[go: up one dir, main page]

CN1158610C - A Computer System with Security Level Partition Isolation - Google Patents

A Computer System with Security Level Partition Isolation Download PDF

Info

Publication number
CN1158610C
CN1158610C CNB011109750A CN01110975A CN1158610C CN 1158610 C CN1158610 C CN 1158610C CN B011109750 A CNB011109750 A CN B011109750A CN 01110975 A CN01110975 A CN 01110975A CN 1158610 C CN1158610 C CN 1158610C
Authority
CN
China
Prior art keywords
data
security
output
code
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB011109750A
Other languages
Chinese (zh)
Other versions
CN1373425A (en
Inventor
高庆狮
胡玥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CNB011109750A priority Critical patent/CN1158610C/en
Publication of CN1373425A publication Critical patent/CN1373425A/en
Application granted granted Critical
Publication of CN1158610C publication Critical patent/CN1158610C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

一种计算机系统,包括:内部存储部件,被分为多个存储区,每个存储区存储多组指令/数据,每一组指令/数据对应一个安全码,相同存储区内的各组指令/数据的安全码相同,安全码表示安全等级;存储部件分区装置,用于存储部件分区并且规定各区的安全码;安全码产生装置,用于由指令/数据的地址自动地判断该指令/数据属于哪一个存储区,并且产生该指令/数据的安全码;第一添加码保存装置;第二添加码保存装置;第一中断产生装置。

Figure 01110975

A computer system includes: an internal storage component, which is divided into multiple storage areas, each storage area stores multiple groups of instructions/data, each group of instructions/data corresponds to a security code, and the security codes of the groups of instructions/data in the same storage area are the same, and the security code represents the security level; a storage component partitioning device, which is used to partition the storage component and specify the security code of each area; a security code generating device, which is used to automatically determine which storage area the instruction/data belongs to based on the address of the instruction/data and generate the security code of the instruction/data; a first added code storage device; a second added code storage device; and a first interrupt generating device.

Figure 01110975

Description

A kind of computer system with the isolation of safe class subregion
Present invention relates in general to Computer Systems Organization and network security, relate in particular to and prevent illegal live body invasion and the computer system that damages or steal.
The unsafe factor of infosystem is a lot, (ginseng: Yan Wei etc. translate, " network security specialty reference manual " China Machine Press).Common unsafe factor has: the fault of infosystem (hardware and software) itself, comprise the reliability of system itself and the destruction that natural and man-made calamities cause, and the method that overcomes the unsafe factor of this class mainly is fault-tolerant and security personnel; Be decrypted in the transmission course, information is stolen secret information, and forges, alter ..., the solution of the unsafe factor of this class is mainly by encrypting; Personation, the method that overcomes the unsafe factor of this class mainly be by law and authentication technique (password, digital signature, fingerprint ...); The outer obstruction of inlet (rubbish blast), the solution of the unsafe factor of this class are mainly by law, and the inlet in network management and the system management is handled; Destructive maximum is illegal live body invasion, comprises other illegal invasion live bodies of virus (Viruse) and saboteur (Cracker), for example, Trojan Horse (Trojanhouse), or the like destruction and theft.Here, live body is meant one section executable program.
Computer virus, the destructive activity of saboteur's etc. illegal invasion live body are very rampant, and be greatly destructive.Be known by everybody.For example, by 1996, virus on the books just had 4988 kinds.Up to the present, had more than 40000 kinds.Nineteen ninety-five, the computer system of U.S. Department of Defense is subjected to 250,000 attacks from the internet.(ginseng: " computer virus informal discussion ", electronics prospect and decision-making, pp.39-41, in February, 1997 number.The safety problem " of " Internet.Electronics prospect and decision-making, pp.8-9, in February, 1997 number.)
At present, prevent whether virus and saboteur from waiting the measure of the destruction of other illegal invasion live bodies and theft to be based on discriminating is viral software measure, for example use anti-viral software, the software of the tamper-proof person's invasion on the fire wall (computing machine at system entry place), or the like.The " network security specialty reference manual " that translates referring to Yan Wei etc. by China Machine Press, Yang Ji open translate by publishing house of Tsing-Hua University published in 2000<hacker exposes completely:: network security secret and solution, Chen Yongjian etc. translate by the Electronic Industry Press published in 2000<challenge hacker--the final solution of network security and Dai Zongkun etc. translate by China Machine Press published in 2000<fire wall and internet security.Though these software level improve constantly, still can not effect a radical cure virus and saboteur.
The computer system that the object of the present invention is to provide a kind of anti-illegal-inbreak live body to destroy and steal, thereby the destruction and the thefts of radical cure virus and other saboteur's live bodies.
In order to realize above-mentioned purpose, the invention provides a kind of computer system, comprising:
At least one storage inside parts is used for storage instruction/data;
Described system is characterised in that:
Described at least one storage inside parts, be divided into a plurality of memory blocks, each memory block, be used to store many group instruction/datas, every group of corresponding security code of instruction/data, the security code of respectively organizing the instruction/data correspondence in the same memory region is identical, and security code has bit at least, security code is represented safe class, and safe class has two grades at least: high safety grade and minimum safe grade.
The feature of described system also comprises:
The memory unit partitioning device is used for each security code of distinguishing of memory unit subregion and regulation; It comprises partition address save set and partition address setting device.If take fixed partition, this partition address save set and partition address setting device can be empty.
The security code generation device is used for judging automatically by the address of instruction/data which memory block this instruction/data belongs to, and produces the security code of this instruction/data according to the security code in this district;
First adds a sign indicating number save set, is used to preserve the security code of the instruction of current operation;
Second adds a sign indicating number save set, be used to preserve be read the security code of instruction;
First interrupts generation device, be used for except special bring back to revolution move and interrupt shifting various unconditional transfer and the safe class of the instruction that is turned to of various conditional branch instructions be higher than this transfer instruction safe class the time produce and interrupt, and when the safe class of this instruction was lower than the safe class P of certain regulation, the instruction secure grade that is turned to also produced interruption when being not equal to the safe class of this transfer instruction;
The 3rd adds a sign indicating number save set, is used to preserve several security code that is operated that current memory unit internally reads;
Second interrupts generation device, be used for interrupting when being operated of instruction produces when several safe classes is higher than the safe class of this instruction, and when the safe class of this instruction is lower than the safe class P of certain regulation, is operated and also produces interruption when several safe classes is not equal to the safe class of this instruction;
According to above-mentioned requirement, the feature of described system also comprises:
Safe class P device specifies is used for the safe class P of regulation computer system.It comprises safe class P memory storage and safe class P setting device.When not stipulating safe class P, P equals the minimum safe grade; If adopt fixing P, the P device specifies can be empty.
Restriction output code memory storage is arranged in described storage inside parts, is used to store a plurality of restriction output codes, and wherein each restriction output code is represented the restriction output level of one group of instruction/data;
Instruction/data cannot be from having the output port output of the " output port restriction output level " that is lower than this restriction output level, and the restriction output code comprises two restriction output levels at least;
Restriction output code applicator is used for giving one group of instruction/data the restriction output code, and the restriction output level of not giving the instruction/data of restriction output code is the maximum limit output level;
Limit the output code save set, be used to preserve the restriction output code of one group of instruction/data exporting;
Output port restriction output code save set, the restriction output code grade that is used to preserve each output port;
Output port restriction output code is given device, is used for " output port restriction output code " is composed to certain output port, and output port restriction output code is represented the output port restriction output level of this port; Having the program/data that are higher than this output port restriction output level cannot be from this port output, the grade of output port restriction output code comprises two grades at least, and not having the grade of the output port restriction output code of the output port that assignment crosses is the maximum limit output level;
The 3rd interrupts generation device, is used for producing and interrupting when the output port that the instruction/data requirement cannot be exported from it is exported;
And wherein
The described the 3rd adds the sign indicating number save set also is used for storage restriction output code;
The present invention not only can be used in various computer systems, various server computers, various subscriber computers (comprising personal computer), the household electrical appliances information handling system that information processing capability is arranged of various energy network access, can also be used on any computing machine on the network node, for example, fire wall, or the like.The present invention is to the safety of the big infosystem of the important department of the high safety requirements of various subscriber computers, various server computer, various in-company computer system, various needs, significant and social benefit.
The safety practice that computer system of the present invention realized certainly combines with the safety practice that operating system and other software systems are realized.
In conjunction with the accompanying drawings, by the description of following by way of example to best mode for carrying out the invention, above-mentioned and other purposes of the present invention, feature and advantage will be more obvious.
Fig. 1 is the structural representation of the embodiment of computer system of the present invention;
Describe each embodiment of the present invention in detail below in conjunction with accompanying drawing.
Fig. 1 is the structural representation of an embodiment of computer system of the present invention.As shown in Figure 1, computer system 100 of the present invention contains cpu 110 and at least one storage inside parts 120, and some other parts.In order to constitute a complete computer system, except the parts shown in the figure, also need some prior art parts.Because these prior art parts and the annexation between them are known for those of ordinary skills, so do not illustrate in the drawings.
Storage inside parts 120 contain many group storage unit (not shown), and every group of storage unit is used to store one group of instruction/data.
In example shown in Figure 1, the pairing program of each security code/data set size is a unit, a word length.Security code length is r binary digit, r 〉=1.Internal storage unit is divided into N district, N=2 r
Cpu 110, except comprising the arithmetic unit that has usually, arithmetic control unit, various registers, or the like beyond the (not shown), comprise that also first to fourth adds sign indicating number save set 111,112 and 113, the first and interrupt generation devices 115 and second and interrupt generation device 116, distinguish address save set 114 and security code generation device 117 and special operational device 118, output port restriction output code save set 119 and the 3rd interruption generation device 119 '.
First adds the security code that sign indicating number save set 111 is used to preserve the instruction of current operation.
Second add sign indicating number save set 112 be used to preserve be read the security code of instruction.
First interrupts generation device 115, be used for except special bring back to revolution move and interrupt shifting various unconditional transfer and the safe class of the instruction that is turned to of various conditional branch instructions be higher than this transfer instruction safe class the time produce and interrupt, and when the safe class of this instruction was lower than the safe class P of certain regulation, the instruction secure grade that is turned to also produced interruption when being not equal to the safe class of this transfer instruction.
The 3rd adds sign indicating number save set 113 is used to preserve several security code that is operated that current memory unit internally 120 reads.
Second interrupts generation device 116, be used for interrupting when being operated of instruction produces when several safe classes is higher than the safe class of this instruction, and when the safe class of this instruction is lower than the safe class P of certain regulation, is operated and also produces interruption when several safe classes is not equal to the safe class of this instruction.
Distinguish address save set 114, preserve N-1 address that is used as differentiation from small to large successively, do not lose its generality, the safe class of N corresponding memory block is to be defined as from high to low.
Security code generation device 117 is used for when memory unit internally reads an instruction or reads data, it judges automatically according to the address of this instruction/data which memory block this instruction/data belongs to, and produce the security code of this instruction/data according to the security code in this district, and this security code is sent into the second or the 3rd security code save set respectively;
Output port restriction output code save set 119, the restriction output code grade that is used to preserve each output port;
The 3rd interruption generation device 119 ', be used for when the output port that the instruction/data requirement cannot be exported from it is exported, producing and interrupting; Device 119 ' can be arranged on any appropriate location within the computer system 100.
Special operational device 118 is realized by manual control, perhaps is made of one or several operational codes, and controlled by one or several manually operated switches to realize.Certain logical combination of some switch in these switches is 0 o'clock, and when safe class of instruction of perhaps moving this group operational code was lower than certain safe class Q, it equaled not computations, and produces and interrupt; This logical combination is 1 o'clock, and safe class of instruction of moving this group operational code equals or when being higher than certain safe class Q, the special operational of just stipulating.Safe class Q can require to determine in computer working.There is not the Q of regulation to equal high safety grade.
Special operational device 118 comprises following many devices.
(1) setting area sub address device is used for the content of setting area sub address save set.
(2) regulation safe class P device is used for regulation safe class P.Generally before computer working, stipulate.Do not have the situation of regulation, its P is the minimum safe grade.
(3) restriction output code applicator: be used for giving one group of instruction/data the restriction output code, the restriction output level of not giving the instruction/data of restriction output code is the highest limit safe class.
In example shown in Figure 1, we stipulate that the restriction output code of instruction/data equals the security code of this instruction/data, so this device is empty.
(4) output port restriction output code applicator: be used for " output port restriction output code " is composed to certain output port, output port restriction output code is represented the output port restriction output level of this port; Having the program/data that are higher than this output port restriction output level cannot be from this port output, the grade of output port restriction output code comprises two grades at least, and not having the grade of the output port restriction output code of the output port that assignment crosses is the maximum limit output level.
(5) regulation safe class Q device: be used for regulation safe class Q.The safe class of moving the instruction of the relevant special function code of this device must be a highest ranking.Otherwise Interrupt Process.
Distinguish address grade P, grade Q, the save set of output port restriction output code of each output port or the like can be realized with manual control switch or quickflashing (Flash) storer.
Explanation about safe class P:
(1) instruction can move/operate the instruction/data with its identical safe class.
(2) when instruction operation/handling safety grade during, produce and interrupt than its high instruction/data.
(3) when instruction operation/handling safety grade during, two kinds of processing modes are arranged than its low instruction/data:
First kind of processing mode: carry out, do not produce interruption;
Second kind of processing mode: do not carry out, and produce interruption.
Certainly, can also adopt the hybrid processing mode.
(4) two kinds of processing modes among " (3) " and hybrid processing mode, the safe class P that can introduce a regulation represents:
When the safe class of the instruction of carrying out equals or is higher than P, adopt " to carry out the processing mode of ";
When the safe class of the instruction of carrying out during, adopt " not carry out, and produce the processing mode of interrupting " less than P;
If (4-1) getting P is the minimum safe grade, then all adopt first kind of processing mode;
Being high safety grade if (4-2) get P, is to adopt first processing mode except high safety grade then, and the whole of other are to adopt second kind of processing mode;
Be safe class in the middle of certain if (4-3) get P, what then adopt is the hybrid processing mode;
(4-4) P can determine before computer system is started working.
(4-5) do not stipulate the situation of P, P is the minimum safe grade, then all adopts first kind of mode to handle.
(5) obvious, when safe class had only two grades, P was unnecessary, because no matter P equals highest ranking or the lowest class, all was to adopt first kind of processing mode.
Above-mentioned operation/working rule is realized as follows.

Claims (3)

1.一种计算机系统,包括:1. A computer system comprising: 至少一个内部存储硬件部件,该内部部件包括多个存储单元,其中每个存储单元用于存储指令/数据;at least one internal storage hardware component, the internal component includes a plurality of storage units, wherein each storage unit is used to store instructions/data; 所述计算机系统的特征在于,包括:The computer system is characterized in that it includes: 至少有一个人工控制的特殊操作装置,该装置所有的操作是否进行有效操作,是受人工控制;There is at least one special operating device under manual control, and whether all operations of the device are effectively operated is subject to manual control; 人工控制的特殊操作装置至少包括存储部件分区装置,用于存储部件分区并且规定各区的安全等级的安全码;The special operating device under manual control includes at least a device for storing component partitions, which is used to store component partitions and specify the security codes of the security levels of each zone; 除了人工控制的特殊操作装置外,任何程序不能规定、改变存储部件分区和各区的安全等级的安全码。Except for the special operating devices controlled by humans, any program cannot specify or change the security codes of the storage unit partitions and the security levels of each area. 2.根据权利要求1的计算机系统,其特征在于,还包括:2. The computer system according to claim 1, further comprising: 安全码产生硬件装置,用于在访问指令/数据的存储单元时,由指令/数据的地址通过该装置自动地判断该指令/数据属于哪一个存储区,并且通过该装置赋予该指令/数据一个与该区安全码等级相同的安全码;The security code generates a hardware device, which is used to automatically determine which storage area the instruction/data belongs to by the address of the instruction/data when accessing the storage unit of the instruction/data, and to give the instruction/data a A security code with the same level as the security code in this area; 低安全等级的指令不能访问高安全等级的存储区,不能操作和运行高安全等级的数据和指令,否则产生中断;Instructions with a low security level cannot access storage areas with a high security level, and cannot operate and run data and instructions with a high security level, otherwise an interruption will occur; 输出端口限制输出码保存装置,用于保存各输出端口的限制输出码等级;The output port limited output code storage device is used to store the limited output code level of each output port; 3.根据权利要求1的计算机系统,其特征在于,其所述的人工控制装置至少还包括:3. The computer system according to claim 1, wherein said manual control device further comprises at least: 规定安全等级P装置,用于规定安全等级P;一般在计算机系统工作之前规定;没有规定的情况,其P为最低安全等级;低于P安全等级的指令,不能访问,操作和运行安全等级不同的指令和数据,否则产生中断;The device that specifies the security level P is used to specify the security level P; generally specified before the computer system works; if there is no regulation, its P is the lowest security level; instructions lower than the P security level cannot be accessed, and the operation and operation security levels are different instructions and data, otherwise an interrupt will be generated; 限制输出码赋予装置:用于把限制输出码赋予一组指令/数据,没有赋予过限制输出码的指令/数据的限制输出等级是最高限安全等级;Restricted output code assigning device: used to assign a restricted output code to a group of instructions/data, and the restricted output level of instructions/data that has not been assigned a restricted output code is the highest safety level; 输出端口限制输出码赋予装置:用于把″输出端口限制输出码″赋给指定的输出端口,保存在输出端口限制输出码保存装置中;输出端口限制输出码表示允许从该端口的输出的指令/数据的安全等级;输出端口限制输出码的等级至少包括两个等级;没有赋值过的输出端口的输出端口限制输出码的等级是最高限制输出等级;Output port restriction output code granting device: used to assign "output port restriction output code" to the specified output port, and save it in the output port restriction output code storage device; the output port restriction output code represents an instruction to allow the output from the port /data security level; the output port limit output code level includes at least two levels; the output port limit output code level of the output port that has not been assigned is the highest limit output level; 具有高于该输出端口限制输出等级的程序/数据不可以从该端口输出;Programs/data with an output level higher than the output port limit cannot be output from this port; 规定安全等级Q装置:用于规定Q的安全等级,没有规定的Q是最高安全等级;运行特殊操作装置的有关的特殊操作码的指令的安全等级必须是高于或者低于Q的等级,否则中断处理。Specified security level Q device: used to specify the security level of Q, the unspecified Q is the highest security level; the security level of the instruction of the special operation code related to the operation of the special operation device must be higher or lower than the level of Q, otherwise Interrupt handling.
CNB011109750A 2001-03-05 2001-03-05 A Computer System with Security Level Partition Isolation Expired - Lifetime CN1158610C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB011109750A CN1158610C (en) 2001-03-05 2001-03-05 A Computer System with Security Level Partition Isolation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB011109750A CN1158610C (en) 2001-03-05 2001-03-05 A Computer System with Security Level Partition Isolation

Publications (2)

Publication Number Publication Date
CN1373425A CN1373425A (en) 2002-10-09
CN1158610C true CN1158610C (en) 2004-07-21

Family

ID=4658858

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB011109750A Expired - Lifetime CN1158610C (en) 2001-03-05 2001-03-05 A Computer System with Security Level Partition Isolation

Country Status (1)

Country Link
CN (1) CN1158610C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950339B (en) * 2010-09-14 2012-01-25 上海置水软件技术有限公司 Security protection method and system of computer
US9530000B2 (en) * 2013-06-14 2016-12-27 Microsoft Technology Licensing, Llc Secure privilege level execution and access protection
CN103745140B (en) * 2014-02-10 2017-01-25 北京芯盈速腾电子科技有限责任公司 Program code protection method and device for microcontroller and other embedded systems
CN104657681B (en) * 2015-03-13 2018-11-06 深圳酷派技术有限公司 A kind of date storage method and device
CN107358129A (en) * 2016-05-09 2017-11-17 恩智浦美国有限公司 The data storage device and method of safety
CN106131072A (en) * 2016-08-28 2016-11-16 姜俊 A kind of computer information safe system

Also Published As

Publication number Publication date
CN1373425A (en) 2002-10-09

Similar Documents

Publication Publication Date Title
Lee et al. Occlumency: Privacy-preserving remote deep-learning inference using SGX
Graf et al. Xor filters: Faster and smaller than bloom and cuckoo filters
Wang et al. Oblivious data structures
CN1097772C (en) Method and apparatus for protecting application data in secure storage areas
Wang et al. Circuit oram: On tightness of the goldreich-ostrovsky lower bound
Piyachon et al. Efficient memory utilization on network processors for deep packet inspection
CN108121810A (en) A kind of data duplicate removal method, system, central server and distributed server
Tumeo et al. Aho-Corasick string matching on shared and distributed-memory parallel architectures
CN117688623A (en) A trusted computing chip based on blockchain
Liu et al. SecDeep: Secure and performant on-device deep learning inference framework for mobile and IoT devices
Islam et al. Confidential execution of deep learning inference at the untrusted edge with ARM TrustZone
Hsieh et al. A high-throughput DPI engine on GPU via algorithm/implementation co-optimization
Cong et al. Fast PGAS implementation of distributed graph algorithms
Lee et al. A hybrid CPU/GPU pattern-matching algorithm for deep packet inspection
Yu et al. Generalized external interaction with tamper-resistant hardware with bounded information leakage
Mandal et al. Data oblivious genome variants search on Intel SGX
CN1158610C (en) A Computer System with Security Level Partition Isolation
CN111538962A (en) Program control flow obfuscation method, system, storage medium, cloud server and application
Wawryn et al. Detection of anomalies in compiled computer program files inspired by immune mechanisms using a template method
Alam et al. Sgx-mr: Regulating dataflows for protecting access patterns of data-intensive sgx applications
CN105900065A (en) Method for pattern processing
Ho et al. Parallel multiple pattern matching schemes based on cuckoo filter for deep packet inspection on graphics processing units
Li et al. Strategies for practical hybrid attack graph generation and analysis
Hnaif et al. Multiprocessing scalable string matching algorithm for network intrusion detection system
Dhulavvagol et al. Scalable blockchain architecture: leveraging hybrid shard generation and data partitioning

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: GUANGDONG ELECTRONIC INDUSTRY INSTITUTE CO., LTD.

Free format text: FORMER OWNER: INST. OF COMPUTING TECHN. ACADEMIA SINICA

Effective date: 20061208

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20061208

Address after: 523808, Guangdong province Dongguan Songshan Lake Science and Technology Industrial Park productivity promotion base No. 10 building

Patentee after: Guangdong Electronic Industry Inst. Co., Ltd.

Address before: 100080 No. 6 South Road, Zhongguancun Academy of Sciences, Beijing, Haidian District

Patentee before: Institute of Computing Technology, Chinese Academy of Sciences

CX01 Expiry of patent term

Granted publication date: 20040721

CX01 Expiry of patent term