A scalable secure shadow storage and tag management method based on hardware isolation

A technology of hardware isolation and label management, applied in the field of information security, to achieve the effect of good scalability

Active Publication Date: 2019-02-19
HUBEI UNIV OF ARTS & SCI
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In order to solve the security and scalability problems of existing shadow storage, the presen...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A scalable secure shadow storage and tag management method based on hardware isolation
  • A scalable secure shadow storage and tag management method based on hardware isolation
  • A scalable secure shadow storage and tag management method based on hardware isolation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the implementation examples described here are only used to illustrate and explain the present invention, and are not intended to limit this invention.

[0039] SGX guarantees that the software in the enclave is isolated from all software outside the enclave. SGX hardware-based isolation is at the heart of the SGX security model. SGX ensures that the code in the enclave can only access the EPC pages and non-EPC pages belonging to its own enclave through a series of storage operation checks, and the code in the non-enclave cannot access the storage within the PRM range. In addition, MEE enables SGX to prevent physical attacks, and the data of EPC pages can be safely swapped to disk. The present invention draw...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a scalable secure shadow storage and label management method based on hardware isolation. This method uses Intel SGX's approach to building a secure execution environment to create isolated shadow storage intervals for processes. Shadow storage intervals are used to hold program runtime information. The invention refers to process runtime information as a label. Labels in the shadow storage interval are stored and managed in a paging-like manner and can only be accessed by the corresponding process through specific instructions. Even privileged programs (such as operating systems and virtual machine monitors) cannot be accessed or modified. Based on the secure shadow storage interval, different security rules can be implemented by setting the label data structure, such as control flow integrity, code pointer integrity, user process page access rights and so on.

Description

technical field [0001] The invention belongs to the technical field of information security, relates to a security shadow storage and label management method, in particular to a scalable security shadow storage and label management method based on hardware isolation. Background technique [0002] Shadow buckets are buckets that run parallel to normal data buckets. Currently, many security mechanisms are implemented based on shadow storage. Security policies implemented based on shadow storage include: Dynamic Information Flow Tracking (DIFT), Memory Safety, Code-Pointer Integrity and high-level security rules. There are also platforms that implement configurable security rules based on shadow storage. When these rules are implemented, tags (called Meta-data in some documents) are bound to data, pointers, storage locations or program objects, and the tags are stored in the shadow storage area. When using data, pointers or objects, read their corresponding labels. Accordin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/78
CPCG06F21/78
Inventor 张军侯锐杭波吴中博
Owner HUBEI UNIV OF ARTS & SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap