CN114201761B - Enhancing metric agent security in trusted computing systems - Google Patents
Enhancing metric agent security in trusted computing systems Download PDFInfo
- Publication number
- CN114201761B CN114201761B CN202210145114.XA CN202210145114A CN114201761B CN 114201761 B CN114201761 B CN 114201761B CN 202210145114 A CN202210145114 A CN 202210145114A CN 114201761 B CN114201761 B CN 114201761B
- Authority
- CN
- China
- Prior art keywords
- access control
- predetermined
- security
- agent
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
 
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present specification provide methods for enhancing metered agent security in a trusted computing system and trusted computing systems capable of enhancing metered agent security. The method can comprise the following steps: responsive to a measurement agent being loaded into a load memory region, calculating a current hash value of the load memory region; verifying whether the current hash value matches a predetermined hash value in a security rule configuration; identifying current access control permissions for the metering agent; verifying whether the current access control permission matches a predetermined access control permission in a security rule configuration; and in response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission, determining that the metric agent meets a security requirement.
    Description
Technical Field
      The present specification embodiments relate to trusted computing, and in particular, to enhancing the security of a metering agent in a trusted computing system.
    Background
      Trusted computing systems require their own high security mechanisms. Trusted computing systems typically include a computing subsystem, a trusted subsystem, and the like. A computing subsystem is the subject of the implementation of computations and may also be referred to as a host system, host computer, or the like. The trusted subsystem operates in parallel with the compute subsystem, but the operation of the trusted subsystem is logically independent of the compute subsystem. The trusted subsystem can provide trusted support functions for the computing subsystem in an active manner. 
      The metrics agent is program code deployed in the compute subsystem that is capable of performing static metrics and dynamic metrics on the compute subsystem to obtain system state information for the compute subsystem. The trusted subsystem can know the security state of the computing subsystem by measuring the measurement result of the proxy and verify whether the state of the computing subsystem is trusted.
      Compared with an independently operated trusted subsystem, the measurement proxy is operated in an open computing subsystem with a lower security level, and the security of the operation environment cannot be effectively guaranteed. If the function code, operation logic, measurement result, etc. of the measurement agent are subjected to illegal intrusion or tampering, the authenticity and reliability of measurement cannot be guaranteed. Thus, the security of the metering agent itself may become a security stub for the entire trusted computing system.
      Existing whitelisting mechanisms specify trusted measurement objects for the measurement proxy, e.g., Basic Input Output System (BIOS), Baseboard Management Controller (BMC), operating system key code, values of key registers, etc., such that measurement results for these measurement objects will be considered trustworthy, while measurement results for other objects will be considered untrustworthy. This white list mechanism can only circumvent some malicious attacks, but does not provide security guarantees at runtime. In fact, the white-listing mechanism also does not trust authentication of the measurement proxy itself. In addition, the white list mechanism also has a limitation of poor applicability. 
      Therefore, a mechanism is needed to effectively guarantee the security of the metrology agent, so as to further guarantee the overall metrology security of the trusted computing system by enhancing the security of the metrology agent.
    Disclosure of Invention
      In view of the foregoing, embodiments of the present specification propose effective mechanisms to enhance the security of a metering agent in a trusted computing system. The embodiments of the present description provide security protection at a hardware level for the measurement proxy, which is also significant for improving the security of the entire trusted computing system. The embodiment of the specification realizes the hardware level security protection of the operation environment of the measurement proxy by at least utilizing a memory access control mechanism, an encryption mechanism and the like. By performing encryption, hash value verification, access control authority verification, and the like on a memory area corresponding to a metric agent, the embodiments of the present specification can effectively enhance the security of the metric agent, for example, ensure that the metric agent itself has confidentiality, integrity, and non-tamper-resistance, and thus can prevent malicious intrusion, prevent malicious modification of codes and data, and the like.
      According to an aspect of embodiments of the present specification, there is provided a method for enhancing security of a metric agent in a trusted computing system, comprising: in response to a measurement agent being loaded into a load memory region, calculating a current hash value of the load memory region; verifying whether the current hash value matches a predetermined hash value in a security rule configuration; identifying current access control permissions of the metering agent; verifying whether the current access control permission matches a predetermined access control permission in a security rule configuration; and in response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission, determining that the metric agent meets a security requirement. 
      According to another aspect of embodiments herein, there is provided a trusted computing system comprising: a compute subsystem including a metrics proxy; and a trusted subsystem including a Trusted Platform Control Module (TPCM). The TPCM configured to: responsive to the metric agent being loaded into a load memory region of the compute subsystem; calculating the current hash value of the loaded memory area; verifying whether the current hash value matches a predetermined hash value in a security rule configuration; identifying current access control permissions of the metering agent; verifying whether the current access control permission matches a predetermined access control permission in a security rule configuration; and in response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission, determining that the metric agent meets a security requirement.
    Drawings
      A further understanding of the nature and advantages of the contents of the embodiments of the present specification may be realized by reference to the following drawings. In the drawings, similar components or features may have the same reference numerals.
      FIG. 1 illustrates an exemplary architecture of a trusted computing system according to embodiments. 
      Fig. 2 illustrates an exemplary process at the security rule configuration generation stage, according to an embodiment.
      Fig. 3 illustrates an exemplary process at the measurement agent execution stage, according to an embodiment.
      FIG. 4 sets forth a flow chart illustrating an exemplary method for enhancing security of a metering agent in a trusted computing system according to embodiments.
    Detailed Description
      The subject matter described herein will be discussed with reference to example embodiments. It should be understood that these embodiments are discussed only to enable those skilled in the art to better understand the subject matter described herein and are not intended to limit the scope, applicability, or examples set forth in the claims. Changes may be made in the function and arrangement of elements discussed without departing from the scope of the embodiments as set forth in the specification. Various examples may omit, substitute, or add various procedures or components as necessary. In addition, features described with respect to some examples may also be combined in other examples.
      As used herein, the term "include" and its variants mean open-ended terms in the sense of "including, but not limited to. The term "based on" means "based at least in part on". The terms "one embodiment" and "an embodiment" mean "at least one embodiment". The term "another embodiment" means "at least one other embodiment". The terms "first," "second," and the like may refer to different or the same object. Other definitions, whether explicit or implicit, may be included below. The definition of a term is consistent throughout the specification unless the context clearly dictates otherwise. 
      Fig. 1 illustrates an exemplary architecture of a trusted computing system  100, according to an embodiment.
      The trusted computing system  100 may include a trusted subsystem  110, a computing subsystem  120, a memory access control hardware module  130, and the like. It should be appreciated that for simplicity, only the above-described exemplary modules in trusted computing system  100 are shown in FIG. 1, and that in actual implementation, trusted computing system  100 may include many more other modules.
      Trusted subsystem  110 may provide trusted support functions for computing subsystem  120 in an active manner. Trusted subsystem  110 may include a Trusted Platform Control Module (TPCM) 112. TPCM 112 serves as a root of trust, and is mainly used to establish and secure a trusted origin, and provide a series of trusted computing functions such as integrity measurement, secure storage, trusted reporting, and cryptographic services. Trusted subsystem  110 may also include a Trusted Cryptography Module (TCM) 114. The TCM 114 is configured to implement cryptographic mechanisms that can provide independent cryptographic algorithm support to protect system platform sensitive data.
      The compute subsystem  120 may include a metrics proxy  122. Metric agent  122 may perform static and dynamic metrics on compute subsystem  120 and provide the metric results to TPCM 112 so that TPCM 112 may verify whether the state of compute subsystem  120 is trusted based on the metric results. 
      The memory access control hardware module  130 is used to implement access control to a memory area of the compute subsystem  120, which may be implemented as, for example, a Memory Management Unit (MMU), a microcontroller unit (MCU), or the like. The memory access control hardware module  130 may be logically separate from or included in the trusted subsystem  110.
      To enhance the security of the metering agent, embodiments of the present specification define new functionality for at least the above modules in the trusted computing system. Because the embodiment of the present specification is implemented by adding a new function on the basis of an existing hardware module in the trusted computing system, no additional hardware overhead is brought about by the implementation of the embodiment of the present specification.
      In some implementations, embodiments of the present description propose to enhance the security of the metric agent  122 by at least a memory access control mechanism. For example, embodiments of the present specification may utilize at least a security rule configuration to enhance the security of the metrology agent  122. The security rule configuration may include various configuration information related to a predetermined memory region for the metrology agent  122.
      In general, when the metrology agent  122 is securely operating in the compute subsystem  120, the metrology agent  122 should be loaded into a predefined memory region in the compute subsystem  120 that is predefined. Therefore, determining whether metrology agent  122 is correctly loaded into a memory region corresponding to a predetermined memory region at actual runtime will help to enhance the security of metrology agent  122. The embodiments of the present disclosure provide that the predetermined hash value of the predetermined memory region is calculated in advance, and the hash value verification is performed when the measurement proxy  122 is running, so as to determine whether the loaded memory region into which the measurement proxy  122 is loaded at the actual running matches the predetermined memory region. 
      Furthermore, the present specification embodiment also proposes to set a predetermined access control authority for the metrology agent  122 so as to determine whether the metrology agent  122 is based on the correct access control authority when actually running by performing access control authority verification when the metrology agent  122 is running. For example, predetermined access control permissions may be set in advance for code segments, data segments, and the like of the metric agent  122, respectively, and after the metric agent  122 is loaded into the loaded memory region, it is determined whether the current access control permission of the metric agent  122 matches the predetermined access control permission. The preset predetermined access control authority may form a security access control rule.
