Intel SGX state consistency protection method and system

A state preservation and state technology, applied in the field of cloud computing and information security, can solve problems such as poor platform migration effect and poor performance, and achieve improved fluency and reliability, strong versatility and portability, and good platform migration effect. Effect

Active Publication Date: 2018-07-20
HUAZHONG UNIV OF SCI & TECH
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The present invention realizes a state consistent protection mechanism that does not rely on special hardware and has a good platform migration effect by using the security channel established by remote verification, thereby solving the problems of poor performance and platform Problems such as poor migration effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intel SGX state consistency protection method and system
  • Intel SGX state consistency protection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] This embodiment discloses a state consistent protection method for a central processing unit capable of building a security zone, preferably, especially a state consistent protection method for Intel SGX. In the case of no conflict or contradiction, preferred implementation manners of other embodiments may serve as supplements to this embodiment.

[0033] Preferably, in this method, the central processing unit can support the construction of at least one security zone. Preferably, the security zone is a trusted execution environment built by the central processing unit. The code and data in the security zone can be protected from malicious software attacks, and neither privileged nor unprivileged software can access the security zone. Preferably, the central processing unit can construct several security zones for concurrent execution. For example, a CPU that supports Intel SGX builds several enclaves that execute concurrently. Alternatively, the central processing u...

Embodiment 2

[0056] This embodiment is a further improvement on Embodiment 1, and repeated content will not be repeated here. In the case of no conflict or contradiction, preferred implementation manners of other embodiments may serve as supplements to this embodiment.

[0057] The invention also discloses a communication system, which is suitable for executing each method step recorded in the invention, so as to achieve the expected technical effect.

[0058] According to a preferred embodiment, a communication system may include a first communication terminal and a second communication terminal. Preferably, both the first central processing unit of the first communication terminal and the second central processing unit of the second communication terminal can support the construction of at least one security zone. Preferably, the first communication terminal communicates remotely with the second communication terminal providing services thereto. Preferably, the second communication ter...

Embodiment 3

[0063]This embodiment is a further improvement on Embodiments 1 and 2 or their combination, and repeated content will not be repeated here. In the case of no conflict or contradiction, preferred implementation manners of other embodiments may serve as supplements to this embodiment.

[0064] This embodiment discloses a state consistent protection system based on central processing unit hardware, and the system is suitable for executing each method step described in the present invention to achieve expected technical effects.

[0065] According to a preferred embodiment, the system may include a first central processing unit and a second central processing unit. Preferably, both the first central processing unit and the second central processing unit support building at least one security zone. Preferably, the first central processing unit communicates remotely with the second central processing unit providing services thereto.

[0066] According to a preferred embodiment, th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an Intel SGX state consistency protection method and system. In the state consistency protection method for a central processing unit capable of constructing a safety region,the central processing unit (CPU) supports the construction of at least one safety region, and the CPU communicates with a remote server for providing the service in a remote way, the remote server has a remote verification module, and the remote verification module is used for assisting the accomplishment of each execution state saving operation and / or each execution state recovery operation; theremote verification is a verification mechanism for proving a specific safety region is established on the local platform to enable the safety region to acquire the trust of the remote server to theremote server by the CPU. And the state consistency protection method is independent of special hardware and good in platform migration effect.

Description

technical field [0001] The present invention relates to the technical fields of cloud computing and information security, and more specifically, to a method and system for protecting Intel SGX state consistency. Background technique [0002] The full name of Intel SGX is Intel Software Guard Extension, which is an extension of Intel instruction set architecture. The SGX trusted execution technology was proposed by Intel in 2013. At that time, the concept and principle of SGX were mainly proposed, but there was no hardware. Subsequently, SGX continued to develop and improve, and there are two versions, SGX1 and SGX2. It wasn't until two years later that the first generation of processors supporting SGX came out, the version being SGX1. Intel SGX has newly introduced more than a dozen instructions to create a trusted execution environment Enclave to protect the safe execution of user applications. This method is not to identify and isolate all malware on the platform, but t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06G06F21/57
CPCG06F21/57H04L9/3236H04L63/123G06F9/4401G06F11/0757G06F11/1438G06F11/1443G06F21/64G06F9/45558G06F11/1448G06F11/1464G06F21/12G06F21/305G06F21/53G06F21/74G06F2221/2149H04L63/0428
Inventor 羌卫中金海董泽照
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap