Access host verification method and device, access verification system, and storage medium

By simulating a Trusted Software Base (TSB) in the kernel program, dynamically measuring host memory addresses and lengths, and comparing digest value consistency, the problem of interface changes when verifying the trusted platform control module accesses host resources is solved, reducing development costs and time.

CN115422523BActive Publication Date: 2026-07-03BEIJING KEXIN HUATAI INFORMATION TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING KEXIN HUATAI INFORMATION TECH
Filing Date
2022-09-15
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

In existing technologies, verifying whether a trusted platform control module can actively access host resources requires modifying existing product interfaces, resulting in a waste of time and manpower.

Method used

By simulating a Trusted Software Base (TSB) through a pre-compiled kernel program, the host memory address and address length are passed to the target software stack. The Trusted Platform Control Module (TPC) is used to dynamically measure the host memory segment and compare whether the digest values ​​are consistent to confirm that the TPC can acquire host resources.

Benefits of technology

Without requiring changes to the product interface of the Trusted Platform Control Module, the workload of developers is reduced, the verification time is shortened, and the verification of the Trusted Platform Control Module's access to host resources is achieved.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115422523B_ABST
    Figure CN115422523B_ABST
Patent Text Reader

Abstract

This invention discloses a method and apparatus for verifying access to a host, an access verification system, and a storage medium, relating to the field of information security technology. By obtaining the host memory address and address length of the object to be measured, a pre-compiled kernel program is used to simulate a trusted software base, and the host memory address and address length are passed to the target software stack. The target software stack interfaces with a Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and address length, obtaining a measurement log. The measurement log includes at least a digest value of the object to be measured. The digest value of the object to be measured is compared with a pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the TPCM can obtain host resources. Verification of the TPCM's access to host resources can be completed without changing the product interface of the TPCM.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of information security, and more specifically, to a method and apparatus for verifying access to a host, an access verification system, and a storage medium. Background Technology

[0002] Currently, with the increasing demand for information security, the requirements and types of trusted security protection products have also increased significantly. In order to adapt to the ever-evolving needs of trusted security protection, the Trusted Computing Industry Alliance has launched the "Trusted Computing Product Specification". In section 7.2.1.4.1, regarding the active measurement of the root of trust (or trusted platform control module), Article 3 stipulates that "it should be verified whether the root of trust can actively obtain host resources (such as memory resources)". This specification's proof method needs to be proven.

[0003] In related technologies, when using a Trusted Platform Control Module (TPCM) for proactive measurement, the method to verify whether the TPCM can proactively access / acquire host resources is to add a software stack interface to the TPCM, inputting arbitrary memory addresses and lengths, calculating a digest value, and printing it to the TPCM serial port. However, this method has significant drawbacks: it requires changes to the existing product interface definition, demanding time and manpower from developers, and the additional calculation of this memory address digest value also increases the load on the TPCM.

[0004] There is currently no effective solution to the above problems. Summary of the Invention

[0005] This invention provides a method and apparatus for verifying access to a host, an access verification system, and a storage medium, to at least solve the technical problem in related technologies that requires modifying existing product interfaces and wasting a lot of time when verifying whether a trusted platform control module can actively access host resources.

[0006] According to one aspect of the present invention, a method for verifying access to a host is provided, comprising: obtaining the host memory address and address length of an object to be measured; simulating a Trusted Software Base (TSB) using a pre-compiled kernel program, and passing the host memory address and address length to a target software stack, wherein the target software stack interfaces with a Trusted Platform Control Module (TPCM), the TPCM dynamically measures the host memory segment indicated by the host memory address and the address length to obtain a measurement log, the measurement log including at least: a digest value of the object to be measured; comparing whether the digest value of the object to be measured is consistent with a pre-recorded host digest value to obtain a comparison result, wherein if the comparison result indicates that the digest values ​​are consistent, it is confirmed that the TPCM can obtain host resources.

[0007] Optionally, the steps of obtaining the host memory address and address length of the object to be measured include: installing trusted protection software on the terminal host, wherein the trusted protection software performs dynamic measurement on the terminal host through a trusted platform control module (TPCM); after the trusted protection software is installed, activating the dynamic measurement switch; determining the object to be measured for the dynamic measurement of the host memory of the terminal host, wherein the object to be measured is at least one of the following: the system call table of the host memory, the interrupt descriptor of the host memory, and the kernel code segment of the host memory; obtaining any host memory segment associated with the object to be measured, determining the memory starting address of the any host memory segment, and using the memory starting address as the host memory address; and determining the address length based on the address length selection requirements.

[0008] Optionally, the step of using a pre-compiled kernel program to simulate a Trusted Software Base (TSB) and passing the host memory address and the address length to the target software stack includes: loading the pre-compiled kernel program; using the kernel program to package the host memory address and the address length into a program data packet; and using the kernel program to call the software stack interface to pass the program data packet to the target software stack.

[0009] Optionally, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the method further includes: establishing a communication link with the module interface of the trusted platform control module, and obtaining the measurement log transmitted by the module interface of the trusted platform control module based on the communication link; obtaining the measurement log transmitted by the management platform center of the terminal host, wherein the management platform center is connected to the trusted platform control module.

[0010] Optionally, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the method further includes: when the measurement duration reaches a predetermined interval, packaging the summary value of the object to be measured into the measurement log; and uploading the measurement log to the management platform center of the terminal host.

[0011] Optionally, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the method further includes: loading a pre-compiled host-side digest calculation program; and using the host-side digest calculation program to calculate a digest value for the host memory address and the host memory segment indicated by the address length to obtain the host digest value.

[0012] Optionally, the step of confirming that the trusted platform control module can obtain host resources includes: confirming that the trusted platform control module can access any host memory segment in the host memory.

[0013] Optionally, after confirming that the trusted platform control module can acquire host resources, the method further includes: restarting the trusted software base on the terminal host, and controlling the trusted software base to transmit the host memory address of the object to be measured to the trusted platform control module.

[0014] According to another aspect of the present invention, a system for verifying access to host memory by a trusted platform control module based on trusted protection software is also provided. The system provides proactive security protection services to a trusted computing platform through the trusted protection software, comprising: host memory, the internal space of which is divided into N host memory segments, where N is a positive integer greater than or equal to 1; the trusted computing platform, which integrates a trusted platform control module (TPCM) and a trusted software base (TSB), through which the TPCM dynamically measures the host memory segments; and a trusted security management center, running on a server, used to obtain the host memory address and address length of the object to be measured, and to simulate the trusted software base (TSB) using a pre-compiled kernel program, passing the host memory address and address length to the target software stack, receiving the measurement log from the TPCM, and comparing the digest value of the object to be measured in the measurement log with a pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the TPCM can access any one of the N host memory segments. The TPCM dynamically measures the host memory segment indicated by the host memory address and the address length to obtain the measurement log.

[0015] According to another aspect of the present invention, a verification device for accessing a host is also provided, comprising: an acquisition unit, configured to acquire the host memory address and address length of an object to be measured; a transmission unit, configured to simulate a Trusted Software Base (TSB) using a pre-compiled kernel program, and transmit the host memory address and address length to a target software stack, wherein the target software stack interfaces with a Trusted Platform Control Module (TPCM), the TPCM dynamically measures the host memory segment indicated by the host memory address and the address length to obtain a measurement log, the measurement log including at least: a digest value of the object to be measured; and a verification unit, configured to compare whether the digest value of the object to be measured is consistent with a pre-recorded host digest value, and obtain a comparison result, wherein if the comparison result indicates that the digest values ​​are consistent, it is confirmed that the TPCM can acquire host resources.

[0016] Optionally, the acquisition unit includes: a first installation module, used to install trusted protection software on the terminal host, wherein the trusted protection software performs dynamic measurement on the terminal host through a trusted platform control module (TPCM); a first startup module, used to start the dynamic measurement switch after the trusted protection software is installed; a first determination module, used to determine the object to be measured for dynamic measurement of the host memory of the terminal host, wherein the object to be measured is at least one of the following: the system call table of the host memory, the interrupt descriptor of the host memory, and the kernel code segment of the host memory; a first acquisition module, used to acquire any host memory segment associated with the object to be measured, determine the memory starting address of the any host memory segment, and use the memory starting address as the host memory address; and a first determination module, used to determine the address length based on address length selection requirements.

[0017] Optionally, the transmission unit includes: a first loading module for loading the pre-compiled kernel program; a first packaging module for using the kernel program to package the host memory address and the address length into a program data packet; and a calling module for using the kernel program to call a software stack interface to pass the program data packet into the target software stack.

[0018] Optionally, the verification device for accessing the host further includes: a first establishment module, used to establish a communication link with the module interface of the trusted platform control module after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain a measurement log, and to obtain the measurement log transmitted by the module interface of the trusted platform control module based on the communication link; and a second acquisition module, used to acquire the measurement log transmitted by the management platform center of the terminal host, wherein the management platform center is connected to the trusted platform control module.

[0019] Optionally, the verification device for accessing the host further includes: a second packaging module, used to package the summary value of the object to be measured into the measurement log after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, when the measurement duration reaches a predetermined interval; and an upload module, used to upload the measurement log to the management platform center of the terminal host.

[0020] Optionally, the verification device for accessing the host further includes: a second loading module, used to load a pre-compiled host-side digest calculation program after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain a measurement log; and a calculation module, used to calculate a digest value for the host memory address and the host memory segment indicated by the address length using the host-side digest calculation program to obtain the host digest value.

[0021] Optionally, confirming that the trusted platform control module can acquire host resources includes: confirming that the trusted platform control module can access any host memory segment in the host memory.

[0022] Optionally, the verification device for accessing the host further includes: a restart module, used to restart the trusted software base on the terminal host after confirming that the trusted platform control module can obtain host resources, and control the trusted software base to transmit the host memory address of the object to be measured to the trusted platform control module.

[0023] According to another aspect of the present invention, a computer-readable storage medium is also provided, the computer-readable storage medium including a stored computer program, wherein, when the computer program is executed, it controls the device where the computer-readable storage medium is located to perform the authentication method for accessing the host as described in any one of the above embodiments.

[0024] In this disclosure, the host memory address and address length of the object to be measured are first obtained. A pre-compiled kernel program is used to simulate a Trusted Software Base (TSB) and the host memory address and address length are passed to the target software stack. The digest value of the object to be measured is compared with the pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the Trusted Platform Control Module (TPCM) can acquire host resources. The target software stack interfaces with the Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured.

[0025] In this disclosure, a Trusted Software Base (TSB) can be simulated through a kernel program, directly passing the host memory address and address length to the target software stack. The Trusted Platform Control Module (TPC) dynamically measures the memory segment indicated by the address and length, uploads a digest value, and confirms that the TPC can access host resources after comparing it with the host digest value. This method can verify the TPC's access to host resources without changing the product interface of the TPC, reducing the workload of developers and significantly shortening the verification time. This solves the technical problem in related technologies where it is necessary to change the existing product interface and waste a lot of time when verifying whether the TPC can actively access host resources.

[0026] In this disclosure, to verify the ability of the Trusted Platform Control Module (TPM) to access host resources (including memory resources), two sets of programs are provided: a kernel program and a host-side digest calculation program (or host-side soft algorithm program). The kernel program can simulate the TSB function by passing the host memory address and address length to the software stack. In this way, the TPM can dynamically measure the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured. The host-side digest calculation program directly calculates the digest value of the host memory segment corresponding to the host memory address and address length on the host side. By comparing whether the two digest values ​​are consistent, the ability of the TPM to access host memory can be verified. Attached Figure Description

[0027] The accompanying drawings, which are included to provide a further understanding of the invention and form part of this application, illustrate exemplary embodiments of the invention and, together with their description, serve to explain the invention and do not constitute an undue limitation thereof. In the drawings:

[0028] Figure 1 This is a flowchart of an optional authentication method for accessing a host according to an embodiment of the present invention;

[0029] Figure 2 This is a flowchart of another optional authentication method for accessing a host according to an embodiment of the present invention;

[0030] Figure 3 This is a schematic diagram of an optional system for accessing host memory based on a trusted platform control module for verification using trusted protection software, according to an embodiment of the present invention.

