Process memory protecting method based on auxiliary virtualization technology for hardware

A hardware-assisted and virtualized technology, applied in the direction of preventing unauthorized use of memory, can solve problems such as system performance impact, and achieve the effect of protecting memory space

Inactive Publication Date: 2014-07-30
NANJING UNIV
View PDF2 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] There are two security issues involved in the processing of confidential information in the computer: the first point is the security issue stored in the external storage device; the second point is the security issue loaded into the memory
For example, the SP3 model proposes the concept of a protection domain. By setting the access rights of the protection domain to specified physical pages and combining encryption technology, the memory of the protected application is protected. The problem w

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Process memory protecting method based on auxiliary virtualization technology for hardware
  • Process memory protecting method based on auxiliary virtualization technology for hardware
  • Process memory protecting method based on auxiliary virtualization technology for hardware

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The advantages of the above and / or other aspects of the present invention will become more apparent as the present invention will be further described in conjunction with the accompanying drawings.

[0020] like figure 1 As shown, the process memory protection method based on hardware-assisted virtualization technology, using Intel VT (Virtualization Technology) technology to support virtualization hardware, realizes the security isolation of the process memory monitoring module and the operating system, and protects the protected process in the system The memory space is effectively protected. The invention prevents address modification attack by monitoring the modification of CR3 register and page table, and uses shadow page table mechanism and data execution protection technology to defend against code injection attack.

[0021] like figure 2 As shown, the flow of the process memory protection method based on hardware-assisted virtualization technology includes th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a process memory safety protecting method based on auxiliary virtualization for hardware. The method comprises the following steps: 1, loading a process memory monitoring module; step 2, informing the monitoring module during the starting of a protected process; step 3, creating an encrypted copy for a protected internal memory space of the protected process; step 4, realizing internal memory virtualization to a virtual machine system by using a shadow page table mechanism; step 5: acquiring rewritten operation and page fault abnormality of a CR3 register. The process memory safety protecting method provided by the invention has the advantages as follows: the monitoring module working at a Root stage is created to monitor page directories, page tables and modification of a page directory register in all processes so as to prevent any process except the protected process from visiting data in the memory space of the protected process, when the protected process is switched to a core state, a page in a user-mode space is replaced so as to prevent codes in a kernel mode from injection attacks, and a data execution prevention technology is used for setting the page of the data area of the protected process to be non-executable. Therefore, codes in the user mode are prevented from injection attacks.

Description

technical field [0001] The invention relates to a memory safety protection method, in particular to a memory safety protection method based on hardware-assisted virtualization technology for effectively protecting the memory safety of a protected process accessing confidential files. Background technique [0002] Computer security services include three aspects: confidentiality, integrity, and availability. Among them, confidentiality refers to the hiding of information or resources to prevent access by unauthorized users. Integrity refers to the trustworthiness of data or resources, that is, information cannot be modified without authorization. Integrity mainly includes two aspects: data integrity and software integrity. Data integrity means that the data stored in the computer system or the data in transmission on the network will not be illegally tampered with or accidentally destroyed, ensuring the integrity of the data as a whole. Integrity; and software integrity ref...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F12/14
Inventor 黄皓李佳瑶
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap