Virtual hardware characteristic-based system and method for efficiently isolating kernel modules

A kernel module and hardware feature technology, applied in the field of malicious kernel module prevention mechanism, can solve the problems of virtual machine subsidence, large performance overhead, etc., and achieve the effect of reducing performance loss

Inactive Publication Date: 2016-12-07
SHANGHAI JIAO TONG UNIV
View PDF4 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In theory, we can operate the memory allocation in the client by operating EPT (that is, changing the mapping between GPA and HPA), but in normal mode, modifying the mapping relationship of addresses in EPT is performed by the virtual machine monitor VMM For operation, switching between different EPTPs in the virtual machine will cause the virtual machine to sink, resulting in relatively large performance overhead

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtual hardware characteristic-based system and method for efficiently isolating kernel modules
  • Virtual hardware characteristic-based system and method for efficiently isolating kernel modules
  • Virtual hardware characteristic-based system and method for efficiently isolating kernel modules

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be described in detail below in conjunction with specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that those skilled in the art can make several changes and improvements without departing from the concept of the present invention. These all belong to the protection scope of the present invention.

[0053] In particular, the present invention provides a system for efficiently isolating kernel modules based on virtualization hardware characteristics, which belongs to the field of cloud computing platform system security technology, and realizes the isolation of untrustworthy kernel module contexts. Safe and efficient switching of hardware features. The present invention utilizes the hardware features provided in the Intel server hardware virtualization extension to design a safe and efficient strong...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a virtual hardware characteristic-based system and method for efficiently isolating kernel modules. According to the system and method, a secure and efficient strong isolation mechanism aiming at incredible kernel modules is designed, so that the present requirements for the security and functionality can be satisfied. Compared with the existing solutions, the system and method has better performance, stronger isolation and higher backward compatibility. The designed mechanism is easy to deploy in the present mainstream cloud computing platforms, so that considerable social benefit and economic benefit can be provided. In the mechanism, when the incredible kernel modules need to call functions of kernel cores or the kernel cores need to call functions in the incredible kernel modules, a secure and efficient virtual hardware characteristic-based control flow transformation mechanism is established, so that more attack surfaces are not exposed in the switching.

Description

technical field [0001] The invention belongs to the technical field of cloud computing platform system security, and specifically relates to a safe and efficient malicious kernel module prevention mechanism capable of finding a balance between security and performance. Background technique [0002] At first the technical terms involved in the present invention are explained: [0003] Kernel - all code and data running in kernel mode [0004] Kernel core - included in the kernel file, the code and data loaded into the kernel state when the system starts [0005] Kernel module - independent of the kernel file, code and data dynamically inserted into the kernel state during system operation [0006] During the running of the system, the code and data running in the kernel mode are composed of the kernel core and the kernel module. [0007] In cloud computing platforms, virtualization technology is usually used to efficiently integrate servers and improve the utilization of h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53G06F21/74
CPCG06F21/53G06F21/74
Inventor 刘宇涛陈海波夏虞斌臧斌宇
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap