Unlock instant, AI-driven research and patent intelligence for your innovation.

Secure virtual machine system design method and system based on trusted execution environment

A security virtual machine and execution environment technology, applied in the field of virtualization, can solve the problem of not taking into account security and functionality, and achieve the effect of good universality and easy update and upgrade

Pending Publication Date: 2021-11-26
SHANGHAI JIAO TONG UNIV
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But this invention can not take into account safety and functionality

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Secure virtual machine system design method and system based on trusted execution environment
  • Secure virtual machine system design method and system based on trusted execution environment
  • Secure virtual machine system design method and system based on trusted execution environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] According to a method for designing a secure virtual machine system based on a trusted execution environment provided by the present invention, such as Figure 1-Figure 6 shown, including:

[0065] Divide trusted hypervisors into normal world hypervisors and secure world hypervisors:

[0066] The normal world virtual machine monitor is responsible for basic scheduling, memory management, and device management;

[0067] Enter the trusted virtual machine when the normal world virtual machine monitor completes configuration, and trigger cross-world switching;

[0068] The safe world virtual machine monitor is responsible for security checks, and cooperates to ensure the availability and security of trusted virtual machines;

[0069] The Secure World virtual machine monitor uses methods such as paravirtualization to provide I / O functions to trusted virtual machines;

[0070] The normal world virtual machine monitor and the secure world virtual machine monitor cooperate t...

Embodiment 2

[0083] Embodiment 2 is a preferred example of Embodiment 1 to describe the present invention more specifically.

[0084] Those skilled in the art can understand a trusted execution environment-based secure virtual machine system design method provided by the present invention as a specific implementation of a trusted execution environment-based secure virtual machine system design system, that is, the trusted-based The design system of a secure virtual machine system for an execution environment can be realized by executing the steps and procedures of the method for designing a secure virtual machine system based on a trusted execution environment.

[0085] According to a trusted execution environment-based secure virtual machine system design system provided by the present invention, it includes:

[0086] Divide trusted hypervisors into normal world hypervisors and secure world hypervisors:

[0087] The normal world virtual machine monitor is responsible for basic scheduling...

Embodiment 3

[0104] Embodiment 3 is a preferred example of Embodiment 1 to describe the present invention more specifically.

[0105] The goal of the whole invention is to realize the safe virtual machine service (or be called the trusted virtual machine service), guarantee the safety of the virtual machine, and provide more comprehensive security protection for the virtual machine.

[0106] The basic working principle of the whole invention is to use the trusted execution environment technology to split the previously unified virtual machine management and security functions into two parts. Administration section and Security section. The administrative part runs in the normal world, and the security part runs in the secure world. Since these functions were originally implemented in the virtual machine monitor (Hypervisor or VMM), we named the management part N-Visor and the security part S-Visor. Take its suffix.

[0107] While the separation of management functions and security funct...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a secure virtual machine system design method and system based on a trusted execution environment. The method comprises the following steps of dividing a trusted virtual machine monitor into a common world virtual machine monitor and a safe world virtual machine monitor, wherein the common world virtual machine monitor is responsible for basic virtual machine scheduling, memory management, device management and other management functions; entering the trusted virtual machine when the common world virtual machine monitor completes configuration, and triggering cross-world switching, wherein the secure world virtual machine monitor is responsible for security check and cooperatively guaranteeing the availability and security of the trusted virtual machine; the secure world virtual machine monitor provides an I / O function for the trusted virtual machine by using methods such as para-virtualization and the like; and the common world virtual machine monitor and the secure world virtual machine monitor dynamically manage the physical memory resources in a collaborative manner. According to the present invention, the existing TrustZone hardware characteristics of an ARM are fully utilized, and the system and the method are transparent to the virtual machine, which means that the bottom hardware and the upper-layer virtual machine do not need to be modified, so that the usability of the design scheme is embodied.

Description

technical field [0001] The present invention relates to the technical field of virtualization, specifically, a method and system for designing a secure virtual machine system based on a trusted execution environment are designed. Background technique [0002] The virtual machine monitor is an important software component in the operating system and is at a higher privilege level than the virtual machine. In the computer system, the bottom-level computing, storage, peripherals and other resources are managed in a unified way, and the application program is provided with a consistent abstraction of the virtual machine, and each virtual machine is provided with the virtualization of hardware resources, mainly including CPU, memory, I / O equipment and other parts are one of the core components of cloud computing. [0003] Trusted virtual machine technology refers to a technology that utilizes the security isolation mechanism of hardware to realize high security isolation betwee...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F21/53
CPCG06F9/45558G06F21/53G06F2009/45587G06F2009/45583G06F2009/4557G06F2009/45579
Inventor 糜泽羽李鼎基夏虞斌陈海波臧斌宇
Owner SHANGHAI JIAO TONG UNIV