Search

CN-122020637-A - Trusted instruction set simulation management method and device

CN122020637ACN 122020637 ACN122020637 ACN 122020637ACN-122020637-A

Abstract

The application discloses a trusted instruction set simulation management method and device. The method comprises the steps of running a virtual execution environment, loading and running an executable program, wherein the virtual execution environment is used for simulating instruction execution, memory access and peripheral interaction of a target CPU, the executable program comprises at least one of trusted firmware, a security check module and a trusted computing component depending on a hardware isolation mechanism, determining risks caused by loopholes of the target CPU by monitoring the executable program in the process of running the executable program by the virtual execution environment, and executing corresponding dynamic protection operation according to the types of the risks, so that enhanced security is provided for the trusted computing component running in the virtual execution environment. The application solves the technical problem that the defect exists in guaranteeing the credible calculation security on the hardware with the defect.

Inventors

  • TIAN JIANSHENG
  • Duan Guna
  • Dong Junbin
  • LI TONGXING
  • WANG ANSHENG

Assignees

  • 北京可信华泰技术服务有限公司
  • 北京可信华泰信息技术有限公司

Dates

Publication Date
20260512
Application Date
20251225

Claims (10)

  1. 1. A trusted instruction set simulation management method, comprising: running a virtual execution environment, wherein the virtual execution environment is used for simulating instruction execution, memory access and peripheral interaction of a target CPU, and loading and running an executable program, and the executable program comprises at least one of trusted firmware, a security verification module and a trusted computing component depending on a hardware isolation mechanism; determining a risk caused by a vulnerability of the target CPU by monitoring the executable program in the process of running the executable program by the virtual execution environment; and executing corresponding dynamic protection operation according to the risk type, thereby providing enhanced security for the trusted computing component running in the virtual execution environment.
  2. 2. The method of claim 1, wherein determining the risk posed by the vulnerability of the target CPU during execution of the executable program by the virtual execution environment by monitoring the executable program comprises: And in the process of running the executable program in the virtual execution environment, carrying out real-time monitoring and behavior analysis of an instruction level, namely identifying risks caused by the loopholes of the target CPU by dynamically matching an instruction sequence of an execution flow with a predefined CPU loophole feature model, wherein the CPU loophole feature model at least comprises a feature model of at least one of loopholes of utilizing a cache side data leakage channel of the target CPU, loopholes of utilizing the target CPU to break through a hardware isolation mechanism, loopholes of utilizing a loophole instruction of the target CPU to cause buffer overflow and loopholes of utilizing the target CPU to interfere a security check flow.
  3. 3. The method of claim 2, wherein identifying the risk posed by the vulnerability of the target CPU by dynamically matching the instruction sequence of the execution flow with a predefined CPU vulnerability characterization model comprises: performing instruction level audit on the memory access behavior during operation, and identifying a risk instruction sequence for calling a cache side data leakage channel according to the CPU vulnerability characteristic model; Performing secondary verification on the instruction interaction of the cross-security domain, and identifying a risk instruction sequence of the illegal memory access request according to the CPU vulnerability characteristic model; Carrying out full-path scanning on the instruction sequence through a pre-execution checking and dynamic reinforcement system, and identifying a risk instruction sequence with buffer overflow risk according to the CPU vulnerability characteristic model; and (3) monitoring the whole process of the encryption operation instruction in the verification process, and identifying fault injection attack by utilizing a dynamic analysis technology, so that a risk instruction sequence with the risk of bypassing verification is identified according to the CPU vulnerability characteristic model.
  4. 4. The method of claim 1, wherein performing the corresponding dynamic guard operation according to the risk type to provide enhanced security for the trusted computing component running in the virtual execution environment comprises: and triggering and executing corresponding dynamic protection operation at the instruction execution level of the virtual execution environment in response to the risk type corresponding to the identified risk instruction sequence, wherein the dynamic protection operation comprises at least one of blocking the risk instruction sequence identified as malicious or defective through an instruction interception mechanism and replacing the risk instruction sequence.
  5. 5. The method of claim 4, wherein triggering and executing the corresponding dynamic guard operation at the instruction execution level of the virtual execution environment comprises: Under the condition that the risk instruction sequence has the risk of calling the data leakage channel at the cache side, intercepting the risk instruction sequence with the action of calling the data leakage channel at the cache side, and generating a repair instruction in real time in the virtual execution environment by combining with the JIT binary patch technology to replace a bug code segment in the firmware execution flow; under the condition that the risk instruction sequence has illegal memory access risk, intercepting the risk instruction sequence of the illegal memory access request by utilizing a reconfigurable isolation rule of the virtual execution environment, and simulating the intensified memory protection unit logic through the virtual execution environment so that hardware isolation is broken through and still the security domain isolation can be maintained at the instruction execution level; Under the condition that the risk instruction sequence has buffer overflow risk, intercepting the risk instruction sequence with buffer overflow risk, and running an instruction replacement algorithm of the virtual execution environment to replace the risk instruction sequence with a safety equivalent instruction, and locking an associated configuration register to prevent the firmware from being illegally tampered; Under the condition that the risk instruction sequence has the check bypass risk, the risk instruction sequence with the check bypass risk is intercepted, the execution integrity of a related checking flow is ensured by simulating a trusted measurement logic, and check counterfeiting caused by loopholes is avoided.
  6. 6. The method of claim 1, wherein building the virtual execution environment for emulating an instruction set of a target CPU comprises: acquiring ELF files, memory area layout information, a target simulator and a peripheral simulation assembly; Selecting a target simulator corresponding to the target CPU from a plurality of simulators according to the configuration of the ELF file, and configuring a basic operation mode and an exception handling callback function of the target simulator, wherein the plurality of simulators correspond to a plurality of CPU instruction set architectures; According to the address distribution of the ELF file records, a function uc.mem_map () is called to map a continuous memory area, the read-write authority of the memory area is set, and the code segment and the data segment read from the program header table of the ELF file by utilizing a pyelftools library are written into the corresponding virtual address through the function uc.mem_write (); Registering a memory read-write hook through a function uc.hook_add () for a peripheral register address accessed in the ELF file, and simulating peripheral behaviors in the callback function, thereby realizing hardware interaction logic; configuring a stack pointer and a program counter to point to an entry point according to the requirements of the ELF file, wherein the entry point is used as an analog starting address; The call function uc.emu_start () is executed from the entry point, and the execution range is controlled by the function uc.emu_stop ().
  7. 7. The method according to any one of claims 1 to 6, wherein the trusted instruction set simulation management method is applicable to security development and test scenarios, CPU loopholes and security check mechanism test scenarios, and edge computation scenarios.
  8. 8. A trusted instruction set simulation management apparatus, comprising: The running unit is used for running a virtual execution environment which is used for simulating instruction execution, memory access and peripheral interaction of the target CPU, loading and running an executable program, wherein the executable program comprises at least one of trusted firmware, a security check module and a trusted computing component which depends on a hardware isolation mechanism; A determining unit, configured to determine, by monitoring the executable program, a risk caused by a vulnerability of the target CPU during the process of running the executable program in the virtual execution environment; and the management unit is used for executing corresponding dynamic protection operation according to the risk type so as to provide enhanced security for the trusted computing component running in the virtual execution environment.
  9. 9. A computer readable storage medium, characterized in that the storage medium comprises a stored program, wherein the program when run performs the method of any of the preceding claims 1 to 7.
  10. 10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor performs the method of any of the preceding claims 1 to 7 by means of the computer program.

Description

Trusted instruction set simulation management method and device Technical Field The application relates to the field of computer security, in particular to a trusted instruction set simulation management method and device. Background This section is intended to provide a background or context for the matter recited in the claims or specification, which is not admitted to be prior art by inclusion in this section. Trusted computing technology aims to ensure the trustworthiness of a computing environment throughout the process from system start-up to application execution. The core of the system relies on a series of security mechanisms of hardware and firmware, including security start based on trust root, hardware level isolation realized by utilizing CPU hardware characteristics (such as ARM TrustZone and Intel SGX), integrity check and update of trusted firmware, and trusted security check flow for measuring and verifying system components. However, existing trusted computing systems are highly dependent on the correctness and security of the underlying CPU hardware. In recent years, the endless CPU microarchitecture loopholes expose fundamental defects at the hardware level. These vulnerabilities allow an attacker to steal sensitive data or execute malicious code using optimization mechanisms such as predictive execution, caching, etc. of the CPU, bypassing the security boundaries set by the operating system and even the hardware isolation mechanisms. Specifically, CPU vulnerabilities pose a serious threat to the links of trusted computing, namely 1) the trusted firmware operating environment may be destroyed, sensitive data of the trusted firmware during operation may be revealed, 2) a hardware-level isolation mechanism may be disabled, 3) the trusted firmware itself may be attacked and tampered by using, and 4) the trusted security verification process may be interfered or bypassed, so that illegal operations are misjudged as legal. In the face of CPU hardware vulnerabilities, conventional software patches or firmware updates often only can mitigate specific attack paths, and may affect system performance, and cannot fundamentally provide an absolute secure operating base for trusted computing components on defective hardware. Hardware replacement is costly and impractical. Therefore, how to construct a controlled secure execution environment capable of resisting the threat of the vulnerability of the underlying hardware for the key trusted computing component on the existing vulnerable CPU hardware becomes a technical problem to be solved. In view of the above problems, no effective solution has been proposed at present. Disclosure of Invention The embodiment of the application provides a trusted instruction set simulation management method and device, which are used for at least solving the technical problem that the security of trusted computing is ensured to be defective on defective hardware. According to one aspect of the embodiment of the application, a trusted instruction set simulation management method is provided, and the method comprises the steps of running a virtual execution environment which is used for simulating instruction execution, memory access and peripheral interaction of a target CPU, loading and running an executable program, wherein the executable program comprises at least one of trusted firmware, a security check module and a trusted computing component which depends on a hardware isolation mechanism, determining risks caused by loopholes of the target CPU by monitoring the executable program in the process of running the executable program by the virtual execution environment, and executing corresponding dynamic protection operation according to the risk types, so that enhanced security guarantee is provided for the trusted computing component running in the virtual execution environment. Optionally, determining the risk caused by the bug of the target CPU by monitoring the executable program in the process of running the executable program by the virtual execution environment comprises performing instruction-level real-time monitoring and behavior analysis in the process of running the executable program by the virtual execution environment, wherein the instruction sequence of an execution flow is dynamically matched with a predefined CPU bug feature model to identify the risk caused by the bug of the target CPU, and the CPU bug feature model at least comprises a feature model of at least one of utilizing the bug of a cache side data leakage channel of the target CPU, utilizing the bug of the target CPU to break through a hardware isolation mechanism, utilizing the bug of the target CPU to cause buffer overflow and utilizing the bug instruction of the target CPU to interfere with a security check flow. The method comprises the steps of carrying out instruction level audit on memory access behaviors in running, identifying a risk instruction sequence of a data leakage chan