CN112818327A - TrustZone-based user-level code and data security credibility protection method and device - Google Patents
TrustZone-based user-level code and data security credibility protection method and device Download PDFInfo
- Publication number
- CN112818327A CN112818327A CN202110217365.XA CN202110217365A CN112818327A CN 112818327 A CN112818327 A CN 112818327A CN 202110217365 A CN202110217365 A CN 202110217365A CN 112818327 A CN112818327 A CN 112818327A
- Authority
- CN
- China
- Prior art keywords
- secure
- code
- user
- application program
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种基于TrustZone的用户级代码和数据安全可信保护方法及装置,本发明将关键代码通过加密存储在受保护的内存区域内,只有用户可以加载和访问属于自己的关键代码和数据,其它包括特权软件在内的程序都无法访问用户的关键代码。同时,利用TrustZone实现非安全态用户和安全态用户代码的相互调用,非安全态用户调用安全态用户代码实现安全存储和加密等安全操作,安全态用户调用非安全态用户代码完成中断、系统调用等非安全操作,将每个操作区分开来,解决了操作系统等特权软件不可信、非安全代码对安全态的威胁等问题。
The invention discloses a TrustZone-based user-level code and data security trusted protection method and device. The invention stores key codes in a protected memory area through encryption, and only users can load and access their own key codes and data. data, and other programs, including privileged software, cannot access the user's critical code. At the same time, TrustZone is used to implement mutual calls between non-secure users and secure user codes, non-secure users invoke secure user codes to implement secure operations such as secure storage and encryption, and secure users invoke non-secure user codes to complete interrupts and system calls. It separates each operation and solves the problems of untrustworthy privileged software such as the operating system, and the threat of non-secure code to the security state.
Description
Technical Field
The invention relates to the field of computer operating systems, in particular to a TrustZone-based user-level code and data security credibility protection method and device, which are used for realizing the security isolation of user-level codes and data and the mutual calling of non-security-state user codes and security-state user codes based on TrustZone.
Background
TrustZone is a technology which is provided by ARM for improving the system security and is supported by software and hardware together. In terms of hardware, TrustZone adds an extra control signal bit, called as NS (Non-Secure) bit, to the read/write of each channel on the system bus, and can divide resources such as memory into a Secure state and a Non-Secure state through the NS bit. The non-secure state can only access the system resources in the non-secure state, while the secure state can access all resources. TrustZone realizes the safety isolation of resources such as memory, IO and the like through bus control and auxiliary controllers such as TZASC, TZMA, TZPC and the like. After TrustZone is enabled, the physical processor can switch between two security modalities, defined as normal world (running the host OS) and secure world (running the TEE OS), respectively. Software and hardware environments that operate in a secure state and an unsecure state are referred to as a tee (trusted Execution environment) environment and a ree (rich Execution environment) environment, respectively. The TEE and the REE are safely isolated through a monitoring mode, and the system calls (smc) instructions through the safety monitoring mode to realize the switching between a safe state and a non-safe state. In software, the secure resources of TrustZone are scheduled and allocated by a trusted operating system (TEE _ OS), the TEE _ OS operates in a TEE environment, when a request is sent out in a non-secure state, the request is sent to the TEE _ OS through a secure monitoring mode call, and the TEE _ OS sends the request to a corresponding secure application program for response execution.
To ensure that the TEE _ OS is Trusted, the TrustZone boot process adopts a Trusted chain concept, ARM provides Trusted Firmware (ATF), and the ATF source code is divided into bl1, bl2, bl31, bl32, bl33 parts, where bl32 and bl33 are used to load the mirror images on the TEE and REE sides, respectively. The trusted source point of the whole TrustZone is a CPU, the trusted base is Root of TrustPublic Key (ROTPK), and the trusted source point is burned in a module (a trusted Root Key storage register) which can only be written once in the CPU. In the starting process of TrustZone, before loading the mirror image of the next stage, the electronic signature verification is needed to be carried out on the loaded mirror image file, and only after the signature verification is passed, the corresponding mirror image is loaded into a memory, and then the system can be operated in the next step. In the whole trusted chain, as long as one step is wrong, the system can be hung up. The credibility and integrity of the TEE _ OS are ensured through the idea of a credible chain.
Fig. 1 shows a complete running mechanism of TrustZone, applications implemented by TrustZone technology are divided into a secure application (TA) and a non-secure application (CA), where the CA runs in an REE environment and executes non-secure operations, and the TA runs in a TEE environment and executes secure operations. The CA initiates system call through a specific API interface, the linux drive receives the request, the kernel-mode TEE _ OS is switched to through the SMC to perform thread processing, the TA mirror image is loaded by the TEE _ OS, meanwhile, data resources required by the running of the TA are loaded, and the TA responds to the request of the CA to perform related safety operation. In the whole process, the TEE _ OS is completely trusted for the user, and any sensitive and confidential operation can be handed to the TEE _ OS to be completed.
After the TrustZone is started, the TEE _ OS serves as a trusted system to manage and schedule all security resources. For a user, the key codes and the private data are placed on the TEE side, so that non-secure access can be isolated, and the safety of the codes and the data is guaranteed. However, the state of the TEE _ OS changes dynamically during the running process, the starting based on the trusted chain is a static measure for the TEE _ OS, and various attack means such as side channel attack, buffer overflow attack, phishing attack and the like are developed in the prior art. Once these attack methods are successful, the highest authority of the system can be obtained, and for the user, if the TEE _ OS is compromised, the code and data stored in the TEE side will be at risk of being stolen.
To solve the credibility problem, Intel proposed SGX technology (Intel Software Guard Extensions). Based on the original Intel platform, the SGX technology adds hardware components such as epc (include cache) and epcm (include cache map), where an include is a segment of protected area in an application address space. The SGX technology is designed to divide a segment of protected memory PRM (processor Reserved memory) into memory, where the PRM is used to store the contents of EPC and EPCM, and the relationship between PRM, EPC and EPCM is shown in fig. 2. The EPC consists of several pages of size 4KB, storing private data of applications and code of security operations, and the EPCM is designed to record the correspondence of EPC and enclave.
The SGX technique divides an application into two parts: a secure application part and a non-secure application part. Each application creates an enclave on the PRM when running, the enclave is used for storing codes and private data of a security application part program, the data stored in the enclave can only be accessed and called by internal functions of the enclave, and other privileges or malicious software cannot access the enclave. The non-secure application program and the secure application program can be mutually called through a uniform calling interface to complete different functions. Enclaves created by different applications are isolated from each other, and even if an operating system is attacked, the SGX can still ensure the integrity and the credibility of user codes and data.
The SGX and TrustZone technologies differ in that: first, the TrustZone design is intended to provide a large security isolation environment for protecting system data; the purpose of SGX design is to provide a secure execution environment for applications that protect user data. Second, TrustZone is implemented based on hardware and software, while SGX is implemented in full hardware. Thirdly, the TrustZone provides service by the CA initiating a request, and the TEE _ OS responding and replying to the request; the secure and non-secure portions of the SGX program may invoke each other.
The TrustZone provides resources of a TEE environment managed by the TEE _ OS, and for a user, the premise that private data and security applications of the user are handed over to the TEE _ OS for management and access is that the TEE _ OS must be trusted, although the TEE _ OS is loaded in a trusted chain mode, the loaded TEE _ OS is trusted, detection and measurement of the TEE _ OS are lacked in the running process, and if the TEE _ OS is attacked or even attacked, the private data and the security applications of the user are not safe any more.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides a TrustZone-based user-level code and data security and trust protection method and device. Meanwhile, mutual calling of the non-secure user and the secure user code is achieved by using the TrustZone, the non-secure user calls the secure user code to achieve secure operations such as secure storage and encryption, the secure user calls the non-secure user code to complete non-secure operations such as interruption and system calling, each operation is distinguished, and the problem that privileged software such as an operating system is not trusted is solved.
In order to solve the technical problems, the invention adopts the technical scheme that:
a TrustZone-based user-level code and data security trust protection method comprises the steps that a security application program code located in a security operating system calls a non-security application program code located in a general operating system:
A1) the security application program code calls a special system calling interface to initiate a non-security operation calling request to the monitor through a driver in the security operating system;
A2) the monitor calls the non-secure operation calling request to a general operating system entering a kernel state by using a secure monitoring mode;
A3) and the general operating system in the kernel state loads a target non-secure application program code corresponding to the non-secure operation calling request, the target non-secure application program code performs corresponding non-secure operation, and after corresponding work is completed, an operation result is returned to the secure application program code initiating the non-secure operation calling request through the monitor.
Optionally, the call interface function available to the dedicated system call interface in step a1) includes a return interface function return for passing data to the unsecure application code, an obtain key interface function getkey for obtaining a key from the secure application code, and an external call interface function outcall for calling a function encapsulated in the unsecure application code from the secure application code.
Optionally, before the driver in the secure operating system initiates the non-secure operation call request to the monitor in step a1), the method further includes the step of performing formal verification and security check on the dedicated system call interface call.
Optionally, when the dedicated system call interface is called in step a1), if the call command of the dedicated system call interface includes the transferred character string or array, and the call command includes the address declaration of the character string or array and the length of the transferred character string or array; the performing formal verification and security checks includes: reading the length of the character string or the array transmitted in the call command, judging whether the length of the character string or the array transmitted and the length declared in the transmission are different, if so, judging the value of abnormal transmission, ending and exiting; otherwise, a non-secure operation calling request is sent to the monitor through a driver in the secure operating system.
Optionally, after the target non-secure application code corresponding to the non-secure operation invocation request is loaded by the general operating system in the kernel state in step a3), starting a corresponding listening thread following the target non-secure application code, where the listening thread of each non-secure application code has an identifier corresponding to the non-secure application code, and the listening thread is used for listening to the non-secure operation invocation request from the secure application code; if the monitoring thread monitors the non-safety operation calling request from the safety application program code, the monitoring thread generates a new thread to execute the calling request, the new thread is destroyed immediately after finishing the corresponding task, the monitoring thread continues to monitor the task, and the monitoring thread is destroyed after the user program executes the quit.
Optionally, the method further comprises the step of calling the secure application code located in the secure operating system by the non-secure application code located in the general operating system:
B1) the non-secure application program code executes ioctl system call, and a secure operation call request is initiated to the monitor through a driver in the general operating system;
B2) the monitor calls the safe operation calling request to a safe operation system entering a kernel state by utilizing a safe monitoring mode;
B3) and the safe operating system in the kernel state loads a target safe application program code corresponding to the safe operation calling request, the target safe application program code carries out corresponding safe operation, and after corresponding work is finished, an operation result is returned to the non-safe application program code initiating the safe operation calling request through the monitor.
Optionally, before the secure application code located in the secure operating system calls the non-secure application code located in the general operating system, the method further includes the step of loading a user program:
C1) judging whether the user program to be loaded contains a declared safe application program code and a declared non-safe application program code, and if the user program to be loaded contains the safe application program code and the non-safe application program code, jumping to the next step;
C2) loading the non-safety application program codes in the user program into the general operating system, and loading the safety application program codes in the user program into the safety operating system.
Optionally, the step of writing the user program is included before the step of loading the user program, and the step of writing the user program includes:
D1) declaring a secure application code and a non-secure application code in a user program to be written;
D2) dividing the functional operation in the user program into a safe operation and an unsafe operation, wherein the safe operation refers to an operation related to user privacy data processing, and the unsafe operation refers to an operation not related to the privacy data processing;
D3) the secure operation is placed in the secure application code and the non-secure operation is placed in the non-secure application code.
In addition, the invention also provides a TrustZone-based user-level code and data security trust protection device, which comprises a microprocessor and a memory which are connected with each other, wherein the microprocessor is programmed or configured to execute the steps of the TrustZone-based user-level code and data security trust protection method, or the memory is stored with a computer program which is programmed or configured to execute the TrustZone-based user-level code and data security trust protection method.
Furthermore, the present invention also provides a computer readable storage medium having stored therein a computer program programmed or configured to execute the TrustZone-based user-level code and data security trust protection method.
Compared with the prior art, the invention has the following advantages:
1. the key codes are stored in the protected memory area through encryption, only the user can load and access the key codes and data belonging to the user, and other programs including privileged software cannot access the key codes of the user. The invention reduces the trust source point, the trust source point of the invention is the user mode application program with low privilege level, each application program is divided into two parts: secure application code and non-secure application code. The operating system has access to the code and data of the non-secure application code, but not to the secure application code, which is accessible and usable only by internal functions, and for each application it is trusted to deposit private data and code in the secure application portion.
2. The invention realizes the mutual calling of the non-secure user and the secure user code by using TrustZone, the non-secure user calls the secure user code to realize the secure operations such as secure storage and encryption, the secure user calls the non-secure user code to complete the non-secure operations such as interruption and system calling, and each operation is distinguished, thereby solving the problem that privileged software such as an operating system is not credible, solving the problem of interaction between a secure application program and the unsecure operating system, and carrying out strict formal verification on an interface to ensure the security of the interface.
Drawings
Fig. 1 is a schematic diagram of a complete operation mechanism of TrustZone in the prior art.
FIG. 2 is a diagram illustrating the relationship between PRM, EPC and EPCM in the prior art.
Fig. 3 is a schematic diagram of an operation mechanism in the embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a system according to an embodiment of the present invention.
Detailed Description
As shown in fig. 3 and fig. 4, the TrustZone-based user-level code and data security trust protection method of this embodiment includes the steps that a secure application code located in a secure operating system calls a non-secure application code located in a general operating system:
A1) the security application program code calls a special system calling interface to initiate a non-security operation calling request to the monitor through a driver in the security operating system;
A2) the monitor calls the non-secure operation calling request to a general operating system entering a kernel state by using a secure monitoring mode;
A3) and the general operating system in the kernel state loads a target non-secure application program code corresponding to the non-secure operation calling request, the target non-secure application program code performs corresponding non-secure operation, and after corresponding work is completed, an operation result is returned to the secure application program code initiating the non-secure operation calling request through the monitor.
As shown in fig. 3 and fig. 4, in this embodiment, the ARM platform having TrustZone support runs a secure operating system (TEE _ OS for short) on a TEE (Trusted Execution Environment) side and provides secure application support, and runs a general operating system (linux in this embodiment) on a REE (Rich Execution Environment) side. The method of the embodiment divides the program of the user into two parts: the method comprises the steps that a safe application program code and a non-safe application program code which do not relate to privacy data processing are arranged on an REE side, a safe application program code which relates to user privacy data is arranged on a TEE side, and the safety of key codes and the privacy data is guaranteed by utilizing the safety isolation environment of TrustZone, so that safe and credible services are provided for user-level codes and data on a computing platform with TEE extension, and mutual calling of the non-safe user code and the safe user code is achieved.
The present embodiment includes a simplified legacy system architecture that allows only a dedicated system call interface to be reserved. In this embodiment, the call interface function available for the dedicated system call interface in step a1) includes a return interface function return, an obtain key interface function getkey, and an external call interface function outcall, where the return interface function return is used to transfer data to the unsecure application program code, the obtain key function getkey is used for the secure application program code to obtain a key, and the external call interface function outcall is used for the secure application program code to call a function encapsulated in the unsecure application program code.
In this embodiment, before the driver in the secure operating system initiates the non-secure operation call request to the monitor in step a1), the method further includes the step of performing formal verification and security check on the dedicated system call interface call.
In this embodiment, when the dedicated system call interface is called in step a1), if the call command of the dedicated system call interface includes the transferred character string or array, and the call command includes the address declaration of the character string or array and the length of the transferred character string or array; the performing formal verification and security checks includes: reading the length of the character string or the array transmitted in the call command, judging whether the length of the character string or the array transmitted and the length declared in the transmission are different, if so, judging the value of abnormal transmission, ending and exiting; otherwise, a non-secure operation calling request is sent to the monitor through a driver in the secure operating system. Taking an outcall as an example, and an outcall as a TA calls an interface of a CA, in order to ensure the reliability of the call, the design first needs to consider the logicality of the interface, detect whether a system interface reaches an expected expectation by using a formal verification method, and at the same time, strictly check parameters transferred by the outcall. In this embodiment, for the transfer of a string or an array, the address of the string or the array needs to be declared, and the length of the string or the array needs to be used to prevent abnormal value transfer. The specific parameter checking implementation is expressed in pseudo code as follows:
in this example, taking a parameter as an example, the transferred parameter is checked, and if the parameter is found to be not in compliance with the specification, the parameter exception handling function is triggered to perform exception handling, and subsequent operations can be performed only after the parameter check is passed.
In this embodiment, after the general operating system in kernel state in step a3) loads the target non-secure application program code corresponding to the non-secure operation invocation request, the method further includes starting a corresponding listening thread following the target non-secure application program code, where the listening thread of each non-secure application program code has an identifier corresponding to the non-secure application program code, and the listening thread is used to listen to the non-secure operation invocation request from the secure application program code; if the monitoring thread monitors the non-safety operation calling request from the safety application program code, the monitoring thread generates a new thread to execute the calling request, the new thread is destroyed immediately after finishing the corresponding task, the monitoring thread continues to monitor the task, and the monitoring thread is destroyed after the user program executes the quit.
As shown in fig. 3 and fig. 4, this embodiment further includes a step of the non-secure application code located in the general operating system calling the secure application code located in the secure operating system:
B1) the non-secure application program code executes ioctl system call, and a secure operation call request is initiated to the monitor through a driver in the general operating system;
B2) the monitor calls the safe operation calling request to a safe operation system entering a kernel state by utilizing a safe monitoring mode;
B3) and the safe operating system in the kernel state loads a target safe application program code corresponding to the safe operation calling request, the target safe application program code carries out corresponding safe operation, and after corresponding work is finished, an operation result is returned to the non-safe application program code initiating the safe operation calling request through the monitor.
In this embodiment, before the secure application code located in the secure operating system calls the non-secure application code located in the general operating system, the method further includes the step of loading the user program:
C1) judging whether the user program to be loaded contains a declared safe application program code and a declared non-safe application program code, and if the user program to be loaded contains the safe application program code and the non-safe application program code, jumping to the next step;
C2) loading the non-safety application program codes in the user program into the general operating system, and loading the safety application program codes in the user program into the safety operating system.
In this embodiment, before loading the user program, the step of writing the user program is included, and the step of writing the user program includes:
D1) declaring a secure application code and a non-secure application code in a user program to be written;
D2) dividing the functional operation in the user program into a safe operation and an unsafe operation, wherein the safe operation refers to an operation related to user privacy data processing, and the unsafe operation refers to an operation not related to the privacy data processing;
D3) the secure operation is placed in the secure application code and the non-secure operation is placed in the non-secure application code.
In this embodiment, most of the operations of the TA do not require the participation of a secure operating system (TEE _ OS), so that the interaction between the TA and the TEE _ OS is reduced, the independence of TA operations is ensured, and the TA operations are not interfered by other privileged applications. Meanwhile, the number of reserved system calling interfaces is as small as possible, the more system calling interfaces are, and the greater the monitoring difficulty of the system calling interfaces is. When a system call is performed, the embodiment prevents the system call interface from being changed or other security problems by checking and formalizing the system call interface. And on the basis that the non-safety application program code calls the safety application program code, the function that the safety application program code calls the non-safety application program code is realized. The customized system calling has outstanding effect, on one hand, the customized system calling has strong pertinence, only the corresponding safety application program codes can be used, and the independence among the safety application program codes is ensured; on the other hand, the non-safety application program code is called by using the self-defined system calling interface, and the non-safety application program code is utilized to carry out system calling, so that the interaction between the safety application program code and the TEE _ OS is reduced. In the embodiment, the non-secure application program code calls the secure application program code to encrypt data, and the secure application program code calls the non-secure user code through the designed special interface outcall to print and output a ciphertext, so that the secure application program code can be prevented from directly carrying out system call on a printer to print, the interaction between the secure user code and privileged software is reduced, and the reliability of the system is improved.
As shown in fig. 3 and fig. 4, in this embodiment, when the secure application code provides an outcall non-secure application code called through a designed dedicated interface, the secure operating system first performs a formal check on the system call interface, and simultaneously performs a parameter check on a passed parameter, such as a character string or an array, and if the verification is passed, responds to the call of the secure application code, otherwise, rejects the call of the secure application code. And after the calling request is successful, the safe application program code completes the non-safe operation by utilizing the non-safe application program code, and after the operation is completed, the result is returned to the safe application program code. And adding a monitoring thread in the non-secure application program code, wherein the monitoring thread is used for monitoring a calling request from the secure application program code in the secure operating system, each secure application program code corresponds to a specific identifier, and the monitoring thread identifies the identifier of the secure application program code corresponding to the non-secure application program code to complete a request task specified by the secure application program code. In this embodiment, a security monitoring node is added to the non-secure application program code to monitor a call request of a secure application in the secure operating system, identifiers of the call requests are distinguished, each secure application program code corresponds to one call request identifier, different system calls are determined through different call request identifiers, and a specified request task is completed. In this example, a new device number is added to the non-secure application program code, the call request is monitored, the identifiers of the call requests are distinguished, each secure application program code corresponds to one call request identifier, and different system calls are determined through different call request identifiers. In this embodiment, a monitoring thread is started for a security monitoring node in a general operating system where a non-security application program code is located, when the non-security application program code starts to run, the monitoring thread also runs, a call request of the security application program code is read through the monitoring thread, once the call request is monitored, the monitoring thread generates a new thread to execute the call request, the new thread is destroyed after completing a corresponding task, the monitoring thread continues to monitor the task, and when a user program exits from execution, the monitoring thread is destroyed. In summary, the method of the present embodiment further divides the security isolation environment, divides the system level isolation into application level isolation, and stores the security application and data of the user in the respective application level isolation range, thereby preventing the private data from being stolen. Different application level isolations can not access each other, and simultaneously, a user can only call functions in the application level isolation range of the user, so that the safety of data is ensured. Original system calling of a safety isolation environment is cancelled, a uniform system calling interface is designed, and the function of mutual calling of a safety application program and a non-safety application program is realized. The non-safety application program calls the safety application program through a uniform system calling interface to carry out safety operation, so that the reliability of the operation is ensured; the safe application program calls the non-safe application program through the uniform system calling interface to carry out functions such as system calling and the like, the operation of the safe application program is all application level operation, the system calling operation is not directly carried out, when the system level calling is required, the non-safe application program is called through the uniform system calling interface to execute relevant operations, and the interaction between the safe application program and the operating system is avoided. The method comprises the steps of strictly performing formal verification and check on a designed system call interface, canceling original system call to avoid interaction of a security application program and an operating system, and performing formal verification on the designed system call interface to prevent the system call interface from being tampered, and a transferred function value or address from being replaced, so that the safety and reliability of system call are ensured. In the embodiment, the key codes are stored in the protected memory area by encryption, only the user can load and access the key codes and data belonging to the user, and other programs including privileged software cannot access the key codes of the user. Meanwhile, mutual calling of the non-secure user and the secure user code is achieved by using the TrustZone, the non-secure user calls the secure user code to achieve secure operations such as secure storage and encryption, the secure user calls the non-secure user code to complete non-secure operations such as interruption and system calling, each operation is distinguished, and the problem that privileged software such as an operating system is not trusted is solved.
