Data-trust-oriented integrated security computing system for vehicle and trusted construction method

By integrating a performance monitoring unit and a trusted execution environment within the central processing unit, and utilizing vector space distance to determine the integrity of control flow logic, the shortcomings of the vehicle computing platform in dynamic security measurement are resolved, enabling real-time identification and trusted computing of control flow hijacking.

CN121690837BActive Publication Date: 2026-06-16SHANGHAI JUPO TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHANGHAI JUPO TECH CO LTD
Filing Date
2025-12-29
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

Existing vehicle security solutions lack dynamic security measurement mechanisms within the computing environment, making it impossible to identify control flow hijacking and meet the absolute reliability requirements of high-level autonomous driving for computational results.

Method used

A performance monitoring unit is integrated within the central processing unit to build a trusted execution environment. The integrity of the control flow logic is determined by the vector space distance between the baseline microarchitecture feature vector and the runtime microarchitecture feature vector, and the trustworthiness of the calculation results is ensured by using hardware root of trust signatures.

Benefits of technology

It enables real-time identification of control flow anomalies without data decryption, ensuring the integrity of the execution logic of the vehicle computing platform during long-term operation, and provides lightweight and unforgeable runtime auditing methods to meet the trusted computing requirements of high-level autonomous driving.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121690837B_ABST
    Figure CN121690837B_ABST
Patent Text Reader

Abstract

The application relates to the technical field of confidential calculation, and discloses a data-trust-oriented vehicle-mounted integrated security calculation system and a trust construction method, which comprises the following steps: a static trust chain is established by using a hardware trust root; external interrupts are shielded and a performance monitoring unit is controlled in a trusted execution environment; real-time hardware micro-architecture events of key business algorithms are synchronously collected to generate a runtime feature vector; an integrity measurement module calculates the spatial distance between the vector and a benchmark micro-architecture feature vector to determine logical integrity; and a gate output module executes result data encryption output or clearing according to a distance threshold. The application anchors runtime instruction flow by using micro-architecture physical features, accurately identifies a control flow hijacking attack in a ciphertext environment, realizes strong coupling verification of calculation results and execution behaviors, and ensures the logical safety of a vehicle-mounted platform.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to an integrated vehicle-mounted security computing system and a trusted construction method for data trustworthiness, belonging to the field of confidential computing technology. Background Technology

[0002] As rail transit and intelligent driving systems evolve towards high automation, onboard computing platforms need to process highly sensitive information, including driving control commands and environmental perception data, in real time. To avoid the risk of data leakage during the computing process, building a trusted execution environment using the processor's hardware expansion capabilities is a mainstream technology. This involves dividing the processor into a confidential computing domain independent of the ordinary operating system, and combining this with memory encryption technology to decrypt sensitive data into plaintext when it enters the processor core for execution, preventing external malicious software or damaged operating systems from snooping on the data content. However, static trust root protection architecture has security vulnerabilities in long-term operation scenarios of onboard systems. Existing secure boot and remote authentication mechanisms establish initial trust by comparing the hash value of the code binary file at the moment of system power-on or application loading. After the system enters a continuous running state, static authentication cannot detect subsequent execution flow anomalies. During continuous operation, attackers can use return-oriented programming or jump-oriented programming techniques to construct malicious execution logic by manipulating stack pointers or reusing legitimate code segments without tampering with the physical content of the memory code segment.

[0003] Existing vehicle security solutions focus on application-level functional integration or external communication collaborative protection, neglecting the dynamic security of the internal execution logic of the computing environment. For example, the utility model patent with authorization announcement number CN210155845U discloses an integrated vehicle safety management system based on vehicle-road cooperative communication technology. The solution integrates an ADAS video detector, a passenger flow detector, and an on-board unit (OBU) module to achieve comprehensive collection and early warning of vehicle driving environment, driver status, and roadside information. Although such technologies improve the functional safety and information interaction efficiency during driving, they are essentially physical aggregation of business data and application-layer logical judgment. The security protection boundary remains at the level of monitoring external input data and lacks the inherent security measurement mechanism of the underlying computing process itself. During continuous operation, attackers can use return-oriented programming or jump-oriented programming techniques to construct malicious execution logic by manipulating stack pointers or reusing legitimate code fragments without tampering with the physical content of the memory code segment. Application-functional integration-based protection architectures cannot identify such micro-level control flow hijacking and cannot meet the stringent requirements of absolute reliability of computing results for high-level autonomous driving.

[0004] Therefore, the technical problem to be solved by this invention is to establish a technical solution that can measure the integrity of the execution logic of in-vehicle computing tasks in real time, dynamically and unforgeable without compromising the closed nature of the confidential computing environment. Summary of the Invention

[0005] To address the problems mentioned in the background art, the technical solution of the present invention is as follows: A vehicle-mounted integrated safety computing system oriented towards data trustworthiness, the system comprising:

[0006] The hardware root of trust has an immutable and unique key credential, which is used to establish a static trust chain and digitally sign pre-set data during the system startup phase.

[0007] The central processing unit integrates a performance monitoring unit, which is used to collect hardware microarchitecture events in parallel during the instruction execution cycle.

[0008] Trusted Execution Environment (TEE) is an isolated memory region of the central processing unit built on memory encryption technology. TEE includes:

[0009] The benchmark fingerprint storage module is used to store the benchmark microarchitecture feature vector signed by the hardware root of trust. The benchmark microarchitecture feature vector represents the statistical distribution characteristics generated by the performance monitoring unit triggered by the key business algorithm under the benchmark execution path.

[0010] The runtime monitoring module is used to respond to the execution request of the critical business algorithm, block external interrupt signals and reset the performance monitoring unit. During the execution of the instruction stream of the critical business algorithm, it controls the performance monitoring unit to synchronously collect real-time hardware microarchitecture events to generate runtime microarchitecture feature vectors.

[0011] The integrity measurement module is used to determine the integrity of the control flow logic of critical business algorithms based on the vector space distance between the runtime microarchitecture feature vector and the baseline microarchitecture feature vector.

[0012] The system also includes a gating output module, which is used to perform encrypted signing on the calculation results of key business algorithms and allow output when the distance in the vector space is less than or equal to a preset tolerance threshold, and to clear the calculation results and trigger a security exception when the distance in the vector space is greater than the preset tolerance threshold.

[0013] Preferably, the vector space distance calculation logic performed by the integrity measurement module follows the following mathematical relationship: ,in, Represents the distance in vector space. This represents the total number of feature dimensions. The runtime microarchitecture feature vector represents the first... Values ​​in each dimension The baseline microarchitecture feature vector is represented in the th... The value in each dimension is used to determine the logic when... The integrity is valid when it is determined. When the integrity is deemed invalid, the following conditions are met: This is a preset tolerance threshold.

[0014] Preferably, the hardware microarchitecture events statistically collected by the performance monitoring unit are selected from at least one of the following: number of L1 instruction cache misses, number of branch prediction errors, total number of committed instructions, and number of transition back buffer misses; the benchmark microarchitecture feature vector is determined by performing multiple benchmark tests on untampered key business algorithms in an offline secure environment and taking the statistical average.

[0015] Preferably, the trusted execution environment also includes a confidential container management module, which is used to instantiate multiple logically isolated confidential containers in an isolated memory region; the key business algorithms are encapsulated inside the confidential containers, and the confidential container management module only verifies the image hash value of the confidential container using the hardware root of trust when the confidential container is loaded, and after the verification is successful, transfers control to the runtime monitoring module to start dynamic microarchitectural feature monitoring.

[0016] Preferably, the runtime monitoring module has atomic execution control logic. The atomic execution control logic is used to lock the interrupt controller before the critical business algorithm starts to execute and release the interrupt controller after execution, so as to eliminate the interference of nondeterministic interrupts on the performance monitoring unit count value and ensure that the runtime microarchitecture feature vector only reflects the code execution behavior of the critical business algorithm itself.

[0017] Preferably, the gated output module includes hardware register cleaning logic. The hardware register cleaning logic is used to immediately write all-zero data or random noise data to the general-purpose register and vector register storing plaintext calculation results when the distance in the vector space is determined to be greater than a preset tolerance threshold, thereby blocking the hijacked control flow from leaking sensitive data to a storage area outside the trusted execution environment.

[0018] Preferably, the system also includes a remote proof generation module, used to generate a reference report containing the current platform configuration register values ​​and runtime microarchitecture feature vectors, and to sign the reference report using the private key of the hardware root of trust; the reference report is used to prove to external verifiers that the static identity and dynamic behavior characteristics of the vehicle-mounted integrated safety computing system when executing critical business algorithms are in line with expectations, and the performance monitoring unit is a fixed-function counter or programmable performance counter built into the central processing unit core; the runtime monitoring module configures the counting event type and counting period of the performance monitoring unit by reading and writing specific model-related registers, and the configuration operation is limited to the highest privilege level mode of the trusted execution environment.

[0019] Preferably, the critical business algorithms include a convolutional neural network inference algorithm for identifying road obstacles or a logic control algorithm for determining emergency braking of a train; the baseline microarchitecture feature vector is calibrated based on the pipeline execution characteristics of the critical business algorithms on a specific processor model. When the system is migrated to a processor with a different microarchitecture, the baseline fingerprint storage module is used to receive and update the baseline microarchitecture feature vector adapted to the new processor architecture.

[0020] Preferably, the system also includes a direct memory access encryption controller, which automatically performs hardware-level encryption before external sensor data is written to the physical memory region of the trusted execution environment, and automatically performs hardware-level decryption when the data is read into the L1 or L2 cache of the central processing unit; the integrity measurement module is used to continuously monitor the status of the performance monitoring unit throughout the entire process of decrypting data participating in the operation, so as to identify unexpected instruction jump behavior caused by back-oriented programming attacks.

[0021] A trusted construction method for an integrated vehicle-mounted safety computing system oriented towards data trustworthiness, the method comprising:

[0022] During the system startup or initialization phase, a static trust chain is established using a hardware trust root with an immutable and unique key credential, and the digital signature of the baseline microarchitecture feature vector stored in the trusted execution environment is verified. The baseline microarchitecture feature vector represents the statistical distribution characteristics generated by the performance monitoring unit triggered by the key business algorithm under the baseline execution path.

[0023] In response to the execution request of the critical business algorithm, external interrupt signals are blocked and the performance monitoring unit integrated inside the central processing unit is reset. During the execution of the instruction stream of the critical business algorithm, the control performance monitoring unit synchronously collects real-time hardware microarchitecture events to generate runtime microarchitecture feature vectors.

[0024] The system invokes the verified baseline microarchitecture feature vector, calculates the vector space distance between the runtime microarchitecture feature vector and the baseline microarchitecture feature vector, and determines the integrity of the control flow logic of the critical business algorithm based on this distance. It then performs gating output operations based on the integrity determination result: when the vector space distance is less than or equal to a preset tolerance threshold, it performs encrypted signing on the calculation result data of the critical business algorithm and allows output; when the vector space distance is greater than the preset tolerance threshold, it clears the calculation result data and triggers a security exception.

[0025] Compared with the prior art, the beneficial effects of the present invention are:

[0026] 1. In vehicle-mounted systems oriented towards data trustworthiness, the processor's built-in performance monitoring unit is used to collect statistical features of microarchitectural events such as branch prediction behavior and cache hit status during critical business operations in the confidential computing domain. This constructs a dynamic fingerprint that reflects the physical trajectory of the algorithm's execution logic, avoiding the limitations of traditional confidential computing that relies solely on memory encryption to protect static data content. The granularity of trust measurement is deepened from the software image level to the instruction execution flow level. By comparing the runtime microarchitectural physical fingerprint with the vector distance of the preset benchmark fingerprint, control flow anomalies caused by back-to-back or jump-to-back programming attacks are accurately identified in the encrypted computing environment. This ensures the intrinsic integrity of the execution logic of the vehicle computing platform during long-term operation without decrypting the data.

[0027] 2. Activate the processor's underlying hardware counter to directly capture the side-channel characteristics of the instruction execution process, forming a hardware bypass verification channel independent of the main operation logic. Based on hardware physical side effect measurement, there is no need to implant software probes or code instrumentation in the business code, avoiding the introduction of additional security monitoring software that may cause computational delays or resource contention. Utilize objective statistical laws at the hardware level as the basis for judgment, eliminating the risk of security monitoring agents being bypassed or tampered with by malicious software, and providing a lightweight and non-forgeable runtime auditing method for vehicle control systems with extremely high real-time and stability requirements.

[0028] 3. Before outputting the encrypted calculation result, a micro-architecture behavior fingerprint compliance verification is introduced to establish a strong binding relationship between the calculation result data and the physical execution process of the result. When the processor executes the code with the correct signature and the hardware event sequence triggered at runtime strictly conforms to the preset physical characteristics, the system releases the result. The verification logic fills the trust gap in the traditional trusted computing architecture where the inspection time and the usage time are separated, ensuring that the final output control command must come from the expected algorithm logic that has not been hijacked. Attached Figure Description

[0029] Figure 1 This is a logical block diagram of the microarchitecture feature acquisition and integrity measurement during the runtime of this invention;

[0030] Figure 2 This is a comparison chart showing the dynamic evolution trend of vector space distance under typical working conditions of the present invention;

[0031] Figure 3 This is a diagram showing the hierarchical architecture and data flow of the vehicle-mounted integrated safety computing system of the present invention. Detailed Implementation

[0032] The present invention will be further described in detail below with reference to specific embodiments. It should be understood that the specific embodiments described herein are only for explaining the present invention and are not intended to limit the scope of protection of the present invention.

[0033] This invention discloses an integrated vehicle-mounted secure computing system and a trusted construction method for data trustworthiness, comprising a hardware infrastructure layer, a virtualization isolation layer, and a trusted execution environment application layer. The hardware infrastructure layer integrates a hardware root of trust with an immutable and unique key credential and a central processing unit with a built-in performance monitoring unit. During system power-on startup, the hardware root of trust executes a step-by-step measurement startup process, sequentially verifying the digital signatures and integrity hashes of the underlying firmware, virtualization management program, and guest operating system, establishing a static trust chain from hardware to software. Based on this, the system utilizes memory encryption technology to divide the physical memory into a trusted execution environment in ciphertext state and a normal execution environment in plaintext state, ensuring the confidentiality of critical business data during storage and bus transmission. This addresses the control flow challenges that may arise during long-term operation in vehicle-mounted computing scenarios. To address integrity risks, particularly in cases where attackers exploit return-oriented or jump-oriented programming techniques to hijack legitimate code snippets and construct malicious logic, this system constructs a runtime integrity measurement mechanism based on microarchitecture physical fingerprints within a trusted execution environment. Utilizing a performance monitoring unit independent of the arithmetic logic unit within the central processing unit, it collects hardware microarchitecture events triggered by instruction flows in parallel during the execution of critical business algorithms. When specific algorithm logic is executed on a specific processor architecture, the instruction pipeline behavior exhibits statistically stable physical distribution characteristics. Even minor alterations to the control flow inevitably lead to abrupt changes in this physical distribution. By comparing the vector space distance between the runtime microarchitecture feature vector and a pre-set baseline microarchitecture feature vector, the system perceives the integrity of the execution logic through memory encryption boundaries without decrypting data or using software instrumentation.

[0034] A baseline fingerprint storage module is set up within the trusted execution environment to store baseline microarchitectural feature vectors signed by the hardware root of trust. The acquisition of these baseline vectors follows an offline calibration procedure: in a controlled, secure construction environment, untampered critical business algorithms are selected as calibration objects, such as convolutional neural network inference functions for road obstacle recognition or train emergency braking decision logic; a performance monitoring unit is configured using the model-dependent registers of a specific processor model, selecting microarchitectural event types sensitive to control flow changes, including the number of L1 instruction cache misses, the number of branch prediction errors, and the total number of committed instructions; and the critical business algorithms are repeatedly executed on a standard input dataset. Next, among them The values ​​are no less than 1000. After removing outliers affected by hardware thermal noise, the arithmetic mean of each event counter is calculated to generate a three-dimensional or multi-dimensional baseline microarchitecture feature vector. The data is signed using the hardware root key and written to the secure storage area of ​​the in-vehicle device. When the in-vehicle system responds to the execution request of the critical business algorithm, the runtime monitoring module in the trusted execution environment takes over control. To eliminate the interference of nondeterministic factors on the microarchitecture event statistics, this module performs atomic environment configuration, locks the interrupt controller to shield all external interrupt signals except for non-maskable interrupts, and writes a reset instruction to the control register of the performance monitoring unit to clear the counter. The processor loads and executes the instruction stream of the critical business algorithm. The performance monitoring unit automatically and in parallel counts the microarchitecture events generated in real time at the hardware level. This process does not modify the memory state or increase the computation latency. When the algorithm finishes execution and writes the calculation result to the temporary storage register, the runtime monitoring module reads the data register of the performance monitoring unit and generates a runtime microarchitecture feature vector containing the statistical values ​​of each event in the current execution cycle. .

[0035] The runtime monitoring module incorporates hardware context-based field protection logic to resolve timing conflicts between long-cycle critical business algorithms and high-priority interrupt responses in the vehicle system. When the execution duration of a single critical business algorithm exceeds the maximum allowed interrupt-disabling time window, the runtime monitoring module is configured to automatically freeze and read the current counter value and status register content of the performance monitoring unit into a protected isolated memory area before responding to non-maskable interrupts or high-priority external events. Upon completion of the interrupt service routine and the return of processor control to the critical business algorithm, the module reloads the previously saved counter value and restores the counting state. This ensures that the performance monitoring unit only accumulates microarchitecture events belonging to the critical business algorithm's instruction stream, eliminating irrelevant instruction counting interference introduced by the interrupt handler and ensuring the purity of the generated runtime microarchitecture feature vector in complex multi-tasking environments. The integrity measurement module performs real-time verification based on the read vector data, using the Euclidean distance algorithm to calculate the deviation between the runtime feature vector and the baseline feature vector in the feature space. Let the total number of feature dimensions be... The runtime microarchitecture feature vector is in the first... The values ​​in each dimension are The baseline microarchitecture feature vector is in the first... The values ​​in each dimension are Then the vector space distance The calculation follows the following mathematical relationship: The system has a preset tolerance threshold. This threshold is statistically derived based on the thermal noise fluctuation range and performance fluctuation amplitude caused by process differences of the same model processor under normal operating conditions. If the calculated distance... This indicates that the microarchitectural behavior executed this time matches the expected logic, and the control flow integrity is deemed valid; if This indicates an abnormal instruction jump or cache access mode that occurred during execution, indicating that the integrity has been compromised.

[0036] The integrity measurement module uses the squared Euclidean distance, i.e., the second moment deviation, as the vector space distance in its calculation logic. The quantitative characterization of this design aims to optimize the real-time processing performance of the automotive embedded processor by avoiding computationally expensive square root operations, and the preset tolerance threshold referenced in the judgment logic. The standardized statistical calibration procedure involves, in calibration mode, controlling the processor to perform at least 5000 loop operations on the benchmark algorithm under rated voltage and constant temperature conditions, calculating the arithmetic mean and standard deviation of microarchitectural event counts for each dimension, and then... The threshold is set to three times the statistical standard deviation plus the system's inherent thermal noise floor. This quantification establishes a deterministic boundary distinguishing normal statistical fluctuations at the hardware physical level from logical mutations caused by control flow hijacking attacks, eliminating the subjectivity of threshold setting. Based on the measurement results, the gating output module performs data flow control. When the integrity is deemed valid, the module calls the encryption service within the trusted execution environment, uses the device's private key to digitally sign and encrypt the computation result data temporarily stored in the register, and releases it to external storage or a network interface. When the integrity is deemed invalid, the module triggers a security exception handling process, activates the hardware register cleaning logic, writes all-zero sequences or random noise data to the general-purpose registers and vector registers storing plaintext computation results, records the exception event in the audit log, terminates the current task, or restarts the trusted execution environment, preventing the hijacked control flow from leaking sensitive data outside the security boundary. This system is equipped with a remote proof generation module to support trusted communication between vehicles and the ground. When the onboard system reports its status to the ground control center, this module collects the current platform configuration register values ​​and the runtime microarchitecture feature vector of the most recent critical mission, generates a reference report, and sends it to the ground center after being signed by the hardware root of trust. The ground center verifies the platform configuration register values ​​to confirm the integrity of the static environment and verifies whether the microarchitecture feature vector is located in a valid feature space, confirming that the correct code is running on the onboard unit and that the execution behavior of the code has not been tampered with. Considering the differences in microarchitecture event definitions and counter behaviors of different processor architectures, the benchmark fingerprint storage module supports an update mechanism. When the underlying hardware of the system is upgraded or migrated, a benchmark microarchitecture feature vector update package adapted to the new processor microarchitecture is imported through an authorized secure channel. In addition, the system integrates a direct memory access encryption controller. External sensor data is automatically encrypted when it enters memory and is only decrypted into plaintext for computation when it is read into the L1 or L2 cache of the central processing unit.

[0037] Example 1: In vehicle computing scenarios where high-safety-level autonomous driving tasks are performed under complex electromagnetic environments and long-term continuous operation conditions, the integrated vehicle-mounted security computing system undertakes the tasks of defending against the theft of static storage data and defending against dynamic attacks that hijack the control flow of critical business algorithms using back-oriented programming techniques in real time during driving. When the system is in a continuous running state and receives an execution request for a convolutional neural network inference algorithm for identifying road obstacles, the static trust chain based on the hardware trust root has completed the integrity verification of the firmware and operating system image during the system startup phase. In response to the risk that attackers may construct malicious logic by reusing legitimate code fragments in memory without changing the hash value of the binary file, the system starts the runtime monitoring module located in the trusted execution environment to take over control. The runtime monitoring module performs atomic environment locking operations, blocks all external interrupt signals except for non-maskable interrupts by sending a masking instruction to the interrupt controller, and synchronously resets the counting register of the performance monitoring unit integrated in the central processing unit, constructing a closed and deterministic microarchitecture observation window to ensure that the collection of microarchitecture behavior characteristics accurately reflects the execution logic of the algorithm itself rather than environmental noise.

[0038] During the execution of the instruction flow by the convolutional neural network inference algorithm, the performance monitoring unit counts the microarchitectural events triggered by instruction execution in parallel at the hardware level. It focuses on collecting statistical values ​​in three dimensions sensitive to control flow jump behavior: the number of L1 instruction cache misses, the number of branch prediction errors, and the total number of committed instructions. Legitimate forward inference logic exhibits continuous and predictable memory access patterns. Unexpected jumps caused by back-oriented programming attacks lead to abnormally high spikes in the number of L1 instruction cache misses and branch prediction errors, exceeding the baseline values. This difference in physical statistical distribution constitutes the fundamental basis for identifying logic hijacking. When the algorithm completes execution and writes the calculation results to the output register, the system freezes the performance monitoring unit and reads the current statistical values ​​to generate a runtime microarchitectural feature vector. The integrity measurement module calls a baseline microarchitecture feature vector that is pre-stored in the secure storage area, calibrated offline, and signed by the hardware root of trust. According to the formula Calculate the Euclidean distance between the two in the feature space. If the calculated distance Greater than the preset tolerance threshold The system determines that the current execution flow has not been tampered with in memory code content, but has been hijacked in execution path. The gating output module activates the hardware register cleaning logic, writes all-zero data to the general-purpose register and vector register storing inference results, and blocks the hijacked control flow from outputting forged or leaked data outside the security boundary.

[0039] Example 2: This example aims to objectively verify the effectiveness of the integrity measurement mechanism based on microarchitecture behavioral fingerprints proposed in this invention in distinguishing between dynamic noise in legitimate logic and malicious control flow hijacking by constructing a realistic on-board simulation environment containing high-intensity electromagnetic interference and bus concurrent load. It also further calibrates the engineering applicability boundary of the preset tolerance threshold in the vector space distance calculation logic. The test platform uses an industrial-grade embedded main control board that conforms to the standards for rail transit electronic equipment. The core is equipped with a quad-core high-performance central processing unit with a main frequency of 2.1GHz. This processor integrates a performance monitoring unit that supports architecture event counting. The operating system uses a real-time Linux kernel. To simulate the non-ideal working conditions of a real on-board environment, two types of interference sources are introduced: first, a wideband noise with a frequency of 50Hz to 1kHz and an amplitude of 500mV is coupled to the power supply and signal lines using an arbitrary waveform generator to simulate the electromagnetic environment of the on-board electrical system; second, a memory stress test tool is run to occupy 80% of the memory bus bandwidth to simulate direct memory access conflicts caused by concurrent writing of multi-sensor data during high-speed train operation.

[0040] The experiment selected the precision stopping control algorithm from the automatic train operation system. In a clean, interference-free environment, following the calibration procedure described in the aforementioned specific implementation, the algorithm was executed 5000 times to obtain the baseline microarchitecture feature vector. At the threshold In terms of settings, it follows statistical 3 The principle of trade-off between minimizing false positive rates and the technical trade-off logic of minimizing false positive rates refers to the distance distribution between each execution result and the mean in the statistical benchmark test, and taking the average value. Add 3 standard deviations As a theoretical upper limit, and with a safety margin factor of 1.2, the final determination was made. The set value is 2800 (dimensionless unit). The core logic behind this parameter is to tolerate minor fluctuations caused by hardware thermal noise and pipeline alignment differences, while being able to keenly capture feature mutations caused by changes in logical paths. Three sets of comparative experiments were constructed to verify the system's judgment capability. The first set is the baseline control group, which runs only the unmodified image preprocessing algorithm without applying any additional load. The second set is the high-noise operating condition group (sample group A of this invention), which runs the same algorithm under high-pressure conditions with the aforementioned electromagnetic noise and 80% memory bandwidth usage, aiming to verify whether the system will misjudge when physical resource contention causes fluctuations in cache behavior. The third set is the attack simulation group (sample group B of this invention), which injects a typical return-oriented programming attack sequence into the algorithm, and simulates a control flow hijacking attack by manipulating the stack frame pointer to jump to three non-adjacent legal code segments. During the experiment, the runtime monitoring module uses the performance monitoring unit to synchronously collect runtime data in three dimensions: the number of first-level instruction cache misses, the number of branch prediction errors, and the total number of committed instructions. The experimental data is shown in Table 1 below. This table intuitively presents the logical deduction process from the original microarchitecture event count to the final integrity judgment.

