Method and system for protecting safety of dual-system shared memory data

A shared memory and data security technology, applied in the field of data interaction, can solve problems such as data leakage and lack of data security, and achieve the effect of protecting security and preventing data leakage

Pending Publication Date: 2019-05-21
XIAMEN YAXON NETWORKS CO LTD
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, because the shared memory in the existing dual system can be accessed by the processes connected to it, the data stored in it will lack security.
Therefore, it is necessary to propose a method that can solve t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for protecting safety of dual-system shared memory data
  • Method and system for protecting safety of dual-system shared memory data
  • Method and system for protecting safety of dual-system shared memory data

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0087] Example one

[0088] Please refer to figure 2 with image 3 This embodiment provides a method for protecting the data security of the dual-system shared memory, which can effectively prevent other client programs from reading the data in the shared memory, thereby ensuring the security of the data in the shared memory during the communication process.

[0089] This embodiment is based on figure 2 The data communication model of the dual system shown is realized. The server system call interface (GPTEE Internel API) is called by the server program of the security operating system, and the client program of the common operating system calls the client system call interface (GPTEE Client API), and the underlying common communication driver ( Doscom-driver) and the underlying secure communication driver (tee-driver) of the secure operating system for data communication.

[0090] The shared memory in this embodiment physically reflects a contiguous physical memory area, and the ...

Example Embodiment

[0114] Example two

[0115] This embodiment provides a specific application scenario based on the first embodiment, in which the client A requests the server A to encrypt data.

[0116] Specifically, the following steps may be included:

[0117] 1. Client A enters the doscom-driver area through the GPTEE Client API interface (assuming that the shared memory is idle at this time);

[0118] 2. Client A obtains the exclusive right of shared memory;

[0119] 3. Client A clears shared memory data;

[0120] 4. Client A encapsulates the data that needs to be sent to server A, and copies the encapsulated data to the shared memory area;

[0121] 5. The processor switches to the secure operating system to run, and the client enters sleep and waits;

[0122] 6. The secure operating system informs tee-driver to read shared memory data;

[0123] 7. tee-driver reads the shared memory data and parses the data;

[0124] 8. tee-driver sends the parsed data to server A;

[0125] 9. After server A receives the ...

Example Embodiment

[0132] Example three

[0133] This embodiment is further expanded on the basis of the first embodiment, and provides a data interaction method based on dual-system shared memory, which solves the problem of how to coordinate the dual-system and protect the data in the shared memory by using shared memory for communication between dual systems. This embodiment can effectively prevent other client programs from reading data in the shared memory, and can coordinate multiple clients and two operating systems to perform orderly operations on the shared memory process.

[0134] This embodiment is also based on figure 2 The data communication model of the dual system shown is realized.

[0135] Combine at the same time image 3 , The specific data exchange process is as follows:

[0136] S1: Preset a fast interrupt and its corresponding fast interrupt handler, an ordinary interrupt and its corresponding ordinary interrupt handler, the fast interrupt handler is located in the underlying secu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and system for protecting safety of shared memory data of double systems. The method comprises the steps of a client in a common operating system obtaining exclusive right of a shared memory in a non-use state; copying data to be sent to a server in a secure operating system by the client to a shared memory; the secure operating system reading the data from the shared memory and sending the data to the server; copying feedback data obtained by correspondingly processing the data by the server to a shared memory; the client reading the feedback data from the shared memory; and clearing the data in the shared memory, and releasing the exclusive right. The data in the shared memory is read and written in a mutually exclusive exclusive manner, and the data is cleared after the shared memory is read and written, so that the security of the data in the shared memory is ensured.

Description

technical field [0001] The invention relates to the field of data interaction, in particular to a method and system for protecting data security of shared memory of dual systems. Background technique [0002] Trustzone technology is a security extension function of the ARM processor. This technology can divide the processor core into two virtual cores: one is a security virtual core and the other is a normal virtual core; at the same time, it can divide the devices on the processor into Two states: safe state device and non-safe state device. An operating system can run on each of the two virtual cores. An operating system running under a secure virtual core is called a secure operating system, and an operating system running on a non-secure virtual core is called a normal operating system. Ordinary operating systems are rich in content and can run many applications, such as linux or Android systems. The secure operating system can access all resources on the processor, w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F9/48G06F9/54
CPCY02D10/00
Inventor 刘炯钟牛方超池炜宾杨岸蔡江为
Owner XIAMEN YAXON NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap