[go: up one dir, main page]

CN120257268A - Virtual machine memory encryption and protection system and method based on ARM TrustZone - Google Patents

Virtual machine memory encryption and protection system and method based on ARM TrustZone Download PDF

Info

Publication number
CN120257268A
CN120257268A CN202510340328.6A CN202510340328A CN120257268A CN 120257268 A CN120257268 A CN 120257268A CN 202510340328 A CN202510340328 A CN 202510340328A CN 120257268 A CN120257268 A CN 120257268A
Authority
CN
China
Prior art keywords
module
submodule
encryption
virtual machine
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510340328.6A
Other languages
Chinese (zh)
Inventor
周嘉淳
陈仁海
冯志勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN202510340328.6A priority Critical patent/CN120257268A/en
Publication of CN120257268A publication Critical patent/CN120257268A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开一种基于ARM TrustZone的虚拟机内存加密与防护系统及其方法,系统包括联合控制模块,联合控制模块的输出端和输入端均电性连接有TrustZone硬件隔离模块、安全监控模块、加密模块、密钥管理模块、访问控制模块、完整性检测模块、虚拟机管理程序接口模块、日志与审计模块、恢复模块、智能自适应加密策略模块、异常检测模块、可视化安全态势感知模块、跨虚拟机安全协作模块。本发明安全性强,TrustZone硬件隔离模块从物理底层划分安全与非安全世界;安全监控模块实时监控内存访问,拦截违规行为并记录;加密模块确保数据以密文存储,完整性检测模块周期性校验哈希值,及时发现并处理数据篡改,多模块联动保障内存安全。

The present invention discloses a virtual machine memory encryption and protection system and method based on ARM TrustZone. The system includes a joint control module. The output and input ends of the joint control module are electrically connected to the TrustZone hardware isolation module, security monitoring module, encryption module, key management module, access control module, integrity detection module, virtual machine management program interface module, log and audit module, recovery module, intelligent adaptive encryption strategy module, anomaly detection module, visual security situation awareness module, and cross-virtual machine security collaboration module. The present invention has strong security. The TrustZone hardware isolation module divides the secure and non-secure worlds from the physical bottom layer; the security monitoring module monitors memory access in real time, intercepts and records violations; the encryption module ensures that data is stored in ciphertext, and the integrity detection module periodically verifies the hash value, promptly discovers and handles data tampering, and multiple modules are linked to ensure memory security.

Description

ARM TrustZone-based virtual machine memory encryption and protection system and ARM TrustZone-based virtual machine memory encryption and protection method
Technical Field
The invention relates to the technical field of cloud computing security and information protection, in particular to a virtual machine memory encryption and protection system and method based on ARM TrustZone.
Background
Under the current technical pattern, the field of virtual machine safety protection faces a plurality of difficult problems, most of the existing mainstream safety solutions place the acting point on the operating system level or rely on the hypervisor to construct an isolation defense line, and the traditional means can guarantee the basic safe operation of the virtual machine to a certain extent, can effectively block external conventional network attacks and partial internal illegal operations, however, when facing more hidden and extremely harmful side channel attacks, the virtual machine safety protection exposes obvious short boards, especially in a cloud computing environment where multiple virtual machines share the same physical server resource, malicious software from other virtual machines on the same server can skillfully utilize side channels formed by shared hardware resources, such as caches, memory buses and the like, and sensitive information of the target virtual machine is stolen, and the existing operating system or the hypervisor level isolation measures are often long and difficult to perceive and resist.
Meanwhile, the encryption technology is used as a key support for guaranteeing data security and plays an important role in a virtual machine security system, but the traditional encryption scheme falls into performance dilemma, and in order to ensure data confidentiality, a large amount of computing resources are generally required to be input for encryption and decryption operations, so that in a virtual machine scene, the response speed of the system is directly delayed, the execution of user operation instructions is obviously delayed, and the smooth user experience is greatly influenced.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a virtual machine memory encryption and protection system based on ARM TrustZone and a method thereof, through the cooperation of the TrustZone hardware isolation module and the security monitoring module, the problem that the malicious software side channel attack of other virtual machines on the same physical server is difficult to resist in the prior art is solved.
The invention aims at realizing the following technical scheme:
The virtual machine memory encryption and protection system based on ARM TrustZone comprises a joint control module and further comprises a bidirectional electric connection with the joint control module:
the TrustZone hardware isolation module is used for realizing physical isolation between the safe world and the non-safe world;
the safety monitoring module is used for capturing and processing the memory access request in real time;
the encryption module is used for selecting a corresponding encryption algorithm according to the data sensitivity;
the key management module is used for generating a key by utilizing the hardware random number and realizing safe distribution;
The access control module is used for controlling the fine access of the memory area of the virtual machine;
The integrity detection module is used for periodically checking the integrity of the memory data;
The virtual machine management program interface module and the log and audit module are used for realizing virtual machine creation, starting and log record operation;
The recovery module is used for ensuring that the virtual machine and the system quickly return to a safe and stable state;
the intelligent self-adaptive encryption strategy module dynamically adjusts an encryption algorithm and a key updating period by combining a preset rule through operation state monitoring and data flow analysis, so as to realize self-adaptive encryption according to the operation state of the virtual machine;
The abnormal detection module is driven by machine learning, performs real-time analysis on memory access behaviors by utilizing data acquisition preprocessing and model training, and timely informs the safety monitoring module to take protective measures through the early warning submodule when the abnormal behaviors are detected
The visual security situation sensing module is used for displaying the security running state of the system, monitoring data and security event trend in real time through an intuitive graphical interface, and facilitating the global security situation sensing and decision-making of an administrator;
and the cross-virtual machine security cooperation module is used for realizing security information sharing and cooperative defense among virtual machines and forming a global and linkage type security protection system.
Furthermore, the trust zone hardware isolation module comprises a processor core state management sub-module, a memory space dividing sub-module and an interrupt management sub-module, wherein the processor core state management sub-module, the memory space dividing sub-module and the interrupt management sub-module are all in bidirectional electrical connection with the joint control module.
Further, the security monitoring module comprises an access request interception sub-module, a security policy execution sub-module and an audit data recording sub-module, and the access request interception sub-module, the security policy execution sub-module and the audit data recording sub-module are all in bidirectional electrical connection with the joint control module.
Further, the encryption module comprises an encryption algorithm selection sub-module, an encryption execution sub-module and an encryption key cache sub-module, and the encryption algorithm selection sub-module, the encryption execution sub-module and the encryption key cache sub-module are all in bidirectional electrical connection with the joint control module.
Further, the key management module comprises a key generation sub-module, a key storage sub-module and a key distribution sub-module, wherein the key generation sub-module, the key storage sub-module and the key distribution sub-module are in bidirectional electrical connection with the joint control module.
Further, the access control module comprises a right definition sub-module, a right verification sub-module and a right updating sub-module, wherein the right definition sub-module, the right verification sub-module and the right updating sub-module are all in bidirectional electrical connection with the joint control module.
Further, the integrity detection module comprises a hash Ji Suanzi module, a contrast verification sub-module and a tamper response sub-module, and the Ha Xiji operator module, the contrast verification sub-module and the tamper response sub-module are all in bidirectional electrical connection with the joint control module.
Further, the intelligent self-adaptive encryption strategy module comprises an operation state monitoring sub-module, a data flow analysis sub-module and an intelligent algorithm decision sub-module, wherein the operation state monitoring sub-module, the data flow analysis sub-module and the intelligent algorithm decision sub-module are all in bidirectional electrical connection with the joint control module.
Further, the machine learning driven abnormality detection module comprises a data acquisition preprocessing sub-module, a model training sub-module and an abnormality detection early-warning sub-module, and the data acquisition preprocessing sub-module, the model training sub-module and the abnormality detection early-warning sub-module are all in bidirectional electrical connection with the joint control module.
The invention also provides a method for encrypting and protecting the system of the virtual machine memory based on the ARM TrustZone, which comprises the following steps:
And (a) after the system is powered on, automatically initializing a register and a hardware circuit in an ARM processor, identifying the initial state of the processor by a hardware component, setting the initial state as a safe state by default, marking most areas as unsafe memory by a memory space according to a preset default division rule, reserving only a small part of key areas as safe memory for subsequent loading of safety-related initial codes and data, initializing an interrupt vector table as a unsafe interrupt vector table, and preparing to receive an asynchronous event of common application, wherein the hardware component belongs to the common name of hardware which supports a TrustZone safety mechanism and is self-contained in the ARM processor in the TrustZone hardware isolation module, for example TZASC hardware is used for dividing the safe memory and the unsafe memory, and a scr_eL3 register can identify whether the current cpu is in the safe state or the unsafe state. Arm Fixed Virtual PlatformsFI (FVP) hardware simulation platform 4G memory default preset non-secure memory addresses are 0x80000000-0xfc000000 and 0x880000000-0x900000000, and secure memory is 0xfc000000-0x100000000. The operation of initializing the interrupt vector table is an operation which is executed when the Arm itself starts, and is completed by ATF firmware which is self-contained in the ARM itself.
And b, initializing a security monitoring module, namely starting loading and initializing the security monitoring module in the security world of the TrustZone, configuring a hardware monitoring mechanism, starting a memory access abnormal interrupt function, setting interrupt priority, ensuring that memory access requests from the security world and the non-security world can be captured in time, loading a security policy rule base from a security storage area into a memory to construct an initial security inspection rule set, and setting the security world by the TrustZone hardware isolation module, wherein TrustZone is hardware carried by an ARM processor. Processors can be divided into two worlds, the secure world and the non-secure world.
Step c, initializing other modules, namely loading a plurality of encryption algorithm libraries in a storage area of a secure world by an encryption module, initializing an encryption key buffer area, setting a buffer replacement strategy, establishing communication connection with a virtual machine management program interface module, waiting for receiving a read-write event notification, generating a master key by a hardware random number generator RNG by the key management module, storing the master key in a bottom encryption storage area of the secure world, adopting an encryption storage format, initializing a key distribution channel, establishing a secure communication link with a security monitoring module and the encryption module, configuring a memory area access right register by an access control module according to a system default security strategy, setting a right which can be accessed only by a main body of a processor in a secure state and authorized to be identified for a secure memory area, endowing different general access rights for a non-secure memory area according to an application scene, initializing a hash algorithm in the secure world by an integrity detection module, preparing to perform initial hash calculation on virtual machine memory data, and setting an initial detection period;
And d, creating and starting the virtual machine, wherein the virtual machine management program interface module receives a creation instruction, cooperates with the TrustZone hardware isolation module, allocates safe and unsafe memory areas for the virtual machine, preliminarily estimates the memory requirements according to the use of the virtual machine, divides the memory according to preset proportions, configures initial interrupt processing logic for the virtual machine and associates the initial interrupt processing logic with a unsafe interrupt vector table, and creates and runs the virtual machine by executing a qemu command through a user, wherein the virtual machine management program interface module receives the creation instruction at the moment in a kvm module of an inner core, namely a virtual machine management program.
Step e, memory data read-write and protection flow, when an application program in the virtual machine initiates a memory read-write request, a virtual machine management program interface module captures the request first, judges the type of the request and the security attribute of a target memory area, if the request is a read-write request of an unsafe memory area and accords with the current access authority setting, the request is directly forwarded to a corresponding unsafe memory area for processing, if the request does not accord with the authority, the request is refused, an error prompt is sent to the virtual machine through the virtual machine management program interface module, meanwhile, a security monitoring module records illegal access details, if the request is a read-write request of the safe memory area, whether the request accords with the initial authority or not, the request is forwarded to the security monitoring module, an access request interception submodule of the security monitoring module receives the request, a security policy of the current system is combined, the security monitoring module executes the submodule, if the request is legal, the request is forwarded to an encryption module or directly allows access, the encryption module selects a submodule to determine an encryption algorithm through an encryption algorithm according to the sensitivity degree of data, and cooperates with the key management module to acquire or update the encryption key;
The intelligent self-adaptive encryption strategy module continuously operates, through deep integration with the virtual machine management program interface module, information of the operating state, data flow and application type of the virtual machine is obtained at intervals of set time, based on the information, the intelligent algorithm decision sub-module sends an algorithm switching instruction to the encryption module and a key updating instruction to the key management module according to a preset rule set, the key updating period is shortened, the encryption strategy is ensured to dynamically adapt to the operating condition of the virtual machine, meanwhile, the abnormality detection module receives various data from the internal memory of the virtual machine in real time, the data are input into a trained model after being subjected to cleaning and normalization processing by the data acquisition preprocessing sub-module, the model judges whether abnormal access behaviors exist in real time, if abnormal conditions are detected, the abnormality detection early warning sub-module immediately sends early warning signals to the security monitoring module through a security communication mechanism, and the security monitoring module can take temporary isolation suspicious process measures after receiving the signals;
The integrity detection module triggers a hash calculation submodule to carry out hash calculation on a designated virtual machine memory area according to a preset period or in a key operation, the hash calculation is realized through a computer_hash (memory_range) function, parameters are represented in brackets, a calculation result is compared with a hash value stored before by a comparison verification submodule, if the hash value is found to be different, the data is possibly tampered, at the moment, the tamper response submodule is quickly started, a tamper alarm is sent to a security monitoring module through a security communication mechanism, meanwhile, the security monitoring module cooperates with a log and an audit module to record details of a tamper event, after receiving the alarm, the security monitoring module can determine whether to temporarily isolate a related virtual machine or process according to a system security policy, prevent hazard diffusion and inform an administrator to carry out further investigation;
If the key management module detects the key leakage risk, immediately starting an emergency flow, firstly notifying the encryption module to stop using the key with the current leakage risk through cooperation with the encryption module, then quickly generating a new encryption key by the key generation submodule through a hardware random number generator, storing the new key in a layered encryption storage mode through the key storage submodule, replacing the original key, and redistributing the new key to the encryption module through the key distribution submodule through a safety channel, so as to ensure that the encryption system continues to run safely;
And i, recovering the system, namely starting a recovery module when encountering a serious security event, matching the recovery module with an integrity detection module, if the data is tampered, acquiring original data from a backup storage medium by a data recovery sub-module, recovering the original data into a memory of a virtual machine through a memory address range function, and simultaneously, matching the recovery module with a key management module, resetting a key distribution flow if the key is leaked, ensuring that a newly generated key is correctly distributed and relevant encryption and decryption operations are updated, and coordinating all relevant modules by the recovery module in the whole recovery process, so that the system is ensured to be gradually recovered to a safe and stable state.
Compared with the prior art, the technical scheme of the invention has the following beneficial effects:
1. And the physical isolation is enhanced, the side channel attack is blocked, namely, the TrustZone hardware isolation module is utilized to carry out physical division on the memory, and the safe memory and the non-safe memory are strictly separated, so that the side channel attack from other virtual machines is difficult to penetrate through the isolation layer, and sensitive data is effectively protected.
2. The real-time monitoring and the refined access control are realized by carrying out real-time interception and permission verification on the memory access request through the security monitoring module and the access control module, so that illegal access can be identified and blocked at the first time, potential safety hazards are reduced, and meanwhile, the whole-process recording is realized by matching with the log and the audit module, so that a basis is provided for post analysis.
3. The encryption module combines the intelligent self-adaptive encryption strategy module, dynamically selects an encryption algorithm according to the running state and data sensitivity of the virtual machine, and realizes encryption and decryption operation by utilizing a hardware encryption engine, so that the performance loss caused by excessive encryption is avoided while the confidentiality of data is ensured, and the high-efficiency response of the system is ensured.
4. The key management and emergency response mechanism is perfect, namely the key management module is used for generating, hierarchically storing and safely distributing the keys, and the emergency flow is started in time when the key leakage is detected, so that the safety and reliability of the whole key management flow are ensured, and the system risk caused by the key problem is reduced.
5. The system can quickly start tamper response measures and data recovery programs once data tampering is found, and timely recover the system safety state, thereby effectively preventing loss caused by data tampering.
6. The intelligent anomaly detection and cooperative protection comprises the steps that an anomaly detection module driven by machine learning can identify abnormal memory access behaviors through multidimensional data acquisition and real-time model judgment, quickly trigger early warning, and cooperatively take isolation and defense measures with a safety monitoring module, and meanwhile, safety event information sharing is realized across a virtual machine safety cooperative module, so that the overall protection capability is further enhanced.
In summary, the invention not only adopts advanced technology in all links of hardware isolation, real-time monitoring, dynamic encryption strategy, key management, data integrity guarantee, anomaly detection and the like, but also the close coordination among all modules further improves the overall safety and the operation efficiency of the system, thereby effectively coping with the security threats of channel attack, data tampering and the like at the lower side of the current multi-virtual machine environment, and simultaneously taking into consideration the system performance and the user experience, thereby having remarkable technical advantages and application value.
Drawings
Fig. 1 is a diagram of the overall system module of an ARM trust zone based virtual machine memory encryption and protection system;
FIG. 2 is a submodule construction diagram of a TrustZone hardware isolation module;
FIG. 3 is a view of a sub-module configuration of the security monitoring module;
FIG. 4 is a view showing the construction of a sub-module of the encryption module;
FIG. 5 is a sub-module configuration diagram of a key management module;
FIG. 6 is a sub-module configuration diagram of an access control module;
FIG. 7 is a sub-module configuration diagram of an integrity detection module;
FIG. 8 is a sub-module configuration diagram of an encryption policy module;
fig. 9 is a view showing a sub-module configuration of the abnormality detection module driven by machine learning.
Detailed Description
The invention is described in further detail below with reference to the drawings and the specific examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Example 1
Referring to fig. 1-9, the virtual machine memory encryption and protection system based on ARM trust zone comprises a joint control module, wherein an output end and an input end of the joint control module are both electrically connected with a trust zone hardware isolation module, an output end and an input end of the joint control module are both electrically connected with a security monitoring module, an output end and an input end of the joint control module are both electrically connected with an encryption module, an output end and an input end of the joint control module are both electrically connected with a key management module, an output end and an input end of the joint control module are both electrically connected with an access control module, an output end and an input end of the joint control module are both electrically connected with an integrity detection module, an output end and an input end of the joint control module are both electrically connected with a virtual machine management program interface module, an output end and an input end of the joint control module are both electrically connected with a log and an audit module, an output end and an input end of the joint control module are both electrically connected with a recovery module, an output end and an input end of the joint control module are both electrically connected with an intelligent self-adaptive encryption strategy module, an output end and an input end of the joint control module are both electrically connected with a machine learning detection module, and an output end of the joint control module are both electrically connected with an abnormal state detection module, and the joint control module are both electrically connected with the virtual machine security module.
The method for encrypting and protecting the system of the virtual machine memory based on the ARM TrustZone comprises the following steps:
A, after a system is powered on, a special register and a hardware circuit in an ARM processor are automatically initialized, a hardware component identifies the initial state of the processor and is set to be an unsafe state by default, at the moment, a memory space marks a large part of areas as unsafe memory according to a preset default division rule, only a small part of key areas are reserved as safe memory for loading safety-related initial codes and data subsequently, an interrupt vector table is also initialized as an unsafe interrupt vector table, and asynchronous events of common application are ready to be received;
B, initializing a security monitoring module, namely starting loading and initializing the security monitoring module in the security world of the TrustZone, configuring a hardware monitoring mechanism, starting a memory access abnormal interrupt function, setting interrupt priority, ensuring that memory access requests from the security world and the non-security world can be captured in time, and simultaneously loading a security policy rule base from a security storage area to a memory to construct an initial security inspection rule set;