[0041] Table 1: Comparison of Experimental Data

[0042]

[0043] Referring to Table 1, in the benchmark control group, the algorithm runs smoothly, and the vector space distance... The value was only 215, far below the threshold. In the high-noise operating condition group, due to increased memory bandwidth contention, the number of L1 instruction cache misses increased from the baseline of 12,450 to 14,180 (an increase of approximately 13.9%), reflecting the environmental disturbances under real-world conditions. However, since the algorithm's execution logic path remained unchanged, the number of branch prediction errors only fluctuated slightly (from 320 to 345), and the final calculated vector space distance... The value rose to 1,768, which, although an increase from the baseline, still converged to the preset tolerance threshold. Within (2800), the system correctly determined that the integrity was valid, proving that the mechanism has the stability to filter environmental noise under complex working conditions; in contrast, in the attack simulation group, although the total number of instructions (500,120) was very close to the baseline value (500,000), it was easy to deceive traditional detection methods based on instruction count or execution time. However, because the ROP attack changed the jump order of instructions, it directly destroyed the historical record table matching mechanism of the processor branch predictor, resulting in a non-linear surge in the number of branch prediction errors, from the baseline of 320 times to 4,150 times (an increase of more than 11 times). This drastic change in a single dimension dominated the calculation result of Euclidean distance, making the vector space distance Reaching 3,892, exceeding the tolerance threshold. Based on this, the system correctly determines that the integrity has failed and triggers an interception.

[0044] Example 3: This example combines Figures 1 to 3 This section describes the integrated vehicle-mounted safety computing system and its trusted construction method for data trustworthiness, such as... Figure 1 As shown, execution requests are initiated by key business algorithms such as convolutional neural networks or logic control algorithms. The runtime monitoring module located in the trusted execution environment then responds, performs interrupt masking and resets the operation of the performance monitoring unit (PMU) integrated inside the central processing unit (CPU), and then controls the PMU to synchronously collect real-time hardware microarchitecture events, including branch prediction and cache hits, to generate runtime microarchitecture feature vectors. The vector is then fed into the integrity measurement module, which retrieves the baseline microarchitecture feature vector stored in the baseline fingerprint storage module and whose signature has been verified by the hardware root of trust. The vector space distance D between the two is calculated and output to the gating output module. The gating output module performs flow splitting according to the preset judgment logic: when the distance D is less than or equal to the preset tolerance threshold... When the integrity is deemed valid, the calculated result data is encrypted and signed to allow output, provided the distance D is greater than the threshold. When an integrity failure is detected, hardware register cleaning logic is triggered to clear the data and prevent leakage.

[0045] like Figure 2 As shown, in the quantitative analysis of the relationship between vector space distance D and algorithm execution progress, the vertical axis represents the vector space distance D, and the horizontal axis represents the algorithm execution progress from 0% to 100%. A tolerance threshold is set in the figure. The value is 2800, and the distance change curves under three typical operating conditions are shown: the distance value of the baseline control group remains at an extremely low level throughout. The distance value of the high-noise condition group is affected by environmental noise, and although it is higher than that of the baseline group, it still strictly converges below the tolerance threshold θ throughout the process and is judged as valid by the system. The distance value of the attack simulation group is low at the beginning of the execution, but as the attack sequence unfolds, the vector space distance shows an upward trend and exceeds the tolerance threshold in the middle of the execution. This leads to the final judgment being invalid; such as Figure 3As shown, the deployment architecture mainly consists of a bottom-layer in-vehicle computing platform physical base, a middle-layer trusted execution environment confidential isolation zone, and a top-layer remote security center. The physical base includes a central processing unit and performance monitoring unit that provide microarchitecture event sources, as well as a hardware root of trust that provides a unique key anchor point. The trusted execution environment is built through hardware isolation technology and runs key business algorithms such as an integrated security engine. Sensor data flows through encrypted input to the algorithm area. The integrated security engine audits and intercepts the operation process through three links: real-time monitoring, integrity measurement, and gating output. Only when the verification is passed will it output compliant instructions to the data input and output modules. At the same time, the remote security center maintains a trusted connection with the system through a status verification mechanism, establishing a defense-in-depth system from the bottom-layer hardware support to the upper-layer business logic closed loop.

[0046] Example 4: Addressing the potential parameter / threshold black box problem in the offline calibration process of benchmark microarchitecture feature vectors as described in the original document, particularly the specific engineering implementation details regarding how to eliminate nondeterministic hardware noise interference to ensure the uniqueness and stability of benchmark vectors, this example provides a benchmark fingerprint generation procedure based on statistical adaptive filtering. This aims to eliminate random errors introduced by processor process differences, temperature fluctuations, and power supply ripple, ensuring that the extracted feature vectors only represent the inherent attributes of the algorithm logic itself. A controlled calibration environment is established, using a central processing unit of the same model as the target vehicle system, placed in a constant temperature test chamber, with the ambient temperature set at 25°C and powered by a precision regulated power supply to suppress voltage fluctuations affecting the clock frequency. The key business algorithm to be calibrated is loaded into a fixed physical address region of memory, the address space layout randomization function of the operating system is disabled, and the execution entry point of the fixed code segment is used to perform multiple rounds of large-sample data acquisition. An automated calibration script is initiated, and the performance monitoring unit is controlled to continuously execute the process. Next The critical business algorithm synchronously records the mean counts of three core dimensions during each execution: the number of first-level instruction cache misses, the number of branch prediction errors, and the total number of committed instructions. To remove outliers, the script employs a robust statistical method based on interquartile range: calculating the upper quartile of each data set. and lower quartiles ,definition Anything outside the range All sample points were marked as outliers affected by transient noise and removed.

[0047] Based on the cleaned sample set, an adaptive convergence model is constructed to determine the final baseline vector, and the arithmetic mean of the data in each dimension is calculated. and standard deviation If the coefficient of variation of a certain dimension If the value exceeds a preset stability threshold, such as 0.05, it indicates that this dimension is significantly affected by hardware nondeterminism, and the number of samplings needs to be increased. Or adjust the count event configuration of the performance monitoring unit until all dimensions are included. All values ​​converge within the stability threshold. Finally, the mean of each converged dimension is used to construct the baseline microarchitecture feature vector. And record the corresponding standard deviation vector. The latter will serve as the tolerance threshold during subsequent runtime. The established statistical basis, namely The value should be consistent with The modulus length is positively correlated with the modulus length.

[0048] Example 5: To address the issues of unclear initial state definitions and baseline data deviations that may arise before the actual deployment of an integrated vehicle-mounted safety computing system, a standardized pre-deployment calibration and debugging procedure is proposed. This procedure aims to ensure that the system, when installed on platforms of different batches and operating conditions, can perform integrity measurements based on an accurate physical baseline. After the system is initially powered on and the static integrity verification of the hardware root of trust is completed, it enters offline calibration mode. In this mode, the system performs a thermal noise baseline calibration process, locking the CPU clock frequency at the rated frequency and disabling dynamic frequency and voltage adjustment functions to build a stable microarchitecture observation environment. The system loads a pre-set calibration no-operation instruction sequence, and during the cyclic execution of this sequence, the performance monitoring unit continuously collects real-time data on the number of first-level instruction cache misses, branch prediction errors, and the total number of committed instructions. By statistically analyzing the counting results over at least 100 sampling periods, the average background noise of each microarchitecture event is calculated. with standard deviation If any dimension If the preset stability limit is exceeded, the system will automatically adjust the sampling frequency or counting period of the performance monitoring unit until the background noise converges to the allowable range.

[0049] After completing the thermal noise calibration, the system executes the business baseline adaptive filling process. Under controlled static conditions, the system loads and runs the standard test set of the key business algorithm, covering the main logical branches and boundary conditions of the algorithm. During execution, the system uses the calibrated performance monitoring unit to collect the microarchitecture event statistics of the key business algorithm, and corrects them in conjunction with the aforementioned thermal noise baseline to generate a localized baseline microarchitecture feature vector adapted to the current hardware environment. Finally, the system uses the private key of the hardware root of trust to... A digital signature is performed and written to a specific area of ​​the secure storage area, replacing the factory-preset universal reference vector. This serves as the sole reference standard for subsequent runtime integrity measurements, ensuring that the reference vector is highly compatible with the physical characteristics of the specific hardware platform.

[0050] Example 6: This example provides a standardized engineering procedure for quantifying and verifying runtime tolerance thresholds before the system leaves the factory. It aims to eliminate uncertainties introduced by differences in hardware batches and dynamic changes in application scenarios, and ensure the accuracy and stability of integrity measurement decision logic under real working conditions. In a preset controlled simulation environment, typical business scenarios of the target vehicle system are selected as test benchmarks. Different types of abnormal behaviors are simulated through fault injection tools, including unexpected instruction jumps, illegal memory accesses and abnormal interrupt requests. During this process, the microarchitecture event data streams of the system under normal operation and abnormal attack states are collected synchronously.

[0051] Statistical methods are used to extract and analyze features from the collected data stream. For each microarchitecture event dimension, the distribution range under normal conditions and the offset under abnormal conditions are calculated. Based on the normal distribution assumption, the confidence interval for each dimension is determined, and this interval is used as the safety baseline of the system in the current scenario. Through iterative optimization algorithms, the weight coefficients and tolerance thresholds in the vector space distance calculation logic are determined. The optimization objective is defined as minimizing the false alarm rate while ensuring that the detection rate is not lower than a preset value, such as 99.9%. Gradient descent is used to search in the parameter space until the optimal parameter combination that makes the optimization objective function converge is found. The final parameter set is fixed in the system's read-only storage area as the basis for judging runtime integrity measurement.

[0052] It will be apparent to those skilled in the art that the present invention is not limited to the details of the exemplary embodiments described above, and that the present invention can be implemented in other specific forms without departing from the spirit or essential characteristics of the present invention.

[0053] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims

1. A vehicle-mounted integrated safety computing system for data trustworthiness, characterized in that, The system includes: The hardware root of trust has an immutable and unique key credential, which is used to establish a static trust chain and digitally sign pre-set data during the system startup phase. The central processing unit integrates a performance monitoring unit, which is used to collect hardware microarchitecture events in parallel during the instruction execution cycle. Trusted Execution Environment (TEE) is an isolated memory region of the central processing unit built on memory encryption technology. TEE includes: The benchmark fingerprint storage module is used to store the benchmark microarchitecture feature vector signed by the hardware root of trust. The benchmark microarchitecture feature vector represents the statistical distribution characteristics generated by the performance monitoring unit triggered by the key business algorithm under the benchmark execution path. The runtime monitoring module is used to respond to the execution request of the critical business algorithm, block external interrupt signals and reset the performance monitoring unit. During the execution of the instruction stream of the critical business algorithm, it controls the performance monitoring unit to synchronously collect real-time hardware microarchitecture events to generate runtime microarchitecture feature vectors. The integrity measurement module is used to determine the integrity of the control flow logic of critical business algorithms based on the vector space distance between the runtime microarchitecture feature vector and the baseline microarchitecture feature vector. And a gated output module, used to perform encryption signing on the calculation result data of key business algorithms and allow output when the vector space distance is less than or equal to a preset tolerance threshold, and to clear the calculation result data and trigger a security exception when the vector space distance is greater than the preset tolerance threshold; The trusted execution environment also includes a confidential container management module, which is used to instantiate multiple logically isolated confidential containers in an isolated memory area. The key business algorithms are encapsulated inside the confidential containers. The confidential container management module only verifies the image hash value of the confidential container using the hardware root of trust when the confidential container is loaded, and after the verification is successful, it transfers control to the runtime monitoring module to start dynamic microarchitecture feature monitoring.

2. The vehicle-mounted integrated safety computing system for data trustworthiness according to claim 1, characterized in that, The vector space distance calculation logic performed by the integrity measurement module follows the following mathematical relationship: ,in, Represents the distance in vector space. This represents the total number of feature dimensions. The runtime microarchitecture feature vector represents the first... Values ​​in each dimension The baseline microarchitecture feature vector is represented in the th... The value in each dimension is used to determine the logic when... The integrity is valid when it is determined. When the integrity is deemed invalid, the following conditions are met: This is a preset tolerance threshold.

3. The vehicle-mounted integrated safety computing system for data trust as described in claim 1, characterized in that, The hardware microarchitecture events statistically collected by the performance monitoring unit are selected from at least one of the following: number of L1 instruction cache misses, number of branch prediction errors, total number of committed instructions, and number of transition back buffer misses; the baseline microarchitecture feature vector is determined by taking the statistical average of multiple benchmark tests on untampered key business algorithms in an offline secure environment.

4. The vehicle-mounted integrated safety computing system for data trust as described in claim 1, characterized in that, The runtime monitoring module has atomic execution control logic, which is used to lock the interrupt controller before the critical business algorithm starts execution and release the interrupt controller after execution, so as to eliminate the interference of nondeterministic interrupts on the performance monitoring unit count value and ensure that the runtime microarchitecture feature vector only reflects the code execution behavior of the critical business algorithm itself.

5. The vehicle-mounted integrated safety computing system for data trust as described in claim 1, characterized in that, The gating output module includes hardware register cleaning logic. When the distance in the vector space is determined to be greater than a preset tolerance threshold, the hardware register cleaning logic immediately writes all-zero data or random noise data to the general-purpose register and vector register that store the plaintext calculation results, thereby blocking the hijacked control flow from leaking sensitive data to the storage area outside the trusted execution environment.

6. The vehicle-mounted integrated safety computing system for data trust as described in claim 1, characterized in that, The system also includes a remote proof generation module, which generates a reference report containing the current platform configuration register values ​​and runtime microarchitecture feature vectors, and signs the reference report using the private key of the hardware root of trust. The reference report is used to prove to external verifiers that the static identity and dynamic behavior characteristics of the vehicle-mounted integrated safety computing system when executing critical business algorithms meet expectations. The performance monitoring unit is a fixed-function counter or a programmable performance counter built into the central processing unit core. The runtime monitoring module configures the counting event type and counting period of the performance monitoring unit by reading and writing the model-related registers of a specific processor model, and the configuration operation is limited to the highest privilege level mode of the trusted execution environment.

7. The vehicle-mounted integrated safety computing system for data trust as described in claim 1, characterized in that, The critical business algorithms include convolutional neural network inference algorithms for identifying road obstacles or logic control algorithms for determining emergency braking of trains. The baseline microarchitecture feature vector is calibrated based on the pipeline execution characteristics of the critical business algorithms on a specific processor model. When the system is migrated to a processor with a different microarchitecture, the baseline fingerprint storage module is used to receive and update the baseline microarchitecture feature vector adapted to the new processor architecture.

8. The vehicle-mounted integrated safety computing system for data trust as described in claim 1, characterized in that, The system also includes a direct memory access encryption controller, which automatically performs hardware-level encryption before external sensor data is written to the physical memory region of the trusted execution environment, and automatically performs hardware-level decryption when the data is read into the CPU's L1 or L2 cache; the integrity measurement module is used to continuously monitor the status of the performance monitoring unit throughout the entire process of decrypting data participating in the operation.

9. A trusted construction method for a data-trust-oriented integrated vehicle-mounted safety computing system, applied to the data-trust-oriented integrated vehicle-mounted safety computing system as described in claim 1, characterized in that, The methods include: During the system startup or initialization phase, a static trust chain is established using a hardware trust root with an immutable and unique key credential, and the digital signature of the baseline microarchitecture feature vector stored in the trusted execution environment is verified. The baseline microarchitecture feature vector represents the statistical distribution characteristics generated by the performance monitoring unit triggered by the key business algorithm under the baseline execution path. In response to the execution request of the critical business algorithm, external interrupt signals are blocked and the performance monitoring unit integrated inside the central processing unit is reset. During the execution of the instruction stream of the critical business algorithm, the control performance monitoring unit synchronously collects real-time hardware microarchitecture events to generate runtime microarchitecture feature vectors. The system invokes the verified baseline microarchitecture feature vector, calculates the vector space distance between the runtime microarchitecture feature vector and the baseline microarchitecture feature vector, and determines the integrity of the control flow logic of the critical business algorithm based on this distance. It then performs gating output operations based on the integrity determination result: when the vector space distance is less than or equal to a preset tolerance threshold, it performs encrypted signing on the calculation result data of the critical business algorithm and allows output; when the vector space distance is greater than the preset tolerance threshold, it clears the calculation result data and triggers a security exception.