Abstract: A security architecture system includes a plurality of subsystems. The plurality of subsystems include a secure element subsystem. A first subsystem of the plurality of subsystems includes a trusted computing platform that has a trusted platform control module. The first subsystem is configured to, for a running object in one or more subsystems other than the first subsystem in the plurality of subsystems, use the trusted platform control module to perform security measurement on the running object based on a measurement strategy and a measurement benchmark value to obtain a measurement result. The measurement result is used to control a running state of the running object in one or more subsystems other than the first subsystem in the plurality of subsystems.

Abstract: A microprocessor comprising a cryptographic engine and a controller. The controller is connected to the cryptographic engine and configured to receive a plurality of access requests from a plurality of execution environments, respectively and respond to one of the plurality of access requests and instruct the cryptographic engine to execute a cryptographic algorithm.

Abstract: A microprocessor includes a cryptographic engine and a controller. The cryptographic engine is configured to execute a cryptographic algorithm. The controller is connected to the cryptographic engine. The controller is configured to receive an access request from a first execution environment. The access request accesses the cryptographic engine to execute the cryptographic algorithm. The access request includes at least identification information. The identification information indicates that the access request is from the first execution environment. The first execution environment is an execution environment of a number N execution environments. N is an integer greater than or equal to 1. The controller is further configured to, based on the identification information, instruct the cryptographic engine to execute the cryptographic algorithm that needs to be executed required by the access request.

Abstract: A microprocessor includes a cryptographic engine, M buffer units, and a controller. The cryptographic engine is configured to execute cryptographic algorithms. The M buffer units are configured to cache data required by an access request of a corresponding execution environment. M is an integer greater than or equal to 1. The controller is connected to the cryptographic engine and the M buffer units. The controller is configured to receive the access request from a first execution environment and instruct the cryptographic engine to execute the cryptographic algorithm requested by the access request using the required data cached by the buffer unit corresponding to the first execution environment from which the access request comes. The access request is used to access the cryptographic engine to execute a cryptographic algorithm. The first execution environment is one execution environment among N execution environments. N is an integer greater than or equal to 1.

Abstract: A method and a device for securing a cache against side channel attacks are provided. An allocator identifier ALLOCATOR field is added to each cache entry in the present disclosure. Whenever an entry is allocated in the cache, the identifier of the software domain currently running on the processor is filled into the ALLOCATOR field of the allocation entry. When accessing the cache, the cache entry can be hit only if the identifier of the software domain currently running on the processor is identical to the ALLOCATOR field in the cache entry. If the cache entry to be replaced is invalid or its ALLOCATOR field is identical to the identifier of the software domain currently running on the processor, then the existing entry in the cache is replaced directly; otherwise, the entire cache is emptied.

Abstract: A method and a device for securing a cache against side channel attacks are provided. An allocator identifier ALLOCATOR field is added to each cache entry in the present disclosure. Whenever an entry is allocated in the cache, the identifier of the software domain currently running on the processor is filled into the ALLOCATOR field of the allocation entry. When accessing the cache, the cache entry can be hit only if the identifier of the software domain currently running on the processor is identical to the ALLOCATOR field in the cache entry. If the cache entry to be replaced is invalid or its ALLOCATOR field is identical to the identifier of the software domain currently running on the processor, then the existing entry in the cache is replaced directly; otherwise, the entire cache is emptied.