      Based on the above considerations, the security rule configuration may include at least one of: information about a predetermined memory area for the metrology agent; a predetermined hash value of a predetermined memory area; and a security access control rule containing a predetermined access control right. The information on the predetermined memory region for the metric agent may include various indication information of the predetermined memory region, for example, a start address and an end address of the predetermined memory region, a spatial size of the predetermined memory region, and the like. In addition, the information about the predetermined memory area may also include various indication information of the memory areas in the predetermined memory area, which correspond to the code segment and the data segment of the metric agent, respectively. 
      In the generation phase of the security rule configuration, TPCM  112 may be configured to generate a predetermined hash value for a predetermined memory region of metric agent  122. In one implementation, TPCM  112 may obtain information from compute subsystem  120 regarding a predetermined memory region for metric agent  122. The TPCM  112 may calculate a predetermined hash value of the predetermined memory area based on the obtained information about the predetermined memory area. It should be understood that embodiments of the present specification are not limited to any particular technique for computing hash values. After calculating the predetermined hash value, TPCM  112 may save the predetermined hash value into the security rule configuration.
      In addition, TPCM  112 may also be configured to generate security access control rules. In one implementation, TPCM  112 may obtain predetermined access control rights for metric agent  122. For example, the predetermined access control permissions may be set by a user or administrator of the trusted computing system  100. The predetermined access control permissions may include predetermined access control permissions specified for code segments of the metrics agent, predetermined access control permissions specified for data segments of the metrics agent, and the like. Further, the predetermined access control authority may be of various types, e.g., readable, writable, executable, unreadable, unwritable, non-executable, any other type, and any combination thereof. It should be understood that the embodiments of the present description are not limited in any way by the particular type of predetermined access control permissions. TPCM  112 may form a secure access control rule with the obtained predetermined access control permissions. That is, the security access control rules may include various predetermined access control permissions previously specified for the metrics agent  122. After forming the security access control rules, TPCM  112 may save the security access control rules into a security rule configuration. In addition, TPCM  112 may also preferably issue security access control rules to metrology agent  122 to cause metrology agent  122 to comply with the security access control rules at actual runtime. 
      Through the generation phase of the security rule configuration, TPCM  112 may ultimately generate the security rule configuration. Exemplarily, the security rule configuration may be represented as [ memory area | hash value | control rule ], wherein "memory area" represents information about a predetermined memory area for the metrology agent, "hash value" represents a predetermined hash value of the predetermined memory area, and "control rule" represents a security access control rule containing a predetermined access control right.
      The present specification embodiments propose creating a memory area associated with the metrics agent  122 in the memory access control hardware module  130 for storing security rule configurations. For example, memory access control hardware module  130 may create a security rule configuration storage area  132 associated with metrics agent  122 and store the security rule configuration provided by TPCM  112 into security rule configuration storage area  132. Thus, when the metrology agent  122 is loaded or executed, the security rule configuration stored in the security rule configuration store  132 may be invoked to perform validation on the metrology agent  122.
      During the execution phase of metric agent  122, TPCM  112 may detect that metric agent  122 is loaded into a loaded memory region. The load memory region may refer to the memory region into which the metrology agent  122 is actually loaded when executed. 
      In one aspect, in response to metric agent  122 being loaded into the loaded memory region, TPCM  112 may be configured to calculate a current hash value for the loaded memory region and perform hash value verification. In one implementation, the TPCM  112 may obtain information about the loaded memory region from the compute subsystem  120. The information about the loaded memory region may include various indication information of the loaded memory region, such as a start address and an end address of the loaded memory region, a space size of the loaded memory region, and the like. In addition, the information regarding the loaded memory region may also include various indications of the memory regions in the loaded memory region corresponding to the code and data segments of the metrology agent  122, respectively. The TPCM  112 may calculate the current hash value for the loaded memory region based on the obtained information about the loaded memory region. Illustratively, the TPCM  112 may calculate the current hash value in a manner similar to the calculation of the predetermined hash value. After calculating the current hash value, the TPCM  112 may perform hash value verification. For example, TPCM  112 may verify whether the current hash value matches a predetermined hash value in the security rule configuration stored in security rule configuration storage area  132. For example, the TPCM  112 may determine whether the current hash value is the same as the predetermined hash value. If the current hash value matches the predetermined hash value, it indicates that the metric agent  122 is properly loaded into the predetermined memory region. If the current hash value does not match the predetermined hash value, it indicates that the metrology agent  122 is not properly loaded into the predetermined memory region, and thus may be at risk, for example, incomplete, tampered with, and the like. 
      In one aspect, responsive to metric agent  122 being loaded into the load memory region, TPCM  112 may also be configured to perform access control permission validation based on the current access control permissions of metric agent  122. In one implementation, TPCM  112 may identify current access control permissions of metric agent  122, e.g., access control permissions currently possessed by code and data segments of metric agent  122 after metric agent  122 is loaded into the loaded memory region. Upon identifying the current access control permissions, TPCM  112 may perform access control permission verification. For example, TPCM  112 may verify that the current access control permissions match predetermined access control permissions in the security rule configuration stored in security rule configuration storage area  132. Illustratively, the TPCM  112 may determine whether the current access control permissions are the same as the predetermined access control permissions, e.g., whether the current access control permissions are the same type as the predetermined access control permissions for the same code segment or data segment, and so on. If the current access control permissions match the predetermined access control permissions, it indicates that the operation of the metrology agent  122 is based on the correct access control permissions. If the current access control permissions do not match the predetermined access control permissions, it is indicated that the operation of the metrology agent  122 is not based on the correct access control permissions, and thus there may be a risk of, for example, tampering, malicious intrusion, etc. 
      It should be understood that although the above description of the hash value verification and the access control authority verification is performed for the entire predetermined memory region and the entire load memory region, alternatively, the hash value verification and the access control authority verification may be performed for only a part of the code segments and the data segments in the predetermined memory region. For example, a predetermined hash value and a current hash value are calculated and compared for the critical code segment and the data segment, and a predetermined access control authority and a current access control authority are compared for the critical code segment and the data segment. In this way, the consumption and delay of computing resources caused by performing hash value verification and access control authority verification can be reduced. 
      Furthermore, in some implementations, the present specification embodiments also propose to enhance the security of the metric agent  122 at least by an encryption mechanism. The TCM  114 may be configured to implement encryption mechanisms to cryptographically protect loaded memory regions so that code and data segments of the metrology agent  122 are not visible to the outside world. In response to the metric agent  122 being loaded into the loaded memory region, the TCM  114 can encrypt at least a portion of the loaded memory region. In one case, encrypting at least a portion of the loaded memory region may include encrypting the entire loaded memory region, thereby providing full encryption protection. In one case, encrypting at least a portion of the loaded memory region may include encrypting only a portion of the loaded memory region (rather than the entire loaded memory region), e.g., the at least a portion of the memory region may correspond to a portion of a code segment and/or a data segment of the metrics agent  122. Preferably, in this case, the part of the code segment and/or the data segment may be a critical code segment and/or a data segment of the metrology agent  122, so that both the encryption protection can be provided for the critical code segment and/or the data segment and the influence of excessive encryption processing on the operation performance of the metrology agent can be avoided. In response to TPCM 112 having determined that metrology agent  122 meets the security requirements, TCM  114 may decrypt the encrypted at least a portion of the memory region loaded into the memory region so that the metrology data, etc., in the memory region may be used by trusted subsystem  110. 
      Based on the above exemplary description, the embodiments of the present specification can implement hardware-level security protection on the runtime environment of the metrology agent, so that the security of the metrology agent can be effectively enhanced. For example, the integrity, non-tamper resistance, and the like of the measurement proxy can be ensured at least by performing hash value verification and access control authority verification on the measurement proxy, and the confidentiality and the like can be ensured at least by performing encryption and decryption on the loaded memory area for the measurement proxy. Therefore, the embodiment of the specification can effectively prevent malicious intrusion aiming at the measurement agent, malicious modification aiming at code and data of the measurement agent and the like.
      It should be understood that the functions and processes described above with respect to TPCM 112, TCM  114, memory access control hardware module  130, etc. relating to the security of enhanced metrology agent  122 are exemplary, and that any other functions and processes configured for these modules relating to the security of enhanced metrology agent  122 are also contemplated by embodiments of this specification.
      Fig. 2 illustrates an exemplary process  200 at the security rule configuration generation stage, according to an embodiment. Process  200 may be considered part of a method of enhancing security of a metric agent in a trusted computing system of embodiments of the present specification. 
      At 210, information regarding a predetermined memory region for a metrology agent may be obtained. For example, the TPCM may obtain information about the predetermined memory region from the computing subsystem.
      At 220, a predetermined hash value for the predetermined memory region may be calculated based on the information about the predetermined memory region. For example, the predetermined hash value may be calculated by the TPCM.
      At 230, predetermined access control rights for the metering agent may be obtained. For example, the TPCM may obtain predetermined access control permissions set by a user or administrator of the trusted computing system. The predetermined access control permissions may include, for example, predetermined access control permissions specified for code segments of the metrics agent and/or predetermined access control permissions specified for data segments of the metrics agent.
      At 240, a secure access control rule may be formed with the predetermined access control permissions. For example, the TPCM may form the secure access control rule with the predetermined access control permissions obtained at 230.
      Optionally, process  200 may also include issuing the security access control rules to a metrics proxy. For example, the security access control rules may be issued by the TPCM to the metrics agent. 
      At 250, a security rule configuration can be generated. For example, the security rule configuration may be generated by saving the predetermined hash value calculated at 220 and the security access control rule formed at 240 into the security rule configuration, respectively. The security rule configuration may be generated by the TPCM. The generated security rule configuration may include at least one of: information about a predetermined memory area for the metrology agent; a predetermined hash value of a predetermined memory area; and a security access control rule comprising a predetermined access control right.
      At 260, a security rule configuration store can be created. For example, the memory access control hardware module may create a security rule configuration store associated with the metrics agent. Additionally, at 260, the security rule configuration may also be stored in a security rule configuration store. For example, the memory access control hardware module may receive the security rule configuration from the TPCM and store it in the security rule configuration storage area.
      It should be understood that all steps and their order in the process  200 in fig. 2 are exemplary and that this specification embodiment will also cover any manner of modification of the process  200. For example, although  steps    210 and 220 relating to calculating the predetermined hash value and steps 230 and 240 relating to forming the security access control rule are shown as being performed in parallel, they may be performed sequentially in any order. 
      Fig. 3 illustrates an exemplary process  300 at the measurement agent execution stage, according to an embodiment. Process  300 may be considered part of a method of enhancing security of a metering agent in a trusted computing system of an embodiment of the present description.
      At 310, it may be detected that a metrology agent is loaded into a load memory region. For example, the TPCM may monitor the operational and loading status of the metrology agent and may detect the occurrence of an event in which the metrology agent is loaded into the memory region.
      At 320, at least a portion of the memory region loaded into the memory region may be encrypted. For example, the TCM may encrypt the entire loaded memory region or a portion of the loaded memory region corresponding to a portion of the code and/or data segments of the metrology agent.
      At 330, a current hash value for the load memory region may be calculated in response to the metrology agent being loaded into the load memory region. For example, the current hash value may be calculated by the TPCM. Illustratively, at 330, information about the loaded memory region can be obtained from the computing subsystem, and a current hash value for the loaded memory region can be calculated based on the obtained information about the loaded memory region. 
      At 340, hash value verification may be performed. For example, it may be verified whether the current hash value matches a predetermined hash value in a security rule configuration stored in the security rule configuration storage area. The hash value verification may be performed by the TPCM.
      At 350, the current access control rights of the metering agent may be identified. For example, in response to the metrology agent being loaded into the load memory region, the TPCM may identify the current access control permissions of the metrology agent.
      At 360, access control rights verification can be performed. For example, it may be verified whether the current access control right matches a predetermined access control right in a security rule configuration stored in the security rule configuration storage area. The access control rights verification may be performed by the TPCM.
      At 370, it may be determined whether the metrology agent meets the security requirements. For example, whether the metering agent meets the security requirements may be determined based on the results of the hash value verification at 340 and the results of the access control authority verification at 360. Illustratively, at 370, it may be determined whether the current hash value matches the predetermined hash value and the current access control permissions match the predetermined access control permissions. The determination at 370 as to whether the metrology agent meets the security requirements may be performed by the TPCM. 
      If it is determined at 370 that the metrology agent meets the security requirements, then at 380, decryption may be performed on at least a portion of the memory region previously encrypted at 320 as loaded into the memory region. Accordingly, the measurement results provided by the measurement proxy will be considered trusted and can in turn be used by the trusted subsystem. For example, the decryption at 380 may be performed by the TCM.
      If the metrology agent is determined to not meet the security requirements at 370, then at 390, further operations may cease to be performed. Accordingly, the measurement results provided by the measurement proxy will be considered untrusted and will not be used by the trusted subsystem.
      It should be understood that all steps and their order in the process  300 in fig. 3 are exemplary and that any manner of modification to the process  300 is intended to be covered by embodiments of this specification. For example, although step  320 is shown as being performed before  steps    330 and 350, step  320 may be performed anywhere between steps  310 and 370. Further, for example, although steps  330 and 340 relating to hash value verification and steps 350 and 360 relating to access control authority verification are shown as being performed in parallel, they may be performed sequentially in any order. 
      Moreover, it should be appreciated that the functionality and processing of the various modules described above in connection with FIG. 1, process  200 described in connection with FIG. 2, and process  300 described in connection with FIG. 3 are illustrative of mechanisms for enhancing security of a metering agent in a trusted computing system of embodiments of the present specification in different respects and perspective, and that the functionality and processing of the described modules, and the steps in the described processes, may be supplemented and combined in any manner. For example, the functions and processes of the respective modules may be added to the process  200 or the process  300 as corresponding steps, and the steps in the process  200 and the process  300 may be described as the functions and processes of the respective modules.
      Fig. 4 illustrates a flow diagram of an exemplary method  400 for enhancing security of a metering agent in a trusted computing system, according to an embodiment.
      At 410, a current hash value for a load memory region may be computed in response to a metric agent being loaded into the load memory region.
      At 420, it may be verified whether the current hash value matches a predetermined hash value in a security rule configuration.
      At 430, the current access control rights for the metric agent may be identified.
      At 440, it may be verified whether the current access control right matches a predetermined access control right in a security rule configuration. 
      At 450, it may be determined that the metric agent meets a security requirement in response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission.
      In one implementation, the method  400 may further include: determining that the metric agent does not meet the security requirement in response to the current hash value not matching the predetermined hash value and/or the current access control permission not matching the predetermined access control permission.
      In one implementation, the method  400 may further include: encrypting at least a part of the memory area loaded in the memory area; and in response to the metric proxy meeting the security requirement, decrypting the encrypted at least a portion of the memory region.
      The at least a portion of the memory region may correspond to a portion of a code segment and/or a data segment of the metrology agent.
      In one implementation, the method  400 may further include: obtaining information about a predetermined memory region for the metrology agent; calculating the predetermined hash value of the predetermined memory region based on the information; and saving the predetermined hash value to the security rule configuration. 
      In one implementation, the method  400 may further include: obtaining the predetermined access control rights for the metric agent; forming a security access control rule by using the preset access control authority; and saving the security access control rule to the security rule configuration.
      The method  400 may further include: and issuing the security access control rule to the measurement agent.
      The predetermined access control right may include: a predetermined access control authority specified for a code segment of the metrics proxy; and/or predetermined access control rights specified for data segments of the metrics proxy.
      The predetermined access control right may include at least one of: readable, writable, executable, unreadable, unwritable, and unexecutable.
      In one implementation, the security rule configuration may include at least one of: information about a predetermined memory region for the metrology agent; the predetermined hash value of the predetermined memory region; and a security access control rule comprising said predetermined access control right.
      In one implementation, the method  400 may further include: creating a security rule configuration store associated with the metric agent; and storing the security rule configuration in the security rule configuration storage area. 
      It should be understood that the method  400 may further include any steps/processes for enhancing security of a metering agent in a trusted computing system according to embodiments of the present specification described above.
      In addition, an embodiment of the present specification further provides a trusted computing system, including: a compute subsystem including a metrics proxy; and a trusted subsystem comprising the TPCM. The TPCM may be configured to: responsive to the metric agent being loaded into a load memory region of the compute subsystem, computing a current hash value of the load memory region; verifying whether the current hash value matches a predetermined hash value in a security rule configuration; identifying current access control permissions for the metering agent; verifying whether the current access control permission matches a predetermined access control permission in a security rule configuration; and in response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission, determining that the metric agent meets a security requirement.
      In one implementation, the TPCM may be further configured to: determining that the metric agent does not meet the security requirement in response to the current hash value not matching the predetermined hash value and/or the current access control permission not matching the predetermined access control permission. 
      In one implementation, the trusted subsystem may also include a TCM. The TCM may be configured to: encrypting at least a part of the memory area loaded in the memory area; and in response to the metric proxy meeting the security requirement, decrypting the encrypted at least a portion of the memory region.
      In one implementation, the TPCM may be further configured to: obtaining information from the compute subsystem regarding a predetermined memory region for the metrology agent; calculating the predetermined hash value of the predetermined memory region based on the information; and saving the predetermined hash value to the security rule configuration.
      In one implementation, the TPCM may be further configured to: obtaining the predetermined access control permissions of the metric agent; forming a security access control rule by using the preset access control authority; and saving the security access control rule to the security rule configuration.
      In one implementation, the trusted computing system may further include a memory access control hardware module, which may be configured to: creating a security rule configuration store associated with the metric agent; and storing the security rule configuration in the security rule configuration storage area. 
      In one implementation, the security rule configuration may include at least one of: information about a predetermined memory region for the metrology agent; the predetermined hash value of the predetermined memory region; and a security access control rule comprising said predetermined access control right.
      It should be appreciated that the above-described modules in the trusted computing system may also perform any of the operations and processes for enhancing security of a metering agent in a trusted computing system according to embodiments of the present specification described above.
      In addition, an embodiment of the present specification further provides an electronic device, including: at least one processor, a memory coupled with the at least one processor, and a computer program stored on the memory, the at least one processor executing the computer program to implement any steps/processes for enhancing security of a metric agent in a trusted computing system according to embodiments of the present specification as described above.
      Furthermore, the present specification embodiments also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements any of the steps/processes for enhancing security of a metric agent in a trusted computing system according to the above-described embodiments of the specification. 
      Furthermore, the present specification embodiments also provide a computer program product, comprising a computer program that when executed by a processor implements any of the steps/processes for enhancing security of a metering agent in a trusted computing system according to the above described embodiments of the present specification.
      Computer program code required for the operation of various portions of the present specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB, NET, Python, and the like, a conventional programming language such as C, Visual Basic 2003, Perl, COBOL 2002, PHP, and ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may execute on the user's computer, or on the user's computer as a stand-alone software package, or partially on the user's computer and partially on a remote computer, or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS). 
      Examples of the readable storage medium include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs), magnetic tapes, nonvolatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer or the cloud by a communication network.
      The foregoing description of specific embodiments has been presented for purposes of illustration and description. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
      Not all steps and elements in the above flows and system structure diagrams are necessary, and some steps or elements may be omitted according to actual needs. The execution order of the steps is not fixed, and can be determined as required. The apparatus structures described in the above embodiments may be physical structures or logical structures, that is, some units may be implemented by the same physical entity, or some units may be implemented by a plurality of physical entities, or some units may be implemented by some components in a plurality of independent devices. 
      The term "exemplary" used throughout this specification means "serving as an example, instance, or illustration," and does not mean "preferred" or "advantageous" over other embodiments. The detailed description includes specific details for the purpose of providing an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described embodiments.
      Although the embodiments of the present disclosure have been described in detail with reference to the accompanying drawings, the embodiments of the present disclosure are not limited to the specific details of the embodiments, and various simple modifications may be made to the technical solutions of the embodiments of the present disclosure within the technical spirit of the embodiments of the present disclosure, and all of them fall within the scope of the embodiments of the present disclosure.
      The previous description of the specification is provided to enable any person skilled in the art to make or use the specification. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the disclosure. Thus, the description is not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein. 
    Claims (18)
1. A method for enhancing security of a metering agent in a trusted computing system, comprising:
      in response to a metrology agent being loaded into a load memory region, calculating a current hash value for the load memory region based on information about the load memory region;
      verifying whether the current hash value matches a predetermined hash value in a security rule configuration;
      identifying current access control permissions of the metering agent;
      verifying whether the current access control permission matches a predetermined access control permission in a security rule configuration; and
      in response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission, determining that the metric agent meets a security requirement.
    2. The method of claim 1, further comprising:
      determining that the metric agent does not meet the security requirement in response to the current hash value not matching the predetermined hash value and/or the current access control permission not matching the predetermined access control permission.
    3. The method of claim 1, further comprising:
      encrypting at least a part of the memory area loaded in the memory area; and 
      In response to the metric agent meeting the security requirement, decrypting the encrypted at least a portion of the memory region.
    4. The method of claim 3, wherein,
      the at least a portion of the memory region corresponds to a portion of code segments and/or data segments of the metrology agent.
    5. The method of claim 1, further comprising:
      obtaining information about a predetermined memory region for the metrology agent;
      calculating the predetermined hash value of the predetermined memory region based on the information; and
      saving the predetermined hash value to the security rule configuration.
    6. The method of claim 1, further comprising:
      obtaining the predetermined access control permissions of the metric agent;
      forming a security access control rule by using the preset access control authority; and
      saving the security access control rule to the security rule configuration.
    7. The method of claim 6, further comprising:
      and issuing the security access control rule to the measurement agent.
    8. The method of claim 6, wherein the predetermined access control rights comprise:
      a predetermined access control authority specified for a code segment of the metrics proxy; and/or 
      A predetermined access control authority specified for a data segment of the metrics proxy.
    9. The method of claim 8, wherein the predetermined access control rights comprise at least one of:
      readable, writable, executable, unreadable, unwritable, and unexecutable.
    10. The method of claim 1, wherein the security rule configuration comprises at least one of:
      information about a predetermined memory region for the metrology agent;
      the predetermined hash value of the predetermined memory region; and
      a security access control rule comprising the predetermined access control right.
    11. The method of claim 1, further comprising:
      creating a security rule configuration store associated with the metric agent; and
      storing the security rule configuration in the security rule configuration storage area.
    12. A trusted computing system, comprising:
      a compute subsystem including a metrics proxy; and
      a trusted subsystem comprising a Trusted Platform Control Module (TPCM), the TPCM configured to:
      in response to the metric agent being loaded into a load memory region of the compute subsystem, computing a current hash value for the load memory region based on information about the load memory region, 
      Verifying whether the current hash value matches a predetermined hash value in a security rule configuration,
      identifying current access control rights for the metering agent,
      verifying whether said current access control right matches a predetermined access control right in a security rule configuration, an
      In response to the current hash value matching the predetermined hash value and the current access control permission matching the predetermined access control permission, determining that the metrology agent meets security requirements.
    13. The trusted computing system of claim 12, wherein the TPCM is further configured to:
      determining that the metric agent does not meet the security requirement in response to the current hash value not matching the predetermined hash value and/or the current access control permission not matching the predetermined access control permission.
    14. The trusted computing system of claim 12, wherein the trusted subsystem further comprises a Trusted Cryptography Module (TCM) configured to:
      encrypting at least a part of the memory area loaded in the memory area; and
      in response to the metric agent meeting the security requirement, decrypting the encrypted at least a portion of the memory region. 
    15. The trusted computing system of claim 12, wherein the TPCM is further configured to:
      obtaining information from the compute subsystem regarding a predetermined memory region for the metrology agent;
      calculating the predetermined hash value of the predetermined memory region based on the information; and
      saving the predetermined hash value to the security rule configuration.
    16. The trusted computing system of claim 12, wherein the TPCM is further configured to:
      obtaining the predetermined access control permissions of the metric agent;
      forming a security access control rule by using the preset access control authority; and
      saving the security access control rule to the security rule configuration.
    17. The trusted computing system of claim 12, further comprising:
      a memory access control hardware module configured to: creating a security rule configuration store associated with the metric agent; and storing the security rule configuration in the security rule configuration storage area.
    18. The trusted computing system of claim 12, wherein the security rule configuration comprises at least one of:
      information about a predetermined memory region for the metrology agent; 
      The predetermined hash value of the predetermined memory region; and
      a security access control rule comprising the predetermined access control right.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202210145114.XA CN114201761B (en) | 2022-02-17 | 2022-02-17 | Enhancing metric agent security in trusted computing systems | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202210145114.XA CN114201761B (en) | 2022-02-17 | 2022-02-17 | Enhancing metric agent security in trusted computing systems | 
Publications (2)
| Publication Number | Publication Date | 
|---|---|
| CN114201761A CN114201761A (en) | 2022-03-18 | 
| CN114201761B true CN114201761B (en) | 2022-06-28 | 
Family
ID=80645595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN202210145114.XA Active CN114201761B (en) | 2022-02-17 | 2022-02-17 | Enhancing metric agent security in trusted computing systems | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN114201761B (en) | 
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN101853221A (en) * | 2005-02-14 | 2010-10-06 | 松下电器产业株式会社 | Application execution device, application execution method and program | 
| CN109858255A (en) * | 2018-12-19 | 2019-06-07 | 杭州安恒信息技术股份有限公司 | Data encryption storage method, device and realization device | 
| CN111698091A (en) * | 2020-05-26 | 2020-09-22 | 东南大学 | Docker platform dynamic protection method based on trusted computing | 
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN101784051B (en) * | 2009-01-21 | 2012-11-21 | 华为技术有限公司 | Method for verifying completeness of platform, network device and network system | 
| CN110321714B (en) * | 2019-07-08 | 2022-03-29 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device of trusted computing platform based on dual-architecture | 
| CN110334521B (en) * | 2019-07-08 | 2022-03-15 | 北京可信华泰信息技术有限公司 | Trusted computing system construction method and device, trusted computing system and processor | 
| CN111291381A (en) * | 2020-01-17 | 2020-06-16 | 山东超越数控电子股份有限公司 | Method, equipment and medium for building trust chain based on TCM | 
| CN111859394B (en) * | 2020-07-21 | 2023-09-29 | 中国人民解放军国防科技大学 | Software behavior active measurement method and system based on TEE | 
- 
        2022
        - 2022-02-17 CN CN202210145114.XA patent/CN114201761B/en active Active
 
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN101853221A (en) * | 2005-02-14 | 2010-10-06 | 松下电器产业株式会社 | Application execution device, application execution method and program | 
| CN109858255A (en) * | 2018-12-19 | 2019-06-07 | 杭州安恒信息技术股份有限公司 | Data encryption storage method, device and realization device | 
| CN111698091A (en) * | 2020-05-26 | 2020-09-22 | 东南大学 | Docker platform dynamic protection method based on trusted computing | 
Also Published As
| Publication number | Publication date | 
|---|---|
| CN114201761A (en) | 2022-03-18 | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| CN101894224B (en) | Protecting content on client platforms | |
| US7308576B2 (en) | Authenticated code module | |
| JP4498735B2 (en) | Secure machine platform that interfaces with operating system and customized control programs | |
| KR101231561B1 (en) | Secure policy differentiation by secure kernel design | |
| US20050021968A1 (en) | Method for performing a trusted firmware/bios update | |
| CN114651253B (en) | Virtual environment type validation for policy enforcement | |
| EP3642721B1 (en) | A cache unit useful for secure execution | |
| US20030126453A1 (en) | Processor supporting execution of an authenticated code instruction | |
| US20030126454A1 (en) | Authenticated code method and apparatus | |
| EP4374271B1 (en) | Securely executing software based on cryptographically verified instructions | |
| CN111723383A (en) | Data storage, verification method and device | |
| TW201500960A (en) | Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
| WO2017000648A1 (en) | Authentication method and apparatus for reinforced software | |
| Frazelle | Securing the Boot Process: The hardware root of trust | |
| Dave et al. | CARE: Lightweight attack resilient secure boot architecturewith onboard recovery for RISC-V based SOC | |
| CN114201761B (en) | Enhancing metric agent security in trusted computing systems | |
| Ozga et al. | Chors: Hardening high-assurance security systems with trusted computing | |
| CN115879087B (en) | A secure and reliable startup method and system for power terminals | |
| Galanou et al. | MATEE: multimodal attestation for trusted execution environments | |
| Msgna et al. | Secure application execution in mobile devices | |
| CN113966510A (en) | Trusted Devices and Computing Systems | |
| CN115878122B (en) | Method, system and storage medium for corruption determination of data items | |
| RU2812867C1 (en) | Protecting binary files of typical commercial programs from piracy using hardware enclaves | |
| Desai | App Attestation Service: A Runtime Remote Attestation for User-mode Processes on Windows | |
| KR102873469B1 (en) | Validating Virtual Environment Types for Policy Enforcement | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |