Internal isolation method for sgx security application

A security application and security isolation technology, applied in the field of computer security, can solve problems such as incompatibility of trusted computing bases, and achieve the effect of reducing trusted computing bases, having strong universality, and meeting security requirements.

Active Publication Date: 2021-06-11
SHANGHAI JIAOTONG UNIV
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] However, the trusted computing base in MPK technology is not compatible with the trusted computing base in SGX technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Internal isolation method for sgx security application
  • Internal isolation method for sgx security application
  • Internal isolation method for sgx security application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all belong to the protection scope of the present invention.

[0070] Abbreviations and key terms involved in the present invention are defined as follows:

[0071] -TCB: Trusted Computing Base, Trusted Computing Base;

[0072] -SGX: Software Guard Extension, software guard extension;

[0073] -MPK: Memory Protection Key, memory protection technology;

[0074] -RTM: Restricted Transactional Memory, hardware transactional memory technology;

[0075] -SSA: State Save Area, state save area.

[0076] According to an internal isolation method for SGX security applic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides an internal isolation method for SGX security applications, using the internal isolation system for SGX security applications, the system can implement a set system library, including one or more enclaves; the enclave includes one or more Thread; each thread in the enclave includes a PKRU register, and the PKRU register value of each thread in the enclave is different, so that each thread in the enclave can have a private address space area, It can only be accessed by this thread; the operating system running the enclave is recorded as an untrusted operating system; the present invention utilizes the advantage that MPK performance sacrifice is almost zero, and can perform memory area division, which not only further reduces the trusted computing base of enclave internal programs , and can meet the security requirements of current cloud computing service applications.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to an internal isolation method for SGX security applications. Background technique [0002] Trusted Computing Base (TCB) refers to all collections to ensure the safe operation of computer systems, including firmware, hardware, software, etc. [0003] For example, a security system for connecting TCB components disclosed in patent document CN101635016B, the system includes: application layer TCB components, which are used to implement the security policies set by each trusted software itself; operating system layer TCB components, which are used to implement information A security policy set by the system; and a pipeline, which is established between the TCB component of the application layer and the TCB component of the operating system layer, for realizing trusted message transmission between trusted components. The present application also discloses a security guarante...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/54G06F21/57
CPCG06F21/54G06F21/57G06F2221/2141G06F2221/2149
Inventor 古金宇夏虞斌陈海波臧斌宇
Owner SHANGHAI JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap