Method and device for detecting errors of kernel extension module on basis of access rule control

An expansion module and error detection technology, applied in the field of computer security protection, can solve problems such as difficult deployment, and achieve the effects of improving security, reducing losses, and reducing workload

Inactive Publication Date: 2013-04-17
TSINGHUA UNIV
View PDF2 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Usually, the security of the kernel extension module often depends on the developer's compliance with the development specification, and requires repeated testing and audit analysis, which have high requirements for the ability and professionalism of the program developer, and at the same time Deployment is also very difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting errors of kernel extension module on basis of access rule control
  • Method and device for detecting errors of kernel extension module on basis of access rule control

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] A kernel extension module error detection method based on access rule control, mainly comprising the following steps:

[0032] S1. Set kernel function usage rules for the kernel extension module; the usage rules can be established rules, or some specific rules customized by some organizations or system owners that are not directly related to the established rules; for example, in the Linux operating system Spin locks are used to ensure mutually exclusive access to critical sections. There are two types of operations in the interface functions: locking and unlocking. Among them, "spin locks cannot be unlocked before they are locked" is a kernel extension about spin locks. The kernel function usage rules of the module; similarly, it is also a usage rule that the kernel cannot be used again after being released; it is even a reasonable usage rule that the kernel must be cleared before the first use.

[0033] In this embodiment, the spin lock is taken as an example for illu...

Embodiment 2

[0053] The present invention also provides a device according to the access rule control-based kernel extension module error detection method described in Embodiment 1, such as figure 2 As shown in : including usage rule library, marking instrumentation unit and dynamic detector respectively connected with the kernel extension module to be detected; the usage rule library contains kernel function usage rules related to the kernel extension module, and the marking insertion unit is used according to the Adding an instrumentation mark to the necessary interface found by the usage rules in the usage rule base, the dynamic detector monitors the running state of the kernel extension module in real time according to the insertion flag, and transfers the kernel extension module to an unsafe state alert the operating system kernel.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of computer security protection, in particular to a method and a device for detecting errors of a kernel extension module on the basis of access rule control. The method for detecting the errors includes steps of S1, setting use rules of a kernel function for the kernel extension module; S2, analyzing the dependency among the use rules and the kernel extension module and creating a state transition diaphragm according to the dependency; S3, adding instrumentation marks in the kernel extension module according to transition conditions in the state transition diaphragm; and S4, triggering detection executed according to the use rules when the kernel extension module is operated to the instrumentation marks. The method and the device have the advantages that whether an operating procedure of the kernel extension module has insecurity factors or not can be accurately detected in real time, the security of a kernel of an operating system can be improved, unnecessary loss is reduced, and workload of programmers is reduced.

Description

technical field [0001] The invention relates to the technical field of computer security protection, in particular to an error detection method and device for a kernel extension module based on access rule control. Background technique [0002] In a general-purpose operating system, the kernel extension module runs in the kernel state, can access almost all computer system resources, and has very high permissions. Therefore, the security of the kernel extension module directly affects the security of the operating system. [0003] At the same time, since the kernel extension module can be added and deleted arbitrarily, the operating system uses the kernel extension module extensively to realize various functions. In the Linux operating system, the device driver whose code volume accounts for about 70% of the total operating system code runs as a kernel extension module. However, the kernel extension module may have relatively large security risks. Therefore, improving the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 胡事民刘虎球马超
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap