CN115186300B - File security processing system and file security processing method - Google Patents
File security processing system and file security processing method Download PDFInfo
- Publication number
- CN115186300B CN115186300B CN202211096744.9A CN202211096744A CN115186300B CN 115186300 B CN115186300 B CN 115186300B CN 202211096744 A CN202211096744 A CN 202211096744A CN 115186300 B CN115186300 B CN 115186300B
- Authority
- CN
- China
- Prior art keywords
- data
- request
- file
- target
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file security processing system and a file security processing method, wherein the file security processing system comprises: the system comprises a trusted computing device and a host machine, wherein encrypted data transmission is carried out between the trusted computing device and the host machine through a bus channel; the trusted computing device is used for storing a file processing application program, the file processing application program is used for generating a file processing request according to a file processing instruction input by a target object, and the file processing request is transmitted to the host machine through the bus channel after being converted and encrypted; the host is used for storing a privacy file, acquiring target data in the privacy file according to the received file processing request subjected to conversion encryption, and transmitting the target data to the trusted computing device through the bus channel after the target data is subjected to conversion encryption. The invention is beneficial to improving the safety of file processing.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a file security processing system and a file security processing method.
Background
With the development of science and technology, various data are continuously increased at an extremely fast increasing speed, and a data storage scheme is gradually emphasized. Meanwhile, the data to be stored includes private data related to the user private information, which is also important for storing and processing the private data.
At present, data is generally stored in the form of a file, for example, private data may be stored in a device in the form of a file, for data protection, a file system and a corresponding application program are provided in the device storing the private data, and a user may input an instruction through the application program to perform file processing.
The problem in the prior art is that a corresponding application program is directly set in a device for storing files, the whole file processing (e.g., data search) process is performed in the same device, and an attacker easily determines a file access mode used by a user and steals corresponding private data when observing or attacking the device, which is not beneficial to improving the security of file processing.
Thus, there is a need for improvement and development of the prior art.
Disclosure of Invention
The invention mainly aims to provide a file security processing system and a file security processing method, and aims to solve the problems that in the prior art, a corresponding application program is directly arranged in equipment for storing files, the whole file processing process is carried out in the same equipment, and an attacker is easy to determine a file access mode used by a user and steal corresponding private data when observing or attacking the equipment, so that the security of file processing is not improved.
In order to achieve the above object, a first aspect of the present invention provides a file security processing system, wherein the file security processing system includes: the system comprises a trusted computing device and a host machine, wherein encrypted data transmission is carried out between the trusted computing device and the host machine through a bus channel;
the trusted computing device is used for storing a file processing application program, the file processing application program is used for generating a file processing request according to a file processing instruction input by a target object, and the file processing request is transmitted to the host machine through the bus channel after being converted and encrypted;
the host is used for storing a privacy file and acquiring target data in the privacy file according to the received file processing request after conversion and encryption, and the target data is transmitted to the trusted computing device through the bus channel after conversion and encryption.
Optionally, the trusted computing device includes:
the system comprises an application program storage module, a file system module, a block cache module and a first block device driving module which are sequentially in communication connection;
the application program storage module is used for storing the file processing application program;
the file system module is used for acquiring a file processing request generated by the file processing application program, converting the file processing request into an input/output request and transmitting the input/output request to the block cache module in batches;
the block cache module is used for writing the cached input and output requests into the first block device driving module based on a write-back mode when the cached input and output requests meet a preset write-back condition;
the first block device driving module is configured to encrypt the input/output request to obtain encrypted request data, and send the encrypted request data to the host through the bus channel.
Optionally, when the file processing request is a read request, the file system module is specifically configured to:
the method comprises the steps of obtaining a reading request generated by the file processing application program, determining a mapping position corresponding to target data according to file offset in the reading request, obtaining a logical data block position according to the mapping position, converting the logical data block position into a target sector number, creating a bio request according to the target sector number, combining a plurality of the bio requests into an input/output request, and sending the input/output request to the block cache module in batches.
Optionally, the host includes:
the magnetic disk and the second device driving module are in communication connection;
the magnetic disk is used for storing the privacy file;
the second device driver module is configured to receive the encrypted request data through the bus channel, decrypt the encrypted request data to obtain a decryption request, obtain target data in the privacy file according to the decryption request, encrypt the target data to obtain target encrypted data, and send the target encrypted data to the trusted computing device through the bus channel.
Optionally, the first block device driving module is specifically configured to: performing data validity verification on the input/output request, encrypting the input/output request passing the data validity verification to obtain encrypted request data, and sending the encrypted request data to the host machine through the bus channel;
the second device driver module is specifically configured to decrypt the encrypted request data to obtain a decryption request, perform data validity verification on the decryption request, obtain target data in the privacy file according to the decryption request that passes the data validity verification, encrypt the target data to obtain target encrypted data, and send the target encrypted data to the trusted computing device through the bus channel;
the data validity verification comprises data length validity verification and data block ID validity verification.
Optionally, the first device driver module is further configured to receive the target encrypted data through the bus channel, decrypt the target encrypted data to obtain target decrypted data, and transmit the target decrypted data to the file processing application layer by layer.
Optionally, the first device driver module and the second device driver module encrypt data in an FPGA hardware encryption manner.
A second aspect of the present invention provides a file security processing method based on any one of the file security processing systems, where the file security processing method includes:
acquiring a file processing instruction input by a target object through a file processing application program in the trusted computing equipment, and generating a file processing request according to the file processing instruction;
and after the file processing request is subjected to conversion encryption in the trusted computing equipment, transmitting the file processing request to the host machine through the bus channel so as to trigger the host machine to acquire target data according to the received file processing request subjected to conversion encryption, and after the target data is subjected to conversion encryption, transmitting the target data to the trusted computing equipment through the bus channel.
Optionally, the converting and encrypting the file processing request in the trusted computing device and then transmitting the file processing request to the host through the bus channel includes:
in the trusted computing equipment, searching whether target data corresponding to the file processing request exists in a disk cache according to the file processing request;
if the target data does not exist in the disk cache, converting the file processing request into an input/output request through a file system module, and transmitting the input/output request to a block cache module in batches;
when the input and output requests cached by the block caching module meet a preset write-back condition, the cached input and output requests are written into a first block device driving module through the block caching module;
and encrypting the input and output request according to the first block of device driving module to obtain encryption request data, and sending the encryption request data to the host through the bus channel.
Optionally, after the host receives the encryption request data, the host decrypts the encryption request data to obtain a decryption request, obtains target data according to the decryption request, encrypts the target data to obtain target encryption data, and sends the target encryption data to the trusted computing device through the bus channel.
Optionally, an FPGA hardware encryption mode is used when encrypting the file processing request and the target data.
As can be seen from the above, the present invention provides a file security processing system, and specifically, the file security processing system includes: the system comprises a trusted computing device and a host machine, wherein encrypted data transmission is carried out between the trusted computing device and the host machine through a bus channel; the trusted computing device is used for storing a file processing application program, the file processing application program is used for generating a file processing request according to a file processing instruction input by a target object, and the file processing request is transmitted to the host machine through the bus channel after being converted and encrypted; the host is used for storing a privacy file and acquiring target data in the privacy file according to the received file processing request after conversion and encryption, and the target data is transmitted to the trusted computing device through the bus channel after conversion and encryption.
Compared with the prior art, the method and the device have the advantages that the file processing application program and the corresponding privacy file are stored separately, the file processing application program is arranged in the trusted computing device, the privacy file is stored in the host, the trusted computing device and the host are respectively provided with independent operating environments, and the safe area and the normal area of trusted computing can be isolated through the bus channel. Therefore, when the user uses the computer system, the user sends an instruction to the trusted computing device, and then the file in the host machine is processed according to the trusted computing device, even if an attacker observes or attacks the host machine, the actual file access mode used by the user is difficult to determine, so that the attacker is prevented from stealing corresponding target data, and the file processing safety is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of a data storage structure corresponding to a memory block in a medical database according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a file security processing system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a file security processing system according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for processing security documents according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of a file security processing method according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings of the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
With the development of science and technology, various data are continuously increased at the speed of 44ZB every year, and the storage scheme of the data is gradually emphasized. Meanwhile, the data to be stored includes private data related to the user private information, which is also important for storing and processing the private data.
At present, data is generally stored in the form of a file, for example, private data may be stored in a device in the form of a file, for data protection, a file system and a corresponding application program are provided in the device storing the private data, and a user may input an instruction through the application program to perform file processing.
The problem in the prior art is that a corresponding application program is directly set in a device for storing files, the whole file processing (e.g., data search) process is performed in the same device, and an attacker easily determines a file access mode used by a user and steals corresponding private data when observing or attacking the device, which is not beneficial to improving the security of file processing.
In an application scenario, in the face of a huge amount of data, corresponding data can be migrated from local storage to a cloud. Transferring data to the cloud platform may support users to better elastically scale their online services, but may lose control of the data. Especially for an application for processing sensitive data, in order to utilize a corresponding cloud service, a user must disclose the sensitive data to a cloud service manufacturer, which may bring risks such as snooping the data.
On the basis of not establishing physical access to a machine, the current attack modes aiming at the file system mainly comprise a system call sniffing attack, an attack based on page fault interruption and a side channel attack based on cache.
In particular, linux provides its users with a series of interfaces, i.e., system calls, for accessing files in a disk. When a system call sniffing attack is performed, an attacker can acquire a file name and a data offset accessed by a user by monitoring system calls of a file system, such as open (), read (), write (), and the like, so that an accessed data segment is known. If the attacker knows the organization structure of the data, such as which offset segments store what data, it can know what type of data is currently being read.
For example, if a medical database SQLite is running in the system, where both the database file and the database communication channel are encrypted, the SQLite invokes persistent user data through the Linux file system. Suppose that the attacker knows the database schema (e.g., the number of tables stored in the database file, and the size of a single row in the table) to which the SQLite corresponds. Specifically, fig. 1 is a schematic diagram of a data storage structure corresponding to one memory block in the medical database according to the embodiment of the present invention, each row in the SQLite corresponds to one memory block of 8196 byte, as shown in fig. 1, one memory block is divided into a 4-byte column and two 4KB columns, where the first column is used to store identification information (i.e., id) of a person to which the data stored in the memory corresponds, the second column is used to store information (i.e., history) of a person with a cardiac medical history, and the third column is used to store information (i.e., no-history) of a person without a cardiac medical history. At the same time, a query process (or application) can be run on the database to check if the provided personal id is associated with a heart disease history.
In another application scenario, an attacker may perform an attack based on page fault interruption. The page-missing interrupt is a way for the system to schedule the virtual memory, the operating system copies the data to be accessed from the disk to the memory according to the current access condition, but the size of the memory is fixed, so the operating system rejects the data which are not accessed any more from the memory according to the access condition, and then loads the data to be accessed into the memory for the user to read, and the process is the page change. The address of the page is stored in the page table, and since the page table is not secure, an attacker can obtain the address of the memory through the page table, thereby knowing the memory segment when the page replacement occurs.
In another application scenario, an attacker may perform a cache-based side channel attack. Specifically, cache (cache) data is shared among multiple cores, response time corresponding to cache hit and cache miss is different, and an attacker can speculate information in the cache through the difference of access time, so that private data is obtained. The cache stores the code and data of the application program, and the data from the file in the memory is also in the cache and is to be accessed from the cache. Once an application attempts to access the same line, an attacker monitoring the cache can track the cache set that is disturbed using the Prime + Probe attack. Since subsequent accesses will affect the same cache set, an attacker can construct inferences similar to a page fault based attack, compromising the security of the application.
Optionally, a scheme based on a memory file system, a hybrid file system, or an involuntary transmission file system may be used to process the file and improve the security during the file processing.
The memory file system caches complete file data and metadata information, and a user does not use a system call to read and write disk data, but reads and writes data in a memory access mode. File data is cached in a buffer area of an enclave (enclave), and system operations of corresponding files are processed in the enclave so as to prevent an attacker from acquiring sensitive information through monitoring system calls. However, the memory file system can only resist the system call sniffing attack, cannot resist other two attacks, and has a limited loading data volume, which causes waste of memory space.
The hybrid file system combines the native file system and the memory file system, and in the hybrid file system model, complete file data is not loaded into the memory, but is loaded as required. The file is initially cached in non-enclave memory (but in DRAM) and copied to the enclave as needed. However, since the hybrid model mixes the two file system models and has no special security mechanism, the attack plane of the hybrid model inherits the two models. The hybrid model is essentially unable to withstand the three attacks described above.
An oblivious transfer (ORAM) file system implements a path-ORAM based oblivious transfer protocol, the file system running in an enclave, and an application program forwards all operations related to the file system to an isolated file system through an encrypted communication channel. The method can resist system call sniffing attack and page fault interruption attack, but cannot resist side channel attack based on cache. Meanwhile, due to the introduction of an inadvertent transmission protocol, the performance is poor.
It can be seen that the three schemes are also difficult to achieve the three attacks, the memory file system and the ORAM file system waste resources greatly, the memory file system consumes too much memory, and the ORAM file system needs to carry a large amount of redundant data in the read-write process, resulting in large performance loss.
In order to solve at least one of the above problems, a solution of the present invention is to provide a file security processing system, and specifically, the file security processing system includes: the system comprises a trusted computing device and a host machine, wherein encrypted data transmission is carried out between the trusted computing device and the host machine through a bus channel; the trusted computing device is used for storing a file processing application program, the file processing application program is used for generating a file processing request according to a file processing instruction input by a target object, and the file processing request is transmitted to the host machine through the bus channel after being converted and encrypted; the host is used for storing a privacy file, acquiring target data in the privacy file according to the received file processing request subjected to conversion encryption, and transmitting the target data to the trusted computing device through the bus channel after the target data is subjected to conversion encryption.
Compared with the prior art, the method and the device have the advantages that the file processing application program and the corresponding privacy file are stored separately, the file processing application program is arranged in the trusted computing device, the privacy file is stored in the host, the trusted computing device and the host have independent operating environments respectively, and the 'safe area' and the 'normal area' of trusted computing can be isolated through the bus channel. Therefore, when the user uses the computer system, the user sends an instruction to the trusted computing device, and then the file in the host machine is processed according to the trusted computing device, even if an attacker observes or attacks the host machine, the actual file access mode used by the user is difficult to determine, so that the attacker is prevented from stealing corresponding target data, and the file processing safety is improved.
As shown in fig. 2, an embodiment of the present invention provides a file security processing system, and specifically, the file security processing system includes: a trusted computing device 10 and a host 20, wherein encrypted data transmission is performed between the trusted computing device 10 and the host 20 through a bus channel 30;
the trusted computing device 10 is configured to store a file processing application, where the file processing application is configured to generate a file processing request according to a file processing instruction input by a target object, and the file processing request is transmitted to the host 20 through the bus channel 30 after being encrypted and converted;
the host 20 is configured to store a privacy file, and obtain target data in the privacy file according to the received file processing request after being encrypted and converted, where the target data is transmitted to the trusted computing device 10 through the bus channel 30 after being encrypted and converted.
Specifically, in this embodiment, the trusted computing device 10 and the host 20 perform encrypted data transmission through the bus channel 30. The trusted computing device 10 may be a trusted computing Unit (SPU), i.e., a coprocessor that provides a Secure trusted computing environment. Specifically, the SPU is a brand-new software and hardware architecture, and can avoid sensitive data leakage by adopting a hardware-level encryption isolation means. It should be noted that the trusted computing device 10 (i.e., SPU) in this embodiment has independent computing and storage units, and does not share the computing and storage units with the host 20, so that the "secure area (i.e., SPU)" and the "normal area (i.e., host)" of the trusted computing can be completely separated from each other from the physical level, i.e., the SPU can be regarded as an independent operating environment, and the environment transmits the encrypted data with the host 20 through the bus channel 30.
The target object is a user who needs to normally perform file processing, and the user needs to avoid an attacker from stealing data in the file processing process. A user enters corresponding instructions for file processing (e.g., data queries or data writes) through the file processing application that runs in the SPU and can be considered secure (not monitored by an attacker).
The privacy file is a file corresponding to privacy data, and the privacy data is data including user privacy information, such as account password data, contact information data, disease information data, and the like of a user, and is not particularly limited herein. The target data is data that the target object needs to query or operate according to an instruction input by the target object, for example, the target data may be data that the user wants to read, or a location corresponding to new data that the user wants to write.
It should be noted that the bus channel 30 may be regarded as a part of the file security processing system, or may be regarded as a separate part (that is, not belonging to the file security processing system), and in this embodiment, the bus channel 30 is taken as a separate part for illustration, but is not limited specifically. Meanwhile, the trusted computing device 10 and the host 20 may further include other units or modules for implementing other functions, such as a computing unit, a storage unit, and the like, which are not limited in this embodiment.
Fig. 3 is a schematic structural diagram of a file security processing system according to an embodiment of the present invention, and as shown in fig. 3, the trusted computing device 10 includes: an application program storage module 101, a file system module 102, a block cache module 103 and a first block device driver module 104 which are sequentially connected in a communication manner;
the application program storage module 101 is configured to store the file processing application program;
the file system module 102 is configured to obtain a file processing request generated by the file processing application, convert the file processing request into an input/output request, and send the input/output request to the block cache module 103 in batches;
the block cache module 103 is configured to write the cached i/o request into the first block device driver module 104 based on a write-back mode when the cached i/o request satisfies a preset write-back condition;
the first block device driver module 104 is configured to encrypt the input/output request to obtain encrypted request data, and send the encrypted request data to the host 20 through the bus channel 30.
The host 20 includes: a magnetic disk 201 and a second device driver module 202 which are connected in a communication way;
the disk 201 is used for storing the privacy file;
the second device driver module 202 is configured to receive the encrypted request data through the bus channel 30, decrypt the encrypted request data to obtain a decryption request, obtain target data in the privacy file according to the decryption request, encrypt the target data to obtain target encrypted data, and send the target encrypted data to the trusted computing device 10 through the bus channel 30.
Specifically, in this embodiment, the file system module 102 may store an EXT2/3 file system, the block cache module 103 may be a cache layer (bcache), the first block device driver module 104 may be an SPU block device driver layer, the bus channel 30 may be a PCIe channel, and the SPU and the host 20 communicate through the PCIe channel. The above-mentioned disk 201 stores a binary file (bin file) corresponding to the SPU (i.e., performing file processing according to a request generated by the SPU).
Specifically, the privacy data is stored in the disk 201 of the host 20 in the form of privacy files, and the file processing application is run in the SPU, establishing a secure channel between the host 20 and the SPU to avoid eavesdropping of messages. It should be noted that the operating environment of the SPU may be considered secure, while the operating environment of host 20 may be considered unsecure. In an application scenario, the file processing application may be regarded as a process in the SPU, and the process may also occupy a part of the memory space and the disk space in the SPU.
Specifically, when the file processing application program receives a file processing instruction (for example, an instruction requesting to read a certain file on the disk) input by the target object, the file processing application program initiates a corresponding file processing request according to the file processing instruction, and the file system (for example, the EXT2/3 file system) set in the file system module 102 converts the file processing request into an input/output request (i.e., an I/O request), and sends the I/O request to the bcache cache layer in the SPU in batches according to a preset sending policy. When the I/O request in the bcache cache meets the preset condition, the bcache writes the I/O request to the block device driving layer of the SPU according to the strategy of the write-back mode; the SPU's block device driver layer encrypts the I/O request before sending it to the host 20 over the PCIe channel.
The preset sending strategy is to send the I/O request according to the IO scheduling algorithm of the kernel in batches, but not to send the I/O request immediately after receiving one I/O request. And as a plurality of I/O requests are cached and sent according to batches, the original request sequence is disturbed when the requests are sent, which is beneficial to avoiding leakage of the file processing model or the corresponding target data caused by monitoring.
The preset condition is a write-back condition configured in bcache, for example, write-back is performed when a dirty page rate reaches a preset threshold, and a specific preset threshold may be configured according to an actual requirement, which is not specifically limited herein. It should be noted that the above write-back mode means that all data is written into bcache first, and then the system writes back data into a back-end data disk in batches according to a configured write-back policy, so that an access mode of a mask file can be implemented.
In an application scenario, when the file processing request is a read request, the file system module 102 is specifically configured to: the method comprises the steps of obtaining a read request generated by the file processing application program, determining a mapping position corresponding to target data according to a file offset in the read request, obtaining a logical data block position according to the mapping position, converting the logical data block position into a target sector number, creating a bio request according to the target sector number, combining a plurality of bio requests into an input/output request, and sending the input/output request to the block cache module 103 in batches.
Specifically, the file system module 102 may specifically include a mapping layer, a general block layer, and an I/O scheduling layer, where the mapping layer determines a mapping position of a file content corresponding to the target data on the physical device (i.e., the host 20) according to the file offset of the read request, and the general block layer obtains a logical data block position according to the mapping position, then converts the corresponding logical data block position into a sector number to obtain a target sector number, and creates a bio request. The I/O scheduling layer combines multiple bio requests into one I/O request (i.e., input/output request) according to the scheduling policy of the kernel, puts the I/O request into a waiting queue, and sends the I/O request to the block cache module 103 according to a preset policy batch.
In this embodiment, the first block device driver module 104 is specifically configured to: performing data validity verification on the input/output request, encrypting the input/output request passing the data validity verification to obtain encrypted request data, and sending the encrypted request data to the host 20 through the bus channel 30;
the second device driver module 202 is specifically configured to decrypt the encrypted request data to obtain a decryption request, perform data validity verification on the decryption request, obtain target data in the privacy file according to the decryption request that passes the data validity verification, encrypt the target data to obtain target encrypted data, and send the target encrypted data to the trusted computing device 10 through the bus channel 30;
the data validity verification comprises data length validity verification and data block ID validity verification.
Therefore, file processing faults caused by the generation of wrong requests or the reasons of errors, tampering, damage and the like in the transmission process of the request data can be avoided through data validity verification, and the file processing safety is further improved.
Further, the first device driver module 104 is further configured to receive the target encrypted data through the bus channel 30, decrypt the target encrypted data to obtain target decrypted data, and transmit the target decrypted data to the file processing application layer by layer.
Specifically, the block device driver in the second block device driver module 202 of the host 20 decrypts the received I/O request, reads the storage file (i.e., bin file) corresponding to the SPU in the disk 201 according to the access address in the I/O request, searches the target data requested by the I/O request from the storage file, encrypts the target data, returns a response to the block device driver layer of the SPU, transmits the encrypted target data to the file processing application through the bcache layer of the SPU and the file system module 102, and feeds the encrypted target data back to the target object through the file processing application.
In this embodiment, the first device driver module 104 and the second device driver module 201 perform data encryption by using an FPGA hardware encryption method. Specifically, the SPU file system adopts an FPGA hardware encryption mode, and is safer and more efficient than a software encryption mode. In this embodiment, an aes-gcm256 symmetric encryption algorithm may be adopted to implement encryption of a file on a host.
It should be noted that, based on the file security processing system, the file access mode can be protected. The file access mode is which file is opened by the user, which block data is read and written, and the like. In this embodiment, the SPU provides a secure operating environment, and the file processing application program runs in the SPU, which can prevent a specific file access mode from being stolen, thereby implementing secure file processing. Meanwhile, in the embodiment, a PCIe encryption channel is also used, so that data cannot be decrypted even though being intercepted, and the safety is further improved.
As shown in fig. 4, this embodiment further provides a file security processing method based on any one of the file security processing systems, where the file security processing method includes:
step S100, acquiring a file processing instruction input by a target object through a file processing application program in the trusted computing equipment, and generating a file processing request according to the file processing instruction;
step S200, after performing transform encryption on the file processing request in the trusted computing device, transmitting the file processing request to a host through a bus channel, so as to trigger the host to obtain target data according to the received transform encrypted file processing request, and after performing transform encryption on the target data, transmitting the target data to the trusted computing device through the bus channel.
Specifically, the above-mentioned transforming and encrypting the file processing request in the trusted computing device and then transmitting the file processing request to the host through the bus channel includes:
in the trusted computing equipment, searching whether target data corresponding to the file processing request exists in a disk cache according to the file processing request;
if the target data does not exist in the disk cache, converting the file processing request into an input/output request through a file system module, and transmitting the input/output request to a block cache module in batches;
when the input/output request cached by the block cache module meets a preset write-back condition, writing the cached input/output request into a first block equipment driving module through the block cache module;
and encrypting the input/output request according to the first block of device driving module to obtain encrypted request data, and sending the encrypted request data to the host machine through the bus channel.
Further, after the host receives the encryption request data, the host decrypts the encryption request data to obtain a decryption request, obtains target data according to the decryption request, encrypts the target data to obtain target encryption data, and sends the target encryption data to the trusted computing device through the bus channel.
And when the file processing request and the target data are encrypted, an FPGA hardware encryption mode is used.
It should be noted that, in this embodiment, each step of the file security processing method and each function of the file security processing system may refer to each other, and are not described herein again.
In one application scenario, the file processing application in the SPU initiates a corresponding file processing request according to a file processing instruction input by a target object, which may be, for example, a read file request (read ()), and the transfer parameters corresponding to the request include a file descriptor, a file offset (for indicating a file location), and the like.
The multiple file reading requests are converted into I/O requests through a file system module in the SPU and are sent to a bcache cache layer in the SPU in batches according to a preset sending strategy. Specifically, a file system (e.g., an EXT2/3 file system) is disposed in the file system module of the SPU, and is used for providing functions of reading and writing files for applications running in the SPU. The file system is mounted on the bcache on the SPU, the file system is not different from a common file system from the SPU interior, but files managed by the file system are stored on a continuous space on a host disk in the form of data blocks, and only one bin file with a fixed size can be seen from the host.
The bcache is a cache running on a block device, and a 32GB SSD is adopted as a physical device. bcache supports multiple cache modes such as read-write cache (writeback mode), read cache (writethrough or writeearound mode), in this embodiment read-write cache requests based on writeback mode. The bcache is used as a layer of cache on the block device to shield the access mode of the file, so that an attacker cannot predict which data of the file is currently accessed through cache change, and further, the attack based on page fault interruption can be avoided. Specifically, the bcache can cache a part of the I/O request, then write the I/O request to the block device driver layer according to the policy of the write-back mode, and the block device driver layer sends the I/O request to the host machine through the PCIe channel to read and write the disk. In this embodiment, the size of a data block on bcache is 4kB (the size corresponds to the size of 4kB of an I/O request, and can be adjusted according to the needs during the actual use). Due to the fact that one layer of cache is added, an attacker cannot know the data access rule through page fault interruption, and therefore defense to attacks based on the page fault interruption can be achieved.
When the I/O request in the bcache cache meets the preset condition, the bcache writes the I/O request to the block device driving layer of the SPU according to the strategy of the write-back mode. The SPU's block device driver layer encrypts the I/O request before sending it to the host over the PCIe channel. Specifically, the block device driver layer of the SPU receives an I/O request sent by the bcache layer in units of pages, and sends the I/O request to the host through the PCIe communication link. In this embodiment, the I/O request includes a request type and a data block id to be accessed. For example, when the request type is read data, the data at the corresponding id needs to be read, and when the request type is write data, the data needs to be written into the corresponding id.
In this embodiment, the block device driver layer of the SPU also performs data validity verification to avoid the request being tampered with, the data being damaged, or being modified by an external person. Specifically, the driver in the block device driver layer calculates the number of physical blocks on the host machine according to the file size and the physical block size configured in advance, so as to manage the disk space more conveniently. The user needs to specify the file system size, i.e., the disk size, at file system startup. Specifically, the file size is a space size allowed to be occupied by the SPU on the disk of the host, the physical block is a space size corresponding to each physical block, the physical block size is fixed to 4KB in this embodiment, the physical block is a minimum unit when the block device manages the disk space, and one physical block corresponds to a segment of space on the disk. When a driver in a block device driver layer of the SPU receives an I/O request, whether the data length corresponding to the I/O request meets the requirement of (integral multiple of) the size of a physical block is judged (when the data length meets the integral multiple of the size of the physical block, the data length is considered legal, otherwise, the data length is illegal), and whether the data block id of the I/O request is legal is judged (for example, when the data id belongs to the range of the corresponding id of the SPU in a host disk, the data id is legal, otherwise, the data id is illegal). And when the data length corresponding to the I/O request accords with the integral multiple of the size of the physical block and the data block id is legal, sending the I/O request to the host.
After receiving the encrypted I/O request, a block device driver arranged in a block device driver layer of the host machine decrypts the request, reads a corresponding storage file in a disk of the host machine according to an access address in the I/O request (namely, the decryption request) obtained after decryption, searches file offset in the decryption request from the storage file, and obtains target data of the request according to the file offset. And the target data is encrypted and then returned to the block device driving layer of the SPU, and then is transmitted to the file processing application program through the bcache layer and the file system module of the SPU.
Specifically, the block device driver of the host is used for receiving an I/O request sent by the SPU, and if the request is a read request, copying the data block with the specified id into the memory of the host and then sending the data block to the SPU; if the data block is a write request, the offset (i.e. offset) of the physical block is calculated according to the id of the data block (i.e. the index of the data block), and the data is written back to the specified position (the id corresponding to the position is the index of the data block, and the offset of the block can be calculated according to the index). Specifically, the host opens a bin file corresponding to the SPU and calculates the number of data blocks (to allocate a data block id) in an initialization stage, the sub-thread monitors an I/O request in a pipeline, performs data validity verification when receiving the I/O request, judges whether the data block id is valid or not, calculates a file offset through the data block id when the data block id is valid, copies the data block with the specified offset into a memory, and then sends the data block to the SPU.
The host disk persistently stores file data corresponding to the SPU based on a bin file with a specified size.
Fig. 5 is a schematic specific flowchart of a file security processing method according to an embodiment of the present invention, and as shown in fig. 5, in an application scenario, an application program (i.e., a file processing application program) in an SPU calls a syscall library function to initiate a file read request () to a VFS virtual file system, where transfer parameters include a file descriptor and a file offset. In the prior art, a file processing application program is directly stored in a Host (namely a Host), and an attacker snoops currently accessed file information by monitoring syscall of the application program. The file read request read () in this embodiment occurs inside the SPU, and an attacker cannot monitor the system call syscall to snoop the currently accessed file information, so that a system call attack can be avoided. Specifically, the SPU file system can resist system call attacks, and as the corresponding file system runs in the SPU and is physically isolated from the host, all call request information related to the file system is converted into an I/O request through the SPU, and the I/O request is encrypted and then fed back to the host, so that an attacker cannot snoop the call request information.
Further, the VFS transmits the request to a disk cache, and the disk cache searches whether the target data of the request exists in the cache according to the request; if it is in the cache and the data is up to date, the target data is returned directly to the VFS in response to the read () operation, thereby returning the target data to the application. In an application scenario, when a computing unit reads or writes data from a main memory, it is first checked whether a copy of the data to be read is in a last layer cache. In the prior art, if target data is stored in a last layer cache inside a host CPU, the target data is directly read from the last layer cache, and an attacker can acquire data in a cache in a Prime + Probe manner because the last layer cache inside the host CPU is not safe. In this embodiment, since there is physical isolation between the SPU and the Host through PCIe communication, and an attacker cannot monitor the last layer cache of the computing unit in the SPU to acquire the accessed data, an attack based on the last layer cache in the Host can be avoided in this step. The SPU and the Host are both provided with last layer caches, but the SPU and the Host are isolated from each other, so that the SPU file system can be guaranteed to resist cache attacks. Specifically, the LLC cache (i.e., last layer cache) is located inside the CPU, and since the CPU of the host and the CPU of the SPU are physically isolated, an attacker cannot snoop the change of the LLC cache in the SPU, and thus cannot track the access request inside the SPU.
Meanwhile, the SPU file system performance loss is small. Compared with an inadvertent file system, the SPU file system is closer to a native file system, does not utilize redundant data to shield a file access mode, but confuses externally visible data in a mode of adding a layer of cache, so the loss on performance is less, and meanwhile, a new cache can also accelerate the access speed to a certain extent.
Furthermore, if a page of the file content corresponding to the file request in the disk cache misses (cache miss), a page missing interrupt is generated, and the memory space of the file content is allocated in the disk cache. In the prior art, the page table is common to all applications, if an attacker knows the file descriptor and the file offset in the transfer parameters, the addresses of the target file and the target file required by the request at the beginning of the disk cache and the offset of each line in the file can be known, and the attacker can predict the data segment corresponding to the line in the currently accessed database by replacing the address segment of the page. Because the page table is not shared between the SPU and the host in the embodiment, the attack of page fault interrupt can be avoided.
Specifically, because the host and the SPU do not share the memory, and the occurrence time of the page-missing interrupt on the host depends on the frequency of the bcache for writing back the dirty pages, the attacker can only see that the page-missing interrupt occurs on the host at a certain time, but cannot determine whether the operation is caused by the reading and writing at the current time. Further, the size of the data block in which the page fault interrupt occurs on the host can be custom pre-configured, for example, 4KB instead of the common 512 bytes, which is more beneficial to hide the actually accessed data segment.
If the cache is not hit, the mapping layer determines the mapping position of the file content in the physical device according to the file offset of the read request, the universal block layer acquires the position of the logical data block according to the mapping position, then converts the corresponding logical data block into a sector number, and creates a bio request.
The I/O dispatching layer combines a plurality of bio requests into one I/O request according to the dispatching strategy of the kernel, puts the I/O request into a waiting queue and sends the I/O request to the bcache layer according to the preset strategy batch. For example, in fig. 5, request 1 (Req 1) is obtained from bio request 100, and request 2 (Req 2) is merged from bio requests 102 and 103.
When the I/O request reaches the bcache, the I/O request is firstly cached in the ssd of the bcache, and when certain conditions are met, the I/O request is written to the block device of the next layer. In this embodiment, the dirty-brushing time of the file system in the SPU is inconsistent with the real dirty-brushing time of the host, and from the perspective of an attacker, what operation causes dirty brushing cannot be distinguished, so that access information of files is hidden. The condition may be that the dirty page rate reaches a certain threshold, or the interval between dirty pages reaches a certain threshold, and specifically, the cache policy of the bcache may be configured according to an actual situation.
And the I/O request reaches the block device driver layer, a request header is reconstructed according to the access type of the I/O request, the I/O request is encrypted and then sent to the host machine through a PCIe channel, and the safe data transmission is executed. The request header contains the address of data return, so that the target data after the read request is responded can be accurately returned to the address specified by the request. In the embodiment, the SPU file system adopts an FPGA hardware encryption mode, and is safer and more efficient compared with a software encryption mode.
After receiving the I/O request, the host driver decrypts the request, reads the storage file of the SPU according to the access address in the request, searches the file offset of the I/O request from the storage file, acquires the target data of the request according to the file offset, encrypts the target data, returns the response to the block device driver layer of the SPU, and transmits the target data to the application program layer by layer. Thus, the SPU file system has a high utilization of host resources. Compared with a memory file system which needs to cache complete files, the SPU file system only needs to acquire data as required, metadata and user data are stored on a host, and only part of recently accessed data is cached in the SPU.
Therefore, in the embodiment, a bcache mask file access mode is adopted in the SPU, so that the page fault interrupt attack can be resisted; an independent operating environment is realized in the SPU, so that the SPU can be physically isolated from a host, the resources of the host can be fully utilized, and system call sniffing attack and CPU cache attack can be resisted; meanwhile, encryption at the hardware level of the FPGA is realized, and the security of file processing is further improved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned functions may be distributed as different functional units and modules according to needs, that is, the internal structure of the apparatus may be divided into different functional units or modules to implement all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the description of each embodiment has its own emphasis, and reference may be made to the related description of other embodiments for parts that are not described or recited in any embodiment.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed system/terminal device and method may be implemented in other ways. For example, the above-described system/terminal device embodiments are merely illustrative, and for example, the division of the above modules or units is only one logical division, and the actual implementation may be implemented by another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The integrated modules/units described above, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium and can implement the steps of the embodiments of the method when the computer program is executed by a processor. The computer program includes computer program code, and the computer program code may be in a source code form, an object code form, an executable file or some intermediate form. The computer readable medium may include: any entity or device capable of carrying the above-described computer program code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier signal, telecommunications signal, software distribution medium, and the like. It should be noted that the contents contained in the computer-readable storage medium can be increased or decreased as required by legislation and patent practice in the jurisdiction.
The above-mentioned embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art; the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein.
Claims (9)
1. A document security processing system, comprising: the system comprises a trusted computing device and a host machine, wherein encrypted data transmission is carried out between the trusted computing device and the host machine through a bus channel;
the trusted computing device is used for storing a file processing application program, the file processing application program is used for generating a file processing request according to a file processing instruction input by a target object, and the file processing request is transmitted to the host machine through the bus channel after being converted and encrypted;
the host is used for storing a privacy file, acquiring target data in the privacy file according to the received file processing request after conversion and encryption, and transmitting the target data to the trusted computing equipment through the bus channel after the conversion and encryption;
wherein the trusted computing device comprises: the system comprises an application program storage module, a file system module, a block cache module and a first block device driving module which are sequentially in communication connection;
the application program storage module is used for storing the file processing application program;
the file system module is used for acquiring a file processing request generated by the file processing application program, converting the file processing request into an input/output request and transmitting the input/output request to the block cache module in batches;
the block cache module is used for writing the cached input and output requests into the first block device driving module based on a write-back mode when the cached input and output requests meet a preset write-back condition;
the first block device driving module is used for encrypting the input and output request to obtain encrypted request data and sending the encrypted request data to the host machine through the bus channel.
2. The system according to claim 1, wherein when the file processing request is a read request, the file system module is specifically configured to:
the method comprises the steps of obtaining a reading request generated by the file processing application program, determining a mapping position corresponding to target data according to a file offset in the reading request, obtaining a logical data block position according to the mapping position, converting the logical data block position into a target sector number, creating a bio request according to the target sector number, combining a plurality of bio requests into an input/output request, and sending the input/output request to the block cache module in batches.
3. The system of claim 1, wherein the host comprises:
the magnetic disk and the second device driving module are in communication connection;
the magnetic disk is used for storing the privacy file;
the second device driving module is configured to receive the encrypted request data through the bus channel, decrypt the encrypted request data to obtain a decryption request, obtain target data in the privacy file according to the decryption request, encrypt the target data to obtain target encrypted data, and send the target encrypted data to the trusted computing device through the bus channel.
4. The system of claim 3, wherein the first block device driver module is specifically configured to: performing data validity verification on the input/output request, encrypting the input/output request passing the data validity verification to obtain encrypted request data, and sending the encrypted request data to the host machine through the bus channel;
the second device driving module is specifically configured to decrypt the encrypted request data to obtain a decryption request, perform data validity verification on the decryption request, obtain target data in the privacy file according to the decryption request that passes the data validity verification, encrypt the target data to obtain target encrypted data, and send the target encrypted data to the trusted computing device through the bus channel;
and the data validity verification comprises data length validity verification and data block ID validity verification.
5. The system according to claim 3, wherein the first block device driver module is further configured to receive the target encrypted data through the bus channel, decrypt the target encrypted data to obtain target decrypted data, and transmit the target decrypted data to the file processing application layer by layer.
6. The file security processing system according to claim 3, wherein the first device driver module and the second device driver module perform data encryption by means of FPGA hardware encryption.
7. A file security processing method based on the file security processing system of any one of claims 1 to 6, characterized in that the file security processing method comprises:
acquiring a file processing instruction input by a target object through a file processing application program in the trusted computing equipment, and generating a file processing request according to the file processing instruction;
the file processing request is subjected to conversion encryption in the trusted computing equipment and then transmitted to the host machine through the bus channel, so that the host machine is triggered to acquire target data according to the received file processing request subjected to conversion encryption, and the target data is subjected to conversion encryption and then transmitted to the trusted computing equipment through the bus channel;
wherein the transmitting the file processing request to the host through the bus channel after the file processing request is converted and encrypted in the trusted computing device includes:
in the trusted computing equipment, searching whether target data corresponding to the file processing request exists in a disk cache according to the file processing request;
if the target data does not exist in the disk cache, converting the file processing request into an input/output request through a file system module, and transmitting the input/output request to a block cache module in batches;
when the input/output request cached by the block cache module meets a preset write-back condition, writing the cached input/output request into a first block equipment driving module through the block cache module;
and encrypting the input and output request according to the first block of device driving module to obtain encrypted request data, and sending the encrypted request data to the host machine through the bus channel.
8. The method according to claim 7, wherein after the host receives the encrypted request data, the host decrypts the encrypted request data to obtain a decryption request, obtains target data according to the decryption request, encrypts the target data to obtain target encrypted data, and sends the target encrypted data to the trusted computing device through the bus channel.
9. The method for processing the file security according to claim 7, wherein an FPGA hardware encryption mode is used for encrypting the file processing request and the target data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211096744.9A CN115186300B (en) | 2022-09-08 | 2022-09-08 | File security processing system and file security processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211096744.9A CN115186300B (en) | 2022-09-08 | 2022-09-08 | File security processing system and file security processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115186300A CN115186300A (en) | 2022-10-14 |
| CN115186300B true CN115186300B (en) | 2023-01-06 |
Family
ID=83523980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211096744.9A Active CN115186300B (en) | 2022-09-08 | 2022-09-08 | File security processing system and file security processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115186300B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104881616A (en) * | 2015-06-29 | 2015-09-02 | 北京金山安全软件有限公司 | Privacy information storage method and device based on application program |
| CN105260663A (en) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | Secure storage service system and method based on TrustZone technology |
| CN112513857A (en) * | 2018-07-27 | 2021-03-16 | 百可德罗德公司 | Personalized cryptographic security access control in a trusted execution environment |
| CN113221171A (en) * | 2021-05-21 | 2021-08-06 | 杭州弗兰科信息安全科技有限公司 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
| CN114417362A (en) * | 2020-10-10 | 2022-04-29 | 华为技术有限公司 | Data management method, device and system and storage medium |
Family Cites Families (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7143288B2 (en) * | 2002-10-16 | 2006-11-28 | Vormetric, Inc. | Secure file system server architecture and methods |
| US8190917B2 (en) * | 2006-09-12 | 2012-05-29 | International Business Machines Corporation | System and method for securely saving and restoring a context of a secure program loader |
| CN104091135A (en) * | 2014-02-24 | 2014-10-08 | 电子科技大学 | Intelligent terminal safety system and safety storage method |
| CN104951708A (en) * | 2015-06-11 | 2015-09-30 | 浪潮电子信息产业股份有限公司 | File measurement and protection method and device |
| FR3037686B1 (en) * | 2015-06-17 | 2017-06-02 | Morpho | METHOD FOR DEPLOYING AN APPLICATION IN A SECURE ELEMENT |
| CN106980794B (en) * | 2017-04-01 | 2020-03-17 | 北京元心科技有限公司 | TrustZone-based file encryption and decryption method and device and terminal equipment |
| US20190042781A1 (en) * | 2017-08-04 | 2019-02-07 | Bitdefender IPR Management Ltd. | Secure Storage Device |
| CN108763401A (en) * | 2018-05-22 | 2018-11-06 | 平安科技(深圳)有限公司 | A kind of reading/writing method and equipment of file |
| CN109086620B (en) * | 2018-07-19 | 2021-03-23 | 郑州信大捷安信息技术股份有限公司 | Physical isolation dual-system construction method based on mobile storage medium |
| CN109324755A (en) * | 2018-08-08 | 2019-02-12 | 成都华为技术有限公司 | A kind of I/O request distributing method and device |
| CN110110548B (en) * | 2019-04-12 | 2022-11-11 | 深圳市中易通安全芯科技有限公司 | Method for storing files in trusted execution environment in encrypted manner based on encryption chip |
| CN110968743B (en) * | 2019-12-13 | 2021-07-06 | 支付宝(杭州)信息技术有限公司 | Data storage and data reading method and device for private data |
| CN112800451A (en) * | 2021-02-24 | 2021-05-14 | 山东华芯半导体有限公司 | Data dump device based on hardware physical isolation |
| CN113886862B (en) * | 2021-12-06 | 2022-04-15 | 粤港澳大湾区数字经济研究院(福田) | Trusted computing system and resource processing method based on trusted computing system |
| CN114741706A (en) * | 2022-03-10 | 2022-07-12 | 新华三大数据技术有限公司 | Virtual disk file encryption method, device and equipment |
| CN114662150B (en) * | 2022-03-29 | 2025-03-25 | 联想(北京)有限公司 | Data acquisition method, device and electronic equipment |
-
2022
- 2022-09-08 CN CN202211096744.9A patent/CN115186300B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104881616A (en) * | 2015-06-29 | 2015-09-02 | 北京金山安全软件有限公司 | Privacy information storage method and device based on application program |
| CN105260663A (en) * | 2015-09-15 | 2016-01-20 | 中国科学院信息工程研究所 | Secure storage service system and method based on TrustZone technology |
| CN112513857A (en) * | 2018-07-27 | 2021-03-16 | 百可德罗德公司 | Personalized cryptographic security access control in a trusted execution environment |
| CN114417362A (en) * | 2020-10-10 | 2022-04-29 | 华为技术有限公司 | Data management method, device and system and storage medium |
| CN113221171A (en) * | 2021-05-21 | 2021-08-06 | 杭州弗兰科信息安全科技有限公司 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115186300A (en) | 2022-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10558377B2 (en) | Deduplication-based data security | |
| US11030117B2 (en) | Protecting host memory from access by untrusted accelerators | |
| EP3739458B1 (en) | Address validation using signatures | |
| US9734357B2 (en) | Process authenticated memory page encryption | |
| EP3798856B1 (en) | Secure address translation services using message authentication codes and invalidation tracking | |
| US8788840B2 (en) | Secure processor | |
| US7571294B2 (en) | NoDMA cache | |
| CN113934656A (en) | Secure address translation service using cryptographically protected host physical addresses | |
| US20080114989A1 (en) | Trusted Device Having Virtualized Registers | |
| US11216592B2 (en) | Dynamic cryptographic key expansion | |
| US20190238560A1 (en) | Systems and methods to provide secure storage | |
| Alwadi et al. | Promt: optimizing integrity tree updates for write-intensive pages in secure nvms | |
| CN115186300B (en) | File security processing system and file security processing method | |
| KR20230164733A (en) | Apparatus and method for handling hidden transactions | |
| CN115878515A (en) | Cache side channel attack defense method based on RISC-V architecture trusted execution environment | |
| Xu et al. | Data Enclave: A Data-Centric Trusted Execution Environment | |
| Vanó-Garcıa et al. | Slicedup: a tenant-aware memory deduplication for cloud computing | |
| CN117492932B (en) | Virtual machine access method and device | |
| WO2025074073A1 (en) | Controlling access to memory blocks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20221014 Assignee: Shenzhen Qiangji Computing Technology Co.,Ltd. Assignor: Guangdong Hong Kong Macao Dawan District Digital Economy Research Institute (Futian) Contract record no.: X2023980045750 Denomination of invention: File Security Processing System and File Security Processing Methods Granted publication date: 20230106 License type: Exclusive License Record date: 20231103 |
|
| EE01 | Entry into force of recordation of patent licensing contract |