Hot patching method and hot patching device

A hot patch and patch file technology, applied in software deployment, platform integrity maintenance, etc., can solve the problems of increasing the security risk of patch files, unable to verify the signature of patch files, unable to guarantee the security of patch files, etc., to prevent attacks and ensure High reliability and safety

Active Publication Date: 2019-05-14
HUAWEI DEVICE CO LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Malicious code can also bypass the integrity measurement operation of the patch file by attacking the REE-side operating system, so that the REE-side operating system cannot perform signature verification on the patch file, and thus cannot guarantee the security of the patch file, thus increasing the risk of introducing patch files. security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hot patching method and hot patching device
  • Hot patching method and hot patching device
  • Hot patching method and hot patching device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment one, such as figure 2 As shown, an embodiment of the hot patch method of the present application includes:

[0052] 201. The security side executes the signature of the environment verification patch file.

[0053] The execution environment on the security side (for example, the trusted execution environment TEE above) uses the private key to check the signature of the patch file to verify whether the issuer of the patch file is credible. If the patch file passes the signature verification, it is determined that the patch file If the issuer of the patch file is a trusted issuer, the execution environment of the security side executes step 202; if the signature verification fails, it is determined that the issuer of the patch file is an untrusted issuer, and the execution environment of the security side stops loading the patch file. In addition, the patch file is used to repair security vulnerabilities of codes in the execution environment of the non-secure ...

Embodiment 2

[0069] Embodiment 2, as shown in Figure 3 (a), another embodiment of the hot patch method of the present application includes:

[0070] 301. The execution environment on the non-secure side sends the patch file to the secure executable environment.

[0071] When the code in the non-secure side execution environment has security vulnerabilities that need to be repaired, the non-secure side execution environment sends the patch file for repairing the above-mentioned security holes to the secure executable environment, so that the security side execution environment executes the loading of the patch file operate. Specifically, the Rich OS sends the patch file from the REE to the TEE.

[0072] 302. The security side executes the signature of the environment verification patch file.

[0073] 303. If the signature verification of the patch file passes, the security side execution environment analyzes the patch file to obtain the old code location and the new code.

[0074] Step 3...

Embodiment 3

[0098] Embodiment three, such as Figure 4 Shown, an embodiment of hot patch device among the present application, comprises:

[0099] Integrity measurement unit 401, used to verify the signature of the patch file;

[0100] The parsing unit 402 is configured to parse the patch file to obtain the old code location and the new code if the signature verification of the above patch file is verified;

[0101] The modifying unit 403 is configured to modify the code of the non-secure execution environment according to the position of the old code, so that when the non-secure execution environment executes to the position of the old code, it jumps to execute the new code.

[0102] In one example, such as Figure 5 As shown, the above hot patch device also includes:

[0103] The configuration unit 504 is configured to configure the physical memory of the update code to be non-writable in a non-secure state.

[0104] In one example, such as Figure 5 As shown, the above system also...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a hot patching method and a hot patching device, which are used for improving the security of a patch file, preventing attack of malicious codes and reducing the security riskof introducing the patch file. The method comprises: a security side executing a signature of an environment verification patch file; if the signature of the patch file passes the verification, the security side execution environment analyzes the patch file to obtain an old code position and a new code; and the security side execution environment modifying codes of a non-security side execution environment according to the old code position, so that the non-security side execution environment skips to execute the new code when executed to the old code position.

Description

technical field [0001] The present application relates to the field of computer software, in particular to a hot patch method and a hot patch device. Background technique [0002] In the communication system, in order to ensure the continuity of the communication service, the program providing the communication service should be restarted less and not interrupt the service, so as to achieve uninterrupted operation as much as possible. But when there is a bug (error) in the service program, when it needs to be repaired, the traditional method is to replace the original program file with the repaired program file to execute, so that restarting and service interruption will inevitably occur. Using the hot patch technology can effectively avoid the above problems. The hot patch technology is to compile the bug-correcting code into a patch file, and then let the service program load the patch file without interrupting the service, so as to replace the patch file with the code of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/53G06F8/65
Inventor 陈海波王楠李彬尹永宏
Owner HUAWEI DEVICE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products