Step c, other core modules are initialized, wherein an encryption module loads a plurality of encryption algorithm libraries in a specific storage area of a secure world, initializes an encryption key buffer area, sets a buffer replacement strategy, establishes communication connection with a virtual machine management program interface module, waits for receiving a read-write event notification, generates a master key by utilizing a hardware Random Number Generator (RNG), stores the master key in a bottom encryption storage area of the secure world, adopts a special encryption storage format, initializes a key distribution channel, establishes a secure communication link with a security monitoring module and the encryption module, and an access control module configures a memory area access right register according to a system default security strategy, and sets a right which can be accessed only by a main body of a processor in a secure state and a specific authorized identifier for the secure memory area;
D, virtual machine creation and starting, wherein a virtual machine management program interface module receives a creation instruction, cooperates with a trust zone hardware isolation module, allocates safe and unsafe memory areas for the virtual machine, preliminarily estimates memory requirements according to the use of the virtual machine, divides the memory according to a preset proportion, and simultaneously configures initial interrupt processing logic for the virtual machine and associates the initial interrupt processing logic with a unsafe interrupt vector table;
Step e, memory data read-write and protection flow, when an application program in the virtual machine initiates a memory read-write request, a virtual machine management program interface module captures the request firstly, judges the type of the request and the security attribute of a target memory area, if the request is a read-write request of an unsafe memory area and accords with the current access authority setting, the request is directly forwarded to a corresponding unsafe memory area for processing, if the request does not accord with the authority, the request is refused, an error prompt is sent to the virtual machine through the virtual machine management program interface module, meanwhile, a security monitoring module records illegal access details, if the request is a read-write request of the safe memory area, whether the request accords with the initial authority or not, the request is forwarded to the security monitoring module, an access request interception submodule of the security monitoring module receives the request, a security policy of the current system is combined, the security monitoring module executes the submodule, if the request is legal, the request is forwarded to an encryption module or directly allows access, the encryption module selects a submodule to determine a proper encryption algorithm through the encryption algorithm according to the sensitivity degree of data, and cooperates with the encryption algorithm to acquire or update the encryption key;
the intelligent self-adaptive encryption strategy module continuously operates, through deep integration with the virtual machine management program interface module, information of the operating state, data flow and application type of the virtual machine is obtained at regular intervals, based on the information, the intelligent algorithm decision sub-module immediately sends an algorithm switching instruction to the encryption module and a key updating instruction to the key management module according to a preset rule set and shortens a key updating period, so that the encryption strategy is ensured to dynamically adapt to the operating condition of the virtual machine, meanwhile, the machine learning-driven abnormality detection module receives various data from the internal memory of the virtual machine in real time, the data are cleaned and normalized through the data acquisition preprocessing sub-module, and then the data are input into a trained model, the model judges whether abnormal access behaviors exist in real time, if abnormality such as sudden frequent access to an unauthorized internal memory area is detected, the abnormality detection early warning sub-module immediately sends early warning signals to the security monitoring module through a security communication mechanism, and after the security monitoring module receives signals, temporary suspicious process measures can be taken;
The integrity detection module triggers a hash calculation submodule to carry out hash calculation on a designated virtual machine memory area according to a preset period or in a key operation, the calculation result is compared with a previously stored hash value by a comparison verification submodule, if the hash value is found to be different, the data is possibly tampered, at the moment, the tamper response submodule is quickly started, a tamper alarm is sent to a security monitoring module through a security communication mechanism, meanwhile, the tamper response submodule cooperates with a log and an audit module to record details of a tamper event, after the security monitoring module receives the alarm, whether related virtual machines or processes are temporarily isolated according to a system security policy to prevent hazard diffusion can be determined, and an administrator can be notified to carry out further investigation;
If the key management module detects the key leakage risk, immediately starting an emergency flow, firstly notifying the encryption module to stop using the key with the current leakage risk through cooperation with the encryption module, then quickly generating a new encryption key by the key generation submodule through a hardware random number generator, storing the new key in a layered encryption storage mode through the key storage submodule, replacing the original key, and redistributing the new key to the encryption module through the key distribution submodule through a safety channel, so as to ensure that the encryption system continues to run safely;
And i, recovering the system, namely starting a recovery module when encountering a serious security event, matching the recovery module with an integrity detection module, if the data is tampered, acquiring original data from a backup storage medium by a data recovery sub-module, recovering the original data into a memory of a virtual machine through a memory address range function, and simultaneously, matching the recovery module with a key management module, resetting a key distribution flow if the key is leaked, ensuring that a newly generated key is correctly distributed and relevant encryption and decryption operations are updated, and coordinating all relevant modules by the recovery module in the whole recovery process, so that the system is ensured to be gradually recovered to a safe and stable state.
Example two
Referring to fig. 1 to fig. 9, in a first embodiment, the trust zone hardware isolation module includes a processor core state management sub-module, a memory space dividing sub-module, and an interrupt management sub-module, where the processor core state management sub-module, the memory space dividing sub-module, and the interrupt management sub-module are all electrically connected with the joint control module in two directions;
the security monitoring module comprises an access request interception sub-module, a security policy execution sub-module and an audit data recording sub-module, and the access request interception sub-module, the security policy execution sub-module and the audit data recording sub-module are electrically connected with the joint control module in a bidirectional manner;
The encryption module comprises an encryption algorithm selection sub-module, an encryption execution sub-module and an encryption key cache sub-module, and the encryption algorithm selection sub-module, the encryption execution sub-module and the encryption key cache sub-module are all in bidirectional electrical connection with the joint control module;
the key management module comprises a key generation sub-module, a key storage sub-module and a key distribution sub-module, and the key generation sub-module, the key storage sub-module and the key distribution sub-module are all in bidirectional electrical connection with the joint control module;
the access control module comprises a right definition sub-module, a right verification sub-module and a right updating sub-module, wherein the right definition sub-module, the right verification sub-module and the right updating sub-module are all in bidirectional electrical connection with the joint control module;
The integrity detection module comprises a hash Ji Suanzi module, a comparison verification sub-module and a tamper response sub-module, and the Ha Xiji operator module, the comparison verification sub-module and the tamper response sub-module are all in bidirectional electrical connection with the joint control module;
The intelligent self-adaptive encryption strategy module comprises an operation state monitoring sub-module, a data flow analysis sub-module and an intelligent algorithm decision sub-module, wherein the operation state monitoring sub-module, the data flow analysis sub-module and the intelligent algorithm decision sub-module are electrically connected with the joint control module in a bidirectional manner;
the machine learning driven abnormality detection module comprises a data acquisition preprocessing sub-module, a model training sub-module and an abnormality detection early-warning sub-module, and the data acquisition preprocessing sub-module, the model training sub-module and the abnormality detection early-warning sub-module are in bidirectional electrical connection with the joint control module.
The processor core state management submodule is responsible for monitoring and switching the safety and non-safety states of the processor, ensuring that the processor can correctly operate instructions with corresponding safety levels under different scenes, and the memory space division submodule divides the physical memory into a safety memory area and a non-safety memory area according to a system safety strategy, wherein the safety memory is used for storing an encryption key, a memory management module is used for controlling the safety and non-safety states of the processor, and a memory space division submodule is used for dividing the physical memory into a safety memory area and a non-safety memory area according to the system safety strategy, the system comprises a security management sub-module, an interrupt management sub-module, a non-security memory, a security-world processing program and a non-security-world processing sub-module, wherein the security management sub-module is used for classifying and managing system interrupts, the security interrupt is used for processing emergency events related to security, the security interrupt is required to be timely responded by the security-world processing program and is not interfered by the non-security world, the non-security interrupt is used for processing asynchronous events of the common application, and an access request interception sub-module is used for setting a monitoring point on a necessary path of a memory access request and capturing the emergency events from a virtual machine in real time The security policy execution submodule carries out legal examination on the intercepted memory access request according to a security policy rule base pre-configured by the system when the memory access request is requested by an application program and the like, the audit data record submodule is responsible for recording all security events related to the memory access in detail, including normal access records and illegal access details, the records are used as important basis for subsequent audit analysis, an administrator is helped to know the security operation condition of the system in depth, potential safety hazards are eliminated, and the encryption algorithm selects submodule to select the sensitivity degree of the memory data of the virtual machine according to the security information, The encryption execution submodule dynamically selects the most suitable encryption algorithm according to the application scene and the current system security situation, performs actual encryption operation on memory data to be protected according to the selected encryption algorithm, converts plaintext data into ciphertext before the data is written into a memory to ensure confidentiality of the data during the memory storage period, performs decryption operation when the data is required to be read and used, restores original data for normal operation of a virtual machine, and sets an encryption key buffer zone in the memory of the secure world for improving the efficiency of encryption and decryption operation, and the key generation submodule generates high-quality data by using a hardware random number generator, Meanwhile, to ensure the reliability of the storage medium and avoid the loss of the key caused by hardware faults, the key distribution sub-module distributes the encryption key to the module to be used accurately, the authority definition sub-module defines the access authorities of different areas of the memory of the virtual machine and different areas of the memory of the virtual machine according to the system security requirement, and some combination authorities, and meanwhile, the key distribution sub-module is used for ensuring the security of the key storage medium according to different virtual machines, An application program or a user role formulates a differentiated authority allocation scheme to realize refined access control, when a memory access request occurs, an authority verification submodule verifies the access authority of a request main body, according to a target memory area and an operation type of the request, a predefined authority rule is checked, whether the request is legal or not is judged, if the request is legal, the request is released, otherwise, the request is refused, a corresponding security event recording mechanism is triggered, the authority update submodule timely updates the access authority of the memory area along with the change of a system running environment, the authority setting is always matched with the actual security requirement of the system, security holes are prevented from being caused by authority lag, and the hash calculation submodule initializes memory data of a virtual machine, After the key operation is finished or according to a preset time period, calculating a hash value of a designated memory area, wherein the hash value is used as a sample of data integrity for subsequent comparison and judging whether the data is tampered or not, ensuring the authenticity and the reliability of the memory data, when the integrity detection is required to be carried out, the comparison and verification submodule takes out the previously calculated and stored hash value, compares the previously calculated and stored hash value with the currently recalculated hash value of the same memory area, and if the previously calculated and stored hash value is consistent with the currently calculated hash value, indicates that the data is not tampered, if the currently calculated and stored hash value is inconsistent with the stored hash value, judges that the integrity of the data is damaged, immediately triggers a corresponding safety mechanism, and when the comparison and verification submodule judges that the memory data is tampered, the tampering response submodule is responsible for starting corresponding countermeasures including but not limited to sending an alarm to inform an administrator, Starting a data recovery program to restore data from backup, temporarily isolating related virtual machines or processes to prevent damage diffusion and the like, minimizing loss caused by data tampering, collecting running indexes such as CPU (central processing unit) utilization rate, memory occupancy rate, disk I/O (input/output) frequency and the like of the virtual machines in real time by an operation state monitoring submodule, providing data support for judging the current workload intensity of the virtual machines, deeply analyzing data flow characteristics of network transceiving of the virtual machines by a data flow analysis submodule, including flow size, flow direction, data packet type, burst peak condition of flow and the like, identifying the type of data service being processed by the virtual machines based on the flow information, comprehensively integrating information provided by the operation state monitoring submodule and the data flow analysis submodule by an intelligent algorithm decision submodule according to a preset encryption strategy rule base, making a decision for dynamically adjusting encryption algorithm and key intensity, widely collecting various data related to the memory of the virtual machines by a data acquisition preprocessing submodule from a plurality of data sources, cleaning the acquired original data, The method comprises the following steps of performing preprocessing operations such as denoising and normalization, removing invalid data, correcting an error data format, unifying data of different data sources to a standard format which can be used for machine learning model training, improving data quality, providing a reliable data base for subsequent model training, enabling a model training sub-module to select a proper machine learning algorithm, performing model training by combining mass preprocessed historical data, enabling the model to accurately learn normal memory access modes, data change trends and system call sequence characteristics by continuously adjusting model parameters, further enabling the model to have strong abnormal recognition capability, effectively distinguishing normal memory behaviors from abnormal memory behaviors, enabling an abnormal detection early warning sub-module to deploy the trained machine learning model into a real-time monitoring environment, receiving latest data from a data acquisition preprocessing sub-module in real time, performing abnormal judgment by using the model, immediately sending accurate early warning information once the abnormal memory access behaviors are detected, notifying a safety monitoring module to take corresponding measures, and recording abnormal details so as to facilitate subsequent analysis.
Example three
Emergency treatment of a safety event:
assuming 3 pm, a virtual machine running financial data analysis software suddenly infects malware that attempts to steal customer funds account information with other virtual machines on the server through a side channel attack. At this time, the hardware component of the trust zone hardware isolation module rapidly recognizes abnormal memory access behavior, switches the processor to a secure state in microsecond level, and notifies the security monitoring module by interrupt.
The access request interception submodule of the security monitoring module captures an illegal access request, the security policy execution submodule immediately prevents the access according to the security policy, and the details of the violations are recorded. Meanwhile, the abnormality detection module driven by machine learning also detects abnormal changes of the memory access mode of the virtual machine, and the abnormality detection early warning sub-module immediately sends an early warning signal to the security monitoring module through the SMC.
After the security monitoring module receives the signal, on one hand, temporary suspicious process isolation measures are adopted within 20 seconds, memory resources occupied by the suspicious processes are locked, further read-write operation is prevented, meanwhile, connection with an external network is cut off, malicious software is prevented from being transmitted outwards, on the other hand, an administrator is informed to conduct further investigation, and detailed alarm information including virtual machine numbers, abnormal behavior characteristics, possible affected ranges and the like is sent to the administrator through an instant communication module arranged in the system.
The cross-virtual machine security collaboration module is started rapidly, and threat information sharing sub-module collects and sorts information of feature codes, attack source IP addresses, abnormal behavior modes (such as frequently attempting to break through memory access rights, sending encrypted data packets to specific external IP, and the like) of the malicious software within 3 minutes, and shares the information to adjacent virtual machines through SMC. After receiving the information, the adjacent virtual machine immediately starts a local defense mechanism, updates firewall rules, prevents any connection request from the attack source IP, and simultaneously carries out quick self-checking on a local memory to ensure that no data leakage risk exists.
The security policy coordination submodule establishes a unified security policy adjustment scheme within 5 minutes according to shared information, such as notifying all virtual machines to update virus libraries of antivirus software, acquiring the latest virus feature libraries and pushing the latest virus feature libraries to each virtual machine to update the virus libraries through real-time linkage with a cloud platform of an antivirus software provider, adjusting a network bandwidth allocation policy, preferentially guaranteeing the smoothness of a network of a core financial transaction virtual machine, dynamically adjusting a network traffic route by utilizing a Software Defined Network (SDN) technology, allocating more bandwidth resources for a key service virtual machine, starting an emergency exercise plan, checking a coordination defense effect, simulating a similar attack scene, observing response conditions of each virtual machine and a protection module, recording indexes such as response time, defense success rate and the like, and facilitating subsequent optimization.
If the integrity detection module finds that the memory data of a certain virtual machine is tampered in the follow-up detection, the tamper response sub-module is started rapidly, sends a tamper alarm to the security monitoring module through the SMC, cooperates with the log and the audit module at the same time, records details of a tamper event, and records information such as tampered data area, tamper occurrence time, possible tamper source and the like in detail. After the security monitoring module receives the alarm, the security monitoring module can determine whether to temporarily isolate the related virtual machine or process according to the security policy of the system, so as to prevent hazard diffusion, if the risk is higher, the security monitoring module immediately pauses all external interactions of the virtual machine, only reserves a communication link with the security monitoring module for subsequent investigation, and can also inform an administrator to further investigation, and the administrator can quickly trace back operation logs before and after data tampering by means of a visual audit tool to locate possible vulnerability points. If the key management module detects the key leakage risk, immediately starting an emergency flow, informing the encryption module to stop using the key with the current leakage risk, quickly generating a new encryption key by using the hardware random number generator, storing the new encryption key by using the key storage sub-module in a layered encryption storage mode, replacing the original key, redistributing the new encryption key to the modules needing to be used such as the encryption module by using the SMC through the key distribution sub-module, ensuring the encryption system to continue to run safely, reporting the details of the key leakage event to an administrator, including the leaked key identification, a possible leakage time window, suspected leakage reasons and the like, and assisting the administrator to investigate deeply.
The invention is not limited to the embodiments described above. The above description of specific embodiments is intended to describe and illustrate the technical aspects of the present invention, and is intended to be illustrative only and not limiting. Numerous specific modifications can be made by those skilled in the art without departing from the spirit of the invention and scope of the claims, which are within the scope of the invention.

Claims (10)

1.一种基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,包括联合控制模块,还包括与联合控制模块双向电性连接的:1. A virtual machine memory encryption and protection system based on ARM TrustZone, characterized by comprising a joint control module, and further comprising: TrustZone硬件隔离模块,用于实现安全与非安全世界的物理隔离;TrustZone hardware isolation module, used to achieve physical isolation between the secure and non-secure worlds; 安全监控模块,用于实时捕获并处理内存访问请求;Security monitoring module, used to capture and process memory access requests in real time; 加密模块,用于根据数据敏感性选用相应加密算法;Encryption module, used to select corresponding encryption algorithm according to data sensitivity; 密钥管理模块,用于利用硬件随机数生成密钥并实现安全分发;A key management module is used to generate keys using hardware random numbers and achieve secure distribution; 访问控制模块,用于对虚拟机内存区域的精细化访问控制;Access control module, used for fine-grained access control of virtual machine memory areas; 完整性检测模块,用于周期性校验内存数据完整性;Integrity detection module, used to periodically check the integrity of memory data; 虚拟机管理程序接口模块及日志与审计模块,用于实现虚拟机创建、启动及操作日志记录;The virtual machine management program interface module and the log and audit module are used to implement virtual machine creation, startup and operation log recording; 恢复模块,用于确保虚拟机及系统快速回到安全稳定状态;Recovery module, used to ensure that the virtual machine and system quickly return to a safe and stable state; 智能自适应加密策略模块,通过运行状态监测和数据流量分析,结合预设规则动态调整加密算法和密钥更新周期,实现根据虚拟机运行状态的自适应加密;Intelligent adaptive encryption strategy module, through operation status monitoring and data flow analysis, dynamically adjusts the encryption algorithm and key update cycle in combination with preset rules, to achieve adaptive encryption according to the operation status of the virtual machine; 异常检测模块,由机器学习驱动,利用数据采集预处理和模型训练,对内存访问行为进行实时分析,当检测到异常行为时,通过预警子模块及时通知安全监控模块采取防护措施The anomaly detection module, driven by machine learning, uses data collection preprocessing and model training to perform real-time analysis of memory access behavior. When abnormal behavior is detected, the early warning submodule promptly notifies the security monitoring module to take protective measures. 可视化安全态势感知模块,用于通过直观的图形化界面展示系统安全运行状态、实时监控数据和安全事件趋势,便于管理员进行全局安全态势感知与决策;Visual security situation awareness module, which is used to display the system security operation status, real-time monitoring data and security event trends through an intuitive graphical interface, so that administrators can conduct global security situation awareness and decision-making; 跨虚拟机安全协作模块,用于实现虚拟机间的安全情报共享和协同防御,形成全局性、联动式的安全防护体系。The cross-virtual machine security collaboration module is used to achieve security intelligence sharing and collaborative defense between virtual machines, forming a global, interconnected security protection system. 2.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述TrustZone硬件隔离模块包括处理器核心状态管理子模块、内存空间划分子模块和中断管理子模块,所述处理器核心状态管理子模块、内存空间划分子模块和中断管理子模块均与联合控制模块均双向电性连接。2. According to the ARM TrustZone-based virtual machine memory encryption and protection system of claim 1, it is characterized in that the TrustZone hardware isolation module includes a processor core state management submodule, a memory space division submodule and an interrupt management submodule, and the processor core state management submodule, the memory space division submodule and the interrupt management submodule are all bidirectionally electrically connected to the joint control module. 3.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述安全监控模块包括访问请求截获子模块、安全策略执行子模块和审计数据记录子模块,所述访问请求截获子模块、安全策略执行子模块和审计数据记录子模块均与联合控制模块双向电性连接。3. According to the ARM TrustZone-based virtual machine memory encryption and protection system according to claim 1, it is characterized in that the security monitoring module includes an access request interception submodule, a security policy execution submodule and an audit data recording submodule, and the access request interception submodule, the security policy execution submodule and the audit data recording submodule are all bidirectionally electrically connected to the joint control module. 4.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述加密模块包括加密算法选择子模块、加密执行子模块和加密密钥缓存子模块,所述加密算法选择子模块、加密执行子模块和加密密钥缓存子模块均与联合控制模块双向电性连接。4. According to the ARM TrustZone-based virtual machine memory encryption and protection system according to claim 1, it is characterized in that the encryption module includes an encryption algorithm selection submodule, an encryption execution submodule and an encryption key cache submodule, and the encryption algorithm selection submodule, encryption execution submodule and encryption key cache submodule are all bidirectionally electrically connected to the joint control module. 5.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述密钥管理模块包括密钥生成子模块、密钥存储子模块和密钥分发子模块,所述密钥生成子模块、密钥存储子模块和密钥分发子模块均与联合控制模块双向电性连接。5. According to the ARM TrustZone-based virtual machine memory encryption and protection system according to claim 1, it is characterized in that the key management module includes a key generation submodule, a key storage submodule and a key distribution submodule, and the key generation submodule, the key storage submodule and the key distribution submodule are all bidirectionally electrically connected to the joint control module. 6.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述访问控制模块包括权限定义子模块、权限验证子模块和权限更新子模块,所述权限定义子模块、权限验证子模块和权限更新子模块均与联合控制模块双向电性连接。6. According to the ARM TrustZone-based virtual machine memory encryption and protection system according to claim 1, it is characterized in that the access control module includes a permission definition submodule, a permission verification submodule and a permission update submodule, and the permission definition submodule, the permission verification submodule and the permission update submodule are all bidirectionally electrically connected to the joint control module. 7.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述完整性检测模块包括哈希计算子模块、对比验证子模块和篡改响应子模块,所述哈希计算子模块、对比验证子模块和篡改响应子模块均与联合控制模块双向电性连接。7. According to the ARM TrustZone-based virtual machine memory encryption and protection system of claim 1, it is characterized in that the integrity detection module includes a hash calculation submodule, a comparison verification submodule and a tampering response submodule, and the hash calculation submodule, the comparison verification submodule and the tampering response submodule are all bidirectionally electrically connected to the joint control module. 8.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述智能自适应加密策略模块包括运行状态监测子模块、数据流量分析子模块和智能算法决策子模块,所述运行状态监测子模块、数据流量分析子模块和智能算法决策子模块均与联合控制模块双向电性连接。8. According to the ARM TrustZone-based virtual machine memory encryption and protection system of claim 1, it is characterized in that the intelligent adaptive encryption strategy module includes an operation status monitoring submodule, a data flow analysis submodule and an intelligent algorithm decision submodule, and the operation status monitoring submodule, the data flow analysis submodule and the intelligent algorithm decision submodule are all bidirectionally electrically connected to the joint control module. 9.根据权利要求1所述的基于ARM TrustZone的虚拟机内存加密与防护系统,其特征在于,所述机器学习驱动的异常检测模块包括数据采集预处理子模块、模型训练子模块和异常检测预警子模块,所述数据采集预处理子模块、模型训练子模块和异常检测预警子模块均与联合控制模块双向电性连接。9. According to the ARM TrustZone-based virtual machine memory encryption and protection system of claim 1, it is characterized in that the machine learning-driven anomaly detection module includes a data acquisition preprocessing submodule, a model training submodule and an anomaly detection warning submodule, and the data acquisition preprocessing submodule, the model training submodule and the anomaly detection warning submodule are all bidirectionally electrically connected to the joint control module. 10.根据权利要求1-9任意一项所述的基于ARM TrustZone的虚拟机内存加密与防护系统的方法,其特征在于,包括以下步骤:10. The method for virtual machine memory encryption and protection system based on ARM TrustZone according to any one of claims 1 to 9, characterized in that it comprises the following steps: 步骤a、TrustZone硬件隔离模块启动:系统上电后,ARM处理器中的寄存器和硬件电路自动初始化,硬件组件识别处理器初始状态,默认设置为安全状态,此时,内存空间依据预设的默认划分规则,将大部分区域标记为非安全内存,仅预留一小部分关键区域作为安全内存,用于后续加载安全相关的初始代码和数据,中断向量表也被初始化为非安全中断向量表,准备接收普通应用的异步事件;Step a, TrustZone hardware isolation module startup: After the system is powered on, the registers and hardware circuits in the ARM processor are automatically initialized, and the hardware components identify the initial state of the processor and set it to a secure state by default. At this time, the memory space is marked as non-secure memory according to the preset default partitioning rules, and only a small part of the key area is reserved as secure memory for subsequent loading of security-related initial code and data. The interrupt vector table is also initialized to a non-secure interrupt vector table, ready to receive asynchronous events of ordinary applications; 步骤b、安全监控模块初始化:在TrustZone的安全世界中,安全监控模块开始加载并初始化,它配置硬件监控机制,启用内存访问异常中断功能,设置中断优先级,确保能够及时捕获来自安全和非安全世界的内存访问请求,同时,安全策略规则库从安全存储区域加载到内存,构建起初始的安全审查规则集;Step b, initialization of security monitoring module: In the secure world of TrustZone, the security monitoring module starts to load and initialize. It configures the hardware monitoring mechanism, enables the memory access exception interrupt function, sets the interrupt priority, and ensures that memory access requests from the secure and non-secure worlds can be captured in time. At the same time, the security policy rule base is loaded from the secure storage area to the memory to build the initial security review rule set; 步骤c、其他模块初始化:加密模块在安全世界的存储区域加载若干种加密算法库,并初始化加密密钥缓存区,设置缓存替换策略,同时,与虚拟机管理程序接口模块建立通信连接,等待接收读写事件通知,密钥管理模块利用硬件随机数生成器RNG生成主密钥,存储在安全世界的底层加密存储区域,采用加密存储格式,同时,初始化密钥分发通道,建立与安全监控模块、加密模块的安全通信链路,访问控制模块依据系统默认安全策略,配置内存区域访问权限寄存器,对于安全内存区域,设置只有处理器处于安全状态且授权标识的主体才能访问的权限;对于非安全内存区域,根据应用场景赋予不同的通用访问权限,完整性检测模块在安全世界运行哈希算法初始化,准备对虚拟机内存数据进行初始哈希计算,设置初始的检测周期;Step c, initialization of other modules: the encryption module loads several encryption algorithm libraries in the storage area of the secure world, initializes the encryption key cache, sets the cache replacement strategy, and at the same time, establishes a communication connection with the virtual machine management program interface module, waiting to receive read and write event notifications. The key management module generates a master key using the hardware random number generator RNG and stores it in the underlying encryption storage area of the secure world in an encrypted storage format. At the same time, the key distribution channel is initialized to establish a secure communication link with the security monitoring module and the encryption module. The access control module configures the memory area access permission register according to the system default security policy. For the secure memory area, it sets the permission that only the subject with the processor in a secure state and the authorized identification can access; for the non-secure memory area, different general access permissions are granted according to the application scenario. The integrity detection module runs the hash algorithm initialization in the secure world, prepares to perform the initial hash calculation on the virtual machine memory data, and sets the initial detection cycle; 步骤d、虚拟机创建与启动:虚拟机管理程序接口模块接收创建指令,与TrustZone硬件隔离模块协作,为虚拟机分配安全和非安全内存区域,根据虚拟机的用途,初步预估内存需求,按照预设比例划分内存,同时,为虚拟机配置初始的中断处理逻辑,关联到非安全中断向量表;Step d, virtual machine creation and startup: The virtual machine hypervisor interface module receives the creation instruction, cooperates with the TrustZone hardware isolation module, allocates secure and non-secure memory areas for the virtual machine, preliminarily estimates the memory requirements according to the purpose of the virtual machine, divides the memory according to the preset ratio, and configures the initial interrupt processing logic for the virtual machine, which is associated with the non-secure interrupt vector table; 步骤e、内存数据读写与防护流程:当虚拟机内的应用程序发起内存读写请求时,虚拟机管理程序接口模块首先捕获该请求,并判断请求的类型以及目标内存区域的安全属性,如果是对非安全内存区域的读写请求,且符合当前访问权限设置,请求直接转发到对应的非安全内存区域进行处理;若不符合权限,请求被拒绝,并通过虚拟机管理程序接口模块向虚拟机发送错误提示,同时安全监控模块记录违规访问详情,若是对安全内存区域的读写请求,无论是否符合初始权限,请求都被转发到安全监控模块,安全监控模块的访问请求截获子模块接收请求,结合当前系统安全策略,由安全策略执行子模块审查,若请求合法,安全监控模块将请求转发给加密模块或直接允许访问,加密模块根据数据的敏感程度,通过加密算法选择子模块确定加密算法,期间与密钥管理模块协作获取或更新加密密钥;Step e, memory data read, write and protection process: When the application in the virtual machine initiates a memory read or write request, the virtual machine management program interface module first captures the request and determines the type of request and the security attributes of the target memory area. If it is a read or write request for a non-secure memory area and complies with the current access permission setting, the request is directly forwarded to the corresponding non-secure memory area for processing; if it does not comply with the permission, the request is rejected, and an error prompt is sent to the virtual machine through the virtual machine management program interface module. At the same time, the security monitoring module records the details of the illegal access. If it is a read or write request for a secure memory area, regardless of whether it complies with the initial permission, the request is forwarded to the security monitoring module. The access request interception submodule of the security monitoring module receives the request, and the security policy execution submodule reviews it in combination with the current system security policy. If the request is legal, the security monitoring module forwards the request to the encryption module or directly allows access. The encryption module determines the encryption algorithm through the encryption algorithm selection submodule based on the sensitivity of the data, and cooperates with the key management module to obtain or update the encryption key during this period; 步骤f、实时监测与动态调整:智能自适应加密策略模块持续运行,通过与虚拟机管理程序接口模块深度集成,每隔设定的时间间隔获取虚拟机的运行状态、数据流量、应用类型的信息,基于这些信息,智能算法决策子模块依据预设的规则集,并缩短密钥更新周期,它向加密模块发送算法切换指令和向密钥管理模块发送密钥更新指令,确保加密策略动态适配虚拟机运行情况,同时,异常检测模块实时接收来自虚拟机内存的各类数据,通过数据采集预处理子模块进行清洗、归一化处理后,输入到训练好的模型中,模型实时判断是否存在异常访问行为,若检测到异常,异常检测预警子模块立即通过安全通信机制向安全监控模块发送预警信号,安全监控模块接收到信号后,能够采取临时隔离可疑进程措施;Step f, real-time monitoring and dynamic adjustment: The intelligent adaptive encryption strategy module runs continuously, and through deep integration with the virtual machine management program interface module, it obtains the information of the virtual machine's operating status, data traffic, and application type at set time intervals. Based on this information, the intelligent algorithm decision submodule sends algorithm switching instructions to the encryption module and key update instructions to the key management module according to the preset rule set and shortens the key update cycle to ensure that the encryption strategy dynamically adapts to the virtual machine's operation. At the same time, the anomaly detection module receives various types of data from the virtual machine's memory in real time, and after cleaning and normalization by the data acquisition preprocessing submodule, it is input into the trained model. The model determines in real time whether there is abnormal access behavior. If an anomaly is detected, the anomaly detection warning submodule immediately sends a warning signal to the security monitoring module through the secure communication mechanism. After receiving the signal, the security monitoring module can take temporary isolation measures for suspicious processes; 步骤g、完整性检测与篡改响应:完整性检测模块按照预设的周期或在关键操作触发哈希计算子模块对指定的虚拟机内存区域进行哈希计算,通过compute_hash函数实现,计算结果与之前保存的哈希值由比对验证子模块进行比对,若发现哈希值不同,表明数据可能被篡改,此时,篡改响应子模块迅速启动,通过安全通信机制向安全监控模块发送篡改警报,同时与日志与审计模块协作,记录篡改事件详情,安全监控模块接收到警报后,能够根据系统安全策略,决定是否临时隔离相关虚拟机或进程,防止危害扩散,并能够通知管理员进行进一步排查;Step g, integrity detection and tampering response: The integrity detection module triggers the hash calculation submodule to perform hash calculation on the specified virtual machine memory area according to the preset cycle or in the key operation, which is implemented by the compute_hash function. The calculation result is compared with the previously saved hash value by the comparison verification submodule. If the hash value is found to be different, it indicates that the data may be tampered with. At this time, the tampering response submodule is quickly started, and a tampering alarm is sent to the security monitoring module through the secure communication mechanism. At the same time, it cooperates with the log and audit module to record the details of the tampering event. After receiving the alarm, the security monitoring module can decide whether to temporarily isolate the relevant virtual machine or process according to the system security policy to prevent the spread of harm, and can notify the administrator for further investigation; 步骤h、密钥泄露应对:若密钥管理模块检测到密钥泄露风险,立即启动应急流程,首先,通过与加密模块协作,通知加密模块停止使用当前泄露风险的密钥,然后,密钥生成子模块利用硬件随机数生成器快速生成新的加密密钥,通过generate_new_key函数实现,新密钥经密钥存储子模块采用分层加密存储方式保存,替换原有密钥,并通过密钥分发子模块利用安全通道重新分发给加密模块,确保加密体系继续安全运行;Step h, key leakage response: If the key management module detects the risk of key leakage, it immediately starts the emergency process. First, by cooperating with the encryption module, it notifies the encryption module to stop using the key with the current leakage risk. Then, the key generation submodule uses the hardware random number generator to quickly generate a new encryption key through the generate_new_key function. The new key is stored in a hierarchical encrypted storage mode by the key storage submodule, replacing the original key, and redistributed to the encryption module through the key distribution submodule using a secure channel to ensure that the encryption system continues to operate safely. 步骤i、系统恢复操作:当遇到严重安全事件,恢复模块启动,它与完整性检测模块配合,若数据被篡改,数据恢复子模块从备份存储介质中获取原始数据,通过restore_data函数恢复到虚拟机内存中,同时,与密钥管理模块合作,若密钥泄露,重置密钥分发流程,确保新生成的密钥正确分发并更新相关加密和解密操作,在整个恢复过程中,恢复模块协调各相关模块,保障系统逐步恢复到安全稳定状态。Step i, system recovery operation: When encountering a serious security incident, the recovery module is started, and it cooperates with the integrity detection module. If the data is tampered with, the data recovery submodule obtains the original data from the backup storage medium and restores it to the virtual machine memory through the restore_data function. At the same time, it cooperates with the key management module. If the key is leaked, the key distribution process is reset to ensure that the newly generated key is correctly distributed and the relevant encryption and decryption operations are updated. During the entire recovery process, the recovery module coordinates the relevant modules to ensure that the system gradually recovers to a safe and stable state.
CN202510340328.6A 2025-03-21 2025-03-21 Virtual machine memory encryption and protection system and method based on ARM TrustZone Pending CN120257268A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510340328.6A CN120257268A (en) 2025-03-21 2025-03-21 Virtual machine memory encryption and protection system and method based on ARM TrustZone

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510340328.6A CN120257268A (en) 2025-03-21 2025-03-21 Virtual machine memory encryption and protection system and method based on ARM TrustZone

Publications (1)

Publication Number Publication Date
CN120257268A true CN120257268A (en) 2025-07-04

Family

ID=96192308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510340328.6A Pending CN120257268A (en) 2025-03-21 2025-03-21 Virtual machine memory encryption and protection system and method based on ARM TrustZone

Country Status (1)

Country Link
CN (1) CN120257268A (en)

Similar Documents

Publication Publication Date Title
US11606211B2 (en) Secured system operation
US10474813B1 (en) Code injection technique for remediation at an endpoint of a network
US10454950B1 (en) Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks
US12393684B2 (en) Method to prevent root level access attack and measurable SLA security and compliance platform
US10826933B1 (en) Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints
CN110233817B (en) Container safety system based on cloud computing
CN112766672A (en) Network security guarantee method and system based on comprehensive evaluation
CN118827140A (en) Data security protection system based on blockchain
US11122079B1 (en) Obfuscation for high-performance computing systems
CN112351022B (en) Security protection method and device for trust zone
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
CN113504971B (en) Container-based security interception method and system
CN107516039B (en) Security protection method and device for virtualized system
CN120257268A (en) Virtual machine memory encryption and protection system and method based on ARM TrustZone
US20210258331A1 (en) Penetration test monitoring server and system
Humphrey et al. Unified, multi-level intrusion detection in private cloud infrastructures
CN121597346A (en) Host deep security protection method and system
CN119830273A (en) Event detection method and device, storage medium and electronic equipment
WO2026055010A1 (en) Tamper response against physical and logical attacks on an hsm
CN103749001B (en) The self-protection GU Generic Unit of Inner Network Security Monitor System
CN121441525A (en) A method, system, device, and medium for power data security protection based on a zero-trust architecture.
CN119475448A (en) A data protection method, device, equipment and storage medium for vehicle-mounted terminal
WO2025008064A1 (en) Data processing apparatus and method for data flow integrity attestation
CN118709194A (en) Abnormal privilege escalation detection method, device, electronic device and storage medium
CN119094189A (en) An endogenous secure cloud cryptographic service management system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination