Disclosure of Invention
The invention aims to provide a method for resisting encryption lux attacks and a solid state disk SSD for directional use, and provides a complete set of resisting strategies and an implementation technical scheme on SSD hardware aiming at the basic property of unchanged data static state and the characteristics of the encryption lux attacks in the fields of trusted data resources and data assets so as to support the production of high-safety SSD equipment, and the SSD equipment can effectively identify and defend various encryption lux attacks and protect data safety.
The above object of the present invention is achieved by the following technical solutions:
In a first aspect, the present application provides a method for combating cryptographic lux attacks, comprising the specific steps of:
adding a special flash memory conversion layer VAT for managing the mapping relation between the logical address and the physical address to be recovered in the SSD;
A conventional flash translation layer FTL for managing a mapping relationship between a logical address and a physical address is used in an SSD;
A real-time clock chip RTC is arranged in the SSD and is used for generating an RTC time stamp of a physical address and generating an abnormal time point queue TQ;
based on the special flash translation layer VAT, the normal flash translation layer FTL, and the real time clock RTC, operating commands from a host are responded, including write commands, read commands, and rollback commands.
On the basis of the technical scheme, the invention can be improved as follows.
Further, the special flash translation layer VAT includes a VAT bitmap and a VAT mapping table, where the VAT bitmap is used to record a working state of each logical address, and the VAT mapping table is used to record a physical address to be recovered corresponding to each logical address, and when the physical address to be recovered does not exist, it is also used to record an RTC timestamp of the physical address corresponding to the logical address in the conventional flash translation layer FTL.
Further, the responding to the write command from the host specifically includes:
Acquiring the working state of a VAT bitmap peer-to-peer logical address according to the logical address of the write command, if the working state is an occupied state, calculating and storing the attack rate AR of the encryption lux attack, then executing the idle operation, and returning the write success to the host, wherein the attack rate AR is the accumulated number of times of the encryption lux attack within N seconds, and N > =1;
if the working state is an idle state, executing conventional write operation by using the conventional flash memory translation layer FTL, then recording an RTC time stamp of the write operation in an entry of a peer-to-peer logical address in a VAT mapping table, updating the working state of the peer-to-peer logical address in the VAT bitmap to be an occupied state, and returning successful write to a host.
Further, the responding to the read command from the host specifically includes:
acquiring the working state of the VAT bitmap peer-to-peer logical address according to the logical address of the read command, if the working state is an occupied state, executing conventional read operation by using the conventional flash memory translation layer FTL, and returning successful read to a host;
if the working state is an idle state and the current RTC time exceeds the first time point in the abnormal time point queue TQ and the exceeding time reaches more than one hour, pushing the current RTC time into the abnormal time point queue TQ, wherein the abnormal time point queue TQ is a first-in first-out queue;
If the working state is an idle state and the current attack rate AR value is greater than or equal to a threshold value, generating an alarm signal, simultaneously executing conventional reading operation by using the conventional flash memory conversion layer FTL, and returning successful reading to a host.
Further, the responding to the rollback command from the host specifically includes:
Judging whether the time point exceeds the limit according to the designated time point of the rollback command or the time point in the abnormal time point queue TQ, if the time point exceeds the limit, returning rollback failure to the host, otherwise, acquiring each table item falling into the time point range from the VAT mapping table and the conventional flash translation layer FTL, exchanging the table item content of the VAT mapping table with the peer table item content in the conventional flash translation layer FTL one by one, and updating the VAT bitmap according to the exchanged table item content in the conventional flash translation layer FTL, namely, if the table item content is the RTC time stamp, updating the VAT bitmap into an idle state, simultaneously updating the PBA of the peer logic address in the FTL into a failure, otherwise, updating the VAT bitmap into an occupied state, simultaneously updating the PBA of the peer logic address in the FTL into a valid state, and returning rollback to the host successfully.
In a second aspect, the present application provides a solid state disk, which uses the method for combating encryption lux attack in any one of the first aspects to protect against encryption lux virus and protect data in the solid state disk from being rewritten by the virus.
In a third aspect, the present application provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing protection against encrypted lux virus and protection against data in the electronic device from virus by using the method of any one of the first aspects when executing the computer program.
In a fourth aspect, the present application provides a non-transitory computer readable storage medium storing computer instructions that, when executed by a computer, implement protection against encrypted lux virus, and protect data in the computer from being overwritten by the virus, using the method of any one of the first aspects.
Compared with the prior art, the invention has at least the following beneficial effects:
In the application, the RTC time stamp is generated by utilizing the real-time clock chip arranged in the SSD, and the encryption lux attack can be automatically detected and alarm can be given out based on the write command, the read command and the rollback command of the special flash memory conversion layer VAT and the conventional flash memory conversion layer FTL, so that the damage of all encryption lux viruses can be prevented in advance, other computer virus infection and illegal tampering of executable programs by privileged can be prevented, and the data and the executable programs stored in the SSD are approximately extremely protected. The method can protect program codes, key parameters and business rules from being changed arbitrarily by human beings, thus supporting an unmanned trusted application system, can meet basic accounting rules (namely, inhibit post-modification and adding hedging records in error correction) and permanently unchanged data when being used for storing data resources or data assets (such as account books, transaction contracts or vouchers, title certificates and the like), can convert common data into high-quality and high-value data meeting 'judicial credibility', and can strictly limit the data manipulation rights of system privilege personnel and eliminate data security threats (such as preventing theft, camera bellows operation and the like) from personnel in a user.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that like reference numerals and letters refer to like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the embodiments of the present invention, "plurality" means at least 2.
Embodiment 1. The present embodiment provides a method for combating encrypted lux attacks, comprising the following specific steps:
s1, adding a special flash memory conversion layer VAT for managing the mapping relation between a logical address and a physical address to be recovered in an SSD;
S11, a conventional flash translation layer FTL for managing the mapping relation between the logical address and the physical address is used in the SSD;
s12, a real-time clock chip RTC is arranged in an SSD and used for generating an RTC time stamp of a physical address and generating an abnormal time point queue TQ;
The FTL (conventional flash translation layer) is core metadata of a conventional SSD (solid state disk), and a main controller of the SSD relies on the FTL to manage a large number of NAND memory units of the FTL. In order to resist the encryption lux attack, however, new functions need to be added, in order to keep the conventional work task of the FTL basically unchanged without increasing the complexity of the FTL, a layer of special FTL can be added, which is called a VAT (special flash memory conversion layer), and the VAT also works under the control of an SSD main control CPU and mainly bears the work task of resisting the encryption lux attack.
Optionally, the special flash memory conversion layer VAT includes a VAT bitmap and a VAT mapping table, where the VAT bitmap is used to record a working state of each logical address, and the VAT mapping table is used to record a physical address to be recovered corresponding to each logical address, and when the physical address to be recovered does not exist, it is also used to record an RTC timestamp of a physical address corresponding to the logical address in the FTL.
The VAT mapping table is a mapping table with special functions and is used for recording physical addresses to be recovered, wherein the physical addresses to be recovered are generated by the characteristic of page change update of SSD, and original data of logical addresses are temporarily stored. This is to take advantage of the features of SSD "page-change update" to achieve data "rollback" to eliminate corruption by viruses. When the physical address to be recovered does not exist, the VAT mapping table is used for recording the RTC time stamp of the PBA corresponding to the logical address in the FTL, the VAT bitmap stores the working states of all the logical addresses of the SSD, and once the logical addresses are used, the initial values are updated to be occupied. The VAT bitmap is positioned in the SSD, the encrypted Lesovirus cannot access, and the entry for the attack of the virus can be divided into two types, namely, the direct attack on the storage device is realized through the bottom drive of the host, the current working state of the target address cannot be known, the unreasonable reading and writing behaviors are inevitably generated, and the attack is started through the file system of the host OS, and the attack is subjected to the powerful blocking described in the next step.
S2, responding to an operation command from a host based on the special flash memory conversion layer VAT, the conventional flash memory conversion layer FTL and the real-time clock RTC, wherein the operation command comprises a write command, a read command and a rollback command.
The RTC (real time clock) is a hardware integrated circuit chip, and is used for generating an internal time of the SSD, wherein the internal time of the SSD can be a self-timer system or can be synchronous with an actual time (such as Beijing time), and when host data is written into the PBA, the current RTC time is used as a time stamp of the PBA.
Optionally, the foregoing response to the write command from the host, as shown in fig. 2, specifically is:
S21, the working state of the equivalent logic address of the VAT bitmap is obtained according to the logic address of the writing command, if the working state is the occupied state, the attack rate AR of the encryption lux attack is calculated and stored, then the idle operation is executed, and writing success is returned to the host, if the working state is the idle state, the normal writing operation is executed by using the normal flash memory conversion layer FTL, then the RTC time stamp of the writing operation is recorded in the table entry of the equivalent logic address in the VAT mapping table, and meanwhile, the working state of the equivalent logic address in the VAT bitmap is updated to the occupied state, and writing success is returned to the host.
The main objective of the encryption lux attack is that the data (the data file or the executable program seen in the host OS layer) already exist in the SSD, so that powerful blocking measures are taken here, namely, the encryption lux virus cannot cause 'fatal' damage to the user data by prohibiting the overwriting of any existing data in the logical address space of the SSD, further, in order to prevent the encryption lux or other viruses from adopting a 'depletion storage' tactic (such as creating a large amount of stealth garbage files), the user host is maliciously blocked, and the RTC time stamp of the 'write' operation is saved by using the VAT mapping table, so that the rollback command expanded by the invention is adopted when needed, the damage caused by the virus is eliminated, and the encryption lux person cannot achieve the purpose of saving money and cannot cause any damage to the data in the SSD by the two steps.
Optionally, the responding to the read command from the host, as shown in fig. 3, specifically includes:
S22, acquiring the working state of the VAT bitmap equivalent logic address according to the logic address of the read command, if the working state is the occupied state, executing conventional read operation by using the conventional flash memory conversion layer FTL, and returning successful read to the host;
if the working state is an idle state and the current RTC time exceeds the first time point of the abnormal time point queue TQ and the exceeding time reaches more than one hour, pushing the current RTC time into the abnormal time point queue TQ, wherein the abnormal time point queue TQ is a first-in first-out queue (FIFO);
If the working state is an idle state and the current attack rate AR value is greater than or equal to a threshold value, generating an alarm signal, executing conventional reading operation by using the conventional flash memory conversion layer FTL, and returning successful reading to the host.
When an encryption lux attack occurs, the target data of the encryption lux attack needs to be read out for encryption, if the logic address of the target data is in an occupied state, the SSD main control CPU cannot find an exception, but if the logic address is in an idle state, the exception is obvious, because few application programs read undefined data (some OS are unusual in functions and exception of a disk tool program, but in the SSD application occasion of the invention, a user (an operator) knows the operation influence of the SSD, and the exception is just a good way). At the moment, the SSD main control CPU combines the AR value to judge that the encryption lux attack is happening, and the flash lamp is used for alarming.
The abnormal time point queue TQ is configured to record a time list in which the encryption lux is detected, for use when executing the rollback command.
Optionally, the responding to the rollback command from the host, as shown in fig. 4, specifically includes:
S23, judging whether the time point exceeds the limit according to the appointed time point of the rollback command or the time point in the abnormal time point queue TQ, if the time point exceeds the limit, returning a rollback failure to the host, otherwise, acquiring each table item falling into the time point range from the VAT mapping table and the normal flash translation layer FTL, exchanging the table item content of the VAT mapping table and the peer table item content in the normal flash translation layer FTL one by one, and updating the VAT bitmap according to the table item content in the normal flash translation layer FTL after the exchange, namely, updating the VAT bitmap into an idle state and updating the PBA of the peer logic address in the FTL into a failure state if the table item content is the RTC time stamp, otherwise, updating the VAT bitmap into an occupied state and updating the PBA of the peer logic address in the FTL into a valid state, and finally returning the rollback success to the host.
The rollback command is a professional maintenance tool of the SSD, is operable to be executed within a limited time after a virus attack occurs and is used for eliminating junk data generated by the virus, and the time point range of the rollback command refers to a time span (for example, 12 hours) from the moment to a past certain time point.
Example 2 the object of this example is to support the production of an SSD device that is resistant to encryption lux attacks, as shown in FIG. 5, comprising three components, a bottom plate portion, a main controller portion, and a NAND memory array portion, wherein:
the bottom plate part is a PCB circuit board and carries an encryption Leuch attack ALARM lamp ALARM, a main controller, a NAND array and other necessary auxiliary electronic components;
The main controller comprises a CPU, an OTP (one-time programmable memory), DRAM, RTC, VAT bitmaps, a VAT mapping table and an FTL (flash memory conversion layer), wherein the CPU is responsible for total scheduling, utilizes metadata provided by the VAT and the FTL to complete various calculation processing tasks, the OTP is solidified to save the key parameters of the SSD and algorithms of various work tasks, the DRAM provides a cache required by the CPU when in operation, the RTC is a hardware real-time clock chip and is used for generating the local time of the SSD, the SSD can be self-made into a timing system or can be synchronous with the actual time (such as Beijing time), when user data is written into the PBA, a specific RTC value is used as a time stamp of the PBA, the FTL is core metadata of a conventional SSD, and the management tasks of translation conversion of the physical address of the SSD of a host logic address vs, the PBA page allocation, waste block recovery, bad block replacement, wear balance and the like are completed under the scheduling of the CPU.
Specifically, the VAT includes a VAT bitmap and a VAT mapping table.
The VAT bitmap is an added data structure of the invention, which stores the working state of all the logic addresses accessible by the SSD host, the initial value is idle, and the VAT bitmap is updated to be occupied once the logic addresses are used.
FTL, VAT mapping table and VAT bitmap, keep in the reserved memory space in the NAND array when static, when the power on SSD is initialized, call into the DRAM or SRAM high-speed dynamic memory on the motherboard. The size of the addressing spaces of the FTL, the VAT mapping table and the VAT bitmap are the same, and the addressing spaces are all logical address LBA spaces of the SSD.
The NAND memory array is a storage medium of the SSD, and a part of the storage space is reserved for storing metadata of the SSD or is used as a bad block backup, another part of the storage space can be allocated, and is used as a physical address PBA for storing data of a host, and obviously, the PBA addressing space is larger than the LBA.
Further, the ALARM lamp is used for sending out an ALARM flash when the CPU detects the suspected encrypted Lexovirus attack, but the ALARM flash does not indicate that the virus attack has caused data destruction, but only reminds a user of noticing that the suspected virus attack is happening. In fact, the stored data of the SSD of this embodiment cannot be destroyed online by the encrypted Lesovirus or other virus (unless the NAND medium is removed in the field).
Optionally, fig. 1 shows a two-layer FTL architecture of the present invention, and the system design concept of layered processing is applied, so that each layer of processing task is clear, the operation is simple, the inter-layer intersection is reduced as much as possible, and the SSD device is more robust. The first layer VAT (special flash memory conversion layer) of the embodiment comprises a VAT bitmap and a VAT mapping table, the VAT bitmap is an extremely important part of the invention, the characteristics of the current working state of the SSD logical address are difficult to learn by using the encrypted Lexovirus, the blind attack of the VAT is inevitably unreasonable operation of accessing undefined data, so that a CPU finds that the attack exists, the characteristics that viruses are inevitably required to rewrite the existing data are used for strong line, and the trace of the VAT is seized again. Of course, in other embodiments, a mode of temporarily transferring the target PBA data of the virus can also be adopted, and then the user uses the rollback command of the present invention to make the attack fall.
Further, the flow chart of writing data, reading data and rolling back data in this embodiment is shown in fig. 2, 3 and 4, and the conventional SSD also supports full disc reset, delete command and erase command, which are obviously not applicable to the SSD product of the invention, and the implementer has to remove these commands. It should be clear that this embodiment introduces a "rollback" command implemented in the SSD and sets an operational time limit for this command that, on the one hand, avoids the disaster of intentionally unintentionally or maliciously rolling back all data (nor does the waste block reclamation mechanism of the SSD allow too long rollbacks), and, on the other hand, this limit characterizes the "chronological" sealing of trusted data resources or data assets. (dating means periodically compiling data at a fixed time and prohibiting later modifications, such as monthly financial reports for the enterprise). It can be seen that the real time clock RTC in this embodiment is an essential important component.
The design of this embodiment is intended to protect normal user files or programs, but also user data assets or data resources (which are characterized by data that once generated is permanently unchangeable), but this embodiment does not contain a "drop disc encryption" function and cannot be used to save any security level files, and this embodiment supports the implementer to add a drop disc encryption function or component to the host controller, if desired. The embodiment does not support partition protection (or no protection) on the storage space of the SSD, so that the complexity is prevented from generating loopholes, and the data security is ensured.
Embodiment 3. The embodiment of the application provides a solid state disk, which realizes the protection of encryption lux and the protection of data security by the method for resisting encryption lux attack in any one of the first aspect.
The embodiment of the application also provides electronic equipment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor uses any one of the methods in the first aspect to realize defending encryption luxury and protecting data security when executing the computer program.
The embodiment of the application also provides a non-transitory computer readable storage medium, the non-transitory computer readable storage medium stores computer instructions, and the computer executes the instructions by using the method of any one of the first aspects to realize defending encryption luxury and protecting data security.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.