CN-121996385-A - Integrity verification method and system supporting migration state of satellite-borne virtual load

Abstract

The invention discloses an integrity verification method and system supporting a satellite-borne virtual load migration state, wherein a task execution log of a source star node is extracted, a combined structure path of an operation section, an access section and a thread migration section is constructed, migration interrupt trigger points are identified, and a trigger path group is formed; further comparing the time sequence difference between the operation and the access segment, identifying the structure asymmetric segment, mapping the structure asymmetric segment to the target node, constructing a migration mapping relation group, quantifying the structure offset grade, and finally completing the credibility judgment and the structure injection or rollback based on the segment tail chain complementary relation. The method has high interpretation, low resource overhead and engineering suitability, and improves the state verification capability of the satellite-borne task migration.

Inventors

• LI CAI
• ZHAO HONGXIANG
• Rong Yanshou
• CHEN ZIJIAN
• LIU XIN

Assignees

• 天勰力(山东)卫星技术有限公司

Dates

Publication Date

20260508

Application Date

20260129

Claims (10)

1. 1. An integrity verification method supporting a migration state of a satellite-borne virtual load is characterized by comprising the following steps: S101, extracting a task execution log of a virtual load instance to be migrated in a source star node, analyzing three marking segments of an operation segment mark, a thread migration segment boundary and a memory access segment boundary from the task execution log, and constructing an initial association segment set according to intra-thread offset and time marks of access segments; S102, constructing a combined segment path based on an operation segment mark and a thread migration segment boundary in an initial association segment set, positioning a migration interrupt trigger point in a scheduling cache history according to a topological structure and a return sequence of the combined segment path, and aggregating structural segments covered by the trigger point into a trigger path group; S103, matching the reverse rearranged operation group with the original calling sequence according to the time sequence relation of the fragments in the trigger path group to form a thread operation corresponding group, and identifying a structure asymmetric fragment group based on the cis-position difference and time association of the operation-access fragments; S104, mapping the structure asymmetric segment group to a resource scheduling section of a target star node, constructing a migration mapping relation group according to the position change and thread switching information of the mapping segment, and calculating the migration structure offset grade; S105, whether the structure offset grade displayed by the migration mapping relation group is acceptable or not is judged, meanwhile, the section tail mark of the trigger path group is checked, the section tail chain group is constructed through the section tail exchange relation, if the structure offset grade meets the standard and the section tail chain group has the complementary staggered relation, the trusted migration structure is confirmed, the structure injection is executed, and if not, the original structure rollback process is triggered.
2. 2. The method for verifying integrity supporting an on-board virtual load migration state according to claim 1, wherein the constructing logic of the initial association fragment set is: Identifying access fragments one by one in a source star node task execution log, and distributing an intra-thread offset index for each access fragment according to the arrangement sequence of the access fragments in the belonging thread fragments to form an infrastructure sequence in the thread fragments; extracting time marks of the operation fragments from all the operation fragments, arranging the operation fragments according to time sequences of the time marks, and retrieving the time marks of the operation fragments corresponding to each access fragment for the first time from an arrangement result to obtain reference time marks corresponding to the access fragments; integrating the intra-thread offset index of the access fragment, the corresponding thread number and the reference time mark into a ternary combination unit, and recording the ternary combination unit into an index recording table; Respectively aggregating all ternary combination units according to thread fragments by taking the thread numbers as classification basis, and arranging the ternary combination units in each aggregation group in ascending order according to offset indexes to form a time sequence structure chain between an access fragment and a reference time mark thereof; and combining the time sequence structure chains corresponding to all the thread fragments according to the thread numbering sequence to generate an initial association fragment set taking the offset index and the time mark as core structures.
3. 3. The method of claim 2, wherein the forming a time-series structure chain between the access segment and its reference time stamp comprises: for each thread segment, generating a continuous offset number for the thread segment according to the arrangement position of the access segment in the thread segment, and recording the offset number as an offset sequence index of the access segment; Forming an offset-time key value pair by each offset sequence index and a corresponding reference time mark, and forming an offset-time node set by taking the key value pair as a basic element for forming a graph node; the nodes in the offset-time node set are connected one by one according to the sequence from small to large of the time marks, and a time continuous path chain of the access segment in the single-thread dimension is constructed; Grouping the time continuous path chains respectively constructed by taking the thread identifiers as index identifiers aiming at a plurality of thread fragments, and forming an access-time mapping diagram of the cross threads by using the grouping structure; The access-time mapping diagram is used as a local index frame of a time sequence structure chain, so that the internal time sequence structure of the access fragment in the cross-thread process can be expressed in a fixed diagram level structure.
4. 4. The method for verifying the integrity of supporting a migration state of a virtual load on a satellite vehicle according to claim 1, wherein the matching the operation group rearranged in reverse with the original calling order to form the thread operation corresponding group includes: Recording the position index of each operation fragment in the rearrangement sequence for each operation fragment in the operation group which is rearranged reversely, and simultaneously recording the thread identification corresponding to the operation fragment in the original task execution log so as to form a rearrangement index record of the operation fragment; extracting the original occurrence sequence of the access fragment in each thread fragment, and establishing an access fragment sequence according to the sequence of the access fragment so as to preserve the access calling sequence in the thread; The thread mark is used as an association key, a corresponding record is established between the rearrangement index of the operation fragment and the sequence of the access fragment, and screening is carried out according to whether the adjacency relation exists between the operation fragment and the time mark region of the access fragment in the original log, so that a candidate fragment pairing table is formed; Selecting segment pairs with consistent threads and adjacent time marks from the candidate segment pairing table, recording the segment pairs as operation-access segment corresponding relation entries, and classifying the segments according to thread numbers; The operation-access fragment correspondence entries within each thread group are combined to form a thread operation correspondence group to provide a pairing structure representation between the operation path and the access logic.
5. 5. The method for verifying the integrity of supporting an on-board virtual load migration state according to claim 4, wherein the pairing relation construction manner of the operation fragment index and the access fragment index comprises: recording the rearranged sequence number of each operation fragment from the operation group rearranged reversely, taking the number as the operation index of the operation fragment, and summarizing in a record table; Generating continuous sequence numbers for the access fragments according to the original appearance sequence of the access fragments in the thread fragments, taking the numbers as access indexes of the access fragments, and recording the calling time ranges of the access fragments; Constructing a candidate matching matrix based on the thread identifier of the operation fragment and the thread identifier of the access fragment, and selecting candidate pairing combinations which meet the condition that threads are identical and have adjacent time ranges according to whether the time ranges of the operation index and the access index overlap or not as screening conditions; recording the operation fragment and access fragment combinations meeting the time overlapping and cis-position connection conditions as effective fragment pairing groups, and establishing operation-access double-index record entries for each combination; and integrating the effective fragment combination entries corresponding to all threads to form a dual-path connection index group, and taking the dual-path connection index group as a composition basis of the thread operation corresponding group.
6. 6. The method for verifying the integrity of supporting a migration state of a virtual load on a satellite according to claim 1, wherein the identifying manner of the asymmetric segment group comprises: extracting each operation-access fragment pairing combination from the thread operation corresponding group, and recording the occurrence sequence numbers of the operation fragments and the access fragments in the original thread fragments respectively; Taking the sequence of the operation fragments as a reference, marking the sequence number difference value of each pair of operation-access fragments as sequence offset, and forming a sequence difference tuple by the offset and the thread identifier; Filtering the non-zero items of the offset in all the cis-position difference tuples, and verifying whether the offset has a crossing cis-position reversing characteristic, namely that the access fragment appears after the operation fragment; Grouping tuples with crossing cis-inversion characteristics according to thread identifications, and combining corresponding fragment pairs in each group as structurally asymmetric candidate fragments; and carrying out de-duplication and renumbering on all the structure asymmetric candidate fragment combinations to obtain a structure asymmetric fragment group so as to represent a key position set with a structural offset phenomenon between operation-access call paths.
7. 7. The method for verifying integrity of support for a migration state of a virtual load on a satellite as defined in claim 1, wherein the verifying the span-wise cis-inversion feature of the cis-delta tuple comprises: Defining the order number difference value of each operation-access fragment combination as an operation preposition quantity, and judging that the abnormal condition that the access fragment order takes precedence over the operation fragment possibly exists if the value is smaller than zero; summarizing the corresponding access fragments of all the combinations with the operation prepositions of negative values according to the thread identifications and searching the real calling time of the access fragments in the execution log; If the calling time of the access fragment is later than that of the related operation fragment, the pseudo-inversion combination is judged to be eliminated, otherwise, the pseudo-inversion combination is regarded as effective cis-inversion; all valid cis-reverse combinations are constructed into fragment pairs with offset labels, and a spanning feature identifier is added for each combination to support subsequent mapping analysis; summarizing the combination with the crossing characteristic identifier into a structure asymmetry confirmation set, and extracting a structure asymmetry fragment group from the structure asymmetry confirmation set so as to further support a structure consistency comparison flow.
8. 8. The method for verifying the integrity of supporting a migration state of a satellite-borne virtual load according to claim 1, wherein the constructing logic of the migration mapping relation group is: Extracting fragment entities with the same number as the asymmetric fragment group of the source node structure from the target star node, and marking the thread number and the intra-fragment offset position of each fragment entity; taking the thread number and the offset position of each structure asymmetric segment in the source node as a source tag, and constructing a mapping pair corresponding to the position characteristics of the same-numbered segments in the target star node; if the position features of the same-numbered fragments in the target node have thread number change or offset cis-position change, the position features are regarded as effective structure offset mapping entries and recorded as structure variation pairs; Reconstructing all the structural variation pairs into position offset tracks according to fragment numbers, and generating a thread-offset track mapping table; And arranging all mapping entries with position change or thread switching in the mapping table into a migration mapping relation group to serve as an input basis for migration consistency analysis.
9. 9. The method of claim 8, wherein the calculating the level of structural offset for the migration comprises: counting the total number of all fragment numbers in the asymmetric fragment group of the structure, and constructing a number summary table as an original structure reference set; Extracting all fragment entries with offset or thread number change from the migration mapping relation group to form a mapping offset set; Calculating the coverage proportion of the fragment numbers in the original structure reference set in the mapping offset set, and constructing a proportion analysis table; setting a structural deviation proportion threshold interval, and marking as high deviation, medium deviation or low deviation grades according to the interval where the coverage proportion is in the proportion analysis table; And taking the offset grade as a consistency grade index of the migration state, and generating a final consistency verification result in an index system.
10. 10. An integrity verification system supporting a migration state of a satellite-borne virtual load, based on the implementation of the integrity verification method supporting a migration state of a satellite-borne virtual load as claimed in any one of claims 1 to 9, which is characterized by comprising a log analysis module, a path construction module, an operation pairing module, a mapping analysis module and a consistency verification module, wherein data transmission is performed between the modules through wires and/or wirelessly; The log analysis module extracts a task execution log of a virtual load instance to be migrated in a source star node, analyzes three marking segments of an operation segment mark, a thread migration segment boundary and a memory access segment boundary from the task execution log, and constructs an initial association segment set according to intra-thread offset and time marks of the access segments; The path construction module is used for constructing a combined segment path based on the operation segment marks and the thread migration segment boundaries in the initial association segment set, positioning migration interrupt trigger points in the scheduling cache history according to the topology structure and the return sequence of the combined segment path, and aggregating the structural segments covered by the trigger points into a trigger path group; The operation pairing module is used for matching the reverse rearranged operation group with the original calling sequence according to the time sequence relation of the fragments in the trigger path group to form a thread operation corresponding group, and identifying a structure asymmetric fragment group based on the cis-position difference and time association of the operation-access fragments; The mapping analysis module is used for mapping the structure asymmetric segment group to a resource scheduling section of a target star node, constructing a migration mapping relation group according to the position change and the thread switching information of the mapping segment, and calculating the migration structure offset grade; and the consistency verification module is used for constructing a segment tail chain group through a segment tail exchange relation based on whether the structure offset grade displayed by the migration mapping relation group is acceptable or not, checking the segment tail mark of the trigger path group, confirming a trusted migration structure if the structure offset grade meets a trusted standard and the segment tail chain group has a complementary exchange relation, executing structure injection, and otherwise, triggering the original structure rollback process.

Description

Integrity verification method and system supporting migration state of satellite-borne virtual load Technical Field The invention relates to the technical field of satellite computing task scheduling and state verification, in particular to an integrity verification method and system supporting a satellite-borne virtual load migration state. Background With the development of a shared constellation system, more and more satellite platforms support deployment of a plurality of virtual load examples in a virtualization mode, so that users with different tasks can flexibly rent computing resources or sensor resources in on-board nodes to form a virtual load management mode oriented to multiple tenants. In order to meet the task dynamic scheduling requirement, the virtual load is frequently migrated, suspended and recovered among satellites, and fault takeover and other operations are increasingly frequent. In a traditional trusted computing system, a trusted execution environment is often adopted to isolate and protect key operations in an execution process so as to ensure the safety of the operation. However, the TEE mechanism is mostly built based on fixed nodes, lacks the capability of carrying out overall process tracking and verification on the state evolution of the virtual load in the process of cross-node migration, and is difficult to meet the requirements of integrity verification on migration states in a satellite-borne environment. The existing integrity verification mechanism such as chain hash, full task backtracking or Merkle tree signature and other methods can realize the safety confirmation of an execution path in theory, but generally have the problems of high computing resource consumption, high communication overhead, strong hardware dependence and the like, and are difficult to directly adapt to the practical limitations of limited computing capacity, high communication delay, sensitive power consumption and the like in a satellite-borne platform. In addition, the existing method generally takes whether the structures are completely consistent or not as a judging basis, and lacks analysis on the structure corresponding relation between an operation path and an access call in the process of migration of the threads, so that non-consistent structure variation phenomena such as offset, dislocation or cross-thread mapping of operation access cannot be identified, and a refined offset grade evaluation system cannot be established, so that the credibility judging capability of fault-tolerant migration or partial abnormal migration is limited. In view of the above, the present invention provides an integrity verification method and system supporting a migration state of a satellite-borne virtual load, which solve the above-mentioned problems. Disclosure of Invention The invention aims to provide an integrity verification method and system supporting a satellite-borne virtual load migration state, which solve the problem that a lightweight, interpretable and non-static structure integrity verification mechanism is lacked in the satellite-borne virtual load migration process in the prior art. In order to achieve the above object, the present invention provides the following technical solutions: in a first aspect, the present invention provides an integrity verification method supporting a migration state of a satellite-borne virtual load, including the steps of: S101, extracting a task execution log of a virtual load instance to be migrated in a source star node, analyzing three marking segments of an operation segment mark, a thread migration segment boundary and a memory access segment boundary from the task execution log, and constructing an initial association segment set according to intra-thread offset and time marks of access segments; S102, constructing a combined segment path based on an operation segment mark and a thread migration segment boundary in an initial association segment set, positioning a migration interrupt trigger point in a scheduling cache history according to a topological structure and a return sequence of the combined segment path, and aggregating structural segments covered by the trigger point into a trigger path group; S103, matching the reverse rearranged operation group with the original calling sequence according to the time sequence relation of the fragments in the trigger path group to form a thread operation corresponding group, and identifying a structure asymmetric fragment group based on the cis-position difference and time association of the operation-access fragments; S104, mapping the structure asymmetric segment group to a resource scheduling section of a target star node, constructing a migration mapping relation group according to the position change and thread switching information of the mapping segment, and calculating the migration structure offset grade; S105, whether the structure offset grade displayed by the migration mapping relation group is