. Whether the security value of at least one attribute information in the attribute information is the first security value, and the security value of at least one attribute information is the second security value, if so, determine the level of the target IP core to indicate that the target core is unsafe The level of the IP core, otherwise, the level of the target IP core is determined to be the level indicating that the target IP core is a secure IP core. Wherein, the first attribute information has at least one attribute information whose security value is the first security value and at least one attribute information whose security value is the second security value, indicating that there is at least one attribute information with the worst security in the first type of attribute information and At least one attribute information with the next worst security.
示例性的,目标IP核的级别包括两级,分别为一级和二级,一级表示目标IP核为不安全IP核,二级表示目标IP核为安全IP核,第一类属性信息包括目标IP核提供者的安全级别、目标IP核的获取渠道、目标IP核的应用领域,第一安全值为E,第二安全值为D:Exemplarily, the level of the target IP core includes two levels, namely the first level and the second level, where the first level indicates that the target IP core is an unsafe IP core, the second level indicates that the target IP core is a secure IP core, and the first type of attribute information includes: The security level of the target IP core provider, the acquisition channel of the target IP core, and the application field of the target IP core, the first security value is E, and the second security value is D:
假设目标IP核提供者的安全级别的安全值为B,目标IP核的获取渠道的安全值为D,目标IP核的应用领域的安全值为E,由于第一类属性信息中存在一个属性信息的安全值为第一安全值即E,且存在一个属性信息的安全值为第二安全值即D,则可确定目标IP核的安全级别为一级,即目标IP核为不安全IP核。假设目标IP核提供者的安全级别的安全值为B,目标IP核的获取渠道的安全值为C,目标IP核的应用领域的安全值为A,则可确定目标IP核的安全级别为二级,即目标IP核为安全IP核。假设目标IP核提供者的安全级别的安全值为B,目标IP核的获取渠道的安全值为E,目标IP核的应用领域为C,则可确定目标IP核的安全级别为二级,即目标IP核为安全IP核。即当目标IP核第一类属性信息的安全值中同时出现D和E时,目标IP核为不安全IP核,否则目标IP核为安全IP核。Assume that the security value of the security level of the target IP core provider is B, the security value of the acquisition channel of the target IP core is D, and the security value of the application field of the target IP core is E. Since there is an attribute information in the first type of attribute information The security value of the first security value is E, and there is an attribute information security value that is the second security value D, then it can be determined that the security level of the target IP core is Level 1, that is, the target IP core is an unsafe IP core. Assuming that the security value of the security level of the target IP core provider is B, the security value of the acquisition channel of the target IP core is C, and the security value of the application field of the target IP core is A, it can be determined that the security level of the target IP core is 2 level, that is, the target IP core is a secure IP core. Assuming that the security value of the security level of the target IP core provider is B, the security value of the acquisition channel of the target IP core is E, and the application field of the target IP core is C, it can be determined that the security level of the target IP core is Level 2, that is, The target IP core is a secure IP core. That is, when both D and E appear in the security value of the first type of attribute information of the target IP core, the target IP core is an unsafe IP core; otherwise, the target IP core is a secure IP core.
在另一种可能的实现方式中,可通过多类属性信息中各类属性信息中的各个属性信息的安全值基于预先设定的多元分级规则确定目标IP核的安全级别。其中,多元分级规则用于将目标IP核的安全级别划分为多个安全级别。In another possible implementation manner, the security level of the target IP core may be determined based on a preset multi-level classification rule through the security value of each attribute information in the various types of attribute information in the multi-type attribute information. Among them, the multi-level classification rule is used to divide the security level of the target IP core into multiple security levels.
同样以多类属性信息包括第一类属性信息(特别重要属性信息)、第二类属性信息(重要属性信息)和第三类属性信息(一般属性信息)为例,说明通过多类属性信息中各类属性信息中的各个属性信息的安全值基于预先设定的第二安全分级规则确定目标IP核的安全级别的具体实现过程:Similarly, taking the multi-type attribute information including the first type of attribute information (especially important attribute information), the second type of attribute information (important attribute information) and the third type of attribute information (general attribute information) as an example, the The specific implementation process of determining the security level of the target IP core based on the security value of each attribute information in the various types of attribute information is based on the preset second security classification rule:
当第一类属性信息中的至少一个属性信息的安全值为第一安全值时,确定目标IP核的安全级别为指示目标IP核为高度不安全IP核的级别;When the security value of at least one attribute information in the first type of attribute information is the first security value, determine that the security level of the target IP core is a level indicating that the target IP core is a highly unsafe IP core;
当第一类属性信息中的各个属性信息的安全值均不是第一安全值,且第一类属性信息中的至少两个属性信息的安全值均为第二安全值时,确定目标IP核的安全级别为指示目标IP核为较不安全IP核级别;When the security value of each attribute information in the first type of attribute information is not the first security value, and the security values of at least two attribute information in the first type of attribute information are both the second security value, determine the security value of the target IP core The security level indicates that the target IP core is a less secure IP core level;
当第一类属性信息中的各个属性信息的安全值均不是第一安全值,且第一类属性信息中只有一个属性信息的安全值均为第二安全值时,或者,当第一类属性信息中的各个属性信息的安全值均不是第一安全值也不是第二安全值,且所述第二类属性信息中有至少一个属性信息的安全值为第一安全值或第二安全值时,确定目标IP核的安全级别为指示目标IP核为可能不安全IP核的级别;When the security value of each attribute information in the first type of attribute information is not the first security value, and the security value of only one attribute information in the first type of attribute information is the second security value, or, when the first type of attribute information When the security value of each attribute information in the information is neither the first security value nor the second security value, and the security value of at least one attribute information in the second type of attribute information is the first security value or the second security value , determine the security level of the target IP core as a level indicating that the target IP core is a possibly unsafe IP core;
当第一属性信息和第二类属性信息中各个属性信息的安全值均不是第一安全值,也均不是第二安全值,且第一属性信息、第二类属性信息和第三属性信息中有不多于两个属性信息的安全值为第三预设值时,确定目标IP核的安全级别为指示目标IP核为可能安全IP核的级别;When the security value of each attribute information in the first attribute information and the second type of attribute information is neither the first security value nor the second security value, and the first attribute information, the second type of attribute information and the third attribute information When there are no more than two security values of the attribute information, the security level of the target IP core is determined to be a level indicating that the target IP core is a possible security IP core when the security value is the third preset value;
当第一属性信息、第二属性信息和第三属性信息中各个属性信息的安全值均不是第一安全值、且均不为第二安全值、也均不为第三预设值时,确定目标IP核的安全级别为指示目标IP核为安全IP核的级别。When the security values of each of the first attribute information, the second attribute information, and the third attribute information are neither the first security value nor the second security value nor the third preset value, determine The security level of the target IP core is a level indicating that the target IP core is a secure IP core.
其中,属性信息的安全值为第一安全值表明属性信息为安全性最差的属性信息,属性信息为第二安全值表明属性信息为安全性次差的属性信息,属性信息为第三全值表明属性信息为安全性第三差的属性信息。The security value of the attribute information is the first security value indicating that the attribute information is the attribute information with the worst security, the attribute information is the second security value indicating that the attribute information is the attribute information with the second worst security, and the attribute information is the third full value Indicates that the attribute information is the attribute information with the third worst security.
示例性的,目标IP核为安全IP核的级别分为五级,分别为一级、二级、三级、四级和五级,一级表示目标IP核为高度不安全IP核,二级表示目标IP核为较不安全IP核,三级表示目标IP核为可能不安全IP核,四级表示目标IP核为可能安全IP核,五级表明目标IP核为安全IP核,即目标IP核的安全级别越高表明目标IP核越安全,反之,目标IP核的安全级别越低表明目标IP核越不安全。Exemplarily, the level of the target IP core being a secure IP core is divided into five levels, namely level one, level two, level three, level four and level five, where level one indicates that the target IP core is a highly unsafe IP core, level two Indicates that the target IP core is a less secure IP core, the third level indicates that the target IP core is a possibly unsafe IP core, the fourth level indicates that the target IP core is a possibly secure IP core, and the fifth level indicates that the target IP core is a secure IP core, that is, the target IP The higher the security level of the core, the more secure the target IP core is. On the contrary, the lower the security level of the target IP core is, the less secure the target IP core is.
设定第一安全值为E,第二安全值为D,第三预设值为C:Set the first safety value to E, the second safety value to D, and the third default value to C:
如果第一类属性信息(特别重要属性信息)中的至少一个属性信息的安全值为E,则可确定目标IP核的安全级别为一级,即目标IP核为高度不安全IP核。If the security value of at least one attribute information in the first type of attribute information (especially important attribute information) is E, it can be determined that the security level of the target IP core is Level 1, that is, the target IP core is a highly insecure IP core.
如果第一类属性信息(特别重要属性信息)中各个属性信息的安全值均不为E,且有至少两个属性信息的安全值为D,则可确定目标IP核的安全级别为二级,即目标IP核为较不安全IP核。If the security value of each attribute information in the first type of attribute information (especially important attribute information) is not E, and the security value of at least two attribute information is D, it can be determined that the security level of the target IP core is Level 2, That is, the target IP core is a less secure IP core.
如果第一类属性信息(特别重要属性信息)中各个属性信息的安全值均不为E,且只有一个属性信息的安全值为D,则可确定目标IP核的安全级别为三级,即目标IP核为可能不安全IP核。If the security value of each attribute information in the first type of attribute information (especially important attribute information) is not E, and only one attribute information has a security value of D, it can be determined that the security level of the target IP core is level 3, that is, the target IP core has a security level of three. The IP core is a possibly unsafe IP core.
如果第一类属性信息(特别重要属性信息)和第二类属性信息(重要信息)中各个属性信息的安全值均不为E,也均不为D,并且,第一类属性信息(特别重要属性信息)、第二类属性信息(重要属性信息)和第三类属性信息(一般属性信息)中有不多于两个的属性信息的安全值为C,则可确定目标IP核的安全级别为四级,即目标IP核为可能安全IP核。If the security value of each attribute information in the first type of attribute information (especially important attribute information) and the second type of attribute information (important information) is neither E nor D, and the first type of attribute information (especially important information) attribute information), the second type of attribute information (important attribute information) and the third type of attribute information (general attribute information), the security value of no more than two attribute information is C, then the security level of the target IP core can be determined It is the fourth level, that is, the target IP core is a possibly safe IP core.
如果第一类属性信息(特别重要属性信息)、第二类属性信息(重要属性信息)和第三类属性信息(一般属性信息)中各个属性信息的安全值均不为E,不为D,也均不为C,则目标IP核的级别为五级,即目标IP核为安全IP核。If the security value of each attribute information in the first type of attribute information (especially important attribute information), the second type of attribute information (important attribute information) and the third type of attribute information (general attribute information) is not E, not D, If neither is C, the level of the target IP core is level five, that is, the target IP core is a security IP core.
下面以三个具体的IP核为例对本发明实施例提供的确定IP核安全级别的方法进行说明:The method for determining the security level of an IP core provided by the embodiment of the present invention is described below by taking three specific IP cores as examples:
1、DW_apb_uart1. DW_apb_uart
DW_apb_uart这一IP核的各个属性信息及其对应的安全值如下表所示:The attribute information of the IP core DW_apb_uart and its corresponding security value are shown in the following table:
上表中IP核各类属性信息的安全值情况为:特别重要属性信息的安全值为A、B、C,重要属性信息的安全值A、B、B、C、B,一般属性信息的安全值为B、B、B、B、B,由于特别重要属性信息和第二类属性信息的安全值中均不为E,也不为D,且所有属性信息的安全值中不多于两个C,则可确定该IP核的安全级别为4级,该IP核为可能安全IP核。The security values of various types of attribute information of the IP core in the above table are: the security values of particularly important attribute information are A, B, and C, the security values of important attribute information are A, B, B, C, and B, and the security values of general attribute information are: The value is B, B, B, B, B, because the security values of the particularly important attribute information and the second type of attribute information are neither E nor D, and the security values of all attribute information are not more than two. C, it can be determined that the security level of the IP core is level 4, and the IP core is a possible security IP core.
2、128-AES AMBA slave IP核2. 128-AES AMBA slave IP core
128-AES AMBA slave这一IP核的各个属性信息及其对应的安全值如下表所示:The attribute information of the IP core 128-AES AMBA slave and its corresponding security value are shown in the following table:
上表中IP核各类属性信息的安全值情况为:特别重要属性信息的安全值为A、A、E,重要属性信息的安全值B、C、B、E、B,一般属性信息的安全值为B、B、B、B、B,由于特别重要属性信息中有一个属性信息的安全值为E,因此可确定该IP核的安全级别为1级,该IP核为高度不安全IP核。The security values of various types of attribute information of the IP core in the above table are as follows: the security values of particularly important attribute information are A, A, and E, the security values of important attribute information are B, C, B, E, and B, and the security values of general attribute information are: The values are B, B, B, B, B. Since the security value of one attribute information in the particularly important attribute information is E, it can be determined that the security level of the IP core is level 1, and the IP core is a highly unsafe IP core. .
3、USB2.0IP3. USB2.0IP
USB2.0IP的各个属性信息及其对应的安全值如下表所示:The attribute information of USB2.0IP and its corresponding security value are shown in the following table:
上表中IP核各类属性信息的安全值情况为:特别重要属性信息的安全值分别为D、D、C,重要属性信息的安全值分别为C、C、B、D、B,一般属性信息的安全值分别为C、C、B、C、C,由于特别重要属性信息和重要属性信息中各个属性信息的安全值均不为E,并且,特别重要属性信息中有两个属性信息的安全值为均为D,则可确定该IP核的安全级别为二级,即该IP核为较不安全IP核。The security values of various attribute information of IP cores in the above table are as follows: the security values of particularly important attribute information are D, D, and C respectively; the security values of important attribute information are C, C, B, D, and B, respectively; The security values of the information are C, C, B, C, and C respectively. Because the security values of the particularly important attribute information and each attribute information in the important attribute information are not E, and there are two attribute information in the especially important attribute information. If the security values are all D, it can be determined that the security level of the IP core is Level 2, that is, the IP core is a less secure IP core.
与上述方法相对应,本发明实施例还提供了一种确定IP核安全级别的装置,请参阅图2,示出了该装置的结构示意图,该装置可以包括:属性信息获取模块201、安全值确定模块202和安全级别确定模块203。其中:Corresponding to the above method, an embodiment of the present invention also provides an apparatus for determining the security level of an IP core. Please refer to FIG. 2, which shows a schematic structural diagram of the apparatus. The apparatus may include: an attribute
属性信息获取模块201,用于获取目标IP核的目标属性信息。The attribute
其中,目标属性信息包括多类属性信息,多类属性信息按对目标IP核安全性的影响程度高低划分,多类属性信息中各类属性信息对目标IP核安全性的影响程度不同。Among them, the target attribute information includes multiple types of attribute information, and the multiple types of attribute information are divided according to the degree of influence on the security of the target IP core, and each type of attribute information in the multiple types of attribute information has different degrees of influence on the security of the target IP core.
安全值确定模块202,用于基于预先设定的IP核的属性信息与安全值的对应关系确定与属性信息获取模块201获取的目标属性信息的安全值。The security
安全级别确定模块203,用于利用安全值确定模块202确定的目标属性信息的安全值,基于预先设定的安全分级规则确定目标IP核的安全级别。The security
本发明提供的确定IP核安全级别的装置,首先通过属性信息获取模块获取目标IP核的目标属性信息,然后由安全值确定模块基于预先设定的IP核的属性信息与安全值的对应关系确定与目标属性信息的安全值,最后由安全级别确定模块利用目标属性信息的安全值,基于预先设定的安全分级规则确定所述目标IP核的安全级别。本发明实施例提供的确定IP核安全级别的装置可对IP核的安全性进行评估,通过对IP核的安全评估,能提高具有IP核的信息计算系统的安全性和可靠性。The device for determining the security level of an IP core provided by the present invention first obtains the target attribute information of the target IP core through the attribute information acquisition module, and then determines the corresponding relationship between the attribute information of the IP core and the security value by the security value determination module based on the preset With the security value of the target attribute information, finally, the security level determination module uses the security value of the target attribute information to determine the security level of the target IP core based on a preset security classification rule. The device for determining the security level of the IP core provided by the embodiment of the present invention can evaluate the security of the IP core, and through the security evaluation of the IP core, the security and reliability of the information computing system with the IP core can be improved.
上述实施例提供的确定IP核安全级别的装置中,安全级别确定模块可以包括:第一确定模块或者第二确定模块。In the apparatus for determining the security level of an IP core provided in the above embodiment, the security level determining module may include: a first determining module or a second determining module.
第一确定模块,用于通过多类属性信息中的第一类属性信息中各个属性信息的安全值,基于预先设定的二元分级规则确定目标IP核的安全级别。其中,二元分级规则用于将目标IP核的安全级别划分为两个安全级别。The first determination module is configured to determine the security level of the target IP core based on a preset binary classification rule by using the security value of each attribute information in the first type of attribute information in the multi-type attribute information. The binary classification rule is used to divide the security level of the target IP core into two security levels.
其中,第一类属性信息为多类属性信息中对目标IP核安全性的影响程度最高的属性信息。Among them, the first type of attribute information is the attribute information with the highest degree of influence on the security of the target IP core among the multiple types of attribute information.
第二确定模块,用于通过多类属性信息中各类属性信息中的各个属性信息的安全值基于预先设定的多元分级规则确定目标IP核的安全级别。其中,多元分级规则用于将目标IP核的安全级别划分为多个安全级别,多个安全级别多于两个安全级别。The second determination module is configured to determine the security level of the target IP core based on a preset multi-level classification rule by using the security value of each attribute information in the various types of attribute information in the multi-type attribute information. The multi-level classification rule is used to divide the security level of the target IP core into multiple security levels, and the multiple security levels are more than two security levels.
进一步的,第一确定模块包括:判断子模块和确定子模块。其中:Further, the first determination module includes: a determination submodule and a determination submodule. in:
判断子模块,用于判断第一类属性信息中是否有至少一个属性信息的安全值为第一安全值,并且有至少一个属性信息的安全值为第二安全值。A judging submodule is used for judging whether there is at least one attribute information whose security value is the first security value, and at least one attribute information whose security value is the second security value in the first type of attribute information.
确定子模块,用于当判断子模块判断出第一类属性信息中有至少一个属性信息的安全值为第一安全值,并且有至少一个属性信息的安全值为第二安全值时,确定目标IP核的级别为指示目标核为不安全IP核的级别,否则确定目标IP核的级别为指示目标IP核为安全IP核的级别。其中,第一属性信息存在至少一个安全值为第一安全值的属性信息和至少一个安全值为第二安全值的属性信息表明第一类属性信息中存在至少一个安全性最差的属性信息和至少一个安全性次差的属性信息。The determination submodule is used to determine the target when the determination submodule determines that the safety value of at least one attribute information in the first type of attribute information is the first safety value, and the safety value of at least one attribute information is the second safety value. The level of the IP core is the level indicating that the target core is an unsafe IP core, otherwise the level of the target IP core is determined to be the level indicating that the target IP core is a secure IP core. Wherein, the first attribute information has at least one attribute information whose security value is the first security value and at least one attribute information whose security value is the second security value, indicating that there is at least one attribute information with the worst security in the first type of attribute information and At least one attribute information with the next worst security.
在一种可能的实现方式中,多类属性信息可以包括:第一类属性信息、第二类属性信息和第三类属性信息,第一类属性信息对目标IP核安全性的影响程度高于第二类属性信息,第二类属性信息对目标IP核安全性的影响程度高于第三类属性信息。In a possible implementation manner, the multiple types of attribute information may include: the first type of attribute information, the second type of attribute information and the third type of attribute information, and the first type of attribute information has a higher impact on the security of the target IP core than The second type of attribute information, the degree of influence of the second type of attribute information on the security of the target IP core is higher than that of the third type of attribute information.
则第二确定模块可以包括第一确定子模块、第二确定子模块、第三确定子模块和第四确定子模块。其中:Then the second determination module may include a first determination sub-module, a second determination sub-module, a third determination sub-module and a fourth determination sub-module. in:
第一确定子模块,用于当所述第一类属性信息中的至少一个属性信息的安全值为第一安全值时,确定所述目标IP核的安全级别为第一级别。The first determining submodule is configured to determine that the security level of the target IP core is the first level when the security value of at least one property information in the first type of property information is the first security value.
第二确定子模块,用于当第一类属性信息中的各个属性信息的安全值均不是所述第一安全值,且第一类属性信息中的至少两个属性信息的安全值均为第二安全值时,确定目标IP核的安全级别为第二级别。The second determination submodule is used when the security values of each attribute information in the first type of attribute information are not the first security value, and the security values of at least two attribute information in the first type of attribute information are the first security value. When the security value is two, the security level of the target IP core is determined to be the second level.
第三确定子模块,用于当第一类属性信息中的各个属性信息的安全值均不是第一安全值,且第一类属性信息中只有一个属性信息的安全值为第二安全值时,或者,当第一类属性信息中的各个属性信息的安全值均不是第一安全值也不是第二安全值,且第二类属性信息中有至少一个属性信息的安全值为第一安全值或第二安全值时,确定目标IP核的安全级别为第三级别。The third determination submodule is used for when the security value of each attribute information in the first type of attribute information is not the first security value, and the security value of only one attribute information in the first type of attribute information is the second security value, Or, when the security value of each attribute information in the first type of attribute information is neither the first security value nor the second security value, and the security value of at least one attribute information in the second type of attribute information is the first security value or When the second security value is used, the security level of the target IP core is determined to be the third level.
第四确定子模块,用于当第一类属性信息和第二类属性信息中的各个属性信息的安全值均不是第一安全值,也均不是第二安全值,且第一属性信息、第二类属性信息和第三属性信息中有不多于两个的属性信息的安全值为第三预设值时,确定目标IP核的安全级别为第四级别;The fourth determination submodule is used when the security values of each attribute information in the first type of attribute information and the second type of attribute information are neither the first security value nor the second security value, and the first attribute information, the first When the security value of no more than two attribute information in the second-class attribute information and the third attribute information has the third preset value, determine that the security level of the target IP core is the fourth level;
第五确定子模块,用于当第一属性信息、第二属性信息和第三属性信息中各个属性信息的安全值均不是第一安全值、均不是第二安全值、也均不是第三预设值时,确定目标IP核的安全级别为第五级别。The fifth determination sub-module is used for when the security values of each attribute information in the first attribute information, the second attribute information and the third attribute information are neither the first security value, nor the second security value, nor the third predetermined value. When setting the value, it is determined that the security level of the target IP core is the fifth level.
其中,第五级别指示目标IP核的安全性最高,第四级别、第三级别、第二级别和第一级别所指示的安全性逐渐降低。Among them, the fifth level indicates that the security of the target IP core is the highest, and the security indicated by the fourth level, the third level, the second level and the first level gradually decreases.
其中,第一类属性信息可以包括目标IP核的获得渠道、目标IP核的提供者安全级别和目标IP核的应用领域,第二类属性信息包括目标IP核与标准的符合度、目标IP核的交付项、目标IP核的功能信息和目标IP核的工作模式,第三类属性信息为目标IP核的目标属性信息中除第二类属性信息和第三类属性信息之外的属性信息。The first type of attribute information may include the acquisition channel of the target IP core, the security level of the provider of the target IP core, and the application field of the target IP core, and the second type of attribute information includes the degree of compliance of the target IP core with the standard, the target IP core The delivery item, the function information of the target IP core and the working mode of the target IP core, the third type of attribute information is the attribute information except the second type of attribute information and the third type of attribute information in the target attribute information of the target IP core.
本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments can be referred to each other.
在本申请所提供的几个实施例中,应该理解到,所揭露的方法、装置和设备,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些通信接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed method, apparatus and device may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some communication interfaces, indirect coupling or communication connection of devices or units, which may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment. In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .
对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其它实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments enables any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (4)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610446930.9A CN107526969B (en) | 2016-06-20 | 2016-06-20 | Method and device for determining IP (Internet protocol) core security level |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610446930.9A CN107526969B (en) | 2016-06-20 | 2016-06-20 | Method and device for determining IP (Internet protocol) core security level |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107526969A CN107526969A (en) | 2017-12-29 |
| CN107526969B true CN107526969B (en) | 2020-11-03 |
Family
ID=60734648
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610446930.9A Active CN107526969B (en) | 2016-06-20 | 2016-06-20 | Method and device for determining IP (Internet protocol) core security level |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107526969B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110069374A (en) * | 2019-04-28 | 2019-07-30 | 中国科学院微电子研究所 | A kind of method for testing security and device |
| CN111880768B (en) * | 2020-07-23 | 2023-07-14 | 北京计算机技术及应用研究所 | IP core code level security requirement description method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101763453B (en) * | 2010-01-22 | 2011-11-23 | 工业和信息化部软件与集成电路促进中心 | Standardized IP core evaluating method and system |
| US8972995B2 (en) * | 2010-08-06 | 2015-03-03 | Sonics, Inc. | Apparatus and methods to concurrently perform per-thread as well as per-tag memory access scheduling within a thread and across two or more threads |
| CN102110220B (en) * | 2011-02-14 | 2013-01-23 | 宇龙计算机通信科技(深圳)有限公司 | Application program monitoring method and device |
| CN103117853B (en) * | 2011-11-16 | 2016-05-18 | 航天信息股份有限公司 | A kind of safe storage device account input and authentication method |
| CN104767876A (en) * | 2015-03-03 | 2015-07-08 | 中国联合网络通信集团有限公司 | Software-based security processing method and user terminal |
-
2016
- 2016-06-20 CN CN201610446930.9A patent/CN107526969B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107526969A (en) | 2017-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11531773B2 (en) | Verification of bitstreams | |
| Basak et al. | A flexible architecture for systematic implementation of SoC security policies | |
| Hu et al. | Towards property driven hardware security | |
| US8838430B1 (en) | Detection of memory access violation in simulations | |
| CN105745663A (en) | Protection system including machine learning snapshot evaluation | |
| US10140403B2 (en) | Managing model checks of sequential designs | |
| Fern et al. | Detecting hardware trojans in unspecified functionality through solving satisfiability problems | |
| CN102073823A (en) | Defect analysis based software creditability evaluating method | |
| He et al. | SoC interconnection protection through formal verification | |
| Kellogg et al. | Continuous compliance | |
| KR20190121844A (en) | Robust Quantification by Analyzing Attribute Graph Data Model | |
| Wang et al. | ASAX: Automatic security assertion extraction for detecting Hardware Trojans | |
| CN107526969B (en) | Method and device for determining IP (Internet protocol) core security level | |
| Wang et al. | Security-aware task scheduling using untrusted components in high-level synthesis | |
| US6654935B2 (en) | IP validation method and IP verified by the IP validation method | |
| Meza et al. | Safety verification of third-party hardware modules via information flow tracking | |
| Paria et al. | DiSPEL: A framework for SoC security policy synthesis and distributed enforcement | |
| US7870594B2 (en) | Applying compliance standards to a computer within a grouping hierarchy | |
| CN114154161A (en) | To-be-audited contract auditing method and device, computer equipment and storage medium | |
| Weaver et al. | Golden Reference Library Matching of Structural Checking for securing soft IPs | |
| CN115062313A (en) | Intelligent contract vulnerability detection method, device, equipment and storage medium | |
| CN109947403A (en) | A Decomposition and Modeling Method of Security Target and Related Equipment | |
| Nath et al. | Toward Automated Potential Primary Asset Identification in Verilog Designs | |
| US10546083B1 (en) | System, method, and computer program product for improving coverage accuracy in formal verification | |
| Paria et al. | DiSPEL: Distributed Security Policy Enforcement for Bus-based SoC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |