Shared library isolation protection method and system based on hardware virtualization technology

A hardware virtualization and isolation protection technology, applied in the isolation field in system security research, can solve problems such as high overhead and poor generality, and achieve the effects of low overhead, good generality, and good generality

Active Publication Date: 2017-08-29
HUAZHONG UNIV OF SCI & TECH
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above defects or improvement needs of the prior art, the present invention provides a shared library isolation and protection method and system based on hardware virtualization technology, the purpose of which is to solve the high overhead and poor versatility existing in the existing isolation method question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Shared library isolation protection method and system based on hardware virtualization technology
  • Shared library isolation protection method and system based on hardware virtualization technology
  • Shared library isolation protection method and system based on hardware virtualization technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042]In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0043] The ultimate goal of the present invention is to realize a shared library isolation and protection system based on hardware virtualization technology, so as to prevent attackers from using application loopholes to execute shared library codes or access shared library data at will. A specific implementation scheme based on the KVM virtualization platform of the present invention is given...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a shared library isolation protection method based on the hardware virtualization technology. The method includes a novel application address space model is provided, and the memory mapping relationship between an application and a shared library can be more accurately and clearly described; according to the address space model, an isolation mechanism based on the hardware virtualization technology is provided, and the shared library can be efficiently placed in the other isolated address space; an isolated address space interactive control mechanism is provided, the address space is switched when the shared library is in normal interaction with other modules, and at the same time, malicious code execution and data access behaviors occurring during the operation of the shared library are detected. Accordingly, a corresponding system is also provided. The method is suitable for safety isolation and protection of a series of standard and commercial shared libraries, and can avoid the security threats caused by application vulnerabilities to the shared libraries.

Description

technical field [0001] The invention belongs to the technical field of isolation in system security research, and more specifically relates to a shared library isolation protection method and system based on hardware virtualization technology. Background technique [0002] In modern operating systems, the dynamic link library is loaded into the address space when the program starts or runs and provides function interface services. This approach provides a dynamic and isolated approach to code reuse. Compared with the static linking method, this method is easier to use and more efficient because it does not increase the size of the binary file and is independent of the application. Modern operating systems provide mandatory memory isolation mechanisms for user space and kernel space to ensure the security of kernel code and data. However, there is no similar security mechanism in user space. All shared libraries and applications are in the same address space, and the secur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455G06F9/46G06F21/52G06F21/56
CPCG06F9/45558G06F9/461G06F21/52G06F21/566G06F2009/45587
Inventor 金海代炜琦曹涌邹德清
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap