Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for protecting safety of dual-system shared memory data

A shared memory and data security technology, applied in the field of data interaction, can solve problems such as data leakage and lack of data security, and achieve the effect of protecting security and preventing data leakage

Pending Publication Date: 2019-05-21
XIAMEN YAXON NETWORKS CO LTD
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, because the shared memory in the existing dual system can be accessed by the processes connected to it, the data stored in it will lack security.
Therefore, it is necessary to propose a method that can solve the problem of data leakage due to the fact that there is only one shared memory, and multiple customers may simultaneously read and write to this shared memory, so as to protect the security of the data in the shared memory.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for protecting safety of dual-system shared memory data
  • Method and system for protecting safety of dual-system shared memory data
  • Method and system for protecting safety of dual-system shared memory data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0088] Please refer to figure 2 and image 3 , this embodiment provides a method for protecting the data security of the shared memory of dual systems, which can effectively prevent other client programs from reading the data in the shared memory, thereby ensuring the security of the data in the shared memory during the communication process.

[0089] This embodiment is based on figure 2 The data communication model of the two systems shown is realized. Call the server system call interface (GPTEE Internal API) through the server program of the security operating system, call the client system call interface (GPTEE Client API) through the client program of the ordinary operating system, and pass the underlying ordinary communication driver of the ordinary operating system ( doscom-driver) and the underlying security communication driver (tee-driver) of the security operating system to communicate data.

[0090] The shared memory in this embodiment physically reflects a co...

Embodiment 2

[0115] This embodiment provides a specific application scenario based on the first embodiment. The application scenario is that the client A requests the server A to encrypt data.

[0116] Specifically, the following steps may be included:

[0117] 1. Client A enters the doscom-driver area through the GPTEE Client API interface (assuming that the shared memory is idle at this time);

[0118] 2. Client A obtains the exclusive right to shared memory;

[0119] 3. Client A clears the shared memory data;

[0120] 4. Client A encapsulates the data that needs to be sent to server A, and copies the encapsulated data to the shared memory area;

[0121] 5. The processor switches to the safe operating system to run, and the client enters dormancy and waits;

[0122] 6. The security operating system notifies the tee-driver to read the shared memory data;

[0123] 7. tee-driver reads shared memory data and parses the data;

[0124] 8. tee-driver sends the parsed data to server A;

[...

Embodiment 3

[0133] This embodiment is further expanded on the basis of the first embodiment, and provides a data interaction method based on the shared memory of the dual systems to solve the problem of how to coordinate the dual systems and protect data in the shared memory by using the shared memory for communication between the two systems. This embodiment can not only effectively prevent other client programs from reading data in the shared memory, but also coordinate multiple clients and two operating systems to perform orderly operations on shared memory processes.

[0134] This embodiment is also based on figure 2 The data communication model of the two systems shown is realized.

[0135] Simultaneously combine image 3 , the specific data interaction process is as follows:

[0136] S1: preset a fast interrupt and its corresponding fast interrupt processing program, a normal interrupt and its corresponding normal interrupt processing program, the fast interrupt processing progra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and system for protecting safety of shared memory data of double systems. The method comprises the steps of a client in a common operating system obtaining exclusive right of a shared memory in a non-use state; copying data to be sent to a server in a secure operating system by the client to a shared memory; the secure operating system reading the data from the shared memory and sending the data to the server; copying feedback data obtained by correspondingly processing the data by the server to a shared memory; the client reading the feedback data from the shared memory; and clearing the data in the shared memory, and releasing the exclusive right. The data in the shared memory is read and written in a mutually exclusive exclusive manner, and the data is cleared after the shared memory is read and written, so that the security of the data in the shared memory is ensured.

Description

technical field [0001] The invention relates to the field of data interaction, in particular to a method and system for protecting data security of shared memory of dual systems. Background technique [0002] Trustzone technology is a security extension function of the ARM processor. This technology can divide the processor core into two virtual cores: one is a security virtual core and the other is a normal virtual core; at the same time, it can divide the devices on the processor into Two states: safe state device and non-safe state device. An operating system can run on each of the two virtual cores. An operating system running under a secure virtual core is called a secure operating system, and an operating system running on a non-secure virtual core is called a normal operating system. Ordinary operating systems are rich in content and can run many applications, such as linux or Android systems. The secure operating system can access all resources on the processor, w...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/48G06F9/54
CPCY02D10/00
Inventor 刘炯钟牛方超池炜宾杨岸蔡江为
Owner XIAMEN YAXON NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com