Research And Design Of Secure SoC Architecture And Key Technology Based On Dual-core Isolation

The security vulnerability of software itself is the root cause of unauthorized access to SoC security resources.Hardware security protection mechanism can effectively solve the traditional software layer security protection mechanism that can not effectively solve the protection of security resources.Therefore,this paper focuses on the research of the hardware architecture of secure SoC,under the guidance of the idea of security isolation,and proposes and designs a secure SoC architecture based on dual-core isolation,which implements the isolation and protection of security resources.The main research results of this paper are as follows:The core of secure SoC design is security isolation.Based on the policy separation security idea of Flask security architecture,this paper proposes a dual-core security framework for general computing and security control isolation based on Flask security architecture,and defines the hardware and software components of SoC system.In hardware layer,in order to implement double core security isolation,this paper designes a security isolation unit,which divides SoC resources into security zone and non-security zone,and designes an inter-core communication mechanism based on shared memory and an interrupt notification mechanism based on IPC.In the software layer,in order to construct the trusted execution environment,the trusted root of the duplex core is constructed by using the trusted computing idea.Based on the trust chain transfer model of the trusted root,this paper designs the security bootstrap and the dual-core software architecture.Shared memory is the only way to interact between a safe area and a non-safe area,the security of shared memory is the security foundation of dual-core communication.In order to protect the communication security of shared memory,this paper establishes four different security levels for different access processes of computing system,and designes a multi-level access control strategy,which implement the direct access control,the effective access control,integrity access control,and confidential access control of the process respectively.According to the multi-level access control strategy,this paper designes the security channel framework of dual-core communication,which has better flexibility and security.The initiative of security core is an important security characteristic of dual-core security SoC,and the active integrity monitoring mechanism is an important security mechanism to implement the integrity of system.In order to enhance the security of the computing system and make full use of the initiative of the security core,this paper designs a bus monitoring mechanism based on the security core from the viewpoint of system integrity,implements the static region integrity of the kernel from the hardware layer,which can resist transient attack.In order to make up for the shortage of bus monitoring,this paper proposes a dynamic integrity monitoring mechanism based on security core from the software layer on the basis of bus monitoring.The bus monitoring mechanism and the dynamic integrity monitoring mechanism are used to construct the integrity of the computing system.This paper designs the prototype system of dual-core secure SoC,builts the simulation platform based on the prototype system,and completes the verification and evaluation of dual-core secure SoC.The simulation platform verifies the security SoC functions such as security bootstrap,secure storage,secure DMA,security interrupt,inter-core communication,bus monitoring and so on.The evaluation results from the complexity and security and resource occupancy and performance,show that the dual-core SoC has lower design complexity,lower bus delay and higher security isolation,stronger integrity and confidentiality protection,higher anomaly detection ability,and also has the unique advantages of parallelism,real-time,initiative.Dual-core secure SoC improves the security protection capability of the system effectively,and has high speed parallel processing performance,high theoretical research value and wide application prospect.