+

CN112256390B - Measurement management method and related equipment - Google Patents

Measurement management method and related equipment Download PDF

Info

Publication number
CN112256390B
CN112256390B CN202011138070.5A CN202011138070A CN112256390B CN 112256390 B CN112256390 B CN 112256390B CN 202011138070 A CN202011138070 A CN 202011138070A CN 112256390 B CN112256390 B CN 112256390B
Authority
CN
China
Prior art keywords
measurement
command
program
metric
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011138070.5A
Other languages
Chinese (zh)
Other versions
CN112256390A (en
Inventor
陈善
应志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hygon Information Technology Co Ltd
Original Assignee
Hygon Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hygon Information Technology Co Ltd filed Critical Hygon Information Technology Co Ltd
Priority to CN202011138070.5A priority Critical patent/CN112256390B/en
Publication of CN112256390A publication Critical patent/CN112256390A/en
Application granted granted Critical
Publication of CN112256390B publication Critical patent/CN112256390B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a measurement management method and related equipment, wherein the measurement management method acquires a sampling command for sampling a measurement reference value of a program after the program is loaded, and the sampling command comprises a code start-stop address corresponding to the code of the program; and measuring codes in the code start-stop addresses in response to the sampling command, setting a measured measurement value as a measurement reference value of the program to measure whether the program is abnormal or not based on the measurement reference value, thereby setting the measurement reference value corresponding to the program in real time, realizing measurement of the program without being limited to a measurement target with the measurement reference value set in advance, and being flexible and convenient to use.

Description

一种度量管理方法及相关设备A measurement management method and related equipment

技术领域technical field

本发明实施例涉及可信度量技术领域,具体涉及一种度量管理方法及相关设备。Embodiments of the present invention relate to the technical field of trusted metrics, and in particular to a metric management method and related equipment.

背景技术Background technique

度量是可信计算里使用广泛的一项关键技术,可用于判断程序的状态是否异常,具体的,通过提取程序的特征值作为度量基准值,从而基于特征值的唯一性,可判断程序的状态是否异常。Metrics is a key technology widely used in trusted computing. It can be used to judge whether the state of the program is abnormal. Specifically, by extracting the characteristic value of the program as the measurement benchmark value, the state of the program can be judged based on the uniqueness of the characteristic value Is it abnormal.

度量可以分为静态度量和动态度量,静态度量在程序(包括系统程序和应用程序)加载时进行,以保证程序启动时的安全;动态度量则在程序运行过程中,对程序进行周期性的持续的度量,以保证程序运行时的安全。Measurement can be divided into static measurement and dynamic measurement. Static measurement is carried out when the program (including system programs and application programs) is loaded to ensure the safety of the program when it starts; metric to ensure the safety of the program at runtime.

然而,现有的度量方法需对系统进行定制,具体的,预先选择可以被度量的程序作为度量目标,计算度量目标的度量基准值,并将计算得到的度量基准值预先设置在实施度量的实体内,从而在后续的度量过程中,对程序进行度量。However, the existing measurement methods need to customize the system. Specifically, pre-select the program that can be measured as the measurement target, calculate the measurement reference value of the measurement target, and pre-set the calculated measurement reference value in the entity that implements the measurement In order to measure the program in the subsequent measurement process.

显然,现有技术中的度量方法只能适用于定制系统中预先设置了度量基准值的程序的度量,使用不便。Apparently, the measurement method in the prior art can only be applied to the measurement of the program in the customized system whose measurement reference value is preset, which is inconvenient to use.

发明内容Contents of the invention

有鉴于此,本发明实施例提供一种度量管理方法及相关设备,不必局限于预先设置了度量基准值的程序的度量,使用灵活方便。In view of this, the embodiments of the present invention provide a metric management method and related equipment, which are not limited to the metric of programs with pre-set metric reference values, and are flexible and convenient to use.

为实现上述目的,本发明实施例提供如下技术方案:In order to achieve the above purpose, embodiments of the present invention provide the following technical solutions:

第一方面,本发明实施例提供一种度量管理方法,应用于安全处理器,包括:In the first aspect, an embodiment of the present invention provides a metric management method applied to a security processor, including:

在程序加载后,获取采样所述程序的度量基准值的采样命令,所述采样命令包括所述程序的代码对应的代码起止地址;After the program is loaded, acquire a sampling command for sampling the metric reference value of the program, where the sampling command includes a code start and end address corresponding to the code of the program;

响应于所述采样命令,度量所述代码起止地址内的代码,将度量得到的度量值设置为所述程序的度量基准值,以基于所述度量基准值,度量所述程序是否异常。In response to the sampling command, measure the code in the start and end addresses of the code, and set the measured measurement value as the measurement reference value of the program, so as to measure whether the program is abnormal based on the measurement reference value.

第二方面,本发明实施例提供一种度量管理方法,应用于处理器,包括:In a second aspect, an embodiment of the present invention provides a metric management method applied to a processor, including:

在程序加载后,发送采样命令,所述采样命令包括所述程序的代码对应的代码起止地址,所述采样命令用于指示对所述代码起止地址内的代码进行采样,并将采样得到的度量值设置为所述程序的度量基准值,以基于所述度量基准值,度量所述程序是否异常;After the program is loaded, a sampling command is sent, the sampling command includes the code start and end address corresponding to the code of the program, and the sampling command is used to instruct to sample the code in the code start and end address, and the sampled metric The value is set as a metric benchmark value of the program, so as to measure whether the program is abnormal based on the metric benchmark value;

获取所述采样命令的响应通知,确定所述程序设置所述度量基准值。A response notification of the sampling command is acquired, and it is determined that the program sets the metric reference value.

第三方面,本发明实施例提供一种安全处理器,用于执行第一方面所述的度量管理方法。In a third aspect, an embodiment of the present invention provides a security processor configured to execute the metric management method described in the first aspect.

第四方面,本发明实施例提供一种安全处理器,所述安全处理器包括度量命令处理模块、度量目标列表和度量引擎,所述度量命令处理模块用于执行第一方面所述的度量管理方法。In a fourth aspect, an embodiment of the present invention provides a security processor, the security processor includes a metric command processing module, a metric target list, and a metric engine, and the metric command processing module is configured to perform the metric management described in the first aspect method.

第五方面,本发明实施例提供一种处理器,用于执行第二方面所述的度量管理方法。In a fifth aspect, an embodiment of the present invention provides a processor configured to execute the metric management method described in the second aspect.

第六方面,本发明实施例提供一种处理器,所述处理器包括度量软件栈,所述度量软件栈用于执行第二方面所述的度量管理方法。In a sixth aspect, an embodiment of the present invention provides a processor, where the processor includes a metric software stack, and the metric software stack is configured to execute the metric management method described in the second aspect.

第七方面,本发明实施例提供一种计算机系统,包括:第三至四任一方面所述的安全处理器和第五至六任一方面所述的处理器。In a seventh aspect, an embodiment of the present invention provides a computer system, including: the security processor described in any one of the third to fourth aspects and the processor described in any one of the fifth to sixth aspects.

第八方面,本发明实施例提供一种存储介质,该存储介质可以存储,实现如第一方面所述的度量管理方法的程序,或,实现第二方面所述的度量管理方法的程序。In an eighth aspect, an embodiment of the present invention provides a storage medium, which can store a program implementing the metric management method described in the first aspect, or a program implementing the metric management method described in the second aspect.

本发明实施例提供的度量管理方法及相关设备,所述方法在程序加载后,获取采样所述程序的度量基准值的采样命令,其中,所述采样命令包括所述程序的代码对应的代码起止地址,进而响应于所述采样命令,度量所述代码起止地址内的代码,将得到的度量值设置为所述程序的度量基准值,以基于所述度量基准值,度量所述程序是否异常。可以看出,本发明实施例在程序加载后采样得到用于在所述程序的度量过程中确定所述程序是否异常的度量基准值,从而可以实时设置对应所述程序的度量基准值,实现对程序的度量,而不必局限于预先设置了度量基准值的程序的度量,使用灵活方便。In the metric management method and related equipment provided by the embodiments of the present invention, after the program is loaded, the method acquires a sampling command for sampling the metric reference value of the program, wherein the sampling command includes the start and end of the code corresponding to the code of the program address, and then responding to the sampling command, measure the code in the start and end addresses of the code, and set the obtained measurement value as the measurement reference value of the program, so as to measure whether the program is abnormal based on the measurement reference value. It can be seen that, in the embodiment of the present invention, after the program is loaded, the metric reference value used to determine whether the program is abnormal during the metric process of the program is sampled, so that the metric reference value corresponding to the program can be set in real time to realize the measurement of the program. The measurement of the program is not limited to the measurement of the program with the measurement benchmark value set in advance, which is flexible and convenient to use.

并且,基于程序加载后得到度量基准值,可以不必考虑程序加载前的代码或参数的变化,使得本发明实施例所述的度量管理方法能够同时适用于加载前代码存储位置、运行参数等不确定的程序(例如虚拟机程序),具有更大的适用范围。Moreover, based on the metric reference value obtained after the program is loaded, it is not necessary to consider the changes in the code or parameters before the program is loaded, so that the metric management method described in the embodiment of the present invention can be applicable to uncertain code storage locations and operating parameters before loading. Programs (such as virtual machine programs) have a wider scope of application.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present application, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1是一种虚拟化环境的系统架构示意图;FIG. 1 is a schematic diagram of a system architecture of a virtualized environment;

图2是本发明实施例一种计算机系统的架构示意图;FIG. 2 is a schematic diagram of the architecture of a computer system according to an embodiment of the present invention;

图3是本发明实施例为程序生成度量基准值的一种可选方法流程图;FIG. 3 is a flow chart of an optional method for generating a metric reference value for a program in an embodiment of the present invention;

图4是本发明实施例为程序创建度量目标的一种可选方法流程图;FIG. 4 is a flow chart of an optional method for creating a measurement target for a program in an embodiment of the present invention;

图5是本发明实施例为程序创建度量目标的另一种可选方法流程图;FIG. 5 is a flow chart of another optional method for creating a measurement target for a program in an embodiment of the present invention;

图6是本发明实施例启动和停止度量程序的一种可选方法流程图;Fig. 6 is a flow chart of an optional method for starting and stopping the measurement program according to the embodiment of the present invention;

图7是本发明实施例删除程序对应的度量目标的一种可选方法流程图;FIG. 7 is a flow chart of an optional method for deleting a measurement target corresponding to a program in an embodiment of the present invention;

图8是本发明实施例查询度量目标的异常状态一种可选方法流程图;FIG. 8 is a flow chart of an optional method for querying the abnormal state of a measurement target according to an embodiment of the present invention;

图9是本发明实施例一种度量命令参数和度量响应参数的结构示意图;FIG. 9 is a schematic structural diagram of a measurement command parameter and a measurement response parameter according to an embodiment of the present invention;

图10是本发明实施例一种对命令的校验流程图;Fig. 10 is a flow chart of verifying commands according to an embodiment of the present invention;

图11是本发明实施例一种对响应的校验流程图;Fig. 11 is a flow chart of checking a response according to an embodiment of the present invention;

图12是一种度量目标的度量流程图。Fig. 12 is a measurement flowchart of a measurement target.

具体实施方式Detailed ways

由背景技术可知,现有的度量方法只能适用于定制系统中预先设置了度量基准值的固定的程序的度量,使用不便。It can be seen from the background technology that the existing measurement method can only be applied to the measurement of a fixed program in a custom system with a preset measurement reference value, which is inconvenient to use.

例如,在虚拟化环境中,在虚拟化得到虚拟机之前,虚拟机程序的代码存储位置、运行参数等都是不确定的,使得虚拟化环境中难以预先设置对应虚拟机程序的度量基准值,从而无法实现对虚拟机程序的度量。For example, in a virtualized environment, before the virtual machine is obtained by virtualization, the code storage location and operating parameters of the virtual machine program are uncertain, making it difficult to pre-set the benchmark value of the corresponding virtual machine program in the virtualized environment. Therefore, the measurement of the virtual machine program cannot be realized.

基于此,本发明实施例提供了一种度量管理方法及相关设备,所述方法在程序加载后,获取采样所述程序的度量基准值的采样命令,所述采样命令包括所述程序的代码对应的代码起止地址;响应于所述采样命令,度量所述代码起止地址内的代码,将度量得到的度量值设置为所述程序的度量基准值,以基于所述度量基准值,度量所述程序是否异常。Based on this, an embodiment of the present invention provides a metric management method and related equipment. After the program is loaded, the method acquires a sampling command for sampling the metric reference value of the program, and the sampling command includes the code corresponding to the program. code starting and ending addresses; in response to the sampling command, measure the code in the code starting and ending addresses, and set the measured measurement value as the measurement reference value of the program, so as to measure the program based on the measurement reference value Is it abnormal.

可以看出,本发明实施例在程序加载后采样得到用于在所述程序的度量过程中确定所述程序是否异常的度量基准值,从而可以实时设置对应所述程序的度量基准值,实现对程序的度量,而不必局限于预先设置了度量基准值的度量目标,使用灵活方便。It can be seen that, in the embodiment of the present invention, after the program is loaded, the metric reference value used to determine whether the program is abnormal during the metric process of the program is sampled, so that the metric reference value corresponding to the program can be set in real time to realize the measurement of the program. The measurement of the program does not need to be limited to the measurement target with the measurement benchmark value set in advance, which is flexible and convenient to use.

并且,基于程序加载后得到度量基准值,可以不必考虑程序加载前的代码或参数的变化,使得本发明实施例所述的度量管理方法能够同时适用于加载前代码存储位置、运行参数等不确定的程序(例如虚拟机程序),具有更大的适用范围。Moreover, based on the metric reference value obtained after the program is loaded, it is not necessary to consider the changes in the code or parameters before the program is loaded, so that the metric management method described in the embodiment of the present invention can be applicable to uncertain code storage locations and operating parameters before loading. Programs (such as virtual machine programs) have a wider scope of application.

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

虚拟化技术(Virtualization)是一种通过物理主机虚拟化出多台虚拟机(Virtual Machine,VM)的方式,以最大化的利用物理主机的硬件资源;在虚拟化环境下,创建虚拟机的过程中,为虚拟机分配的硬件资源和运行参数是根据实际需求确定的,从而使得虚拟机的运行位置和运行参数都无法预先确定,相应的,所创建的虚拟机的程序的代码的存储位置、运行参数等随着创建需求的变化而动态变化,从而使得虚拟化环境中难以预先设置对应虚拟机程序的度量基准值。本发明实施例以虚拟化环境为例,进行本发明度量管理方法的说明。Virtualization technology (Virtualization) is a way to virtualize multiple virtual machines (Virtual Machine, VM) through a physical host to maximize the use of hardware resources of the physical host; in a virtualized environment, the process of creating a virtual machine In the virtual machine, the hardware resources and operating parameters allocated to the virtual machine are determined according to actual needs, so that the operating location and operating parameters of the virtual machine cannot be determined in advance. Correspondingly, the storage location of the program code of the created virtual machine, Operating parameters and the like change dynamically as creation requirements change, so that it is difficult to pre-set a measurement benchmark value corresponding to a virtual machine program in a virtualization environment. In this embodiment of the present invention, a virtualization environment is taken as an example to describe the measurement management method of the present invention.

作为一种可选示例,图1示出了虚拟化环境的系统架构示意图,如图1所示,虚拟化环境的系统架构可以包括:处理器(Central Processing Unit,CPU)1,内存2,外设3和安全处理器4;As an optional example, FIG. 1 shows a schematic diagram of a system architecture of a virtualization environment. As shown in FIG. 1, the system architecture of a virtualization environment may include: a processor (Central Processing Unit, CPU) 1, a memory 2, an Set 3 and secure processor 4;

其中,处理器1是一种超大规模的集成电路,可用于解释计算机指令以及处理计算机软件中的数据。处理器1可通过虚拟化技术虚拟化出多台虚拟机11,该多台虚拟机11的运行位置和运行参数可根据实际的用户需求和设备状态进行配置。Wherein, the processor 1 is a very large scale integrated circuit, which can be used to interpret computer instructions and process data in computer software. The processor 1 can virtualize multiple virtual machines 11 through the virtualization technology, and the running locations and running parameters of the multiple virtual machines 11 can be configured according to actual user requirements and device status.

安全处理器4为专门设置的负责处理与虚拟机的安全相关操作的处理器,例如,安全处理器4可进行内存加解密等操作(例如,由安全处理器对虚拟机初始数据进行加密)。安全处理器4通常具有较高的系统权限,可以直接访问系统的硬件资源,如系统内存、外设等;同时,为保障安全处理器4的数据安全,安全处理器4还可以同时配置有专用的内存、非易失性存储(NVRAM)等硬件资源,从而保证安全处理器内的数据不可篡改。The security processor 4 is a specially configured processor responsible for processing security-related operations of the virtual machine. For example, the security processor 4 can perform operations such as memory encryption and decryption (for example, the security processor encrypts the initial data of the virtual machine). The security processor 4 usually has higher system authority and can directly access the hardware resources of the system, such as system memory, peripherals, etc.; at the same time, in order to ensure the data security of the security processor 4, the security processor 4 can also be configured with a dedicated Hardware resources such as internal memory and non-volatile storage (NVRAM) ensure that the data in the secure processor cannot be tampered with.

处理器1可配置专用的与安全处理器4相通信的API(Application ProgrammingInterface,应用程序编程接口)接口,以实现处理器1与安全处理器4的数据交互。其中,处理器和安全处理器之间的数据交互可以采用中断机制实现,例如,发送的过程可以为发送方触发中断,接收方响应中断的过程,其中,中断附带所需交互的数据。The processor 1 may be configured with a dedicated API (Application Programming Interface, Application Programming Interface) interface for communicating with the security processor 4 , so as to implement data interaction between the processor 1 and the security processor 4 . Wherein, the data interaction between the processor and the security processor can be realized by using an interrupt mechanism. For example, the process of sending can trigger an interrupt for the sender, and the receiver can respond to the interrupt process, wherein the interrupt comes with the data required for interaction.

可选的,安全处理器4可以设置在处理器1的芯片外,也可以集成在处理器1的芯片上,在较优的示例中,可以将安全处理器4集成处理器1的芯片上。Optionally, the security processor 4 can be arranged outside the chip of the processor 1 or integrated on the chip of the processor 1 . In a preferred example, the security processor 4 can be integrated on the chip of the processor 1 .

在本示例中,可以使安全处理器提供度量服务。基于安全处理器配置有专用的硬件资源,采用安全处理器提供度量服务,可以保证安全处理器提供的度量服务的数据安全;基于安全处理器与处理器之间配置专用的API接口,可以保持度量过程中安全处理器与处理器的数据传输安全;并且,基于安全处理器可以直接访问系统的硬件资源的系统权限,如系统内存、外设等,便于实现对度量目标的度量。In this example, the security processor can be made to provide metering services. Based on the security processor configured with dedicated hardware resources, using the security processor to provide the measurement service can ensure the data security of the measurement service provided by the security processor; based on the configuration of a dedicated API interface between the security processor and the processor, the measurement can be maintained In the process, the data transmission between the security processor and the processor is safe; and, based on the system authority that the security processor can directly access the hardware resources of the system, such as system memory, peripherals, etc., it is convenient to realize the measurement of the measurement target.

作为一个可选的示例,参考图2示出的计算机系统的架构示意图,所述安全处理器4中可以包括度量命令处理模块41、度量目标列表42和度量引擎43。其中,度量命令处理模块41可以处理CPU发来的度量相关命令,并维护度量目标列表42,在功能上作为度量服务的前端;所述度量目标列表42用于保存设定的度量目标及对应的加密信息、地址信息、基准信息、使能状态信息和异常状态信息等,例如度量目标对应的主密钥、地址范围、基准值和度量状态异常信息等;所述度量引擎43可以实现对度量目标进行周期性的度量。As an optional example, referring to the schematic architecture diagram of a computer system shown in FIG. 2 , the security processor 4 may include a measurement command processing module 41 , a measurement target list 42 and a measurement engine 43 . Among them, the measurement command processing module 41 can process the measurement-related commands sent by the CPU, and maintain the measurement target list 42, which functions as the front end of the measurement service; the measurement target list 42 is used to save the set measurement target and the corresponding Encrypted information, address information, reference information, enabling status information and abnormal status information, etc., such as the master key corresponding to the measurement target, address range, reference value and measurement status abnormal information, etc.; the measurement engine 43 can realize the measurement target Take periodic measurements.

在处理器1中,对应配置有用于与所述安全处理器4实现交互的度量软件栈12,用于对安全处理器上提供的度量服务进行封装,并在屏蔽具体的实现细节后向上提供标准的度量接口API。In the processor 1, a metric software stack 12 for interacting with the security processor 4 is configured correspondingly, for encapsulating the metric service provided on the security processor, and providing standards upward after shielding specific implementation details The metrics interface API.

需要说明的是,用于作为度量目标的程序,可以为虚拟机的操作系统加载器、操作系统内核、操作系统以及运行在操作系统内的应用程序。It should be noted that the program used as the measurement target may be an operating system loader, an operating system kernel, an operating system, and an application program running in the operating system of a virtual machine.

作为一个可选实现,图3示出了为程序生成度量基准值的一种可选方法流程,该方法流程可由图2示出的系统架构执行,具体可在创建虚拟机后,虚拟机的程序加载后执行,参考图3,所述方法可以包括:As an optional implementation, FIG. 3 shows an optional method flow for generating a metric benchmark value for a program. The method flow can be executed by the system architecture shown in FIG. 2. Specifically, after the virtual machine is created, the program of the virtual machine Execute after loading, with reference to Figure 3, the method may include:

步骤S01:度量软件栈发送采样所述程序的度量基准值的采样命令,所述采样命令包括所述程序的代码对应的代码起止地址。Step S01: The measurement software stack sends a sampling command for sampling the measurement reference value of the program, and the sampling command includes the start and end address of the code corresponding to the code of the program.

可以理解的是,在程序加载后,程序的代码地址和程序的运行参数则为确定的,此时,发送采样命令进行度量基准值采样,得到度量基准值,能够避免程序加载前相关数据的不确定性造成的度量基准值难以确定,从而实现对程序的度量。It can be understood that after the program is loaded, the code address of the program and the operating parameters of the program are determined. At this time, sending the sampling command to sample the measurement reference value to obtain the measurement reference value can avoid the inconsistency of the relevant data before the program is loaded. The measurement benchmark value caused by determinism is difficult to determine, so as to realize the measurement of the program.

所述度量软件栈可以基于度量服务调用者的命令调用采样命令。所述度量服务调用者,可以为系统中的程序管理方,也可以为系统中的安全管理方,可选的,度量服务调用者还可以为应用程序加载器,内核模块加载器。具体的,所述度量服务调用者,可以在检测到程序加载完毕后发出对应的命令,以使度量软件栈调用采样命令,或者,在所述度量服务调用者发出命令后,度量软件栈检测程序是否加载完毕,并在程序加载完之后,调用采样命令。The metric software stack may invoke sampling commands based on commands from a metric service caller. The caller of the measurement service may be a program manager in the system, or a security manager in the system. Optionally, the caller of the measurement service may also be an application program loader or a kernel module loader. Specifically, the measurement service caller may issue a corresponding command after detecting that the program is loaded, so that the measurement software stack invokes the sampling command, or, after the measurement service caller issues a command, the measurement software stack detects the program Whether the loading is complete, and after the program is loaded, call the sampling command.

基于程序加载前,相应的代码起止地址不确定,而在程序加载后,相应的代码起止地址则已经确定,对应的,在采样命令中携带所述程序的代码对应代码起止地址,以确定度量的度量范围。Before the program is loaded, the starting and ending addresses of the corresponding codes are uncertain, but after the program is loaded, the corresponding starting and ending addresses of the codes have been determined. Correspondingly, the starting and ending addresses of the codes corresponding to the codes of the program carried in the sampling command are used to determine the measurement measurement range.

在一个可选的示例中,还可以在发送采样命令前,对该命令的度量命令参数进行加密或生成校验码进行校验,从而防止命令数据被窃取和篡改。In an optional example, before sending the sampling command, the measurement command parameter of the command may be encrypted or a verification code may be generated for verification, so as to prevent command data from being stolen and tampered with.

步骤S02:度量命令处理模块获取采样所述程序的度量基准值的采样命令;Step S02: The measurement command processing module acquires a sampling command for sampling the measurement reference value of the program;

在度量软件栈发送采样命令后,相应的,度量命令处理模块可以接收所述采样命令,从而获取采样命令。After the measurement software stack sends the sampling command, correspondingly, the measurement command processing module can receive the sampling command, so as to obtain the sampling command.

需要说明的是,在该命令的度量命令参数执行过加密或校验步骤时,本步骤还可以进一步在对所述度量命令参数进行解密或生成校验码进行校验后,得到该命令的度量命令参数。It should be noted that when the measurement command parameter of the command has been encrypted or verified, this step can further obtain the measurement value of the command after decrypting the measurement command parameter or generating a verification code for verification. command parameters.

步骤S03:度量命令处理模块响应于所述采样命令,度量所述代码起止地址内的代码,将度量得到的度量值设置为所述程序的度量基准值,以基于所述度量基准值,度量所述程序是否异常;Step S03: The measurement command processing module measures the code in the start and end addresses of the code in response to the sampling command, and sets the measured measurement value as the measurement reference value of the program, so as to measure the code based on the measurement reference value. Whether the above program is abnormal;

所述度量基准值用于在所述程序的度量过程中作为确定所述程序是否异常的基准值。The measurement reference value is used in the measurement process of the program as a reference value for determining whether the program is abnormal.

其中,可以采用预设的算法度量所述代码起止地址内的代码,得到对应的度量值,并以该度量值作为度量基准值。Wherein, a preset algorithm may be used to measure the codes in the start and end addresses of the codes to obtain a corresponding measurement value, and use the measurement value as a measurement reference value.

在得到对应所述程序的度量基准值之后,还可以进一步将所述度量基准值存储至度量目标列表,其中,度量目标列表中存储有与程序相对应的度量目标,所述度量基准值与该度量目标相对应。其中,在所述度量目标列表中,已存在与该度量目标相对应的度量基准值时,则更新所述度量基准值。After the measurement reference value corresponding to the program is obtained, the measurement reference value may be further stored in a measurement target list, wherein the measurement target list stores a measurement target corresponding to the program, and the measurement reference value is the same as the measurement target list. corresponding to the measurement target. Wherein, in the measurement object list, if there is already a measurement reference value corresponding to the measurement object, the measurement reference value is updated.

需要说明的是,在得到对应所述程序的度量基准值后,所述度量命令处理模块还进一步发送采样命令的响应通知至所述度量软件栈。It should be noted that, after obtaining the metric reference value corresponding to the program, the metric command processing module further sends a response notification of the sampling command to the metric software stack.

在一个可选的示例中,度量命令处理模块还可以在发送采样命令的响应通知前,对该响应的度量响应参数进行加密或生成校验码进行校验,从而防止响应数据被窃取和篡改。In an optional example, before sending the response notification of the sampling command, the measurement command processing module may encrypt the measurement response parameter of the response or generate a verification code for verification, thereby preventing the response data from being stolen and tampered with.

步骤S04:度量软件栈获取所述采样命令的响应通知;Step S04: The measurement software stack obtains a response notification of the sampling command;

度量软件栈可以通过接收度量命令处理模块发送的采样命令的响应通知,从而获取所述采样命令的响应通知。The measurement software stack may obtain the response notification of the sampling command by receiving the response notification of the sampling command sent by the measurement command processing module.

其中,获取所述采样命令的响应通知,从而可以确定所述程序设置所述度量基准值,进而可以指示后续流程可以进行程序的度量。Wherein, the response notification of the sampling command is obtained, so that it can be determined that the program sets the measurement reference value, and then it can indicate that the subsequent process can perform program measurement.

需要说明的是,在对应的度量响应参数执行过加密或生成校验码进行校验时,本步骤还可以进一步对所述度量响应参数进行解密或校验,从而得到该响应的度量响应参数。It should be noted that, when the corresponding measurement response parameters are encrypted or verification codes are generated for verification, this step may further decrypt or verify the measurement response parameters, so as to obtain the measurement response parameters of the response.

可以看出,本发明实施例在程序加载后采样得到用于在所述程序的度量过程中确定所述程序是否异常的度量基准值,从而可以实时设置对应所述程序的度量基准值,实现对程序的度量,而不必局限于预先设置了度量基准值的程序的度量,使用灵活方便。It can be seen that, in the embodiment of the present invention, after the program is loaded, the metric reference value used to determine whether the program is abnormal during the metric process of the program is sampled, so that the metric reference value corresponding to the program can be set in real time to realize the measurement of the program. The measurement of the program is not limited to the measurement of the program with the measurement benchmark value set in advance, which is flexible and convenient to use.

并且,基于程序加载后得到度量基准值,可以不必考虑程序加载前的代码或参数的变化,使得本发明实施例所述的度量管理方法能够同时适用于加载前代码存储位置、运行参数等不确定的程序(例如虚拟机程序),具有更大的适用范围。Moreover, based on the metric reference value obtained after the program is loaded, it is not necessary to consider the changes in the code or parameters before the program is loaded, so that the metric management method described in the embodiment of the present invention can be applicable to uncertain code storage locations and operating parameters before loading. Programs (such as virtual machine programs) have a wider scope of application.

进一步的,度量目标的度量基准值通常基于预先设定的算法得到,基于安全考虑,不同的设备通常对应不同的计算方法和参数,若度量基准值基于现有技术的方式预先计算并设置在度量实体内,则使度量目标的度量基准值计算过程比较繁琐,使用不方便,而本申请中在程序加载后进行度量基准值的采样计算,能够避免上述过程,从而提高了对程序度量的便捷度。Furthermore, the measurement benchmark value of the measurement target is usually obtained based on a preset algorithm. Based on security considerations, different devices usually correspond to different calculation methods and parameters. If the measurement benchmark value is pre-calculated based on the existing technology and set in the measurement In the entity, the calculation process of the measurement reference value of the measurement target is cumbersome and inconvenient to use. However, in this application, the sampling calculation of the measurement reference value after the program is loaded can avoid the above process, thereby improving the convenience of program measurement .

在一个可选的示例中,在程序加载后,进行度量基准值采样之前,还可以进一步进行度量目标的创建。具体的,图4示出了为程序创建度量目标的一种可选方法流程,参考图4,所述流程包括:In an optional example, after the program is loaded and before the measurement benchmark value is sampled, the measurement target may be further created. Specifically, FIG. 4 shows an optional method flow for creating a measurement target for a program. Referring to FIG. 4, the flow includes:

步骤S11:度量软件栈发送所述程序的度量目标创建命令;Step S11: the measurement software stack sends the measurement target creation command of the program;

所述度量目标创建命令,用于在度量目标列表创建对应所述程序的度量目标,从而基于所述度量目标,记录对应所述度量目标的相关参数,例如所述度量目标的度量基准值、状态信息和加密信息等,并进行对度量目标的度量。The metric target creation command is used to create a metric target corresponding to the program in the metric target list, so as to record relevant parameters corresponding to the metric target based on the metric target, such as the metric reference value and status of the metric target Information and encrypted information, etc., and measure the measurement target.

所述度量目标创建命令可以基于度量服务调用者的命令进行度量目标创建命令的调用,具体的,所述度量服务调用者,可以在检测到程序加载完毕后发出对应的命令,以使度量软件栈调用度量目标创建命令,或者,在所述度量服务调用者发出命令后,度量软件栈检测程序是否加载完毕,并在程序加载完之后,调用度量目标创建命令。The measurement target creation command may be based on the measurement service caller's command to call the measurement target creation command. Specifically, the measurement service caller may issue a corresponding command after detecting that the program is loaded, so that the measurement software stack Invoking the measurement target creation command, or, after the measurement service caller issues the command, the measurement software stack detects whether the program is loaded, and calls the measurement target creation command after the program is loaded.

需要说明的是,为使程序都能实现对应度量目标的创建,在调用度量目标创建命令时,可以不进行度量命令参数的加密或校验。It should be noted that, in order to enable the program to create the corresponding measurement target, when the measurement target creation command is invoked, the encryption or verification of the measurement command parameters may not be performed.

步骤S12:度量命令处理模块获取所述程序的度量目标创建命令;Step S12: the measurement command processing module acquires the measurement target creation command of the program;

在度量软件栈发送度量目标创建命令后,相应的,度量命令处理模块可以接收所述度量目标创建命令,从而获取度量目标创建命令。After the measurement software stack sends the measurement target creation command, correspondingly, the measurement command processing module may receive the measurement target creation command, so as to obtain the measurement target creation command.

步骤S13:度量命令处理模块响应于所述度量目标创建命令,在度量目标列表中创建对应所述程序的度量目标;Step S13: the measurement command processing module responds to the measurement target creation command, and creates a measurement target corresponding to the program in the measurement target list;

在创建对应所述程序的度量目标后,所述度量命令处理模块还可以进一步进行度量目标的初始化,以实现对度量目标的初始配置。After creating the measurement target corresponding to the program, the measurement command processing module may further initialize the measurement target, so as to realize the initial configuration of the measurement target.

需要说明的是,在创建对应所述程序的度量目标后,所述度量命令处理模块还进一步发送度量目标创建命令的响应通知至所述度量软件栈。It should be noted that, after creating the measurement target corresponding to the program, the measurement command processing module further sends a response notification of the measurement target creation command to the measurement software stack.

步骤S14:度量软件栈获取所述度量目标创建命令的响应通知,确定创建所述程序的度量目标;Step S14: The measurement software stack obtains the response notification of the measurement target creation command, and determines to create the measurement target of the program;

度量软件栈可以通过接收度量命令处理模块发送的度量目标创建命令响应通知,从而获取所述度量目标创建命令的响应通知。The measurement software stack may obtain the response notification of the measurement target creation command by receiving the measurement target creation command response notification sent by the measurement command processing module.

其中,所述度量基准值、所述代码起止地址与所述度量目标对应存储于所述度量目标列表中,度量引擎基于所述度量目标列表中的数据,度量所述程序是否异常。Wherein, the measurement reference value, the code start and end address and the measurement target are correspondingly stored in the measurement target list, and the measurement engine measures whether the program is abnormal based on the data in the measurement target list.

可以理解的是,在现有技术中,通常是在程序加载前,在专用硬件上创建预设的度量目标,并进一步在程序加载前,设置对应度量目标的度量基准值、加密信息等,从而使得度量目标不能进行动态的创建、删除等,从而无法进行度量目标的适应性调整。而本示例中,则可以在程序加载后,进行度量目标的创建,从而可以实现对度量目标的动态调整。It can be understood that, in the prior art, usually before the program is loaded, a preset measurement target is created on the dedicated hardware, and further before the program is loaded, the measurement benchmark value and encrypted information of the corresponding measurement target are set, so that The measurement target cannot be dynamically created, deleted, etc., so that the adaptive adjustment of the measurement target cannot be performed. However, in this example, the measurement target can be created after the program is loaded, so that the dynamic adjustment of the measurement target can be realized.

在一个可选的示例中,在度量命令处理模块创建度量目标之后,还可以进一步协商得到主密钥,以实现对相关度量命令进行加密或校验,从而避免命令被非法调用或篡改,对接口进行安全保护。In an optional example, after the measurement target is created by the measurement command processing module, the master key can be further negotiated to encrypt or verify the relevant measurement commands, so as to prevent the commands from being illegally invoked or tampered with. For security protection.

具体的,参考图5示出的流程,基于图4的创建度量目标之后,进行度量基准值采样之前,可以执行步骤S15和S16,使度量管理请求方与度量管理执行方协商得到主密钥,并存储所述主密钥,从而利用主密钥实现对度量相关命令的加密或校验。其中,所述度量管理请求方可以为CPU侧,具体可以为度量软件栈。具体的,度量命令处理模块可以与度量软件栈协商得到主密钥,并将度量命令处理模块侧的主密钥对应存储于度量目标列表中。Specifically, with reference to the flow shown in Figure 5, after creating the measurement target based on Figure 4, before sampling the measurement reference value, steps S15 and S16 can be executed, so that the measurement management requesting party and the measurement management execution party negotiate to obtain the master key, And store the master key, so as to realize the encryption or verification of the measurement-related commands by using the master key. Wherein, the metric management requester may be the CPU side, specifically, the metric software stack. Specifically, the measurement command processing module may negotiate with the measurement software stack to obtain a master key, and correspondingly store the master key at the measurement command processing module side in the measurement target list.

主密钥可以为后续的交互进行加密或验证提供基础。其中,具体的协商流程可以根据秘钥协商协议(如ECDH、SM2)执行,所述主秘钥可以用于命令的授权保护。可选的,在安全处理器内,该主秘钥可以与度量任务绑定。The master key can provide the basis for encryption or authentication of subsequent interactions. Wherein, the specific negotiation process can be performed according to a key negotiation protocol (such as ECDH, SM2), and the master key can be used for authorization protection of commands. Optionally, within the security processor, the master key can be bound to the measurement task.

在一个可选的示例中,在进行度量基准值采样之后,还可以进一步进行度量任务的启动控制。具体的,图6示出了启动和停止度量程序的一种可选方法流程,参考图6,所述流程包括:In an optional example, after sampling the measurement reference value, the startup control of the measurement task may be further performed. Specifically, FIG. 6 shows an optional method flow for starting and stopping the measurement program. Referring to FIG. 6, the flow includes:

步骤S21:度量软件栈发送所述程序的开始度量命令;Step S21: the measurement software stack sends the start measurement command of the program;

在进行度量基准值采样之后,即可执行对所述程序的度量任务。其中,所述开始度量命令用于指示所述度量命令处理模块启动程序的度量任务。After sampling the measurement reference value, the measurement task of the program can be executed. Wherein, the start measurement command is used to instruct the measurement command processing module to start the measurement task of the program.

所述度量软件栈可以基于度量服务调用者的命令调用所述程序的开始度量命令,并发送所述开始度量命令,也可以在检测到程序的采样命令的响应通知后,调用所述程序的开始度量命令,并发送所述开始度量命令。The measurement software stack may call the start measurement command of the program based on the command of the measurement service caller, and send the start measurement command, or may call the start measurement command of the program after detecting the response notification of the sampling command of the program. measure command, and send the start measure command.

在一个可选的示例中,还可以在发送所述开始度量命令前,对该命令的度量命令参数进行加密或生成校验码进行校验,从而防止命令数据被窃取和篡改。In an optional example, before sending the start measurement command, the measurement command parameter of the command may be encrypted or a verification code may be generated for verification, thereby preventing command data from being stolen and tampered with.

步骤S22:度量命令处理模块获取所述程序的开始度量命令;Step S22: the measurement command processing module obtains the start measurement command of the program;

在度量软件栈发送开始度量命令后,相应的,度量命令处理模块可以接收所述开始度量命令,从而获取开始度量命令。After the measurement software stack sends the measurement start command, correspondingly, the measurement command processing module may receive the measurement start command, so as to obtain the measurement start command.

需要说明的是,在命令的度量命令参数执行过加密或校验步骤时,本步骤还可以进一步在对所述度量命令参数进行解密或生成校验码进行校验后,得到该命令的度量命令参数。It should be noted that when the measurement command parameter of the command has been encrypted or verified, this step can further obtain the measurement command of the command after decrypting the measurement command parameter or generating a verification code for verification parameter.

步骤S23:度量命令处理模块响应于所述程序的开始度量命令,在所述度量目标列表中更新所述程序对应的度量目标的使能状态为是。Step S23: In response to the start measurement command of the program, the measurement command processing module updates the enabled state of the measurement target corresponding to the program in the measurement target list to yes.

所述度量目标的使能状态为是,用于指示度量引擎对所述度量目标执行度量任务。可选的,所述度量任务可以为周期性的对度量目标进行度量。The enable state of the measurement object is yes, which is used to instruct the measurement engine to execute the measurement task on the measurement object. Optionally, the measurement task may measure the measurement target periodically.

其中,所述度量目标的使能状态存储于度量目标列表中,相应的,可以更新所述度量目标列表中对应的度量目标的使能状态为是。Wherein, the enabling status of the measurement target is stored in the measurement target list, and correspondingly, the enabling status of the corresponding measurement target in the measurement target list may be updated to Yes.

相应的,度量引擎在执行度量任务时,在确定对应所述度量目标的使能状态为是时,则执行所述度量目标对应的代码起止地址内的代码的度量。在一个可选的示例中,可以使所述度量引擎执行对度量目标的度量,并在度量结果为异常时,使度量引擎发送异常状态信息至度量软件栈,并更新所述异常状态信息至度量目标列表。Correspondingly, when the measurement engine executes the measurement task, when it determines that the enable state corresponding to the measurement object is yes, it executes the measurement of the codes in the code start and end addresses corresponding to the measurement object. In an optional example, the measurement engine may be used to perform measurement on the measurement target, and when the measurement result is abnormal, the measurement engine may send abnormal status information to the measurement software stack, and update the abnormal status information to the measurement target list.

需要说明的是,在更新所述度量目标的使能状态为是后,所述度量命令处理模块还进一步发送开始度量命令的响应通知至所述度量软件栈。It should be noted that, after updating the enable state of the measurement target to yes, the measurement command processing module further sends a response notification of starting the measurement command to the measurement software stack.

在一个可选的示例中,度量命令处理模块还可以在发送开始度量命令的响应通知前,对该响应的度量响应参数进行加密或生成校验码进行校验,从而防止响应数据被窃取和篡改。In an optional example, the measurement command processing module can also encrypt the measurement response parameters of the response or generate a check code for verification before sending the response notification to start the measurement command, so as to prevent the response data from being stolen and tampered with .

步骤S24:度量软件栈获取所述开始度量命令的响应通知,确定所述程序对应的度量目标的使能状态为是;Step S24: The measurement software stack obtains the response notification of the start measurement command, and determines that the enabling status of the measurement target corresponding to the program is Yes;

度量软件栈可以通过接收度量命令处理模块发送的开始度量命令响应通知,从而获取所述开始度量命令的响应通知。The measurement software stack may obtain the response notification of the measurement start command by receiving the response notification of the measurement start command sent by the measurement command processing module.

需要说明的是,在对应的度量响应参数执行过加密或生成校验码进行校验时,本步骤还可以进一步对所述度量响应参数进行解密或校验,从而得到该响应的度量响应参数。It should be noted that, when the corresponding measurement response parameters are encrypted or verification codes are generated for verification, this step may further decrypt or verify the measurement response parameters, so as to obtain the measurement response parameters of the response.

相应的,在本示例中,还可以进一步进行度量任务的停止控制,继续参考图6,所述流程包括:Correspondingly, in this example, the stop control of the measurement task can be further performed. Continue referring to FIG. 6 , the process includes:

步骤S25:度量软件栈发送所述程序的停止度量命令;Step S25: the measurement software stack sends the stop measurement command of the program;

在度量任务启动之后,本示例还可以进一步停止所述度量任务。其中,所述停止度量命令用于指示所述度量命令处理模块停止程序的度量任务。After the measurement task is started, this example can further stop the measurement task. Wherein, the stop measurement command is used to instruct the measurement command processing module to stop the measurement task of the program.

所述度量软件栈可以基于度量服务调用者的命令调用所述程序的停止度量命令,并发送所述停止度量命令,也可以根据预设的条件,调用所述程序的停止度量命令,并发送所述停止度量命令。示例的,所述度量软件栈可以根据程序的状态调用所述程序的停止度量命令,例如可以设置程序进行休眠状态时,调用所述程序的停止度量命令。The measurement software stack may call the stop measurement command of the program based on the command of the measurement service caller and send the stop measurement command, or may call the stop measurement command of the program according to preset conditions and send the stop measurement command. Describe the stop measurement command. As an example, the measurement software stack may call the stop measurement command of the program according to the state of the program, for example, the stop measurement command of the program may be called when the program is set to sleep.

可选的,在发送停止度量命令前,可以执行对该命令的度量命令参数的加密或校验。Optionally, before sending the stop measurement command, encryption or verification of the measurement command parameters of the command may be performed.

步骤S26:度量命令处理模块获取所述程序的停止度量命令;Step S26: the measurement command processing module acquires the stop measurement command of the program;

在度量软件栈发送停止度量命令后,相应的,度量命令处理模块可以接收所述停止度量命令,从而获取停止度量命令。After the measurement software stack sends the stop measurement command, correspondingly, the measurement command processing module may receive the stop measurement command, so as to obtain the stop measurement command.

可选的,在度量命令参数执行过加密或校验步骤时,本步骤还可以进一步在对所述度量命令参数进行解密或生成校验码进行校验后,得到该命令的度量命令参数。Optionally, when the measurement command parameter has been encrypted or verified, this step may further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a verification code for verification.

步骤S27:度量命令处理模块响应于所述程序的停止度量命令,在所述度量目标列表中更新所述程序对应的度量目标的使能状态为否。Step S27: In response to the stop measurement command of the program, the measurement command processing module updates the enable status of the measurement target corresponding to the program in the measurement target list to No.

所述度量目标的使能状态为否,用于指示度量引擎停止所述度量目标执行度量任务。其中,所述度量目标的使能状态可以存储于度量目标列表中,相应的,可以更新所述度量目标列表中对应的度量目标的使能状态为否。The enable state of the measurement target is no, which is used to instruct the measurement engine to stop the measurement target from executing the measurement task. Wherein, the enabling status of the measurement target may be stored in the measurement target list, and correspondingly, the enabling status of the corresponding measurement target in the measurement target list may be updated to No.

相应的,度量引擎在执行度量任务时,在确定对应所述度量目标的使能状态为否时,则停止执行所述度量目标对应的代码起止地址内的代码的度量。其中,停止所述度量目标执行度量任务,并不对度量目标对应的信息(如地址范围信息和度量基准值)执行删除,停止度量任务后,度量软件栈仍可以通过开始度量命令恢复对度量目标执行相应的度量任务。Correspondingly, when the measurement engine executes the measurement task, if it determines that the enable state corresponding to the measurement object is No, it stops executing the measurement of the codes in the code start and end addresses corresponding to the measurement object. Wherein, the measurement target is stopped to execute the measurement task, and the information corresponding to the measurement target (such as address range information and measurement reference value) is not deleted. After the measurement task is stopped, the measurement software stack can still resume execution of the measurement target by starting the measurement command. corresponding measurement tasks.

需要说明的是,在更新所述度量目标的使能状态为否后,所述度量命令处理模块还进一步发送停止度量命令的响应通知至所述度量软件栈。It should be noted that, after updating the enable state of the measurement target to No, the measurement command processing module further sends a response notification of the stop measurement command to the measurement software stack.

可选的,在发送采样命令响应通知前,还可以该响应的度量响应参数进行加密或校验。Optionally, before sending the sampling command response notification, the measurement response parameter of the response may also be encrypted or verified.

步骤S28:度量软件栈获取所述停止度量命令的响应通知,确定更新所述程序对应的度量目标的使能状态为否;Step S28: The measurement software stack obtains the response notification of the stop measurement command, and determines whether to update the enable state of the measurement target corresponding to the program;

度量软件栈可以通过接收度量命令处理模块发送的停止度量命令响应通知,从而获取所述停止度量命令的响应通知。The measurement software stack may obtain the response notification of the stop measurement command by receiving the response notification of the stop measurement command sent by the measurement command processing module.

可选的,在度量响应参数执行过加密或生成校验码进行校验时,本步骤还可以进一步对所述度量响应参数进行解密或校验,从而得到该响应的度量响应参数。Optionally, when the measurement response parameter is encrypted or a verification code is generated for verification, this step may further decrypt or verify the measurement response parameter, so as to obtain the measurement response parameter of the response.

可以理解的是,在现有技术中,通常基于在专用硬件上创建预设的度量目标及相关参数,自动执行对应度量目标的度量任务,从而使得度量目标不能进行动态的启动、停止等,从而无法进行度量任务的调整。而本示例中,则可以在进行度量基准值采样之后,进行度量目标的使能状态的调整,从而可以实现对度量任务的适应性调整。It can be understood that, in the prior art, the measurement tasks corresponding to the measurement targets are usually automatically executed based on the preset measurement targets and related parameters created on dedicated hardware, so that the measurement targets cannot be dynamically started, stopped, etc., thereby Unable to adjust the measurement task. However, in this example, the enabling state of the measurement target may be adjusted after sampling the measurement reference value, so as to realize the adaptive adjustment of the measurement task.

在一个可选的示例中,在创建相应的度量目标之后,还可以进一步删除相应的度量目标。具体的,图7示出了删除程序对应的度量目标的一种可选方法流程,参考图7,所述流程包括:In an optional example, after the corresponding measurement target is created, the corresponding measurement target may be further deleted. Specifically, FIG. 7 shows an optional method flow for deleting a measurement target corresponding to a program. Referring to FIG. 7, the flow includes:

步骤S31:度量软件栈发送所述程序的结束度量命令;Step S31: the measurement software stack sends the end measurement command of the program;

在创建相应的度量任务之后,可以结束对所述程序的度量任务。其中,所述结束度量命令用于指示所述度量命令处理模块结束程序的度量任务。The measurement task for the program can be ended after the corresponding measurement task has been created. Wherein, the end measurement command is used to instruct the measurement command processing module to end the measurement task of the program.

所述度量软件栈可以基于度量服务调用者的命令调用所述程序的结束度量命令,并发送所述结束度量命令,也可以根据预设的条件,调用所述程序的结束度量命令,并发送所述结束度量命令。示例的,所述度量软件栈可以根据程序的状态调用所述程序的结束度量命令,例如可以设置程序进行结束状态时,调用所述程序的结束度量命令。The measurement software stack may call the end measurement command of the program based on the command of the measurement service caller, and send the end measurement command, or call the end measurement command of the program according to a preset condition, and send the end measurement command. Describe the end measurement command. As an example, the measurement software stack may call the program end measurement command according to the state of the program, for example, the program end measurement command may be called when the program is in an end state.

可选的,还可以在发送结束度量命令前,对该命令的度量命令参数进行加密或生成校验码进行校验,从而防止命令数据被窃取和篡改。Optionally, before sending the end measurement command, the measurement command parameter of the command may be encrypted or a check code may be generated for verification, thereby preventing command data from being stolen and tampered with.

步骤S32:度量命令处理模块获取所述程序的结束度量命令;Step S32: the measurement command processing module obtains the end measurement command of the program;

在度量软件栈发送结束度量命令后,相应的,度量命令处理模块可以接收所述结束度量命令,从而获取结束度量命令。After the measurement software stack sends the end measurement command, correspondingly, the measurement command processing module may receive the end measurement command, so as to obtain the end measurement command.

在该命令的度量命令参数执行过加密或校验步骤时,本步骤还可以进一步在对所述度量命令参数进行解密或生成校验码进行校验后,得到该命令的度量命令参数。When the measurement command parameter of the command has been encrypted or verified, this step can further obtain the measurement command parameter of the command after decrypting the measurement command parameter or generating a verification code for verification.

步骤S33:度量命令处理模块响应于所述程序的结束度量命令,在所述度量目标列表中删除所述程序对应的度量目标,以及所述度量目标对应的数据信息。Step S33: The measurement command processing module deletes the measurement object corresponding to the program and the data information corresponding to the measurement object from the measurement object list in response to the end measurement command of the program.

所述结束度量命令,用于删除所述度量目标及其对应的数据信息,包括所述度量目标对应的主密钥、地址范围、基准值等,在一个可选的示例中,所述度量目标还对应有用于信息验证的随机数,相应的,在相应所述结束度量命令时,还同时删除所述随机数。The end measurement command is used to delete the measurement target and its corresponding data information, including the master key, address range, reference value, etc. corresponding to the measurement target. In an optional example, the measurement target It also corresponds to a random number used for information verification, and correspondingly, when corresponding to the end measurement command, the random number is also deleted at the same time.

其中,所述度量目标及其对应的数据信息存储在度量目标列表中,相应的,所述度量命令处理模块响应于所述程序的结束度量命令时,删除所述度量目标列表中的度量目标及其对应的数据信息。Wherein, the measurement target and its corresponding data information are stored in the measurement target list, correspondingly, when the measurement command processing module responds to the end measurement command of the program, deletes the measurement target and the measurement target in the measurement target list its corresponding data information.

在一个可选的示例中,所述删除度量目标及其对应的数据信息,还可以进一步为销毁所述度量目标及其对应的数据信息。In an optional example, the deleting the measurement target and its corresponding data information may further be destroying the measurement target and its corresponding data information.

需要说明的是,在删除所述度量目标,以及所述度量目标对应的数据信息后,所述度量命令处理模块还进一步发送结束度量命令的响应通知至所述度量软件栈。It should be noted that, after deleting the measurement target and the data information corresponding to the measurement target, the measurement command processing module further sends a response notification of ending the measurement command to the measurement software stack.

可选的,度量命令处理模块还可以在发送结束度量命令的响应通知前,对该响应的度量响应参数进行加密或生成校验码进行校验,从而防止响应数据被窃取和篡改。Optionally, the measurement command processing module may also encrypt the measurement response parameter of the response or generate a check code for verification before sending the response notification of the end measurement command, so as to prevent the response data from being stolen and tampered with.

步骤S34:度量软件栈获取所述结束度量命令的响应通知,确定删除所述程序对应的度量目标,以及与所述度量目标对应的数据信息;Step S34: The measurement software stack obtains the response notification of the end measurement command, and determines to delete the measurement object corresponding to the program and the data information corresponding to the measurement object;

度量软件栈可以通过接收度量命令处理模块发送的停止度量命令响应通知,从而获取所述停止度量命令的响应通知。The measurement software stack may obtain the response notification of the stop measurement command by receiving the response notification of the stop measurement command sent by the measurement command processing module.

可选的,在对应的度量响应参数执行过加密或生成校验码进行校验时,本步骤还可以进一步对所述度量响应参数进行解密或校验,从而得到该响应的度量响应参数。Optionally, when the corresponding measurement response parameter is encrypted or a verification code is generated for verification, this step may further decrypt or verify the measurement response parameter, so as to obtain the measurement response parameter of the response.

可以理解的是,在现有技术中,通常基于在专用硬件上创建预设的度量目标及相关参数,自动执行对应度量目标的度量任务,使得度量目标无法实现相应的删除流程,从而无法进行度量目标的调整。而本示例中,则可以在创建度量目标之后,还可以进行度量目标的删除,从而可以实现对度量目标的适应性调整。It can be understood that, in the prior art, the measurement tasks corresponding to the measurement targets are usually automatically executed based on the creation of preset measurement targets and related parameters on dedicated hardware, so that the measurement targets cannot achieve the corresponding deletion process, and thus cannot be measured Target adjustments. However, in this example, after the measurement target is created, the measurement target can also be deleted, so that the adaptive adjustment of the measurement target can be realized.

在一个可选的示例中,在度量相应的度量目标之后,还可以进一步在度量结果为异常时,使度量软件栈查询对应的度量目标的异常状态信息,以确认度量目标的状态。具体的,图8示出了查询度量目标的异常状态一种可选方法流程,参考图8,所述流程包括:In an optional example, after measuring the corresponding measurement target, when the measurement result is abnormal, the measurement software stack may query the abnormal status information of the corresponding measurement target to confirm the status of the measurement target. Specifically, FIG. 8 shows an optional method flow for querying the abnormal state of a measurement target. Referring to FIG. 8 , the flow includes:

步骤S41:度量软件栈发送所述程序的度量状态查询命令;Step S41: the measurement software stack sends the measurement state query command of the program;

其中,所述度量状态查询命令用于指示所述度量命令处理模块查询程序对应的度量目标的状态信息。Wherein, the measurement status query command is used to instruct the measurement command processing module to query the status information of the measurement target corresponding to the program.

在一个可选的示例中,所述度量引擎在对度量目标进行度量时,若度量结果为异常时,更新所述异常状态信息至度量目标列表,并通知CPU进行异常处理,为确认度量目标为异常状态,可以使度量引擎发送异常状态信息至度量软件栈,并由度量软件栈进行度量状态查询。In an optional example, when the measurement engine measures the measurement target, if the measurement result is abnormal, the abnormal status information is updated to the measurement target list, and the CPU is notified to perform exception processing. To confirm that the measurement target is The abnormal state can make the measurement engine send abnormal state information to the measurement software stack, and the measurement software stack can query the measurement state.

度量软件栈在接收到度量结果为异常的异常状态信息后,可以触发所述度量软件栈调用所述程序的度量状态查询命令,并发送所述结束度量命令至所述度量命令处理模块。After receiving the abnormal state information that the measurement result is abnormal, the measurement software stack may trigger the measurement software stack to invoke the measurement state query command of the program, and send the end measurement command to the measurement command processing module.

其中,度量软件栈对度量目标的异常状态信息进行查询,用于确定所述度量目标的异常状态信息是否为真。Wherein, the measurement software stack queries the abnormal status information of the measurement target to determine whether the abnormal status information of the measurement target is true.

可选的,在发送度量状态查询命令前,对该命令的度量命令参数进行加密或生成校验码进行校验,从而防止命令数据被窃取和篡改。Optionally, before sending the measurement status query command, the measurement command parameter of the command is encrypted or a check code is generated for verification, so as to prevent the command data from being stolen and tampered with.

步骤S42:度量命令处理模块获取所述程序的度量状态查询命令;Step S42: the measurement command processing module obtains the measurement status query command of the program;

在度量软件栈发送度量状态查询命令后,相应的,度量命令处理模块可以接收所述度量状态查询命令。After the measurement software stack sends the measurement status query command, correspondingly, the measurement command processing module can receive the measurement status query command.

可选的,在该命令的度量命令参数执行过加密或校验步骤时,本步骤还可以进一步在对所述度量命令参数进行解密或生成校验码进行校验后,得到该命令的度量命令参数。Optionally, when the measurement command parameter of the command has been encrypted or verified, this step can further obtain the measurement command of the command after decrypting the measurement command parameter or generating a verification code for verification parameter.

步骤S43:度量命令处理模块响应于所述程序的度量状态查询命令,在所述度量目标列表中查询得到与所述程序对应的度量目标的状态。Step S43: The metric command processing module queries the metric target list to obtain the status of the metric target corresponding to the program in response to the metric status query command of the program.

在查询得到所述度量目标的状态后,所述度量命令处理模块还进一步将包括度量目标的状态信息的响应通知发送至所述度量软件栈。After obtaining the status of the measurement target, the measurement command processing module further sends a response notification including the status information of the measurement target to the measurement software stack.

可选的,度量命令处理模块还可以在发送该响应通知前,对该响应的度量响应参数进行加密或生成校验码进行校验,从而防止响应数据被窃取和篡改。Optionally, before sending the response notification, the measurement command processing module may encrypt the measurement response parameter of the response or generate a verification code for verification, so as to prevent the response data from being stolen and tampered with.

步骤S44:度量软件栈获取所述度量状态查询命令的响应通知,确定所述度量目标的异常状态信息;Step S44: The measurement software stack obtains the response notification of the measurement state query command, and determines the abnormal state information of the measurement target;

度量软件栈可以通过接收度量命令处理模块发送的度量状态查询命令响应通知,从而获取所述度量目标的状态信息,确认所述度量目标的度量结果是否异常。The measurement software stack can obtain the status information of the measurement target by receiving the measurement status query command response notification sent by the measurement command processing module, and confirm whether the measurement result of the measurement target is abnormal.

其中,在所述度量目标的度量结果为异常时,则进行对应程序的异常处理,例如中止程序,在所述度量目标的度量结果不为异常时,则结束流程。Wherein, when the measurement result of the measurement object is abnormal, the abnormal processing of the corresponding program is performed, for example, the program is terminated, and when the measurement result of the measurement object is not abnormal, the process is ended.

可选的,在对应的度量响应参数执行过加密或生成校验码进行校验时,本步骤还可以进一步对所述度量响应参数进行解密或校验,从而得到该响应的度量响应参数。Optionally, when the corresponding measurement response parameter is encrypted or a verification code is generated for verification, this step may further decrypt or verify the measurement response parameter, so as to obtain the measurement response parameter of the response.

可以理解的是,确认所述度量目标的度量结果是否异常,从而避免利用虚假的度量状态信息对系统进行攻击的可能,提高系统的安全性。It can be understood that it is confirmed whether the measurement result of the measurement object is abnormal, so as to avoid the possibility of using false measurement state information to attack the system and improve the security of the system.

在一个可选的示例中,可以采用校验的方式实现对接口的安全保护。In an optional example, the security protection of the interface may be implemented in a verification manner.

具体的,如图9所示,在除了创建度量命令之外每条度量命令参数和度量响应参数的后面附件一个授权保护域,所述授权保护域中可以包括随机数和校验码。Specifically, as shown in FIG. 9 , an authorization protection field is attached to each measurement command parameter and measurement response parameter except the creation measurement command, and the authorization protection field may include a random number and a check code.

其中,随机数用于参与计算生成授权保护域中的校验码,所述随机数可以为Nonce随机数(Number once,即只使用一次的任意或非重复的随机数值),在度量命令参数中的随机数可以为CPU上度量服务调用者的随机数,在度量响应参数中的随机数可以为安全处理器上度量任务对应的随机数。CPU度量调用者每完成一条响应验证后更新自身随机数,即度量命令参数对应的随机数每校验一次度量响应参数数据后更新一次随机数,安全处理器每完成一条度量命令验证后更新对应度量任务的随机数,即,度量响应参数对应的随机数每校验一次度量命令参数后更新一次随机数,随机数的应用可以有效防止重放攻击。Wherein, the random number is used to participate in the calculation to generate the verification code in the authorization protection domain, and the random number can be a Nonce random number (Number once, that is, an arbitrary or non-repeating random value that is only used once), and in the measurement command parameter The random number may be the random number of the caller of the measurement service on the CPU, and the random number in the measurement response parameter may be the random number corresponding to the measurement task on the security processor. The CPU measurement caller updates its own random number after completing a response verification, that is, the random number corresponding to the measurement command parameter updates the random number after each verification of the measurement response parameter data, and the security processor updates the corresponding measurement after completing the verification of a measurement command The random number of the task, that is, the random number corresponding to the measurement response parameter is updated every time the measurement command parameter is verified. The application of the random number can effectively prevent replay attacks.

所述校验码用来确认命令或响应未被篡改,同时实现对调用命令操作指定度量任务的授权。其中,所述校验码可以为HMAC授权码(Hash Message Authentication Code,哈希消息授权码),参与计算生成对应度量命令参数的校验码的元素可以包括:度量命令参数,该条度量命令参数对应的随机数,上一条度量响应参数对应的随机数,以及一致性秘钥中的一个或多个参数;参与计算生成对应度量响应参数的校验码的元素可以包括:度量响应参数,该条响应对应的命令中的随机数,该条度量响应参数对应的随机数,以及一致性秘钥中的一个或多个参数。一致性秘钥通常由主密钥推导得出。The check code is used to confirm that the command or response has not been tampered with, and at the same time realize the authorization of the specified measurement task for invoking the command operation. Wherein, the verification code may be HMAC authorization code (Hash Message Authentication Code, hash message authorization code), and the elements involved in calculating the verification code corresponding to the measurement command parameter may include: measurement command parameter, the measurement command parameter The corresponding random number, the random number corresponding to the previous measurement response parameter, and one or more parameters in the consensus secret key; the elements involved in the calculation and generation of the verification code corresponding to the measurement response parameter may include: measurement response parameter, the item The random number in the command corresponding to the response, the random number corresponding to the parameter of the metric response, and one or more parameters in the consensus key. The consensus key is usually derived from the master key.

在一个可选的示例中,CPU上授权保护域的生成,以及相关命令和响应对应的加密与校验可以由度量软件栈完成,从而简化度量服务的使用。In an optional example, the generation of the authorization protection domain on the CPU, and the encryption and verification corresponding to the related commands and responses can be completed by the measurement software stack, thereby simplifying the use of the measurement service.

在一个可选的示例中,提供了相关命令的验证流程,具体的,参考图10,对命令的校验流程可以包括:In an optional example, a verification process of related commands is provided. Specifically, referring to FIG. 10, the verification process of commands may include:

步骤S51:度量软件栈生成度量命令参数的校验码,得到度量命令参数数据;Step S51: the measurement software stack generates a check code of the measurement command parameter to obtain the measurement command parameter data;

在度量软件栈调用相关命令后,发送相关命令前,可以基于度量命令参数,该条度量命令参数对应的随机数,上一条度量响应参数对应的随机数,以及一致性秘钥中的一个或多个参数,生成对应所述度量命令参数的校验码。After the measurement software stack calls the relevant command, before sending the relevant command, it can be based on the measurement command parameter, the random number corresponding to the measurement command parameter, the random number corresponding to the previous measurement response parameter, and one or more of the consistency key. parameters to generate a check code corresponding to the parameters of the measurement command.

在生成度量命令参数的校验码后,以所述度量命令参数、校验码和与所述度量服务调用者对应的随机数构成度量命令参数数据,并发送所述度量命令参数数据。After the check code of the measurement command parameter is generated, the measurement command parameter data is composed of the measurement command parameter, the check code and the random number corresponding to the measurement service caller, and the measurement command parameter data is sent.

其中,所述度量命令参数可以为采样命令、开始度量命令、停止度量命令、结束度量命令、或度量状态查询命令中的命令参数。Wherein, the measurement command parameter may be a command parameter in a sampling command, a start measurement command, a stop measurement command, an end measurement command, or a measurement status query command.

步骤S52:度量命令处理模块接收度量命令参数数据。Step S52: The measurement command processing module receives the parameter data of the measurement command.

步骤S53:度量命令处理模块根据所述校验码,校验所述度量命令参数数据,确定对应度量命令的度量命令参数。Step S53: The measurement command processing module verifies the measurement command parameter data according to the verification code, and determines the measurement command parameter corresponding to the measurement command.

基于所述度量命令参数数据中的度量命令参数以及该条度量命令参数对应的随机数,以及安全处理器中的上一条度量响应参数对应的随机数和一致性秘钥,可以实现对校验码的验证。Based on the measurement command parameter in the measurement command parameter data, the random number corresponding to the measurement command parameter, and the random number and consistency key corresponding to the previous measurement response parameter in the security processor, the verification code can be realized verification.

在另一个可选的示例中,提供了相关响应的验证流程,具体的,参考图11,对响应的校验流程可以包括:In another optional example, a verification process of related responses is provided. Specifically, referring to FIG. 11, the verification process of responses may include:

步骤S54:度量命令处理模块生成度量响应参数的校验码,得到度量响应参数数据;Step S54: the measurement command processing module generates a check code of the measurement response parameter, and obtains measurement response parameter data;

在度量命令处理模块响应相关命令后,发送相关响应通知前,可以基于度量响应参数,该条响应对应的命令中的随机数,该条度量命令参数对应的随机数,以及一致性秘钥中的一个或多个参数,生成对应所述度量命令参数的校验码。After the measurement command processing module responds to the relevant command, before sending the relevant response notification, it can be based on the measurement response parameter, the random number in the command corresponding to the response, the random number corresponding to the measurement command parameter, and the consistency key. One or more parameters, generating a check code corresponding to the parameters of the measurement command.

在生成度量响应参数的校验码后,以所述度量响应参数、校验码和与所述度量命令参数对应的随机数构成度量响应参数数据,并发送所述度量响应参数数据。After the check code of the measurement response parameter is generated, the measurement response parameter data, the check code and the random number corresponding to the measurement command parameter are used to form measurement response parameter data, and the measurement response parameter data is sent.

其中,所述度量响应参数可以为响应所述采样命令、开始度量命令、停止度量命令、结束度量命令、或度量状态查询命令后得到的响应参数。Wherein, the measurement response parameter may be a response parameter obtained after responding to the sampling command, start measurement command, stop measurement command, end measurement command, or measurement status query command.

步骤S55:度量软件栈接收度量响应参数数据。Step S55: The measurement software stack receives measurement response parameter data.

步骤S56:度量响软件栈根据所述校验码,校验所述度量响应参数数据,确定对应度量响应的度量命令参数。Step S56: The metric response software stack verifies the metric response parameter data according to the check code, and determines the metric command parameter corresponding to the metric response.

基于所述度量响应参数数据中的度量响应参数以及该条度量响应参数对应的随机数,以及CPU侧的上一条度量响应参数对应的随机数和一致性秘钥,可以实现对校验码的验证。Based on the metric response parameter in the metric response parameter data, the random number corresponding to the metric response parameter, and the random number and consistency key corresponding to the previous metric response parameter on the CPU side, the verification of the check code can be realized .

在一个可选的示例中,本发明实施例还提供了度量引擎的度量流程,具体的,参考图12,度量目标的度量流程可以包括:In an optional example, the embodiment of the present invention also provides a measurement process of the measurement engine. Specifically, referring to FIG. 12 , the measurement process of the measurement target may include:

步骤S61:获取度量目标;Step S61: Obtain the measurement target;

度量引擎可以周期性的从度量目标列表中获取度量目标,从而对度量目标进行度量。The measurement engine can periodically obtain the measurement target from the measurement target list, so as to measure the measurement target.

可以理解的是,在进行度量目标的获取的同时,还会从度量目标列表中获取与度量目标对应的代码起止地址,以便于进行程序代码的度量。It can be understood that, while acquiring the measurement target, the start and end addresses of the code corresponding to the measurement target are also obtained from the measurement target list, so as to measure the program code.

步骤S62:确定度量目标的使能状态,确定度量目标是否使能。Step S62: Determine the enabling status of the measurement target, and determine whether the measurement target is enabled.

可选的,度量引擎可以从度量目标列表中查询度量目标的使能状态,从而确定度量目标是否使能。Optionally, the measurement engine may query the enabling state of the measurement target from the measurement target list, so as to determine whether the measurement target is enabled.

其中,度量目标的使能状态为是,则继续执行后续步骤,对度量目标进行度量;度量目标的使能状态为否,则返回步骤S61,重新获取度量目标。Wherein, if the enabled state of the measurement target is Yes, continue to perform subsequent steps to measure the measurement target; if the enabled state of the measurement target is No, return to step S61 to obtain the measurement target again.

步骤S63:对度量目标进行度量,得到度量目标的度量值。Step S63: Measure the measurement target to obtain the measurement value of the measurement target.

度量通常通过计算度量目标的Hash值实现,从Hash值可以判断度量目标是否发生篡改,在本示例中,Hash算法可以为SM3,SHA1或SHA256。Measurement is usually implemented by calculating the Hash value of the measurement target. From the Hash value, it can be judged whether the measurement target has been tampered with. In this example, the Hash algorithm can be SM3, SHA1 or SHA256.

步骤S64:比较度量目标的度量值和度量基准值,确定度量目标是否异常。Step S64: Compare the measurement value of the measurement target with the measurement reference value, and determine whether the measurement target is abnormal.

其中,在度量目标为异常时,则执行步骤S65,在度量目标不为异常时,则返回步骤S61,重新获取度量目标。Wherein, when the measurement target is abnormal, execute step S65, and when the measurement target is not abnormal, return to step S61 to obtain the measurement target again.

步骤S65:发出异常处理通知,并更新度量目标的异常状态信息。Step S65: Send out an exception handling notification, and update the abnormal state information of the measurement target.

在度量目标为异常时,向CPU侧发出异常处理通知,同时,更新度量目标列表中对应度量目标的异常状态信息为异常。When the measurement target is abnormal, an exception handling notification is sent to the CPU side, and at the same time, the abnormal state information of the corresponding measurement target in the measurement target list is updated as abnormal.

本发明实施例在程序加载后采样得到用于在所述程序的度量过程中确定所述程序是否异常的度量基准值,从而可以实时设置对应所述程序的度量基准值,实现对程序的度量,而不必局限于预先设置了度量基准值的程序的度量,使用灵活方便。In the embodiment of the present invention, after the program is loaded, the measurement reference value used to determine whether the program is abnormal during the measurement process of the program is sampled, so that the measurement reference value corresponding to the program can be set in real time, and the measurement of the program is realized. Instead of being limited to the measurement of programs with preset measurement benchmark values, it is flexible and convenient to use.

并且,基于程序加载后得到度量基准值,可以不必考虑程序加载前的代码或参数的变化,使得本发明实施例所述的度量管理方法能够同时适用于加载前代码存储位置、运行参数等不确定的程序(例如虚拟机程序),具有更大的适用范围。Moreover, based on the metric reference value obtained after the program is loaded, it is not necessary to consider the changes in the code or parameters before the program is loaded, so that the metric management method described in the embodiment of the present invention can be applicable to uncertain code storage locations and operating parameters before loading. Programs (such as virtual machine programs) have a wider scope of application.

可选的,本发明实施例还可提供一种安全处理器,所述安全处理器用于执行上述基于安全处理器角度的度量管理方法。Optionally, the embodiments of the present invention may further provide a security processor, configured to execute the above-mentioned metric management method based on the perspective of the security processor.

可选的,本发明实施例还可提供一种安全处理器,所述安全处理器可以包括度量命令处理模块、度量目标列表和度量引擎,所述度量命令处理模块用于执行上述基于安全处理器角度的度量管理方法,所述度量目标列表用于存储度量目标、以及与所述度量目标对应的数据信息,所述度量引擎用于根据所述度量目标列表对度量目标执行度量。Optionally, an embodiment of the present invention may further provide a security processor, the security processor may include a measurement command processing module, a measurement target list, and a measurement engine, and the measurement command processing module is used to execute the above security processor-based In the measurement management method of an angle, the measurement target list is used to store the measurement target and data information corresponding to the measurement target, and the measurement engine is used to perform measurement on the measurement target according to the measurement target list.

可选的,本发明实施例还可提供一种处理器,所述处理器用于执行上述基于处理器角度的度量管理方法。Optionally, this embodiment of the present invention may further provide a processor, where the processor is configured to execute the foregoing metric management method based on a processor perspective.

可选的,本发明实施例还可提供一种处理器,所述处理器包括度量软件栈,所述度量软件栈用于执行上述基于处理器角度的度量管理方法。Optionally, an embodiment of the present invention may further provide a processor, where the processor includes a metric software stack, and the metric software stack is configured to execute the foregoing metric management method based on a processor perspective.

可选的,本发明实施例还可提供一种计算机系统,包括:上述任一安全处理器和上述任一处理器。Optionally, an embodiment of the present invention may further provide a computer system, including: any one of the above-mentioned security processors and any one of the above-mentioned processors.

可选的,本发明实施例还可提供一种存储介质,该存储介质可以存储,实现上述基于安全处理器角度的度量管理方法的程序,或实现上述基于处理器角度的度量管理方法的程序。Optionally, an embodiment of the present invention may further provide a storage medium, which may store a program for implementing the above-mentioned metric management method based on a security processor perspective, or a program for implementing the above-mentioned metric management method based on a processor perspective.

上文描述了本发明实施例提供的多个实施例方案,各实施例方案介绍的各可选方式可在不冲突的情况下相互结合、交叉引用,从而延伸出多种可能的实施例方案,这些均可认为是本发明实施例披露、公开的实施例方案。Multiple embodiment solutions provided by the embodiments of the present invention are described above, and the optional modes introduced by each embodiment solution can be combined and cross-referenced without conflict, thereby extending a variety of possible embodiment solutions, All of these can be regarded as the embodiment disclosures of the present invention and the disclosed embodiment solutions.

虽然本发明实施例披露如上,但本发明并非限定于此。任何本领域技术人员,在不脱离本发明的精神和范围内,均可作各种更动与修改,因此本发明的保护范围应当以权利要求所限定的范围为准。Although the embodiments of the present invention are disclosed above, the present invention is not limited thereto. Any person skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, so the protection scope of the present invention should be based on the scope defined in the claims.

Claims (24)

1. A method of metric management, applied to a secure processor, comprising:
after a program is loaded, acquiring a measurement target creation command of the program;
creating a metrology target corresponding to the program in a metrology target list in response to the metrology target creation command;
acquiring a sampling command for sampling a measurement reference value of the program, wherein the sampling command comprises a code start-stop address corresponding to a code of the program;
measuring codes in the code start-stop addresses in response to the sampling command, and setting a measured measurement value as a measurement reference value of the program to measure whether the program is abnormal or not based on the measurement reference value;
the measurement standard value, the code start-stop address, the enabling state of the measurement target, the main key of the measurement target and the measurement target are correspondingly stored in the measurement target list, and a measurement engine measures whether the program is abnormal or not based on data in the measurement target list; the enabling state of the measurement target is used for indicating a measurement engine to stop or execute the measurement task of the measurement target; the master key of the metrology target is used to encrypt or verify the metrology related commands.
2. The method according to claim 1, further comprising, after creating a metrology target corresponding to the program in a metrology target list, before the acquiring a sample command:
negotiating with a measurement management requester to obtain a master key corresponding to the measurement target, wherein the master key is used for encrypting or verifying interaction data with the measurement management requester;
the master key is stored in the measurement target list, and the master key is stored corresponding to the measurement target.
3. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring a start measurement command of the program;
and in response to a start measurement command of the program, updating the enabling state of the measurement target corresponding to the program in the measurement target list to be yes, wherein the enabling state of the measurement target is yes and is used for indicating a measurement engine to execute measurement tasks on the measurement target.
4. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring a stop measurement command of the program;
And in response to a stopping measurement command of the program, updating whether the enabling state of the measurement target corresponding to the program is in the measurement target list, and indicating that a measurement engine stops the measurement task of the measurement target if the enabling state of the measurement target is in the NO state.
5. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring a measurement state query command of the program;
inquiring abnormal state information of a measurement target corresponding to the program in the measurement target list in response to a measurement state inquiry command of the program;
and sending a response notice of the measurement state query command, wherein the response notice comprises abnormal state information of the measurement target.
6. The method of claim 1, wherein after setting the metric reference value of the program, the method further comprises:
acquiring an ending measurement command of the program;
and deleting a measurement target corresponding to the program and data information corresponding to the measurement target in the measurement target list in response to an ending measurement command of the program.
7. The method of claim 2, wherein after storing the master key in the metrics goal list, the method further comprises:
receiving measurement command parameter data, wherein the measurement command parameter data comprises measurement command parameters, a check code and a random number of a measurement service caller, and the check code is generated according to one or more parameters of the measurement command parameters, the random number corresponding to the last measurement response parameter and a consistency secret key; the consistency secret key is derived from the master secret key; the measurement command parameter is a command parameter in a sampling command, a start measurement command, a stop measurement command, an end measurement command or a measurement state query command;
and according to the check code, checking the measurement command parameter data to determine the measurement command parameter of the corresponding command.
8. The method of claim 7, wherein after storing the master key in the metrics goal list, the method further comprises:
generating a check code of a measurement response parameter to obtain measurement response parameter data, wherein the measurement response parameter data comprises measurement response parameters, the check code and random numbers corresponding to measurement response, the check code is generated according to the measurement response parameters, the random numbers in a command corresponding to the measurement response parameters, the random numbers corresponding to the measurement response parameters and one or more parameters in a consistency secret key; the measurement response parameters are response parameters obtained after responding to the sampling command, the start measurement command, the stop measurement command, the end measurement command or the measurement state query command;
And sending the measurement response parameter data.
9. The method of claim 8, wherein the random number corresponding to the metric command parameter is updated once per check of the metric response parameter data, and the random number corresponding to the metric response parameter is updated once per check of the metric command parameter.
10. A method of metric management, applied to a processor, comprising:
after a program is loaded, a measurement target creation command of the program is sent, wherein the measurement target creation command is used for indicating to create a measurement target corresponding to the program in a measurement target list;
acquiring a response notice of the measurement target creation command, and determining to create a measurement target of the program;
a sampling command is sent, the sampling command comprises a code start-stop address corresponding to the code of the program, the sampling command is used for indicating to sample the code in the code start-stop address, and a measurement value obtained by sampling is set as a measurement reference value of the program so as to measure whether the program is abnormal or not based on the measurement reference value;
acquiring a response notice of the sampling command, and determining that the program sets the measurement reference value;
The measurement standard value, the code start-stop address, the enabling state of the measurement target, the main key of the measurement target and the measurement target are correspondingly stored in the measurement target list, and a measurement engine measures whether the program is abnormal or not based on data in the measurement target list; the enabling state of the measurement target is used for indicating a measurement engine to stop or execute the measurement task of the measurement target; the master key of the metrology target is used to encrypt or verify the metrology related commands.
11. The method of claim 10, further comprising, after obtaining a response notification of the metrology target creation command, prior to sending a sample command:
negotiating with a measurement management executive party to obtain a master key corresponding to the program, wherein the master key is used for encrypting or verifying interaction data with the measurement management executive party;
storing a master key corresponding to the program.
12. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
transmitting a start measurement command of the program, wherein the start measurement command is used for indicating that the enabling state of a measurement target corresponding to the program is updated in the measurement target list, and the enabling state of the measurement target is yes and is used for indicating a measurement engine to execute a measurement task on the measurement target;
And acquiring response notification of the start measurement command, and determining that the enabling state of the measurement target corresponding to the program is yes.
13. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
a stopping measurement command of the program is sent, the stopping measurement command is used for indicating whether the enabling state of the measurement target corresponding to the program is updated in the measurement target list, and the enabling state of the measurement target is not used for indicating a measurement engine to stop the measurement task of the measurement target;
and acquiring response notification of the stopping measurement command, and determining whether the enabling state of the measurement target corresponding to the program is updated.
14. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
a measurement state query command of the program is sent, and the measurement state query command is used for indicating to query abnormal state information of a measurement target corresponding to the program in the measurement target list;
and acquiring response notification of the measurement state query command, and determining abnormal state information of the measurement target.
15. The method of claim 10, wherein after the obtaining the response notification of the sampling command, the method further comprises:
transmitting an end metric command of the program, wherein the end metric command is used for indicating to delete a metric target corresponding to the program in the metric target list and data information corresponding to the metric target;
and acquiring a response notice of the ending measurement command, determining to delete a measurement target corresponding to the program, and determining data information corresponding to the measurement target.
16. The method of claim 11, wherein after storing the master key corresponding to the program, the method further comprises:
generating a check code of the measurement command parameter to obtain measurement command parameter data; the measurement command parameter data comprises measurement command parameters, check codes and random numbers of measurement service callers, wherein the check codes are generated according to one or more parameters of the measurement command parameters, the random numbers corresponding to the last measurement response parameters and the consistency secret keys; the consistency secret key is derived from the master secret key; the measurement command parameter is a command parameter in a sampling command, a start measurement command, a stop measurement command, an end measurement command or a measurement state query command;
And sending the measurement command parameter data.
17. The method of claim 16, wherein after storing the master key corresponding to the program, the method further comprises:
receiving a check code of a metric response parameter to obtain metric response parameter data, wherein the metric response parameter data comprises the metric response parameter, the check code and a random number corresponding to the metric response, and the check code is generated according to the metric response parameter, the random number in a command corresponding to the response, the random number corresponding to the metric response parameter and one or more parameters in a consistency secret key; the measurement response parameters are response parameters obtained after responding to a sampling command, a start measurement command, a stop measurement command, an end measurement command or a measurement state query command;
and according to the check code, checking the metric response parameter data, and determining the metric response parameter of the corresponding response.
18. The method of claim 17, wherein the random number corresponding to the metric command parameter is updated once per check of the metric response parameter data, and the random number corresponding to the metric response parameter is updated once per check of the metric command parameter.
19. A security processor for performing the metric management method of any of claims 1 to 9.
20. A security processor, characterized in that the security processor comprises a metric command processing module for executing the metric management method of any one of claims 1 to 9, a metric target list for storing metric targets and data information corresponding to the metric targets, and a metric engine for executing metrics on the metric targets according to the metric target list.
21. A processor for performing the metric management method of any of claims 10 to 18.
22. A processor, characterized in that it comprises a metrics software stack for executing the metrics management method of any of claims 10-18.
23. A computer system, comprising: a secure processor as claimed in any one of claims 19 to 20 and a processor as claimed in any one of claims 21 to 22.
24. A storage medium storing a program for implementing the metric management method according to any one of claims 1 to 9, or a program for implementing the metric management method according to any one of claims 10 to 18.
CN202011138070.5A 2020-10-22 2020-10-22 Measurement management method and related equipment Active CN112256390B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011138070.5A CN112256390B (en) 2020-10-22 2020-10-22 Measurement management method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011138070.5A CN112256390B (en) 2020-10-22 2020-10-22 Measurement management method and related equipment

Publications (2)

Publication Number Publication Date
CN112256390A CN112256390A (en) 2021-01-22
CN112256390B true CN112256390B (en) 2023-08-29

Family

ID=74263522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011138070.5A Active CN112256390B (en) 2020-10-22 2020-10-22 Measurement management method and related equipment

Country Status (1)

Country Link
CN (1) CN112256390B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113157543B (en) * 2021-05-14 2023-07-21 海光信息技术股份有限公司 A trusted measurement method and device, server, and computer-readable storage medium
CN114238941A (en) * 2021-11-29 2022-03-25 海光信息技术股份有限公司 Program measurement verification method, device and system and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515316A (en) * 2008-02-19 2009-08-26 北京工业大学 Trusted computing terminal and trusted computing method
CN104298917A (en) * 2014-11-14 2015-01-21 北京航空航天大学 Virtual machine application program completeness measuring method based on TPM
CN109716345A (en) * 2016-04-29 2019-05-03 普威达有限公司 Computer implemented privacy engineering system and method
CN110024330A (en) * 2016-12-30 2019-07-16 英特尔公司 The service of IoT device is provided
CN111164952A (en) * 2017-11-16 2020-05-15 英特尔公司 Distributed software-defined industrial system
CN111638936A (en) * 2020-04-16 2020-09-08 中国科学院信息工程研究所 Virtual machine static measurement method and device based on built-in security architecture

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515316A (en) * 2008-02-19 2009-08-26 北京工业大学 Trusted computing terminal and trusted computing method
CN104298917A (en) * 2014-11-14 2015-01-21 北京航空航天大学 Virtual machine application program completeness measuring method based on TPM
CN109716345A (en) * 2016-04-29 2019-05-03 普威达有限公司 Computer implemented privacy engineering system and method
CN110024330A (en) * 2016-12-30 2019-07-16 英特尔公司 The service of IoT device is provided
CN111164952A (en) * 2017-11-16 2020-05-15 英特尔公司 Distributed software-defined industrial system
CN111638936A (en) * 2020-04-16 2020-09-08 中国科学院信息工程研究所 Virtual machine static measurement method and device based on built-in security architecture

Also Published As

Publication number Publication date
CN112256390A (en) 2021-01-22

Similar Documents

Publication Publication Date Title
CN112596802B (en) An information processing method and device
CN107408183B (en) Device attestation through a secure hardened management agent
CN100566243C (en) Use the computing equipment and the method thereof of fixed token and removable token
TWI598814B (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (uefi)-compliant firmware
US9288155B2 (en) Computer system and virtual computer management method
US9230129B1 (en) Software trusted computing base
US7484099B2 (en) Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment
CN111382445A (en) A Method for Providing Trusted Service by Using Trusted Execution Environment System
US9015454B2 (en) Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
US9584317B2 (en) Identifying security boundaries on computing devices
US10229272B2 (en) Identifying security boundaries on computing devices
WO2018177394A1 (en) Method and device for protecting android so file
CN112256392B (en) A measurement method, device and related equipment
CN112256390B (en) Measurement management method and related equipment
KR20220111586A (en) Security platform apparatus based on psa of arm in internet of things
CN111624937A (en) Protection method for PLC dynamic measurement of industrial control system and industrial control system PLC
CN112257064B (en) Nested page table measurement method, device and related equipment
Pop et al. Secure migration of WebAssembly-based mobile agents between secure enclaves
CN118520496A (en) Data processing method, system, electronic device and storage medium
CN117453343A (en) Virtual machine measurement and secret calculation authentication method, device, system and storage medium
Hao et al. Trusted block as a service: Towards sensitive applications on the cloud
JP6741236B2 (en) Information processing equipment
US20240089259A1 (en) Remote authorization control system, resource access apparatus, authentication apparatus, remote authorization control method and program
EP4174694A1 (en) Method for securely executing an application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载