Method for preventing illegal transferring of interruption procedures of operating system

An operating system and process technology, which is applied in the field of computer science and malware protection to prevent attacks and ensure security.

Inactive Publication Date: 2012-06-20
XIDIAN UNIV
View PDF3 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the protection of the operating system interrupt process is a very difficult problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing illegal transferring of interruption procedures of operating system
  • Method for preventing illegal transferring of interruption procedures of operating system
  • Method for preventing illegal transferring of interruption procedures of operating system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The principle of the present invention is as figure 1 shown. It is implemented based on virtual machine manager technology, and the operating system needs to be run on the virtual machine manager during specific implementation. A virtual machine manager, also known as a hypervisor, is a hardware virtualization technology that allows multiple clients to run on a computer host at the same time. The virtual machine manager is essentially a virtual layer introduced between the computer hardware and the operating system. It can provide an independent operating environment for each operating system, shield the dynamics, distribution, and heterogeneity of the hardware platform, and support hardware resources. sharing and multiplexing, and provide each client with an exclusive, independent and isolated operating environment. After the introduction of the virtual machine manager, the operating system no longer has the highest authority of the host, and all access to computer h...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for preventing illegal transferring of interruption procedures of an operating system, which mainly solves the problem that illegal transferring of the interruption procedures of the operating system by attackers cannot be prevented in the prior art. The method for preventing illegal transferring includes steps of modifying the interruption procedures of the operating system, transmitting specific information to a virtual machine manager when the interruption starts and stops; and modifying the virtual machine manager. When the virtual machine manager receives information of interruption starting, values of a CS (client / server) and an IP (internet protocol) register on current stacks of the operating system can be stored into an FILO (first in later out) array; when the virtual machine manager receives information of interruption stopping, the values of the CS and the IP register stored at the head of the FILO array can be extracted to be compared with the values on the current stacks of the operating system, if the values of the CS and the IP register are different from those of the current stacks of the operating system, execution of the operating system is stopped so as to prevent illegal transferring of the attackers. By the aid of the virtual machine manager, control data in interruption context are protected, so that the attackers cannot transfer the executive procedures of the operating system by distorting the control data, and the method can be used for protecting safety of the operating system.

Description

technical field [0001] The invention belongs to the field of computer science and technology, and relates to the protection of malicious software, in particular to a method based on a virtual machine manager to prevent illegal transfer of an operating system interruption process, which can be used to protect the safety of the operating system. Background technique [0002] The attack based on the execution process is a typical attack method adopted by contemporary hackers. It illegally transfers the original execution flow of the program at a certain key point, jumps to the attacker's own malicious code, or "abuses" the original code fragments according to the order carefully selected by the attacker, to achieve malicious The purpose of the attack. [0003] In order to divert the original execution process, the attacker needs to rewrite certain control data in the system. The so-called control data refers to the data loaded into the CPU program counter at a certain point i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F9/48G06F21/50
Inventor 李金库谢琨马建峰
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap