Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for intel SGX state consistency protection

A state saving and state technology, applied in the field of cloud computing and information security, can solve the problems of poor platform migration effect and poor performance, and achieve improved fluency and reliability, strong versatility and portability, and good platform migration effect Effect

Active Publication Date: 2020-07-31
HUAZHONG UNIV OF SCI & TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The present invention realizes a state consistent protection mechanism that does not rely on special hardware and has a good platform migration effect by using the security channel established by remote verification, thereby solving the problems of poor performance and platform Problems such as poor migration effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for intel SGX state consistency protection
  • A method and system for intel SGX state consistency protection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] This embodiment discloses a state consistency protection method for a central processing unit that can construct a security zone, preferably, especially an Intel SGX state consistency protection method. In the case of no conflict or contradiction, the preferred implementation manners of other embodiments can be used as a supplement to this embodiment.

[0033] Preferably, in this method, the central processing unit can support the construction of at least one safe zone. Preferably, the security zone is a trusted execution environment constructed by the central processing unit. The security zone can protect the code and data within it from attacks by malicious software, and neither privileged or unprivileged software can access the security zone. Preferably, the central processing unit can construct several security zones for concurrent execution. For example, the central processing unit supporting Intel SGX constructs several enclaves that execute concurrently. Or, the ...

Embodiment 2

[0056] This embodiment is a further improvement of Embodiment 1, and the repeated content will not be repeated. In the case of no conflict or contradiction, the preferred implementation manners of other embodiments can be used as a supplement to this embodiment.

[0057] The invention also discloses a communication system, which is suitable for executing each method step recorded in the invention to achieve the expected technical effect.

[0058] According to a preferred embodiment, a communication system may include a first communication terminal and a second communication terminal. Preferably, both the first central processing unit of the first communication terminal and the second central processing unit of the second communication terminal can support the construction of at least one safe area. Preferably, the first communication terminal communicates with the second communication terminal that provides services for it in a remote communication manner. Preferably, the second ...

Embodiment 3

[0063] This embodiment is a further improvement of Embodiments 1, 2 or a combination thereof, and the repeated content will not be repeated. In the case of no conflict or contradiction, the preferred implementation manners of other embodiments can be used as a supplement to this embodiment.

[0064] This embodiment discloses a state consistency protection system based on the central processing unit hardware, which is suitable for executing each method step recorded in the present invention to achieve the expected technical effect.

[0065] According to a preferred embodiment, the system may include a first central processing unit and a second central processing unit. Preferably, both the first central processing unit and the second central processing unit support the construction of at least one safe zone. Preferably, the first central processing unit communicates with the second central processing unit that provides services for it in a remote communication manner.

[0066] Accord...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to an Intel SGX state consistent protection method and system, wherein, in a state consistent protection method for a central processor capable of constructing a security zone, the central processor supports the construction of at least one security zone, wherein the central processor uses The remote mode communicates with the remote server that provides services for it. The remote server has a remote verification module. The remote verification module is set to assist in the completion of each execution state saving operation and / or each execution state restoration operation. The remote verification is the central processing unit An authentication mechanism that proves to the remote server that it has established a specific security zone on the local platform so that the specific security zone can obtain the trust of the remote server. The invention does not depend on special hardware and has good platform migration effect.

Description

Technical field [0001] The present invention relates to the technical field of cloud computing and information security, and more specifically, to an Intel SGX state consistent protection method and system. Background technique [0002] Intel SGX stands for Intel Software Guard Extension, which is an extension of Intel instruction set architecture. SGX trusted execution technology was proposed by Intel in 2013. At that time, the concept and principle of SGX were mainly proposed, but there was no hardware. Subsequently, SGX continued to develop and improve, and there are two versions, SGX1 and SGX2. It was not until two years later that the first generation of processors supporting SGX came out, the version being SGX1. Intel SGX newly introduced more than a dozen instructions to create a trusted execution environment Enclave to protect the safe execution of user applications. This method is not to identify and isolate all malicious software on the platform, but to encapsulate t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06G06F21/57
CPCG06F21/57H04L9/3236H04L63/123G06F9/4401G06F11/0757G06F11/1438G06F11/1443G06F21/64G06F9/45558G06F11/1448G06F11/1464G06F21/12G06F21/305G06F21/53G06F21/74G06F2221/2149H04L63/0428
Inventor 羌卫中金海董泽照
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com