[0031] Figure 4 This is a schematic diagram of an optional access host verification device according to an embodiment of the present invention;

[0032] Figure 5This is a hardware structure block diagram of an electronic device (or mobile device) for an authentication method for accessing a host according to an embodiment of the present invention. Detailed Implementation

[0033] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.

[0034] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0035] To facilitate understanding of the present invention by those skilled in the art, some terms or nouns involved in the various embodiments of the present invention are explained below:

[0036] TCM, Trusted Cryptographic Module, is a hardware module of a trusted computing platform that provides cryptographic operation functions for the platform and has protected storage space.

[0037] TPCM, Trusted Platform Control Module / Root of Trust, is a core hardware module integrated into a trusted computing platform to establish and secure trust sources. It provides functions such as integrity measurement, secure storage, trusted reporting, and cryptographic services for trusted computing.

[0038] Trusted Software Base (TSB) is a collection of software elements that support the trustworthiness of a trusted computing platform.

[0039] TSS, Trusted Software Stack, is the supporting software for TPM on the Trusted Computing Platform. The main function of TSS is to provide an interface for operating systems and application software to use TPM.

[0040] Dynamic metrics refer to metrics used during the operation of device systems and applications.

[0041] Static metrics are metrics used during the device system startup process and application loading.

[0042] It should be noted that the following embodiments of the present invention can be applied to trusted security protection scenarios in the field of information security to verify that a trusted platform control module can access any host memory resources. Of course, they can also be applied to other untrusted security protection scenarios to verify that a trusted platform control module can access any host memory resources.

[0043] It should be noted that the verification methods, devices, and systems for accessing the host can be implemented by a Trusted Security Management Center / Trusted Security Management Platform. The target of its trusted proactive protection is a Trusted Computing Platform, which can refer to a client or computer used by the user. After the client installs trusted protection software, the Trusted Security Management Center / Platform (running on a server) processes data from various target clients or the Trusted Computing Platform and issues proactive defense tasks. The system running on the Trusted Computing Platform includes a parallel computing subsystem and a protection subsystem. The computing subsystem is used to complete computing tasks, while the protection subsystem uses the trusted protection software to proactively measure the computing subsystem according to trusted policies. The target client is responsible for collecting access behavior data from the application and reporting it to the Trusted Security Management Center, thereby updating the trusted policies and trusted protection software in real time and improving security performance.

[0044] The aforementioned trusted computing platform / target client may include, but is not limited to: tablets, mobile terminals, PCs, iPads, etc.

[0045] It should be noted that the following embodiments of the present invention mainly verify / check whether the trusted platform control module can actively obtain host resources (e.g., host memory resources). In this embodiment, the main purpose is to verify whether the trusted platform control module can actively access any host memory segment.

[0046] The TPCM Trusted Platform Control Module (TPCM) measures three types of objects: First, it measures the trust chain, ensuring trust between each level during system startup and guaranteeing trustworthiness at each stage. Second, the TPCM can perform dynamic measurements during normal system operation: the TSB transmits the measurement address and length to the TPCM, which then obtains the digest value of the data at that address, performs measurements at set time intervals, and reports the measurements in the log. Third, the TPCM can measure the system call table (syscall_table), interrupt descriptors (IDT), and kernel code segment in the host memory. The following embodiments of this invention use the third type as the measurement object, namely, measuring the system call table, interrupt descriptors, and kernel code segment in the host memory.

[0047] It should be noted that the following embodiments of the present invention do not require modification of the interface of the Trusted Platform Control Module (i.e., no modification is made to existing products). In order to enable the TSB to actively obtain memory address and address length parameters, this application simulates the function of the TSB by passing the address and length parameters of any segment of host memory to the software stack. Then, the Trusted Platform Control Module interprets this as the address and length of the system call table syscall_table (or two segments of other host memory), performs dynamic measurement, and prints the digest value as a dynamic measurement audit log on the TPCM serial port at time intervals and uploads it to the Trusted Security Management Center as a measurement log / audit log. In this way, the Trusted Security Management Center can compare the digest value in the measurement log with the digest value calculated by the host side using a soft algorithm. If they match, it proves that the Trusted Platform Control Module can access any segment of host-side memory (hereinafter referred to as host memory).

[0048] It should be noted that, in order to verify the ability of the Trusted Platform Control Module to access host memory, the following embodiments of the present invention provide two sets of programs: a kernel program and a host-side digest calculation program (or: host-side soft algorithm program). The kernel program can simulate the TSB function, passing the host memory address and address length to the software stack. In this way, the Trusted Platform Control Module can dynamically measure the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured. The host-side digest calculation program directly calculates the digest value of the host memory segment corresponding to the host memory address and address length on the host side. By comparing whether the two digest values ​​are consistent, the ability of the Trusted Platform Control Module to access host memory can be verified.

[0049] The present invention will now be described in detail with reference to various embodiments.

[0050] Example 1

[0051] According to an embodiment of the present invention, an embodiment of a method for verifying access to a host is provided. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0052] Figure 1 This is a flowchart of an optional authentication method for accessing a host according to an embodiment of the present invention, such as... Figure 1 As shown, the method includes the following steps:

[0053] Step S102: Obtain the host memory address and address length of the object to be measured;

[0054] Step S104: A pre-compiled kernel program is used to simulate a Trusted Software Base (TSB) and pass the host memory address and address length to the target software stack. The target software stack interfaces with the Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured.

[0055] Step S106: Compare the digest value of the object to be measured with the pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the trusted platform control module can obtain host resources.

[0056] Through the above steps, the host memory address and address length of the object to be measured can be obtained. A pre-compiled kernel program is used to simulate a Trusted Software Base (TSB) and pass the host memory address and address length to the target software stack. The target software stack interfaces with the Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured. The digest value of the object to be measured is compared with the pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the TPCM can obtain the host resources. In this embodiment, a Trusted Software Base (TSB) can be simulated through a kernel program, directly passing the host memory address and address length to the target software stack. The Trusted Platform Control Module (TPC) dynamically measures the memory segment indicated by the address and length to obtain the digest value of the object to be measured. After comparing it with the host digest value, it can be confirmed that the TPC can obtain host resources. In this way, the verification of the TPC's access to host resources can be completed without changing the product interface of the TPC, reducing the workload of developers and greatly reducing the verification time. This solves the technical problem in related technologies that it is necessary to change the existing product interface when verifying whether the TPC can actively access host resources, which wastes a lot of time.

[0057] The method provided in this embodiment utilizes the Trusted Platform Control Module to dynamically measure existing interfaces without modifying the product interface. A kernel testing program is written to simulate the address and length of any segment of host memory passed to the software stack via TSB. The Trusted Platform Control Module considers this a dynamic measurement, uploads a digest value, and compares it with the host digest value. Once they match, it can prove that the Trusted Platform Control Module can access any segment of host resources.

[0058] The embodiments of the present invention will be described in detail below with reference to the above implementation steps.

[0059] Step S102: Obtain the host memory address and address length of the object to be measured.

[0060] It should be noted that the objects to be measured in this embodiment are at least one of the following: the system call table in the host memory (represented by syscall_table in this embodiment), the interrupt descriptor in the host memory (represented by idt in this embodiment), and the kernel code segment in the host memory (represented by kernel_section).

[0061] Optionally, step S102 includes: installing trusted protection software on the terminal host, wherein the trusted protection software performs dynamic measurement on the terminal host through the Trusted Platform Control Module (TPCM); after the trusted protection software is installed, activating the dynamic measurement switch; determining the object to be measured for the dynamic measurement of the host memory of the terminal host; obtaining any segment of host memory associated with the object to be measured, determining the memory start address of the any segment of host memory, and using the memory start address as the host memory address; and determining the address length based on the address length selection requirements.

[0062] Trusted protection software can be a product used to provide trusted security protection, proactive dynamic measurement, and static monitoring for terminal hosts. After the trusted protection software is installed, turn on the dynamic measurement switch, enable dynamic measurement logs and measurement auditing. There are three types of dynamic measurement log (syscall_table, idt, kernel_section) summary values ​​that need to be uploaded to the trusted security management center.

[0063] It should be noted that, in order to simulate the function of TSB, it is necessary to select any segment of the pre-segmented host memory. Optionally, this embodiment provides a strategy for selecting any segment of host memory: On the terminal host operating system, enter the command "cat / proc / iomem|grep System", select any area marked "System RAM", and record the memory start address and length (the length should not be too long, as the calculation time is long). This memory start address is a physical address (TPCM can only recognize physical addresses and cannot recognize virtual machine addresses, so it can be passed to TPCM as a program parameter without the need for physical address and virtual machine address conversion, which is relatively simple and convenient). The selected host memory address and address length are obtained.

[0064] Step S104: A pre-compiled kernel program is used to simulate a Trusted Software Base (TSB) and pass the host memory address and address length to the target software stack.

[0065] Optionally, step S104 includes: loading a pre-compiled kernel program; using the kernel program to package the host memory address and address length into a program data packet; and using the kernel program to call the software stack interface to pass the program data packet into the target software stack.

[0066] The kernel program provided in this embodiment is based on the existing dynamic measurement function and imitates the function of TSB. The existing dynamic measurement function refers to the ability to calculate the hash of three segments, with the address and length being passed in by TSB. It is conceivable that a kernel program can be compiled to simulate the TSB function, pass any segment of memory to the software stack, and make the trusted platform control module think that it is the address and length of syscall_table (the other two segments can also be used) for dynamic measurement.

[0067] The program types for the software stack interface include various styles, which can be set according to the size and available ratio of different host memory, and are not limited here.

[0068] As an optional embodiment of the present invention, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the method further includes: establishing a communication link with the module interface of the trusted platform control module, and obtaining the measurement log transmitted by the module interface of the trusted platform control module based on the communication link; obtaining the measurement log transmitted by the management platform center of the terminal host, wherein the management platform center is connected to the trusted platform control module.

[0069] Optionally, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, it also includes: when the measurement duration reaches a predetermined interval, packaging the summary value of the object to be measured into a measurement log; and uploading the measurement log to the management platform center of the terminal host.

[0070] In this embodiment, you can directly view the dynamic measurement log, the TPCM serial port output, or the measurement log of the management center (both are generated by TPCM and there is no difference), and record the summary value of the object to be measured at this moment.

[0071] It should be noted that after the trusted platform control module dynamically measures the host memory segment indicated by the host memory address and address length to obtain the measurement log, it also includes: loading a pre-compiled host-side digest calculation program; using the host-side digest calculation program to calculate the digest value of the host memory segment indicated by the host memory address and address length to obtain the host digest value.

[0072] In addition to providing a kernel program to simulate the function of TSB, this embodiment also provides a host-side digest calculation program (i.e., a host-side soft algorithm digest calculation program). The whitelisting operation in the management center (specifically, it can refer to adding the compiled kernel program and the host-side digest calculation program to the whitelist through the management center and then distributing them to the terminal host) enables them to be executed on the terminal host. The starting address and length of any previously selected host memory segment are recorded, and the output digest value (i.e., the host digest value) is obtained.

[0073] Step S106: Compare the digest value of the object to be measured with the pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the trusted platform control module can obtain host resources.

[0074] After obtaining the two digest values, it is possible to compare whether the two digest values ​​are consistent. If they are consistent, it is confirmed that the Trusted Platform Control Module can obtain host resources. If they are inconsistent, it is confirmed that the Trusted Platform Control Module cannot obtain host resources.

[0075] Optionally, the step of confirming that the trusted platform control module can obtain host resources includes: confirming that the trusted platform control module can access any host memory segment in the host memory. In this embodiment, the host resources mainly refer to host memory resources, which include N memory segments, each of which is pre-divided into lengths and intervals.

[0076] Alternatively, after confirming that the Trusted Platform Control Module can acquire host resources, the method further includes: restarting the Trusted Software Base on the terminal host and controlling the Trusted Software Base to transmit the host memory address of the object to be measured to the Trusted Platform Control Module.

[0077] After confirming that the Trusted Platform Control Module (TPCM) can actively acquire host resources, the correct address and length of dynamic measurement can be restored. During restoration, the Trusted Software Base (TSB) service can be restarted directly on the terminal, allowing the TSB to retransmit the correct syscall_table, idt, and kernel_section addresses to the TPCM. The TPCM can then perform normal dynamic measurement operations.

[0078] Figure 2 This is a flowchart of another optional authentication method for accessing a host according to an embodiment of the present invention, such as... Figure 2 As shown, the verification method includes:

[0079] Step S201: Determine whether a trusted product is installed. If yes, proceed to step S202; otherwise, proceed to step S209.

[0080] Step S202: Turn on the Trusted Product Dynamic Measurement Switch and the Dynamic Measurement Audit Switch;

[0081] After the trusted protection software (trusted product) is installed, the management center displays that the terminal is online, the dynamic measurement switch is turned on, the dynamic measurement audit switch is turned on, and three types of dynamic measurement logs (syscall_table, idt, kernel_section) including summary values ​​are uploaded to the management center.

[0082] Step S203: Add the compiled kernel program and host-side software algorithm program to the whitelist through the management center and distribute them to the terminal host;

[0083] Write the kernel program, add it to the management center so that it can be executed in the terminal, and pass the determined memory start address and length as program parameters (to prove that any memory segment is possible). This program simulates TSB, calls the software stack interface, passes the program parameters to the target software stack, and uses the memory segment as a syscall_table for dynamic measurement.

[0084] Step S204: Select any memory address segment of the terminal host;

[0085] Method for selecting any memory segment: On the terminal host operating system, enter the command "cat / proc / iomem|grep System", select any area marked "System RAM", and record the address value and length (the length should not be too long, as the calculation time is long). This address is the physical address (TPCM can only recognize physical addresses and cannot recognize virtual machine addresses, so it can be passed to TPCM as a program parameter without the need for physical address and virtual machine address conversion, which is relatively simple and convenient).

[0086] Step S205: Input the selected memory address into the kernel program and the host-side soft algorithm program, and record the digest value calculation result;

[0087] The host-side soft algorithm program calculates the digest value, adds it to the management center, and makes it executable on the terminal. It takes the selected memory starting address and length as input, checks the log, and records the output digest value (whether it is consistent with the pre-recorded host digest value mentioned above).

[0088] Check the dynamic measurement log of the management center, check the TPCM serial port output or the management center log (both are generated by TPCM and there is no difference), and record the summary value of syscall_table at this moment (corresponding to the summary value of the object to be measured in the measurement log mentioned above).

[0089] Step S206: Compare the digest calculation values ​​output by the kernel program and the host-side soft algorithm program. If they are the same, proceed to step S207; otherwise, proceed to step S209.

[0090] If the digest values ​​are consistent, it proves that the trusted platform control module can actively acquire host resources (such as memory resources).

[0091] Step S207: Confirm that the trusted platform control module can actively acquire host resources;

[0092] Step S208: Restart the TSB service.

[0093] To restore the correct addresses and lengths for dynamic measurements: Simply restart the TSB service on the terminal, allowing the TSB to retransmit the correct syscall_table, idt, and kernel_section addresses to the TPCM. The TPCM will then be able to perform normal dynamic measurement operations.

[0094] Step S209, End.

[0095] The above embodiments do not require modification of existing product interfaces and do not impose new loads on the Trusted Platform Control Module. The verification operation of the Trusted Platform Control Module can be directly implemented using the existing TPCM dynamic measurement mechanism. By selecting any available (marked as Systemd) memory segment in the host memory, there is no need to perform physical address and virtual machine address conversion, which is relatively simple and convenient.

[0096] Meanwhile, the TSB recovery method provided in this embodiment is also very simple: simply restart the TSB service, allowing TSB to retransmit the correct syscall_table, idt, and kernel_section addresses to TPCM, and TPCM can then perform normal dynamic measurement operations.

[0097] Example 2

[0098] Figure 3 This is a schematic diagram of an optional system based on trusted protection software for verifying a trusted platform control module's access to host memory, according to an embodiment of the present invention. The trusted protection software provides proactive security protection services for the trusted computing platform, such as... Figure 3 As shown, the system includes:

[0099] Host memory 301 is internally divided into N host memory segments, where N is a positive integer greater than or equal to 1; this host memory 301 is a component of the client host.

[0100] The Trusted Computing Platform 302 integrates the Trusted Platform Control Module (TPCM) and the Trusted Software Base (TSB) to dynamically measure host memory segments.

[0101] The Trusted Security Management Center 303, running on a server, is used to obtain the host memory address and address length of the object to be measured. It uses a pre-compiled kernel program to simulate a Trusted Software Base (TSB), passing the host memory address and address length to the target software stack. It receives the measurement log from the Trusted Platform Control Module and compares the digest value of the object to be measured in the measurement log with the pre-recorded host digest value to obtain the comparison result. If the comparison result indicates that the digest values ​​are consistent, it confirms that the Trusted Platform Control Module can access any one of the N host memory segments. The Trusted Platform Control Module dynamically measures the host memory segment indicated by the host memory address and address length to obtain the measurement log.

[0102] The aforementioned system can obtain the host memory address and address length of the object to be measured through the Trusted Security Management Center 303, and use a pre-compiled kernel program to simulate a Trusted Software Base (TSB), passing the host memory address and address length to the target software stack. It receives the measurement log from the Trusted Platform Control Module and compares the digest value of the object to be measured in the measurement log with the pre-recorded host digest value to obtain the comparison result. If the comparison result indicates that the digest values ​​are consistent, it confirms that the Trusted Platform Control Module can access any one of the N host memory segments. The Trusted Platform Control Module 302 then dynamically measures the host memory segment indicated by the host memory address and address length to obtain the measurement log. In this embodiment, a Trusted Software Base (TSB) can be simulated through a kernel program, directly passing the host memory address and address length to the target software stack. The Trusted Platform Control Module (TPC) dynamically measures the memory segment indicated by the address and length, uploads a digest value, and confirms that the TPC can access host resources after comparing it with the host digest value. This way, the verification of the TPC's access to host resources can be completed without changing the product interface of the TPC, reducing the workload of developers and greatly reducing the verification time. This solves the technical problem in related technologies where it is necessary to change the existing product interface and waste a lot of time when verifying whether the TPC can actively access host resources.

[0103] The method provided in this embodiment utilizes the Trusted Platform Control Module to dynamically measure existing interfaces without modifying the product interface. A kernel testing program is written to simulate the address and length of any segment of host memory passed to the software stack via TSB. The Trusted Platform Control Module considers this a dynamic measurement, uploads a digest value, and compares it with the host digest value. Once they match, it can prove that the Trusted Platform Control Module can access any segment of host resources.

[0104] It should be noted that the objects to be measured in this embodiment are at least one of the following: the system call table in the host memory (represented by syscall_table in this embodiment), the interrupt descriptor in the host memory (represented by idt in this embodiment), and the kernel code segment in the host memory (represented by kernel_section).

[0105] Optionally, after installing the trusted protection software, enable the dynamic measurement switch, identify the target object for dynamic measurement of the terminal host's memory, obtain any host memory segment associated with the target object, determine the starting address of any host memory segment, and use the starting address as the host memory address. Based on the address length selection requirements, determine the address length. The trusted protection software can be a product used for trusted security protection, proactive dynamic measurement, and static monitoring of the terminal host. After the trusted protection software is installed, enable the dynamic measurement switch, enable dynamic measurement logging and measurement auditing. The summary values ​​of three types of dynamic measurement logs (syscall_table, idt, kernel_section) need to be uploaded to the trusted security management center.

[0106] It should be noted that, in order to simulate the function of TSB, it is necessary to select any segment of the pre-segmented host memory. Optionally, this embodiment provides a strategy for selecting any segment of host memory: On the terminal host operating system, enter the command "cat / proc / iomem|grep System", select any area marked "System RAM", and record the memory start address and length (the length should not be too long, as the calculation time is long). This memory start address is a physical address (TPCM can only recognize physical addresses and cannot recognize virtual machine addresses, so it can be passed to TPCM as a program parameter without the need for physical address and virtual machine address conversion, which is relatively simple and convenient). The selected host memory address and address length are obtained.

[0107] Optionally, a pre-compiled kernel program can be loaded; the kernel program can package the host memory address and address length into a program data packet; and the kernel program can call the software stack interface to pass the program data packet to the target software stack.

[0108] The kernel program provided in this embodiment is based on the existing dynamic measurement function and imitates the function of TSB. The existing dynamic measurement function refers to the ability to calculate the hash of three segments, with the address and length being passed in by TSB. It is conceivable that a kernel program can be compiled to simulate the TSB function, pass any segment of memory to the software stack, and make the trusted platform control module think that it is the address and length of syscall_table (the other two segments can also be used) for dynamic measurement.

[0109] The program types for the software stack interface include various styles, which can be set according to the size and available ratio of different host memory, and are not limited here.

[0110] As an optional embodiment of the present invention, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the method further includes: establishing a communication link with the module interface of the trusted platform control module, and obtaining the measurement log transmitted by the module interface of the trusted platform control module based on the communication link; obtaining the measurement log transmitted by the management platform center of the terminal host, wherein the management platform center is connected to the trusted platform control module.

[0111] Optionally, after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, when the measurement time reaches the predetermined interval, the summary value of the object to be measured is packaged into the measurement log; and the measurement log is uploaded to the management platform center of the terminal host.

[0112] In addition to providing a kernel program to simulate the function of TSB, this embodiment also provides a host-side digest calculation program (i.e., a host-side soft algorithm digest calculation program). The whitelisting operation in the management center (specifically, it can refer to adding the compiled kernel program and the host-side digest calculation program to the whitelist through the management center and then distributing them to the terminal host) enables them to be executed on the terminal host. The starting address and length of any previously selected host memory segment are recorded, and the output digest value (i.e., the host digest value) is obtained.

[0113] After obtaining the two digest values, the two digest values ​​can be compared to see if they are consistent. If they are consistent, it is confirmed that the Trusted Platform Control Module can obtain host resources. If they are inconsistent, it is confirmed that the Trusted Platform Control Module cannot obtain host memory resources.

[0114] Optionally, the step of confirming that the trusted platform control module can obtain host resources includes: confirming that the trusted platform control module can access any host memory segment in the host memory. In this embodiment, the host resources mainly refer to host memory resources, which include N memory segments, each of which is pre-divided into lengths and intervals.

[0115] Alternatively, after confirming that the Trusted Platform Control Module can acquire host resources, the method further includes: restarting the Trusted Software Base on the terminal host and controlling the Trusted Software Base to transmit the host memory address of the object to be measured to the Trusted Platform Control Module.

[0116] After confirming that the Trusted Platform Control Module (TPCM) can actively acquire host resources, the correct address and length of dynamic measurement can be restored. During restoration, the Trusted Software Base (TSB) service can be restarted directly on the terminal, allowing the TSB to retransmit the correct syscall_table, idt, and kernel_section addresses to the TPCM. The TPCM can then perform normal dynamic measurement operations.

[0117] The invention will now be described in conjunction with another alternative embodiment.

[0118] Example 3

[0119] This embodiment provides a verification device for accessing a host, wherein each implementation unit included in the verification device corresponds to each real-time step in the above embodiment one.

[0120] Figure 4 This is a schematic diagram of an optional access host verification device according to an embodiment of the present invention, such as... Figure 4 As shown, the verification device may include: an acquisition unit 41, a transmission unit 43, and a verification unit 45, wherein,

[0121] Acquisition unit 41 is used to acquire the host memory address and address length of the object to be measured;

[0122] The transmission unit 43 is used to simulate a Trusted Software Base (TSB) using a pre-compiled kernel program, and pass the host memory address and address length to the target software stack. The target software stack interfaces with the Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured.

[0123] Verification unit 45 is used to compare whether the digest value of the object to be measured is consistent with the pre-recorded host digest value and obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it confirms that the trusted platform control module can obtain host resources.

[0124] The aforementioned host access verification device can obtain the host memory address and address length of the object to be measured through the acquisition unit 41; and use the transmission unit 43 to simulate a Trusted Software Base (TSB) using a pre-compiled kernel program to transmit the host memory address and address length to the target software stack. The target software stack interfaces with the Trusted Platform Control Module (TPCM), which dynamically measures the host memory segment indicated by the host memory address and address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured. The verification unit 45 compares the digest value of the object to be measured with the pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the Trusted Platform Control Module can obtain host resources. In this embodiment, a Trusted Software Base (TSB) can be simulated through a kernel program, directly passing the host memory address and address length to the target software stack. The Trusted Platform Control Module (TPC) dynamically measures the memory segment indicated by the address and length, uploads a digest value, and confirms that the TPC can access host resources after comparing it with the host digest value. This way, the verification of the TPC's access to host resources can be completed without changing the product interface of the TPC, reducing the workload of developers and greatly reducing the verification time. This solves the technical problem in related technologies where it is necessary to change the existing product interface and waste a lot of time when verifying whether the TPC can actively access host resources.

[0125] Optionally, the acquisition unit includes: a first installation module for installing trusted protection software on the terminal host, wherein the trusted protection software performs dynamic measurement on the terminal host through the Trusted Platform Control Module (TPCM); a first startup module for activating the dynamic measurement switch after the trusted protection software is installed; a first determination module for determining the object to be measured for the dynamic measurement of the host memory of the terminal host, wherein the object to be measured is at least one of the following: the system call table of the host memory, the interrupt descriptor of the host memory, and the kernel code segment of the host memory; a first acquisition module for acquiring any segment of host memory associated with the object to be measured, determining the memory start address of the any segment of host memory, and using the memory start address as the host memory address; and a first determination module for determining the address length based on the address length selection requirements.

[0126] Optionally, the transmission unit includes: a first loading module for loading a pre-compiled kernel program; a first packaging module for using the kernel program to package the host memory address and address length into a program data packet; and a calling module for using the kernel program to call the software stack interface to pass the program data packet into the target software stack.

[0127] Optionally, the verification device for accessing the host further includes: a first establishment module, used to establish a communication link with the module interface of the trusted platform control module after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length and obtains the measurement log, and obtains the measurement log transmitted by the module interface of the trusted platform control module based on the communication link; and a second acquisition module, used to acquire the measurement log transmitted by the management platform center of the terminal host, wherein the management platform center is connected to the trusted platform control module.

[0128] Optionally, the verification device for accessing the host further includes: a second packaging module, used to dynamically measure the host memory address and the host memory segment indicated by the address length in the trusted platform control module, and after obtaining the measurement log, package the summary value of the object to be measured into a measurement log when the measurement duration reaches a predetermined interval; and an upload module, used to upload the measurement log to the management platform center of the terminal host.

[0129] Optionally, the verification device for accessing the host further includes: a second loading module, used to load a pre-compiled host-side digest calculation program after the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log; and a calculation module, used to calculate the digest value of the host memory segment indicated by the host memory address and the address length using the host-side digest calculation program to obtain the host digest value.

[0130] Optionally, when confirming that the trusted platform control module can obtain host resources, this includes: confirming that the trusted platform control module can access any host memory segment in the host memory.

[0131] Optionally, the verification device for accessing the host further includes: a restart module, used to restart the trusted software base on the terminal host after confirming that the trusted platform control module can obtain the host resources, and control the trusted software base to transmit the host memory address of the object to be measured to the trusted platform control module.

[0132] The aforementioned verification device for accessing the host may also include a processor and a memory. The aforementioned acquisition unit 41, transmission unit 43, verification unit 45, etc., are all stored in the memory as program units, and the processor executes the aforementioned program units stored in the memory to realize the corresponding functions.

[0133] The aforementioned processor contains a kernel, which retrieves the corresponding program units from memory. One or more kernels can be configured. By adjusting kernel parameters, a pre-compiled kernel program can simulate a Trusted Software Base (TSB), passing the host memory address and address length to the target software stack. The target software stack interfaces with the Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and address length, obtaining a measurement log. It compares the digest value of the object to be measured with a pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​match, it confirms that the TPCM can acquire host resources.

[0134] The aforementioned memory may include non-permanent memory in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM, and the memory includes at least one memory chip.

[0135] According to another aspect of the present invention, a computer-readable storage medium is also provided, the computer-readable storage medium including a stored computer program, wherein, when the computer program is executed, it controls the device where the computer-readable storage medium is located to execute the access host verification method of any of the above.

[0136] This application also provides a computer program product, which, when executed on a data processing device, is suitable for executing an initialization program with the following method steps: obtaining the host memory address and address length of the object to be measured; simulating a Trusted Software Base (TSB) using a pre-compiled kernel program, passing the host memory address and address length to the target software stack, wherein the target software stack interfaces with a Trusted Platform Control Module (TPCM), the TPCM dynamically measures the host memory segment indicated by the host memory address and address length, and obtains a measurement log, the measurement log including at least: a digest value of the object to be measured; comparing whether the digest value of the object to be measured is consistent with a pre-recorded host digest value, and obtaining a comparison result, wherein if the comparison result indicates that the digest values ​​are consistent, it is confirmed that the TPCM can obtain host resources.

[0137] Figure 5 This is a hardware structure block diagram of an electronic device (or mobile device) for an authentication method for accessing a host according to an embodiment of the present invention. For example... Figure 5As shown, the electronic device may include one or more processors 502 (shown as 502a, 502b, ..., 502n in the figure) 502 (processor 502 may include, but is not limited to, a microprocessor MCU or a programmable logic device FPGA, etc.) and a memory 504 for storing data. In addition, it may include: a display, an input / output interface (I / O interface), a universal serial bus (USB) port (which may be included as one of the ports of the I / O interface), a network interface, a keyboard, a power supply, and / or a camera. Those skilled in the art will understand that... Figure 5 The structure shown is for illustrative purposes only and does not limit the structure of the electronic device described above. For example, the electronic device may also include components that are more... Figure 5 The more or fewer components shown, or having the same Figure 5 The different configurations shown.

[0138] The sequence numbers of the above embodiments of the present invention are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0139] In the above embodiments of the present invention, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0140] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units can be a logical functional division, and in actual implementation, there may be other division methods. For instance, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.

[0141] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0142] Furthermore, the functional units in the various embodiments of the present invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0143] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, read-only memory (ROM), random access memory (RAM), portable hard drives, magnetic disks, or optical disks.

[0144] The above description is only a preferred embodiment of the present invention. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of the present invention, and these improvements and modifications should also be considered within the scope of protection of the present invention.

Claims

1. An authentication method of accessing a host, characterized by, include: Obtain the host memory address and address length of the object to be measured; A pre-compiled kernel program is used to simulate a Trusted Software Base (TSB), and the host memory address and the address length are passed to the target software stack. The target software stack interfaces with a Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and the address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured. The digest value of the object to be measured is compared with the pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the trusted platform control module can acquire host resources.

2. The authentication method of claim 1, wherein, The steps to obtain the host memory address and address length of the object to be measured include: Trusted protection software is installed on the terminal host, wherein the trusted protection software performs dynamic measurement on the terminal host through the Trusted Platform Control Module (TPCM). After the trusted protection software is installed, activate the dynamic measurement switch; The object to be measured for dynamically measuring the host memory of the terminal host is determined, wherein the object to be measured is at least one of the following: the system call table of the host memory, the interrupt descriptor of the host memory, and the kernel code segment of the host memory; Obtain any host memory segment associated with the object to be measured, determine the memory starting address of the any host memory segment, and use the memory starting address as the host memory address; The address length is determined based on the address length selection requirements.

3. The authentication method of claim 1, wherein, The steps of simulating a Trusted Software Base (TSB) using a pre-compiled kernel program and passing the host memory address and the address length to the target software stack include: Load the pre-compiled kernel program; The kernel program is used to package the host memory address and the address length into a program data packet; The kernel program calls the software stack interface to pass the program data packet to the target software stack.

4. The authentication method of claim 1, wherein, After the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the following steps are also included: Establish a communication link with the module interface of the Trusted Platform Control Module, and obtain the measurement log transmitted by the module interface of the Trusted Platform Control Module based on the communication link; The measurement logs transmitted by the management platform center of the terminal host are obtained, wherein the management platform center is connected to the trusted platform control module.

5. The authentication method of claim 4, wherein, After the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the following steps are also included: When the measurement duration reaches the predetermined interval, the summary value of the object to be measured is packaged into the measurement log; The measurement logs are uploaded to the management platform center of the terminal host.

6. The method of claim 1, wherein, After the trusted platform control module dynamically measures the host memory address and the host memory segment indicated by the address length to obtain the measurement log, the following steps are also included: Load the pre-compiled host-side digest computation program; The host digest value is obtained by using the host-side digest calculation program to calculate the digest value of the host memory address and the host memory segment indicated by the address length.

7. The method of claim 1, wherein, The steps to confirm that the trusted platform control module can obtain host resources include: It was confirmed that the trusted platform control module could access any segment of the host memory.

8. The method of claim 1, wherein, After confirming that the trusted platform control module can acquire host resources, the following steps are also included: Restart the Trusted Software Base (TSB) on the terminal host and control the TSB to transmit the host memory address of the object to be measured to the Trusted Platform Control Module.

9. A trusted software guard based access verification system, characterized by, Proactive security protection services are provided for trusted computing platforms through trusted protection software, including: The host memory is divided into N host memory segments, where N is a positive integer greater than or equal to 1. The trusted computing platform integrates a Trusted Platform Control Module (TPCM) and a Trusted Software Base (TSB), and dynamically measures the host memory segment through the Trusted Platform Control Module. The Trusted Security Management Center, running on a server, is used to obtain the host memory address and address length of the object to be measured. It simulates the Trusted Software Base (TSB) using a pre-compiled kernel program, passing the host memory address and address length to the target software stack. It receives the measurement log from the Trusted Platform Control Module (TPC) and compares the digest value of the object to be measured in the measurement log with a pre-recorded host digest value to obtain a comparison result. If the comparison result indicates that the digest values ​​match, it confirms that the TPC can access any one of the N host memory segments. The TPC then dynamically measures the host memory segment indicated by the host memory address and address length to obtain the measurement log.

10. An authentication device for accessing a host, characterized by include: The acquisition unit is used to obtain the host memory address and address length of the object to be measured. The transmission unit is used to simulate a Trusted Software Base (TSB) using a pre-compiled kernel program, and to pass the host memory address and the address length to the target software stack. The target software stack interfaces with a Trusted Platform Control Module (TPCM). The TPCM dynamically measures the host memory segment indicated by the host memory address and the address length to obtain a measurement log. The measurement log includes at least the digest value of the object to be measured. The verification unit is used to compare whether the digest value of the object to be measured is consistent with the pre-recorded host digest value, and obtain a comparison result. If the comparison result indicates that the digest values ​​are consistent, it is confirmed that the trusted platform control module can acquire host resources.

11. A computer readable storage medium characterized by, The computer-readable storage medium includes a stored computer program, wherein, when the computer program is executed, it controls the device on which the computer-readable storage medium is located to perform the authentication method for accessing a host as described in any one of claims 1 to 8.