A periodic dynamic metric method and system based on a trusted system
By loading a dynamic measurement kernel module into a trusted system and leveraging the collaborative protection of REE and TEE to ensure dynamic measurement tasks, the security and real-time performance issues of the IMA scheme in a dual-domain trusted system are resolved. This achieves dynamic measurement with high security and strong real-time performance, making it suitable for high-security and embedded fields.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- 成都菁蓉联创科技有限公司
- Filing Date
- 2026-05-22
- Publication Date
- 2026-06-19
AI Technical Summary
Existing IMA dynamic measurement schemes based on Linux systems cannot run in dual-domain trusted systems, have low security, are not suitable for high-security fields, have large system size, affect system performance, and cannot meet the real-time requirements of embedded fields.
A periodic dynamic measurement method based on a trusted system is adopted. By loading a dynamic measurement kernel module into the trusted system, the dynamic measurement task is guaranteed by the collaboration of the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE), achieving periodic triggering and high security. The dynamic measurement kernel module is decoupled from the Linux system, reducing system usage.
It achieves dynamic measurement with high security and strong real-time performance in dual-domain trusted systems, reduces the impact on system performance, and is suitable for embedded scenarios with high security and strong real-time requirements.
Smart Images

Figure CN122241725A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of data processing, and in particular relates to a periodic dynamic measurement method and system based on a trusted system. Background Technology
[0002] In aerospace engineering, communications, remote sensing, power, military industries, and other embedded systems and fields with high security and reliability requirements, there is an urgent need for periodic dynamic measurement methods and systems based on trusted systems. Dynamic measurement is a key security technology used to ensure the integrity, trustworthiness, and security of a system. Dynamic measurement typically involves real-time monitoring and verification of system components to ensure they have not been tampered with or damaged.
[0003] Existing dynamic measurement schemes are typically based on Linux systems. These Linux-based schemes are usually implemented by the Linux kernel's IMA (Integrity Measurement Architecture) subsystem. This subsystem can measure files accessed via the execve(), mmap(), and open() system calls based on custom policies, comparing the measurement results with existing reference values to detect file tampering. Because existing IMA schemes exist as kernel subsystems, their core triggering condition is event-driven, making it impossible to achieve timed periodic execution through built-in mechanisms. This results in significant resource overhead, making them generally suitable for non-lightweight systems and non-embedded scenarios. They are typically unsuitable for embedded scenarios requiring strict control over system dimensions.
[0004] The disadvantages of existing technologies are as follows: The existing IMA (Integrity Measurement Architecture) dynamic measurement scheme based on the Linux system is only applicable to the Linux system and does not have functions such as interaction and storage between two domains, and is not suitable for trusted systems with two domains. The existing IMA (Integrity Measurement Architecture) dynamic measurement scheme based on the Linux system has a configuration file that can be modified during operation. It does not have high security and is only suitable for general application scenarios with low security requirements. It is not suitable for high-security fields such as aerospace engineering, communications, remote sensing, power, and military industries. Existing dynamic measurement schemes based on Linux-based IMA (Integrity Measurement Architecture) systems have a large system size due to their implementation relying on the kernel's IMA module, making them unsuitable for embedded systems that require precise control over system size. The existing IMA (Integrity Measurement Architecture) dynamic measurement scheme based on the Linux system only supports event triggering and does not support other triggering methods. Therefore, once a high frequency of access events occurs, it will greatly consume system performance, resulting in a slow system running speed. It is not suitable for embedded fields that require strong real-time performance. Summary of the Invention
[0005] To address the aforementioned shortcomings of existing technologies, this invention provides a periodic dynamic measurement method and system based on a trusted system. The technical problems solved by this invention are as follows: Existing Linux-based IMA schemes can only operate in REE space and cannot run in dual-domain trusted systems where both REE and TEE spaces exist simultaneously, thus making them unsuitable for dual-domain trusted systems; existing Linux-based IMA schemes have low security and are unsuitable for high-security fields such as aerospace engineering, communications, remote sensing, power, and military industries; existing Linux-based IMA schemes are large in size and unsuitable for embedded systems requiring precise control of system size; existing Linux-based IMA schemes only support event triggering, which significantly impacts performance and is unsuitable for embedded systems requiring strong real-time performance.
[0006] To achieve the above objectives, the technical solution adopted by this invention is: a periodic dynamic measurement method based on a trusted system, comprising the following steps: S1. Perform trusted boot on the trusted system and load the dynamic measurement kernel module; S2. Based on the loaded dynamic measurement kernel module, initialize the dynamic measurement strategy and create dynamic measurement tasks; S3. Execute dynamic measurement tasks based on dynamic measurement strategies; S4. Based on the execution result, return the calculation result of the dynamic measurement to the dynamic measurement kernel thread. Using the dynamic measurement kernel thread, determine the final execution result of the dynamic measurement task according to the dynamic measurement result and the dynamic measurement strategy, and complete the processing of periodic dynamic measurement.
[0007] The beneficial effects of this invention are: This invention realizes a periodic dynamic measurement scheme and system based on a trusted system, so that the execution of dynamic measurement tasks is jointly guaranteed by the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE), ensuring the high security of dynamic measurement tasks; This invention realizes the periodic triggering of dynamic measurement tasks, reducing the impact of dynamic measurement tasks on system performance, and maximizing the strong real-time performance of the system, making this invention more suitable for systems and system application scenarios with high real-time requirements.
[0008] Further, S1 includes: Based on a trusted hardware platform and a trusted system, the trusted system is started. After the trusted system starts up, the Trusted Software Base agent running in the Rich Execution Environment (REE) loads the dynamic measurement kernel module. The dynamic measurement kernel module is decoupled from the Linux system and is loaded by the Trusted Software Base to complete the insertion of the dynamic measurement kernel module.
[0009] The beneficial effects of the above-mentioned further solutions are: the present invention decouples the dynamic measurement kernel module from the self-developed Linux kernel, reduces the system space occupied by the dynamic measurement kernel module, and makes the system size as compact as possible, making it more suitable for embedded scenarios that require precise control of system size.
[0010] Furthermore, S2 includes: When the dynamic measurement kernel module running in the Trusted System Rich Execution Environment (REE) is inserted, the initialization of the dynamic measurement strategy is triggered. The dynamic measurement strategy includes: the process or script to be measured by the dynamic measurement task; and the time interval for dynamically measuring the process or script. When the dynamic measurement kernel module running in the Rich Execution Environment (REE) of a Trusted System is inserted, it triggers the creation of periodic dynamic measurement tasks. These periodic dynamic measurement tasks include: creating a dynamic measurement kernel thread in the REE; creating a dynamic measurement user process in the REE; and simultaneously, the characteristics of the dynamic measurement tasks take effect when they are created in the REE.
[0011] The beneficial effects of the above-mentioned further solutions are: the present invention realizes the periodic triggering of dynamic measurement tasks, which maximizes the real-time performance of the system and minimizes the impact of dynamic measurement tasks on system performance. This makes the present invention applicable to the embedded field that requires strong real-time performance, and provides a targeted dynamic measurement solution for strong real-time scenarios in the embedded field.
[0012] Furthermore, S3 includes: According to the dynamic measurement time interval in the dynamic measurement strategy, at the beginning of each dynamic measurement, the Trusted Platform Control Module (TPCM) running in the Rich Execution Environment (REE) is invoked to drive the dynamic measurement object content. By driving the dynamic measurement object content, cross-process access to memory content via virtual address is achieved. The object content includes process objects and script objects. The process object is the memory space content of the process's read-only code segment, and the script object is the page cache space content of the script file. The Trusted Platform Control Module (TPCM) drives the invocation of the security service scheduling function in the Trusted Software Base (TSB) within the Trusted Execution Environment (TEE), transmitting the dynamically measured object content to the Trusted Platform Control Module (TPCM) running in the TEE. The security service scheduling function includes: under the Rich Execution Environment (REE), the Trusted Platform Control Module (TPCM) drives the invocation of the security service scheduling function in the Trusted Software Base (TSB) within the TEE; under the Rich Execution Environment (REE), the security service scheduling function in the Trusted Software Base (TSB) transmits the dynamically measured object content to the Trusted Platform Control Module (TPCM) service. The Trusted Platform Control Module (TPCM) performs hash calculations on the content of the measured object through the hash calculation function provided by the Trusted Cryptography Module (TCM) and the secure storage function provided by the Trusted Software Base (TSB). The hash calculation result is compared with the trusted benchmark value to complete the execution of the dynamic measurement task.
[0013] The beneficial effects of the above-mentioned further solutions are as follows: This invention enables dynamic measurement tasks to obtain the content of the measured object by accessing the content in memory through virtual addresses across processes. This function allows the dynamic measurement scheme proposed in this invention to be executed completely independently of other processes in the system without interrupting the operation of other processes, thus further ensuring the real-time performance of this invention and ensuring the high security and strong real-time performance of the system. It also realizes a periodic dynamic measurement scheme and system based on a trusted system, so that the execution of dynamic measurement tasks is jointly guaranteed by the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE), ensuring the high security of dynamic measurement tasks.
[0014] Furthermore, obtain the contents of the process's read-only code segment memory space, including: The virtual address distribution of processes is defined in the VMA table of the self-developed Linux system; Based on the defined process virtual address distribution, the proc / [pid] / smaps file in the self-developed Linux system is parsed to obtain the VMA table of the process being measured; Based on the obtained VMA table, according to the obtained starting address and length, the contents of the process's read-only code segment memory space are read and passed to the Trusted Execution Environment (TEE) for trusted measurement operations.
[0015] The beneficial effects of the above-mentioned further solutions are: the present invention provides a trusted measurement operation scheme for processes in a trusted system, which realizes the trusted measurement work of processes in the joint cooperation of the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE). The trusted measurement operation is performed by the Trusted Execution Environment (TEE), which further ensures the reliability of subsequent dynamic measurement results, making the technical solution provided by the present invention highly secure and applicable to high-security fields.
[0016] Furthermore, obtain the page cache space content of the script file, including: During script execution, the script file stored on the external flash storage device is pre-loaded into memory; During the pre-read moment, the script file is verified to have not been modified on the flash external storage device through the file static measurement mechanism of the trusted system. The script file was successfully loaded into memory without being modified and exists as a file page cache. In the kernel file system layer of the self-developed Linux system, hook functions are added to obtain the physical page frame corresponding to the page cache page using the page-to-page frame number mechanism, and map the physical page frame to the user virtual address space through the physical memory image dev / mem. The hook functions are used to obtain the page cache page of the specified file; the page-to-page frame number mechanism refers to the Linux memory management mechanism that provides the mapping relationship between page structure and page frame number. Based on the mapped virtual address space and length, the content of the script object in memory is obtained and passed to the Trusted Execution Environment (TEE) for trust measurement operations.
[0017] The beneficial effects of the above-mentioned further solutions are: the present invention provides a trust measurement operation scheme for scripts in a trusted system, which realizes the trust measurement work of scripts in the joint cooperation of the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE). The trust measurement operation is performed by the Trusted Execution Environment (TEE), which further ensures the reliability of subsequent dynamic measurement results, making the technical solution provided by the present invention highly secure and applicable to high-security fields.
[0018] Furthermore, the timing of calculating the reliable benchmark value includes: For binary programs: At the moment of execution of the binary program, the virtual address of the binary program is loaded. After the virtual address loading of the binary program is completed, when the memory address of the code segment and the dynamic library can be found under the dynamic measurement kernel, the trusted baseline value of the read-only memory page is calculated to complete the static measurement of the binary program. For script files: When a script file is executed, the script is read into the memory page cache; a hook function is added at the page cache read location; the memory page content is obtained through the hook function, and a reliable baseline value is calculated.
[0019] The beneficial effects of the above-mentioned further solutions are: the present invention clarifies the calculation timing of the trusted benchmark value under the joint cooperation of the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE), ensuring that binary programs and script files can calculate the trusted benchmark value at the correct time, and providing a reliable and highly secure guarantee for dynamic measurement schemes.
[0020] Furthermore, the calculation of the reliable benchmark value includes: Define the interaction interface parameters between the Rich Execution Environment (REE) and the Trusted System's metrics definition as ID values and memory space addresses; When initializing the trusted system, a shared memory region is set up with the rich execution environment (REE). By leveraging the trusted software base agent in the rich execution REE, the read-only memory space contents of the process to be measured are copied to the created shared memory region; Based on the copied object or after the copy is completed, the copied object is ID-encoded, and the trusted software base agent in the rich execution environment REE maintains the correspondence between the ID number and the metric object; Based on the maintenance results, the Trusted Platform Control Module (TPCM) measurement service of the trusted system is activated through the defined interaction interface, and the Trusted Cryptography Module (TCM) calculates the trusted baseline value.
[0021] The beneficial effects of the above-mentioned further solutions are: the present invention defines and implements the interaction interface between the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE), ensuring that the dynamic measurement scheme can be completed under the cooperation of the two domains, thus guaranteeing the high security of the dynamic measurement scheme.
[0022] Furthermore, S4 includes: Under the rich execution environment REE, the trusted platform control module TCPM is driven to return the dynamic measurement results and trusted benchmark values to the dynamic measurement kernel thread; In the Rich Execution Environment (REE), the dynamic measurement kernel thread is used to determine whether to stop the execution of the measurement object and send out security logs based on the dynamic measurement results and dynamic measurement strategy, thus completing a periodic dynamic measurement process.
[0023] The beneficial effects of the above-mentioned further solutions are: the present invention realizes the interaction with the dynamic measurement kernel thread by enriching the Trusted Platform Control Module (TCPM) in the execution environment REE, ensuring the completion of periodic dynamic measurement, and further ensuring the integrity and high security of the dynamic measurement scheme.
[0024] This invention also provides a periodic dynamic measurement system based on a trusted system, comprising: The first processing module is used for trusted booting of the trusted system and loading the dynamic measurement kernel module; The second processing module is used to initialize the dynamic measurement strategy and create dynamic measurement tasks based on the loaded dynamic measurement kernel module. The third processing module is used to execute dynamic measurement tasks based on the dynamic measurement strategy; The fourth processing module is used to return the calculation results of dynamic measurement to the dynamic measurement kernel thread based on the execution results. The dynamic measurement kernel thread then determines the final execution result of the dynamic measurement task based on the dynamic measurement results and the dynamic measurement strategy, thus completing the processing of periodic dynamic measurements.
[0025] The beneficial effects of this invention are as follows: This invention periodically checks whether critical areas of a running program or script have changed, and executes corresponding strategies based on the check results, thereby achieving the goal of ensuring high security, high reliability, and strong real-time performance of a trusted system during operation. Attached Figure Description
[0026] Figure 1 This is a flowchart of the method of the present invention.
[0027] Figure 2 This is a schematic diagram of the system structure of the present invention. Detailed Implementation
[0028] The specific embodiments of the present invention are described below to enable those skilled in the art to understand the present invention. However, it should be understood that the present invention is not limited to the scope of the specific embodiments. For those skilled in the art, various changes are obvious as long as they are within the spirit and scope of the present invention as defined and determined by the appended claims. All inventions utilizing the concept of the present invention are protected.
[0029] Example 1 Before describing the present invention, the following technical terms, definitions, and abbreviations will be explained as shown in Table 1. Table 1 is an explanation of technical terms and definitions.
[0030] Table 1
[0031] As shown in Table 2, Table 2 is a table of explanations of abbreviations.
[0032] Table 2
[0033] In high-security fields such as aerospace engineering, communications, remote sensing, power, and military industries, autonomous and controllable trusted systems urgently require more comprehensive system trust solutions to ensure high security and reliability while maintaining unaffected system performance. This invention proposes a periodic dynamic measurement method and system based on trusted systems. This method and system are applicable to fully domestically produced and autonomously controllable trusted systems. This invention not only provides a periodic dynamic measurement method that meets the collaborative protection of the REE rich execution environment and the TEE trusted execution environment in trusted systems, thus achieving high security, but also achieves lightweight operation without occupying system space, making it suitable for embedded scenarios. Furthermore, the dynamic measurement method proposed in this invention supports periodic measurement, minimizing the impact on system performance. Based on the above features of this invention, the periodic dynamic measurement method and system based on trusted systems proposed in this invention can meet the needs of embedded scenarios with high security, high reliability, and strong real-time requirements, and is suitable for trusted systems in high-security, high-real-time embedded scenarios.
[0034] like Figure 1 As shown, this invention provides a periodic dynamic measurement method based on a trusted system, the implementation of which is as follows: S1. The trusted system is booted with a trusted system and the dynamic metrics kernel module is loaded. The implementation method is as follows: Based on a trusted hardware platform and a trusted system, the trusted system is started. After the trusted system starts up, the Trusted Software Base agent running in the Rich Execution Environment (REE) loads the dynamic measurement kernel module. The dynamic measurement kernel module is decoupled from the Linux system and is loaded by the Trusted Software Base to complete the insertion of the dynamic measurement kernel module.
[0035] In this embodiment, the trusted startup of the trusted system and the loading of the dynamic measurement kernel module specifically refer to the following: the trusted system is started based on a trusted hardware platform and a trusted system; after the system is started in a trusted manner, the trusted software base agent running in the rich execution environment (REE) loads the dynamic measurement kernel module. This dynamic measurement kernel module is decoupled from the Linux system and is loaded entirely by the trusted software base to complete the module insertion action.
[0036] In this embodiment, the trusted system, based on trusted hardware and software, completes trusted boot, specifically including trusted boot of REE OS (self-developed Linux operating system) and TEE OS (trusted system). The trusted software base agent, running in the Rich Execution Environment (REE), is responsible for managing the dynamic metrics kernel module. Specifically, this refers to the dynamic metrics kernel module, which is decoupled from the self-developed Linux system kernel, being inserted by the trusted software base agent.
[0037] S2. Based on the loaded dynamic measurement kernel module, the dynamic measurement strategy is initialized and dynamic measurement tasks are created. The implementation method is as follows: When the dynamic measurement kernel module running in the Trusted System Rich Execution Environment (REE) is inserted, the initialization of the dynamic measurement strategy is triggered. The dynamic measurement strategy includes: the process or script to be measured by the dynamic measurement task; and the time interval for dynamically measuring the process or script. When the dynamic measurement kernel module running in the Rich Execution Environment (REE) of a Trusted System is inserted, it triggers the creation of periodic dynamic measurement tasks. These periodic dynamic measurement tasks include: creating a dynamic measurement kernel thread in the REE; creating a dynamic measurement user process in the REE; and simultaneously, the characteristics of the dynamic measurement tasks take effect when they are created in the REE.
[0038] In this embodiment, the dynamic measurement kernel module running in the Trusted System's Rich Execution Environment (REE) is inserted simultaneously with the initialization of the dynamic measurement strategy. The dynamic measurement strategy specifically includes: 1) The process or script required for the dynamic measurement task; 2) The time interval for dynamically measuring processes or scripts.
[0039] In this embodiment, the insertion of the dynamic measurement kernel module running in the Trusted Execution Environment (REE) of the Trusted System triggers the creation of a periodic dynamic measurement task. The creation of the periodic dynamic measurement task specifically includes: 1) Create a dynamic measurement kernel thread within the Rich Execution Environment (REE); 2) Create dynamic metrics for user processes within the Rich Execution Environment (REE); 3) In the Rich Execution Environment (REE), when a dynamic metric task is created, its features also take effect, including: 3-1) It does not respond to any process termination signals. Once the task is running, it cannot be killed by the system, including by administrator users. This ensures that the dynamic measurement task provides comprehensive protection for system security during system operation and guarantees the high security of the system. 3-2) The self-check and recovery feature is enabled. If the dynamic measurement task exits due to an anomaly, it will immediately restart after exiting, thus ensuring the high security of the system. 3-3) When the priority of dynamic measurement tasks takes effect, the running priority of dynamic measurement tasks is the lowest and can be preempted by any real-time task in the system. This ensures that the execution of business programs is not affected when measurement operations are performed, thus guaranteeing that the strong real-time performance of the system is not affected.
[0040] S3. Based on the dynamic measurement strategy, execute the dynamic measurement task. The implementation method is as follows: According to the dynamic measurement time interval in the dynamic measurement strategy, at the beginning of each dynamic measurement, the Trusted Platform Control Module (TPCM) running in the Rich Execution Environment (REE) is invoked to drive the dynamic measurement object content. By driving the dynamic measurement object content, cross-process access to memory content via virtual address is achieved. The object content includes process objects and script objects. The process object is the memory space content of the process's read-only code segment, and the script object is the page cache space content of the script file. The Trusted Platform Control Module (TPCM) drives the invocation of the security service scheduling function in the Trusted Software Base (TSB) within the Trusted Execution Environment (TEE), transmitting the dynamically measured object content to the Trusted Platform Control Module (TPCM) running in the TEE. The security service scheduling function includes: under the Rich Execution Environment (REE), the Trusted Platform Control Module (TPCM) drives the invocation of the security service scheduling function in the Trusted Software Base (TSB) within the TEE; under the Rich Execution Environment (REE), the security service scheduling function in the Trusted Software Base (TSB) transmits the dynamically measured object content to the Trusted Platform Control Module (TPCM) service. The Trusted Platform Control Module (TPCM) performs hash calculations on the content of the measured object through the hash calculation function provided by the Trusted Cryptography Module (TCM) and the secure storage function provided by the Trusted Software Base (TSB). The hash calculation result is compared with the trusted benchmark value to complete the execution of the dynamic measurement task.
[0041] In this embodiment, obtaining the contents of the read-only code segment memory space of the process includes: The virtual address distribution of processes is defined in the VMA table of the self-developed Linux system; Based on the defined process virtual address distribution, the proc / [pid] / smaps file in the self-developed Linux system is parsed to obtain the VMA table of the process being measured; Based on the obtained VMA table, according to the obtained starting address and length, the contents of the process's read-only code segment memory space are read and passed to the Trusted Execution Environment (TEE) for trusted measurement operations.
[0042] In this embodiment, obtaining the page cache space content of the script file includes: During script execution, the script file stored on the external flash storage device is pre-loaded into memory; During the pre-read moment, the script file is verified to have not been modified on the flash external storage device through the file static measurement mechanism of the trusted system. The script file was successfully loaded into memory without being modified and exists as a file page cache. In the kernel file system layer of the self-developed Linux system, hook functions are added to obtain the physical page frame corresponding to the page cache page using the page-to-page frame number mechanism, and map the physical page frame to the user virtual address space through the physical memory image dev / mem. The hook functions are used to obtain the page cache page of the specified file; the page-to-page frame number mechanism refers to the Linux memory management mechanism that provides the mapping relationship between page structure and page frame number. Based on the mapped virtual address space and length, the content of the script object in memory is obtained and passed to the Trusted Execution Environment (TEE) for trust measurement operations.
[0043] In this embodiment, the page-to-page-frame-number mechanism is implemented as follows: the kernel maintains a page structure descriptor for each physical page frame, and uses a globally unified memory mapping array to achieve an efficient one-to-one correspondence between the page structure and the page frame number. This invention adds a hook function to the kernel file system layer of the self-developed Linux system. This function is used to obtain the page cache page of a specified file, and then, through the page-to-page-frame-number mechanism provided by the Linux kernel, finds the physical page frame (physical page frame, i.e., physical page frame number) corresponding to the page cache page obtained through the aforementioned hook function. Finally, the physical page frame (physical page frame, i.e., physical page frame number) is mapped to the user virtual address space through the physical memory image dev / mem.
[0044] In this embodiment, the timing of calculating the reliable benchmark value includes: For binary programs: At the moment of execution of the binary program, the virtual address of the binary program is loaded. After the virtual address loading of the binary program is completed, when the memory address of the code segment and the dynamic library can be found under the dynamic measurement kernel, the trusted baseline value of the read-only memory page is calculated to complete the static measurement of the binary program. For script files: When a script file is executed, the script is read into the memory page cache; a hook function is added at the page cache read location; the memory page content is obtained through the hook function, and a reliable baseline value is calculated.
[0045] In this embodiment, the calculation of the reliable benchmark value includes: Define the interaction interface parameters between the Rich Execution Environment (REE) and the Trusted System's metrics definition as ID values and memory space addresses; When initializing the trusted system, a shared memory region is set up with the rich execution environment (REE). By leveraging the trusted software base agent in the rich execution REE, the read-only memory space contents of the process to be measured are copied to the created shared memory region; Based on the copied object or after the copy is completed, the copied object is ID-encoded, and the trusted software base agent in the rich execution environment REE maintains the correspondence between the ID number and the metric object; Based on the maintenance results, the Trusted Platform Control Module (TPCM) measurement service of the trusted system is activated through the defined interaction interface, and the Trusted Cryptography Module (TCM) calculates the trusted baseline value.
[0046] In this embodiment, according to the dynamic measurement time interval set by the dynamic measurement strategy, at the start of each dynamic measurement, the dynamic measurement task running in the Rich Execution Environment (REE) will transmit the object content to be dynamically measured to the Trusted Platform Control Module (TPCM) service running in the REE by calling the Trusted Platform Control Module (TPCM) driver. The TPCM driver further calls the security service scheduling function in the Trusted Software Base (TSB) of the Trusted Execution Environment (TEE) to transmit the object content to be dynamically measured to the TPCM service running in the TEE, thereby performing the relevant measurement calculations. The TPCM completes the hash calculation of the measured object data and compares it with the trusted benchmark value through the hash calculation function provided by the Trusted Cryptography Module (TCM) and the secure storage function provided by the Trusted Software Base (TSB), thereby realizing the measurement verification of the measured object data.
[0047] In this embodiment, the dynamic measurement task calls the Trusted Platform Control Module (TPCM) driver, specifically including: 1) In the rich execution environment REE, the dynamic measurement task runs when the dynamic measurement time interval set by the dynamic measurement strategy in S2 is met; 2) Enrich the execution environment (REE) to dynamically obtain measurement objects for measurement tasks; In this embodiment, the dynamic measurement task acquires measurement objects, mainly including the following two types: (1) Type 1: Obtaining the process object: This involves retrieving the contents of the process's read-only code segment memory space, i.e., the contents of critical areas that the program cannot modify. The specific steps are as follows: (1-1) In the VMA table of the self-developed Linux system (REE OS), define the virtual address distribution of the process's code segment, dynamic library, heap, stack, etc.; (1-2) Parse the proc / [pid] / smaps file in the self-developed Linux system to obtain the VMA table of the process being measured; (1-3) Based on the obtained starting address and length, read the contents of the corresponding memory address space and pass them to the Trusted Execution Environment (TEE) for trusted measurement operations; (2) Type Two: Get the script object: Get the page cache space content of the script file, that is, the content of the script buffer, a critical area that the script cannot modify; During script execution, the dynamically measured content is the script file itself. The specific steps to obtain the script object are as follows: (2-1) Pre-reading script files and loading them into system memory: When the script is executed, the script files stored on the flash external storage device are pre-read and loaded into system memory; (2-2) At the moment of pre-reading, the file is verified to have not been modified on the flash external storage device through the file static measurement mechanism of the trusted system; (2-3) The script file was successfully loaded into memory and exists as a file page cache; (2-4) In the kernel file system of the self-developed Linux system (REE OS), add hook functions to obtain the page cache page of the specified file, use the page to page frame number mechanism to find the physical page frame corresponding to the page cache page, and then map the physical page frame to the user virtual address space through the physical memory image dev / mem; (2-5) By using the virtual address space and length mapped in (2-4), the content of the script in memory is obtained and then passed to the Trusted Execution Environment (TEE) space for measurement; 3) Enrich the execution environment (REE) by having the dynamic measurement task call the Trusted Platform Control Module (TPCM) driver. To enable dynamic measurement tasks to obtain measurement objects in an enriched execution environment (REE), it is necessary to implement the function of retrieving contents in memory across processes via virtual addresses.
[0048] Since virtual memory addresses between processes are isolated from each other, the actual memory space corresponding to the same virtual memory address is different for different processes. The current process can only see the memory in its own space. Therefore, enabling cross-process access to memory content through virtual address is a key technical challenge that this invention overcomes.
[0049] This invention implements the function of accessing memory contents across processes via virtual addresses in a self-developed Linux system (REE OS). The specific implementation method is as follows: Step 1: Provide a physical memory page query and management tool, PageInsight, in the self-developed Linux system. PageInsight provides a function to query physical memory and virtual memory, that is, given the virtual memory address of a specified process, the physical memory address can be obtained; based on the physical memory address, the virtual address mapping of all processes corresponding to this physical memory can be obtained. Step 2: Based on the mutual query function of the physical memory page query management tool PageInsight, implement the function of obtaining the corresponding physical page through the virtual memory address space of a specified process; Step 3: Re-map the physical pages obtained in Step 2 using the physical memory image dev / mem, and export the contents of the page frame.
[0050] Through the above three steps, the memory content of other processes in the system can be accessed in an independent measurement process. Based on the memory address, the memory space data of system processes, modules, executable code, and applications can be measured without interrupting the execution of the original process, thereby ensuring the realization of the dynamic measurement task in this invention to obtain the content of the measured object.
[0051] In this embodiment, the Trusted Platform Control Module (TPCM) driver invokes the security service scheduling function in the Trusted Software Base (TSB), specifically including: 1) Under the enriched execution environment (REE), the Trusted Platform Control Module (TPCM) drives the call to the security service scheduling function in the Trusted Software Base (TSB) within the Trusted Execution Environment (TEE); 2) Under the Trusted Execution Environment (TEE), the security service scheduling function in the Trusted Software Base (TSB) transmits the dynamically measured object content to the Trusted Platform Control Module (TPCM) service.
[0052] In this embodiment, the Trusted Platform Control Module (TPCM) performs metric calculation and comparison, specifically including: 1) Under the Trusted Execution Environment (TEE), the Trusted Platform Control Module (TPCM) obtains the trusted baseline value through the secure storage function of the Trusted Software Base (TSB); the calculation and storage of the trusted baseline value are implemented as follows: (1) Triggering the calculation of the reliable benchmark value, i.e., the timing of the calculation of the reliable benchmark value: (1-1) Type 1: Binary Program; For binary programs, static measurement is completed at the instant of program execution. After the program's virtual address is loaded, the dynamic measurement kernel can find the memory addresses of the code segment and dynamic library loading, and at this time, the reliable baseline value of the read-only memory page is calculated. The specific process is as follows: (1-1-1) Binary program process creation; binary program process execution; binary program virtual address loading; (1-1-2) After loading the binary program and dynamic library in the binary file loading tool, obtain the memory contents and calculate the reliable baseline value; (1-2) Type 2: Script file; For script files, the calculation timing is designed as follows: (1-2-1) When a script file is executed, the script is first read into the memory page cache; (1-2-2) Add a hook function to the kernel's page cache read location; (1-2-3) Obtain the memory page content through the hook function and calculate the reliable baseline value.
