Disclosure of Invention
In view of the above-mentioned drawbacks in the prior art, the present invention provides a method for configuring a security chip, where the security chip includes a task module, an address allocation module, a verification module, a timing module, a first random number generation module, and a second random number generation module, and the method includes:
starting the timing module, wherein the task module starts to receive and store a starting request to a request list, the starting request is used for requesting to start a virtual machine, and the starting request comprises an operating system and an application program sequence table operated by the virtual machine;
after the timing module reaches the preset duration, the task module sends a request list to the address allocation module and empties the request list;
the address allocation module receives the request list and obtains the number of items of the request listThe number of itemsIs sent to the first random number generation module and receives the return of the first random number generation module containing +.>A random number list of random numbers;
the address allocation module allocates a physical address space for each start request in the request list based on the random number list and the request list, wherein the physical address spaces of the start requests in the request list are continuous;
after all virtual machines corresponding to the request list are loaded, the verification module performs security verification on all the virtual machines, the security verification comprises verification of loading positions of the virtual machines, and the verification of the loading positions is based on the verification random numbers generated by the second random number generation module.
And after the timing module reaches the preset duration, resetting the duration of the timing module to be 0, restarting the timing module, newly creating a request list by the task module, storing a starting request received after restarting the timing module into the newly created request list, and clearing the original request list after the task module sends the original request list to the address allocation module.
The physical address space is used for carrying out address allocation by taking a page table as a unit;
the random number generated by the first random number generation module is larger than or equal to zero and smaller than the size of a page table;
distributing page tables for the virtual machines in the sequence of the occurrence of the request list according to the virtual machine starting request, wherein the page tables corresponding to the virtual machines adjacent to the request list are continuous;
and acquiring the position of the virtual machine starting request in a request list, and taking a value indicated by a random number in a position corresponding to the random number list as a page table loading starting position of the virtual machine.
The address allocation module determines the number of page tables allocated to the virtual machine according to an operating system and an application program sequence table operated by the virtual machine, and the method comprises the following steps:
when the address allocation module calculates the initial occupied memory size of the operating system and the application program sequence list operated by the virtual machine, the initial occupied memory size needs to be calculatedDividing the virtual machine into page tablesIs provided with->A page table;
the initial occupied memory size is the sum of the memory space required for loading the operating system and the memory space required for all the application programs in the application program list.
The address allocation module is used for storing an address allocation list;
the address allocation module determines the initial residual memory of the virtual machine according to the page table loading starting position, the initial occupied memory size and the number of the allocated page tables;
after the address allocation module finishes address allocation to the virtual machines in the request list, adding the address allocation information of the virtual machines to the address allocation list;
the address allocation list comprises a page table loading starting position, an initial occupied memory size, the number of allocated page tables, an allocated page table sequence number range and an initial residual memory of the virtual machine, wherein the page table loading starting position is determined for each virtual machine in the request list.
The security verification includes verifying loading positions of the virtual machines, and the security verification includes:
determining a first check value and a second check value corresponding to a virtual machine, and sending the first check value and the second check value to a check module;
after receiving the check value of the virtual machine, the check module sends request check information to the address allocation module;
after receiving the request verification information, the address allocation module sends a third verification value and a fourth verification value to the verification module;
the verification module judges that the first verification value is the same as the third verification value, and the second verification value is the same as the fourth verification value, and determines that the virtual machine passes the security verification;
and the verification module judges that the first verification value is different from the third verification value or the second verification value is different from the fourth verification value, determines that the virtual machine does not pass the security verification, and does not start the virtual machine.
Wherein the first and second check values are generated by a virtual machine monitor;
before the virtual machine monitor generates the first check value and the second check value, requesting a check random number and a hash function corresponding to the virtual machine from the second random number generation module;
the second random number generation module generates a check random number corresponding to the virtual machine, and sends the check random number, the hash function and the corresponding virtual machine identifier to the virtual machine monitor and the address allocation module;
wherein the check random numbers corresponding to different virtual machines are different.
Wherein the virtual machine monitor loads the starting position according to the actual page table of the virtual machineAActual initial occupied memory sizeBAnd the actual initial remaining memoryCGenerating the first and second check values includes:
the virtual machine monitor calculates the actual page table loading starting position of the virtual machineAActual initial occupied memory sizeBAnd the actual initial remaining memoryCSum ofM=A+B+CGenerating a first check value according to a hash function corresponding to the virtual machinehash(M);
The virtual machine monitor computationN=B-A-CGenerating a second check value according to the hash function corresponding to the virtual machinehash(N)。
The address allocation module calculates a third check value and a fourth check value after receiving the check random number, the hash function and the corresponding virtual machine identifier which are sent by the second random number generation module and the request check information, and sends the third check value and the fourth check value to the check module after the check module sends the request check information;
the address allocation module calculates a third check value and a fourth check value, including:
the address allocation module determines the number of page tables allocated corresponding to the virtual machineOPage table sizepagesizeGenerating a third check value according to the hash function corresponding to the virtual machinehash(O×pagesize);
The address allocation module obtains the page table loading starting position in the address allocation listXInitial occupied memory sizeYThe virtual machine initial residual memoryZDeterminingR=Y-X-ZGenerating a fourth check value according to the hash function corresponding to the virtual machinehash(R)。
The invention also proposes a computer device comprising a security chip, the security chip being a TPCM chip, the security chip comprising a memory and a processor therein, the memory being configured to store computer program instructions thereon, which when executed on the processor cause the processor to perform the security chip configuration method of any of the preceding claims.
Compared with the prior art, the method has the advantages that the security chip is enabled to carry out security verification based on the file sizes of the operating system and the application program of the virtual machine and through the random page loading position, and the security chip is enabled to protect data for security verification of the virtual machine, which are transmitted by the security chip in the verification process, through the verification random number, so that the security chip can realize the trusted management of the virtual machine running the heterogeneous operating system.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, the "plurality" generally includes at least two.
It should be understood that although the terms first, second, third, etc. may be used to describe … … in embodiments of the present invention, these … … should not be limited to these terms. These terms are only used to distinguish … …. For example, the first … … may also be referred to as the second … …, and similarly the second … … may also be referred to as the first … …, without departing from the scope of embodiments of the present invention.
It should be understood that the term "and/or" as used herein is merely one relationship describing the association of the associated objects, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a product or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such product or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a commodity or device comprising such element.
Alternative embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Embodiment 1,
As shown in fig. 1, the invention discloses a security chip configuration method, the security chip includes a task module, an address allocation module, a verification module, a timing module, a first random number generation module and a second random number generation module, the method includes:
starting the timing module, wherein the task module starts to receive and store a starting request to a request list, the starting request is used for requesting to start a virtual machine, and the starting request comprises an operating system and an application program sequence table operated by the virtual machine;
after the timing module reaches the preset duration, the task module sends a request list to the address allocation module and empties the request list;
the address allocation module receives the request list and obtains the number of items of the request listThe number of itemsIs sent to the first random number generation module and receives the return of the first random number generation module containing +.>A random number list of random numbers;
the address allocation module allocates a physical address space for each start request in the request list based on the random number list and the request list, wherein the physical address spaces of the start requests in the request list are continuous;
after all virtual machines corresponding to the request list are loaded, the verification module performs security verification on all the virtual machines, the security verification comprises verification of loading positions of the virtual machines, and the verification of the loading positions is based on the verification random numbers generated by the second random number generation module.
In a certain embodiment, after the timing module reaches the preset time, the time length of the timing module is reset to 0, the timing module is restarted, the task module newly builds a request list, a starting request received after restarting the timing module is stored in the newly built request list, and the task module sends an original request list to the address allocation module and then empties the original request list.
According to the invention, the security chip performs security verification on the virtual machine which is required to be started in the period by taking the fixed period as a unit through the timing module and the request list, so that the processing pressure of the security chip is reduced.
In one embodiment, the physical address space performs address allocation in units of page tables;
the random number generated by the first random number generation module is larger than or equal to zero and smaller than the size of a page table;
distributing page tables for the virtual machines in the sequence of the occurrence of the request list according to the virtual machine starting request, wherein the page tables corresponding to the virtual machines adjacent to the request list are continuous;
and acquiring the position of the virtual machine starting request in a request list, and taking a value indicated by a random number in a position corresponding to the random number list as a page table loading starting position of the virtual machine.
The unauthorized virtual machine may be able to access sensitive data in the server, modify configuration information of the virtual machine, and cause great hidden trouble to information security. According to the method, the first random number generation module is introduced to configure the initial loading position of the virtual machine in the page table, so that the loading positions of different virtual machines are different, and the difficulty of passing the security check of the unauthorized virtual machine is increased.
The invention uses the continuous page table to carry out memory allocation on the virtual machine in the same period, thereby being convenient for subsequent management.
The address allocation module determines the number of page tables allocated to the virtual machine according to an operating system and an application program sequence table operated by the virtual machine, and the method comprises the following steps:
when the address allocation module calculates the initial occupied memory size of the operating system and the application program sequence list operated by the virtual machine, the initial occupied memory size needs to be calculatedWhen page tables are used, the virtual machine is allocated +.>A page table;
the initial occupied memory size is the sum of the memory space required for loading the operating system and the memory space required for all the application programs in the application program list.
In the invention, the cloud server uses a large memory allocation mode to manage the page tables, the size of each page table is 1G, and other sizes of page tables can be used by a person skilled in the art to manage the large memory.
Because the virtual machine is not loaded from 0 at the loading position of the page table, but is loaded according to the random number generated by the first random module, when the number of the pages is allocated, one page needs to be added to ensure that the virtual machine can be loaded normally. Meanwhile, the increased memory range can be indicated to the virtual machine monitor and can be used in the running process of the virtual machine subsequently.
In one embodiment, the address allocation module stores an address allocation list;
the address allocation module determines the initial residual memory of the virtual machine according to the page table loading starting position, the initial occupied memory size and the number of the allocated page tables;
after the address allocation module finishes address allocation to the virtual machines in the request list, adding the address allocation information of the virtual machines to the address allocation list;
the address allocation list comprises a page table loading starting position, an initial occupied memory size, the number of allocated page tables, an allocated page table sequence number range and an initial residual memory of the virtual machine, wherein the page table loading starting position is determined for each virtual machine in the request list.
In an embodiment, the security check includes load location verification of the virtual machine, including:
determining a first check value and a second check value corresponding to a virtual machine, and sending the first check value and the second check value to a check module;
after receiving the check value of the virtual machine, the check module sends request check information to the address allocation module;
after receiving the request verification information, the address allocation module sends a third verification value and a fourth verification value to the verification module;
the verification module judges that the first verification value is the same as the third verification value, and the second verification value is the same as the fourth verification value, and determines that the virtual machine passes the security verification;
and the verification module judges that the first verification value is different from the third verification value or the second verification value is different from the fourth verification value, determines that the virtual machine does not pass the security verification, and does not start the virtual machine.
In the invention, the virtual machine is loaded completely, but is in an interrupt state before the security chip completes the security check, and is not actually started to run, and the operation is started only after the security chip passes the security check of the virtual machine, if the virtual machine does not pass the operation, the security chip reports the result to a platform management function body such as a virtual machine monitor, and the virtual machine deletes the corresponding virtual machine according to the result.
In one embodiment, the first and second check values are generated by a virtual machine monitor;
before the virtual machine monitor generates the first check value and the second check value, requesting a check random number and a hash function corresponding to the virtual machine from the second random number generation module;
the second random number generation module generates a check random number corresponding to the virtual machine, and sends the check random number, the hash function and the corresponding virtual machine identifier to the virtual machine monitor and the address allocation module;
wherein the check random numbers corresponding to different virtual machines are different.
The invention increases the safety of the safety chip and the transmission data of other structures through the second random number generation module and the hash function, so that the address data configured by the virtual machine is safer.
In one embodiment, the starting location is loaded by the virtual machine monitor according to the virtual page table of the virtual machineAActual initial occupied memory sizeBAnd the actual initial remaining memoryCGenerating the first and second check values includes:
the virtual machine monitor calculates the actual page table loading starting position of the virtual machineAActual initial occupied memory sizeBAnd the actual initial remaining memoryCSum ofM=A+B+CGenerating a first check value according to a hash function corresponding to the virtual machinehash(M);
The virtual machine monitor computationN=B-A-CGenerating a second check value according to the hash function corresponding to the virtual machinehash(N)。
In a certain embodiment, after the address allocation module receives the check random number, the hash function and the corresponding virtual machine identifier sent by the second random number generation module and the request check information, calculating a third check value and a fourth check value, and after the check module sends the request check information, sending the third check value and the fourth check value to the check module;
the address allocation module calculates a third check value and a fourth check value, including:
the address allocation module determines the number of page tables allocated corresponding to the virtual machineOPage table sizepagesizeAccording to the corresponding virtual machineGenerating a third check value by the hash functionhash(O×pagesize);
The address allocation module obtains the page table loading starting position in the address allocation listXInitial occupied memory sizeYThe virtual machine initial residual memoryZDeterminingR=Y-X-ZGenerating a fourth check value according to the hash function corresponding to the virtual machinehash(R)。
In the invention, the actual page table loading starting position of the virtual machineAActual initial occupied memory sizeBAnd the actual initial remaining memoryCThe sum should be equal to the number of page tables allocatedOPage table sizepagesizeIs the same.
At the same time, the security chip and the virtual machine monitor do not directly transmit the actual page table loading starting positionAActual initial occupied memory sizeBAnd the actual initial remaining memoryCBut transmitted by means of a specific relation of the composition, the security of the transmission of the address information of the virtual machine is increased.
Compared with the prior art, the method has the advantages that the security chip is enabled to carry out security verification based on the file sizes of the operating system and the application program of the virtual machine and through the random page loading position, and the security chip is enabled to protect data for security verification of the virtual machine, which are transmitted by the security chip in the verification process, through the verification random number, so that the security chip can realize the trusted management of the virtual machine running the heterogeneous operating system.
Embodiment II,
As shown in fig. 2, the present invention proposes a computer device comprising a security chip, the security chip being a TPCM chip, the security chip comprising a memory and a processor therein, the memory being configured to store thereon computer program instructions that, when executed on the processor, cause the processor to perform the security chip configuration method of any of the preceding claims.
The processor executes various functions that may be implemented by instructions or data on a storage medium, and it should be noted that the computer readable medium may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
The foregoing description of the preferred embodiments of the present invention has been presented for purposes of clarity and understanding, and is not intended to limit the invention to the particular embodiments disclosed, but is intended to cover all modifications, alternatives, and improvements within the spirit and scope of the invention as outlined by the appended claims.