In addition, the present embodiment also provides a TrustZone-based user-level code and data security trust protection apparatus, which includes a microprocessor and a memory, which are connected with each other, wherein the microprocessor is programmed or configured to execute the steps of the TrustZone-based user-level code and data security trust protection method, or the memory stores a computer program programmed or configured to execute the TrustZone-based user-level code and data security trust protection method.
Furthermore, the present embodiment also provides a computer readable storage medium, in which a computer program programmed or configured to execute the aforementioned TrustZone-based user-level code and data security trust protection method is stored.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-readable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The present application is directed to methods, apparatus (systems), and computer program products according to embodiments of the application wherein instructions, which execute via a flowchart and/or a processor of the computer program product, create means for implementing functions specified in the flowchart and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (10)
1. A TrustZone-based user-level code and data security trust protection method is characterized by comprising the steps that a secure application program code located in a secure operating system calls a non-secure application program code located in a general operating system:
A1) the security application program code calls a special system calling interface to initiate a non-security operation calling request to the monitor through a driver in the security operating system;
A2) the monitor calls the non-secure operation calling request to a general operating system entering a kernel state by using a secure monitoring mode;
A3) and the general operating system in the kernel state loads a target non-secure application program code corresponding to the non-secure operation calling request, the target non-secure application program code performs corresponding non-secure operation, and after corresponding work is completed, an operation result is returned to the secure application program code initiating the non-secure operation calling request through the monitor.
2. The TrustZone-based user-level code and data security trust protection method according to claim 1, wherein the calling interface functions available to the dedicated system call interface in step a1) include a return interface function return for passing data to the insecure application code, an obtain key interface function getkey for obtaining a key by the secure application code, and an external calling interface function outcall for calling a function encapsulated in the insecure application code.
3. The TrustZone-based user-level code and data security trust protection method according to claim 1, wherein before the driver in the secure operating system initiates the request for the non-secure operation call to the monitor in step a1), further comprising the step of performing formal verification and security check on the dedicated system call interface call.
4. The TrustZone-based user-level code and data security trust protection method according to claim 3, wherein when the dedicated system call interface is called in step a1), if the call command of the dedicated system call interface contains the passed string or array, and the call command contains the address declaration of the string or array and the length of the passed string or array; the performing formal verification and security checks includes: reading the length of the character string or the array transmitted in the call command, judging whether the length of the character string or the array transmitted and the length declared in the transmission are different, if so, judging the value of abnormal transmission, ending and exiting; otherwise, a non-secure operation calling request is sent to the monitor through a driver in the secure operating system.
5. The TrustZone-based user-level code and data security trust protection method according to claim 1, wherein after the kernel-state general operating system loads the target non-secure application code corresponding to the non-secure operation invocation request in step a3), further comprising starting a corresponding listening thread following the target non-secure application code, and each listening thread of the non-secure application code has an identifier corresponding to the non-secure application code, the listening thread is configured to listen to the non-secure operation invocation request from the secure application code; if the monitoring thread monitors the non-safety operation calling request from the safety application program code, the monitoring thread generates a new thread to execute the calling request, the new thread is destroyed immediately after finishing the corresponding task, the monitoring thread continues to monitor the task, and the monitoring thread is destroyed after the user program executes the quit.
6. The TrustZone-based method for securing user-level code and data security and trust according to claim 1, further comprising the step of non-secure application code located in the general purpose operating system calling secure application code located in the secure operating system:
B1) the non-secure application program code executes ioctl system call, and a secure operation call request is initiated to the monitor through a driver in the general operating system;
B2) the monitor calls the safe operation calling request to a safe operation system entering a kernel state by utilizing a safe monitoring mode;
B3) and the safe operating system in the kernel state loads a target safe application program code corresponding to the safe operation calling request, the target safe application program code carries out corresponding safe operation, and after corresponding work is finished, an operation result is returned to the non-safe application program code initiating the safe operation calling request through the monitor.
7. The TrustZone-based method for securing user-level code and data security and trust according to claim 1, wherein the step of loading the user program before the secure application code located in the secure operating system calls the non-secure application code located in the general operating system further comprises the steps of:
C1) judging whether the user program to be loaded contains a declared safe application program code and a declared non-safe application program code, and if the user program to be loaded contains the safe application program code and the non-safe application program code, jumping to the next step;
C2) loading the non-safety application program codes in the user program into the general operating system, and loading the safety application program codes in the user program into the safety operating system.