[0053] In this embodiment, the trusted baseline value is calculated as follows: the trusted baseline value is calculated in the Trusted Execution Environment (TEE) space; specifically, the Trusted System (TEE OS) provides the trusted baseline value calculation service. The specific steps are as follows: (1) Define the interaction interface parameters: Define the interaction interface parameters between the Rich Execution Environment (REE) and the Trusted System (TEE OS) as ID value and memory space address; (2) Set up a shared memory region: When initializing the Trusted Execution Environment (TEE OS), set up a shared memory region with the Rich Execution Environment (REE); (3) Copy the contents of the read-only memory space of the process to be measured: The trusted software base agent in the enriched execution environment REE copies the contents of the read-only memory space of the process to be measured (mainly the code segment and dynamic library segment) to the created shared memory area; (4) ID number: ID numbering is performed by the Trusted Software Base Agent in the Rich Execution Environment (REE), which is responsible for maintaining the correspondence between ID number and measurement object, such as which process and which address space corresponds to which ID number; (5) Calculate the trusted baseline value: Through the defined interactive interface, wake up the trusted platform control module TPCM measurement service of the trusted system (TEE OS), and the trusted cryptographic module TCM calculates the trusted baseline value.
[0054] In this embodiment, the trusted benchmark value is stored, that is, the storage location of the trusted benchmark value: after the trusted benchmark value is calculated, the trusted benchmark value is stored in the trusted storage space through the secure storage function of the trusted software base TSB.
[0055] In this embodiment, under the Trusted Execution Environment (TEE), the Trusted Platform Control Module (TPCM) calculates the hash value of the object being measured through the hash calculation function provided by the Trusted Cryptography Module (TCM), and compares it with the trusted benchmark value to realize the measurement and verification of the data of the object being measured.
[0056] S4. Based on the execution result, the calculation result of the dynamic measurement is returned to the dynamic measurement kernel thread. The dynamic measurement kernel thread then determines the final execution result of the dynamic measurement task according to the dynamic measurement result and the dynamic measurement strategy, thus completing the processing of periodic dynamic measurements. The implementation method is as follows: Under the rich execution environment REE, the trusted platform control module TCPM is driven to return the dynamic measurement results and trusted benchmark values to the dynamic measurement kernel thread; In the Rich Execution Environment (REE), the dynamic measurement kernel thread is used to determine whether to stop the execution of the measurement object and send out security logs based on the dynamic measurement results and dynamic measurement strategy, thus completing a periodic dynamic measurement process.
[0057] In this embodiment, the result processing of the dynamic measurement task specifically refers to the Trusted Platform Control Module (TPCM) service running in the Trusted Execution Environment (TEE) verifying the data of the measured object, and then calling the security service scheduling function provided by the Trusted Software Base (TSB) to return the measurement result and the standard measurement value (trusted benchmark value) to the dynamic measurement kernel thread running in the Trusted Execution Environment (REE) through the Trusted Platform Control Module (TCPM) driver. The dynamic measurement kernel thread then decides whether to suspend the operation of the measured object and issue security logs based on the measurement result and the dynamic measurement strategy, thereby completing a periodic dynamic measurement.
[0058] In this embodiment, under the Trusted Execution Environment (TEE), the Trusted Platform Control Module (TPCM) service calls the security service scheduling function of the Trusted Software Base (TSB) to transmit the measurement results and standard measurement values (trusted baseline values). Under the TEE, the TSB, through the security service scheduling function, transmits the measurement results and standard measurement values (trusted baseline values) to the Trusted Platform Control Module (TCPM) driver in the Rich Execution Environment (REE). Under the REE, the TCPM driver returns the measurement results and standard measurement values (trusted baseline values) to the dynamic measurement kernel thread. Under the REE, the dynamic measurement kernel thread, based on the measurement results and the dynamic measurement strategy, decides whether to suspend the operation of the measurement object and issue security logs, thereby completing a periodic dynamic measurement.
[0059] In this embodiment, based on the measurement results, the result processing of the periodic dynamic measurement task is divided into the following two cases: Scenario 1: The measurement results are consistent, the measurement object is running normally, the dynamic measurement task is sleeping, and it is waiting for the next periodic wake-up. Scenario 2: If the measurement results are inconsistent, stop the operation of the measurement object and issue a security log. After completing the above actions, the dynamic measurement task will go to sleep and wait for the next periodic wake-up.
[0060] The main differences between the process involved in this invention and dynamic measurement schemes based on Linux systems include: differences in system operating environment; differences in the implementation of dynamic measurement kernel modules; differences in the creation of dynamic measurement tasks; differences in the acquisition of the content of the measured object; differences in the calculation and storage of trusted benchmark values for dynamic measurement; differences in the triggering of dynamic measurement tasks; and differences in the execution of dynamic measurement tasks.
[0061] The main differences between the dynamic measurement scheme based on the Linux system and the periodic dynamic measurement method and system based on a trusted system proposed in this invention are described below: (1) Differences in system operating environment; 1) Existing technology: Based on the Linux system, it does not have high security and is not suitable for fields such as aerospace engineering, communications, remote sensing, power, and military industry that require high security and high reliability; 2) This invention: Based on trusted system operation, it has a rich execution environment (REE) and a trusted execution environment (TEE) to jointly ensure the high security and high reliability of dynamic measurement tasks. It can be applied to fields such as aerospace engineering, communications, remote sensing, power, and military industry that have high security and high reliability requirements. (2) Differences in the implementation of the dynamic measurement module; 1) Existing technology: The dynamic measurement module, i.e. the kernel's IMA module, is coupled with the Linux system kernel. The IMA module is large in size and occupies a large amount of system space, so it is not suitable for embedded scenarios where there are requirements for system size reduction. 2) This invention: The dynamic measurement kernel module is decoupled from the Linux system kernel, and the dynamic measurement function is implemented by the trusted software base agent after the trusted system starts. (3) Dynamically measure the differences in task creation; 1) Existing technology: The kernel-based IMA module inserts a series of hook functions into the critical system call path of the kernel. During the execution of the system call, the IMA code is executed in the context of the process with the same priority as the system call. It does not exist as an independent process or kernel thread and does not create a separate dynamic measurement task. Due to this characteristic, the dynamic measurement function of the existing technology will interrupt the execution of the existing process of the system, affecting the operation of the system and the real-time performance of the system. 2) This invention: After the dynamic measurement kernel module is inserted, the initialization of the dynamic measurement strategy and the creation of periodic dynamic measurement tasks are triggered synchronously. The periodic dynamic measurement tasks will create dynamic measurement kernel threads and dynamic measurement user-space processes to work together to realize the dynamic measurement of the system.
[0062] (4) Differences in the acquisition of the content of the measured object; 1) Existing technology: During the execution of system calls, the context of the process is directly accessed and the process content is directly read based on the resources of the accessed process. This method will interrupt the execution of the original process, prolong the execution time of the system call, reduce the real-time performance of the task, and seriously affect the system performance. 2) This invention: It realizes the function of obtaining the contents of memory across processes through virtual addresses. This function is achieved by using the mutual query function of the physical memory page query management tool pageinsight implemented in the self-developed Linux system and the physical memory image dev / mem tool. This ensures that the execution of dynamic measurement tasks is independent of the operation of other processes in the system, thereby achieving the goal of not affecting the real-time performance of the system.
[0063] (5) Differences in the calculation and storage of dynamic measurement reliable benchmark values; 1) Existing technology: The existing IMA solution for Linux systems requires the trusted baseline value to be calculated outside the system and stored in the extended attribute file. The calculation environment of the trusted baseline value cannot be guaranteed, and the storage environment is not secure, which does not meet the requirements of high security scenarios. 2) This invention: The trusted benchmark value is calculated by the Trusted Execution Environment (TEE) and stored in the secure storage of the Trusted Software Base (TSB) in the TEE, which has high security and meets the requirements of high security scenarios.
[0064] (6) Dynamically measure the differences in task triggering; 1) Existing technology: According to the configuration strategy of IMA, it is triggered by system calls, that is, by events, and cannot be triggered on a timer. Therefore, if the events occur frequently, IMA will be triggered at a high frequency, thereby consuming a lot of system performance and greatly affecting the performance and normal operation of the system. 2) This invention: Based on the dynamic measurement configuration strategy of the dynamic measurement module, it can be configured to be triggered periodically, such as triggering dynamic measurement once every 5 minutes, so as to minimize the impact on system performance while ensuring system security.
[0065] (7) Dynamically measure the differences in task execution; 1) Existing technology: Dynamic measurement tasks based on the Linux system are all completed in the Linux domain, without a trusted system to provide trust assurance; 2) This invention: The execution of periodic dynamic measurement tasks based on a trusted system is completed by the collaboration of a rich execution environment (REE) and a trusted execution environment (TEE), and is protected by the security and trustworthiness of the trusted execution environment (TEE).
[0066] Example 2 like Figure 2As shown, the present invention provides a periodic dynamic measurement system based on a trusted system for executing the periodic dynamic measurement method described in Embodiment 1, comprising: The first processing module is used for trusted booting of the trusted system and loading the dynamic measurement kernel module; The second processing module is used to initialize the dynamic measurement strategy and create dynamic measurement tasks based on the loaded dynamic measurement kernel module. The third processing module is used to execute dynamic measurement tasks based on the dynamic measurement strategy; The fourth processing module is used to return the calculation results of dynamic measurement to the dynamic measurement kernel thread based on the execution results. The dynamic measurement kernel thread then determines the final execution result of the dynamic measurement task based on the dynamic measurement results and the dynamic measurement strategy, thus completing the processing of periodic dynamic measurements.
[0067] The software architecture of a periodic dynamic measurement system based on a trusted system proposed in this invention specifically includes: (1) Trusted startup of the trusted system: based on a domestic hardware platform that supports a trusted cryptographic module (TCM), in the basic firmware, general firmware, and self-developed Linux operating system (REE OS) and trusted system TEE. With the support of the OS, the trusted system is started with a trusted system. This part is the software and hardware platform foundation of the present invention. The present invention is based on the above-mentioned trusted software and hardware platform, that is, based on the trusted system running on the domestic hardware platform, and proposes and implements a periodic dynamic measurement method and system. (2) Loading of dynamic measurement kernel module: The dynamic measurement kernel module is loaded based on the trusted software base agent. The dynamic measurement kernel module is inserted by the trusted software base agent. When the dynamic measurement kernel module is inserted, the initialization of the dynamic measurement strategy and the creation of the periodic dynamic measurement task are triggered. The periodic dynamic measurement task is carried out by the dynamic measurement kernel thread and the dynamic measurement user-mode process. (3) Execution of dynamic measurement task: The dynamic measurement task is executed based on the trusted platform control module TCPM driver, trusted software base, and trusted platform control module TCPM service. (4) Result of dynamic measurement task: Based on the trusted platform control module TCPM service, trusted software base, and trusted platform control module TCPM driver, the calculation result of dynamic measurement is returned to the dynamic measurement kernel thread. The dynamic measurement kernel thread determines the final execution result of the dynamic measurement task according to the measurement result and the dynamic measurement strategy.
[0068] In this embodiment, the functional units can be divided according to a periodic dynamic measurement method. For example, each function can be divided into its own functional units, or two or more functions can be integrated into one processing unit. The integrated unit can be implemented in hardware or as a software functional unit. It should be noted that the unit division in this invention is illustrative and represents only a logical division; in actual implementation, other division methods may be used.
[0069] In this embodiment, the periodic dynamic measurement system, in order to realize the principle and beneficial effects of the periodic dynamic measurement method, includes hardware structures and / or software modules corresponding to the execution of various functions. Those skilled in the art should readily recognize that, in conjunction with the illustrative units and algorithm steps described in the embodiments disclosed herein, the present invention can be implemented in hardware and / or a combination of hardware and computer software. Whether a function is executed by hardware or computer software depends on the specific application and design constraints of the technical solution. Different methods can be used to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
Claims
1. A periodic dynamic measurement method based on a trusted system, characterized in that, Includes the following steps: S1. Perform trusted boot on the trusted system and load the dynamic measurement kernel module; S2. Based on the loaded dynamic measurement kernel module, initialize the dynamic measurement strategy and create dynamic measurement tasks; S3. Execute dynamic measurement tasks based on dynamic measurement strategies; S4. Based on the execution result, return the calculation result of the dynamic measurement to the dynamic measurement kernel thread. Using the dynamic measurement kernel thread, determine the final execution result of the dynamic measurement task according to the dynamic measurement result and the dynamic measurement strategy, and complete the processing of periodic dynamic measurement.
2. The periodic dynamic measurement method based on a trusted system according to claim 1, characterized in that, S1 includes: Based on a trusted hardware platform and a trusted system, the trusted system is started. After the trusted system starts up, the Trusted Software Base agent running in the Rich Execution Environment (REE) loads the dynamic measurement kernel module. The dynamic measurement kernel module is decoupled from the Linux system and is loaded by the Trusted Software Base to complete the insertion of the dynamic measurement kernel module.
3. The periodic dynamic measurement method based on a trusted system according to claim 1, characterized in that, S2 includes: When the dynamic measurement kernel module running in the Trusted System Rich Execution Environment (REE) is inserted, the initialization of the dynamic measurement strategy is triggered. The dynamic measurement strategy includes: the process or script to be measured by the dynamic measurement task; and the time interval for dynamically measuring the process or script. When the dynamic measurement kernel module running in the Rich Execution Environment (REE) of a Trusted System is inserted, it triggers the creation of periodic dynamic measurement tasks. These periodic dynamic measurement tasks include: creating a dynamic measurement kernel thread in the REE; creating a dynamic measurement user process in the REE; and simultaneously, the characteristics of the dynamic measurement tasks take effect when they are created in the REE.
4. The periodic dynamic measurement method based on a trusted system according to claim 1, characterized in that, S3 includes: According to the dynamic measurement time interval in the dynamic measurement strategy, at the beginning of each dynamic measurement, the Trusted Platform Control Module (TPCM) running in the Rich Execution Environment (REE) is invoked to drive the dynamic measurement object content. By driving the dynamic measurement object content, cross-process access to memory content via virtual address is achieved. The object content includes process objects and script objects. The process object is the memory space content of the process's read-only code segment, and the script object is the page cache space content of the script file. The Trusted Platform Control Module (TPCM) drives the invocation of the security service scheduling function in the Trusted Software Base (TSB) within the Trusted Execution Environment (TEE), transmitting the dynamically measured object content to the Trusted Platform Control Module (TPCM) running in the TEE. The security service scheduling function includes: under the Rich Execution Environment (REE), the Trusted Platform Control Module (TPCM) drives the invocation of the security service scheduling function in the Trusted Software Base (TSB) within the TEE; under the Rich Execution Environment (REE), the security service scheduling function in the Trusted Software Base (TSB) transmits the dynamically measured object content to the Trusted Platform Control Module (TPCM) service. The Trusted Platform Control Module (TPCM) performs hash calculations on the content of the measured object through the hash calculation function provided by the Trusted Cryptography Module (TCM) and the secure storage function provided by the Trusted Software Base (TSB). The hash calculation result is compared with the trusted benchmark value to complete the execution of the dynamic measurement task.
5. The periodic dynamic measurement method based on a trusted system according to claim 4, characterized in that, Retrieve the contents of the process's read-only code segment memory space, including: The virtual address distribution of processes is defined in the VMA table of the self-developed Linux system; Based on the defined process virtual address distribution, the proc / [pid] / smaps file in the self-developed Linux system is parsed to obtain the VMA table of the process being measured; Based on the obtained VMA table, according to the obtained starting address and length, the contents of the process's read-only code segment memory space are read and passed to the Trusted Execution Environment (TEE) for trusted measurement operations.
6. The periodic dynamic measurement method based on a trusted system according to claim 4, characterized in that, Retrieve the page cache space content of the script file, including: During script execution, the script file stored on the external flash storage device is pre-loaded into memory; During the pre-read moment, the script file is verified to have not been modified on the flash external storage device through the file static measurement mechanism of the trusted system. The script file was successfully loaded into memory without being modified and exists as a file page cache. In the kernel file system layer of the self-developed Linux system, hook functions are added to obtain the physical page frame corresponding to the page cache page using the page-to-page frame number mechanism, and map the physical page frame to the user virtual address space through the physical memory image dev / mem. The hook functions are used to obtain the page cache page of the specified file; the page-to-page frame number mechanism refers to the Linux memory management mechanism that provides the mapping relationship between page structure and page frame number. Based on the mapped virtual address space and length, the content of the script object in memory is obtained and passed to the Trusted Execution Environment (TEE) for trust measurement operations.
7. The periodic dynamic measurement method based on a trusted system according to claim 4, characterized in that, The timing of calculating the trusted benchmark value includes: For binary programs: At the moment of execution of the binary program, the virtual address of the binary program is loaded. After the virtual address loading of the binary program is completed, when the memory address of the code segment and the dynamic library can be found under the dynamic measurement kernel, the trusted baseline value of the read-only memory page is calculated to complete the static measurement of the binary program. For script files: When a script file is executed, the script is read into the memory page cache; a hook function is added at the page cache read location; the memory page content is obtained through the hook function, and a reliable baseline value is calculated.
8. The periodic dynamic measurement method based on a trusted system according to claim 4, characterized in that, The calculation of the reliable benchmark value includes: Define the interaction interface parameters between the Rich Execution Environment (REE) and the Trusted System's metrics definition as ID values and memory space addresses; When initializing the trusted system, a shared memory region is set up with the rich execution environment (REE). By leveraging the trusted software base agent in the rich execution REE, the read-only memory space contents of the process to be measured are copied to the created shared memory region; Based on the copied object or after the copy is completed, the copied object is ID-encoded, and the trusted software base agent in the rich execution environment REE maintains the correspondence between the ID number and the metric object; Based on the maintenance results, the Trusted Platform Control Module (TPCM) measurement service of the trusted system is activated through the defined interaction interface, and the Trusted Cryptography Module (TCM) calculates the trusted baseline value.
9. The periodic dynamic measurement method based on a trusted system according to claim 4, characterized in that, S4 includes: Under the rich execution environment REE, the trusted platform control module TCPM is driven to return the dynamic measurement results and trusted benchmark values to the dynamic measurement kernel thread; In the Rich Execution Environment (REE), the dynamic measurement kernel thread is used to determine whether to stop the execution of the measurement object and send out security logs based on the dynamic measurement results and dynamic measurement strategy, thus completing a periodic dynamic measurement process.
10. A periodic dynamic measurement system based on a trusted system, used to execute the periodic dynamic measurement method according to any one of claims 1-9, characterized in that, include: The first processing module is used for trusted booting of the trusted system and loading the dynamic measurement kernel module; The second processing module is used to initialize the dynamic measurement strategy and create dynamic measurement tasks based on the loaded dynamic measurement kernel module. The third processing module is used to execute dynamic measurement tasks based on the dynamic measurement strategy; The fourth processing module is used to return the calculation results of dynamic measurement to the dynamic measurement kernel thread based on the execution results. The dynamic measurement kernel thread then determines the final execution result of the dynamic measurement task based on the dynamic measurement results and the dynamic measurement strategy, thus completing the processing of periodic dynamic measurements.