8. The TrustZone-based user-level code and data security and trust protection method according to claim 7, wherein the step of writing the user program is included before the step of loading the user program, and the step of writing the user program includes:
D1) declaring a secure application code and a non-secure application code in a user program to be written;
D2) dividing the functional operation in the user program into a safe operation and an unsafe operation, wherein the safe operation refers to an operation related to user privacy data processing, and the unsafe operation refers to an operation not related to the privacy data processing;
D3) the secure operation is placed in the secure application code and the non-secure operation is placed in the non-secure application code.
9. A TrustZone-based user-level code and data security trust protection apparatus comprising a microprocessor and a memory connected to each other, wherein the microprocessor is programmed or configured to perform the steps of the TrustZone-based user-level code and data security trust protection method according to any one of claims 1 to 8, or the memory has stored therein a computer program programmed or configured to perform the TrustZone-based user-level code and data security trust protection method according to any one of claims 1 to 8.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program programmed or configured to execute the TrustZone-based user-level code and data security trust protection method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110217365.XA CN112818327B (en) | 2021-02-26 | 2021-02-26 | TrustZone-based user-level code and data security and credibility protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110217365.XA CN112818327B (en) | 2021-02-26 | 2021-02-26 | TrustZone-based user-level code and data security and credibility protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112818327A true CN112818327A (en) | 2021-05-18 |
| CN112818327B CN112818327B (en) | 2024-10-01 |
Family
ID=75864064
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110217365.XA Active CN112818327B (en) | 2021-02-26 | 2021-02-26 | TrustZone-based user-level code and data security and credibility protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112818327B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113343234A (en) * | 2021-06-10 | 2021-09-03 | 支付宝(杭州)信息技术有限公司 | Method and device for carrying out credible check on code security |
| CN113486411A (en) * | 2021-07-19 | 2021-10-08 | 上海擎昆信息科技有限公司 | Security chip and design method and initialization method thereof |
| CN113868676A (en) * | 2021-08-30 | 2021-12-31 | 苏州浪潮智能科技有限公司 | Method and device for realizing trusted cryptographic module based on firmware on ARM platform |
| CN113946375A (en) * | 2021-10-19 | 2022-01-18 | 珠海全志科技股份有限公司 | Rapid and safe starting method and device of embedded system and electronic equipment |
| CN114091023A (en) * | 2021-11-23 | 2022-02-25 | 国汽智控(北京)科技有限公司 | Executable file checking method, device, equipment and storage medium |
| CN114491565A (en) * | 2022-03-31 | 2022-05-13 | 飞腾信息技术有限公司 | Firmware secure boot method and device, computing equipment and readable storage medium |
| CN117744067A (en) * | 2024-02-21 | 2024-03-22 | 北京象帝先计算技术有限公司 | Access space switching method, device, processor, equipment and storage medium |
| WO2024243786A1 (en) * | 2023-05-30 | 2024-12-05 | Huawei Technologies Co., Ltd. | Systems and methods for non-intrusive automatic trusted operator migration |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012106097A2 (en) * | 2011-02-04 | 2012-08-09 | Motorola Mobility, Inc. | Method and apparatus for managing security state transitions |
| US20140259101A1 (en) * | 2013-03-07 | 2014-09-11 | Qualcomm Incorporated | Apparatus and method for inheriting a non-secure thread context |
| CN105260663A (en) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | Secure storage service system and method based on TrustZone technology |
| US20180232540A1 (en) * | 2017-02-13 | 2018-08-16 | Samsung Electronics Co., Ltd. | Method and apparatus for operating multi-processor system in electronic device |
| CN109558211A (en) * | 2018-11-27 | 2019-04-02 | 上海瓶钵信息科技有限公司 | The method for protecting the interaction integrality and confidentiality of trusted application and common application |
| CN109960582A (en) * | 2018-06-19 | 2019-07-02 | 华为技术有限公司 | Method, device and system for realizing multi-core parallelism on TEE side |
| CN112329019A (en) * | 2020-11-02 | 2021-02-05 | 歌尔科技有限公司 | TrustZone-based programming method, terminal equipment and storage medium |
-
2021
- 2021-02-26 CN CN202110217365.XA patent/CN112818327B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012106097A2 (en) * | 2011-02-04 | 2012-08-09 | Motorola Mobility, Inc. | Method and apparatus for managing security state transitions |
| US20140259101A1 (en) * | 2013-03-07 | 2014-09-11 | Qualcomm Incorporated | Apparatus and method for inheriting a non-secure thread context |
| CN105260663A (en) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | Secure storage service system and method based on TrustZone technology |
| US20180232540A1 (en) * | 2017-02-13 | 2018-08-16 | Samsung Electronics Co., Ltd. | Method and apparatus for operating multi-processor system in electronic device |
| CN109960582A (en) * | 2018-06-19 | 2019-07-02 | 华为技术有限公司 | Method, device and system for realizing multi-core parallelism on TEE side |
| CN109558211A (en) * | 2018-11-27 | 2019-04-02 | 上海瓶钵信息科技有限公司 | The method for protecting the interaction integrality and confidentiality of trusted application and common application |
| CN112329019A (en) * | 2020-11-02 | 2021-02-05 | 歌尔科技有限公司 | TrustZone-based programming method, terminal equipment and storage medium |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113343234A (en) * | 2021-06-10 | 2021-09-03 | 支付宝(杭州)信息技术有限公司 | Method and device for carrying out credible check on code security |
| WO2022257722A1 (en) * | 2021-06-10 | 2022-12-15 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for performing trust check on code security |
| CN113486411A (en) * | 2021-07-19 | 2021-10-08 | 上海擎昆信息科技有限公司 | Security chip and design method and initialization method thereof |
| CN113486411B (en) * | 2021-07-19 | 2024-05-14 | 上海擎昆信息科技有限公司 | Security chip and design method and initialization method thereof |
| CN113868676A (en) * | 2021-08-30 | 2021-12-31 | 苏州浪潮智能科技有限公司 | Method and device for realizing trusted cryptographic module based on firmware on ARM platform |
| CN113868676B (en) * | 2021-08-30 | 2023-11-03 | 苏州浪潮智能科技有限公司 | Method and device for realizing trusted cryptographic module based on firmware on ARM platform |
| CN113946375A (en) * | 2021-10-19 | 2022-01-18 | 珠海全志科技股份有限公司 | Rapid and safe starting method and device of embedded system and electronic equipment |
| CN114091023A (en) * | 2021-11-23 | 2022-02-25 | 国汽智控(北京)科技有限公司 | Executable file checking method, device, equipment and storage medium |
| CN114491565A (en) * | 2022-03-31 | 2022-05-13 | 飞腾信息技术有限公司 | Firmware secure boot method and device, computing equipment and readable storage medium |
| CN114491565B (en) * | 2022-03-31 | 2022-07-05 | 飞腾信息技术有限公司 | Firmware secure boot method, device, computing equipment and readable storage medium |
| WO2024243786A1 (en) * | 2023-05-30 | 2024-12-05 | Huawei Technologies Co., Ltd. | Systems and methods for non-intrusive automatic trusted operator migration |
| CN117744067A (en) * | 2024-02-21 | 2024-03-22 | 北京象帝先计算技术有限公司 | Access space switching method, device, processor, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112818327B (en) | 2024-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112818327B (en) | TrustZone-based user-level code and data security and credibility protection method and device | |
| TWI570589B (en) | Apparatus for providing trusted computing | |
| US8458791B2 (en) | Hardware-implemented hypervisor for root-of-trust monitoring and control of computer system | |
| US10095862B2 (en) | System for executing code with blind hypervision mechanism | |
| US8640194B2 (en) | Information communication device and program execution environment control method | |
| JP5249399B2 (en) | Method and apparatus for secure execution using secure memory partition | |
| CN105022954B (en) | Soar tri-state operation system security kernel service dynamic operation method on CPU | |
| US8893306B2 (en) | Resource management and security system | |
| CN104520867B (en) | Method, system and computer-readable medium for the actively monitoring, memory protection and integrity verification of destination apparatus | |
| KR102105760B1 (en) | Heterogeneous isolated execution for commodity gpus | |
| EP3961446B1 (en) | Method and apparatus for securely entering trusted execution environment in hyper-threading scenario | |
| US8495750B2 (en) | Filesystem management and security system | |
| US20210124824A1 (en) | Securing secret data embedded in code against compromised interrupt and exception handlers | |
| US8327415B2 (en) | Enabling byte-code based image isolation | |
| US10108800B1 (en) | ARM processor-based hardware enforcement of providing separate operating system environments for mobile devices with capability to employ different switching methods | |
| KR20090005219A (en) | Executing Secure Environment Initialization Commands on a Point-to-Point Interconnect System | |
| JP2015219682A (en) | Information processing apparatus, information processing monitoring method, program, and recording medium | |
| Dimitrov | Hardware rooted security in industry 4.0 systems | |
| CN110069935A (en) | Inside protecting sensitive data method and system based on label memory | |
| Dubrulle et al. | Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities | |
| CN117708832B (en) | High-performance heterogeneous trusted execution environment implementation method and system | |
| WO2022077388A1 (en) | Processor security measurement device and method | |
| EP3314516B1 (en) | System management mode privilege architecture | |
| US20250013763A1 (en) | Commands communications | |
| RU2609761C1 (en) | Method for code performance in hypervisor mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |