Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Linux kernel page table isolation-oriented function calling reconstruction method

A technology of kernel pages and functions, which is applied in the field of function call transformation for Linux kernel page table isolation, and can solve problems such as kernel module isolation schemes and inapplicable function call methods

Inactive Publication Date: 2017-09-22
NANJING UNIV
View PDF0 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Purpose of the invention: the technical problem to be solved by the present invention is that the function call mode of the original Linux kernel cannot be applied to the problem of the kernel module isolation scheme based on the invisibility of the memory page table, and proposes a function for Linux kernel page table isolation call retrofit method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Linux kernel page table isolation-oriented function calling reconstruction method
  • Linux kernel page table isolation-oriented function calling reconstruction method
  • Linux kernel page table isolation-oriented function calling reconstruction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0062] The present invention will be further described below in conjunction with the accompanying drawings.

[0063] The present invention proposes a method for transforming function calls aimed at Linux kernel page table isolation, by transforming the inter-module function calls of the Linux system to ensure that isolated modules can normally access codes and data of other modules in the kernel after isolation.

[0064] figure 1 It is a framework diagram of kernel isolation based on the invisibility of memory page tables, showing the execution process of a complete user space service request in this isolation environment. The specific steps are as follows:

[0065] Step 1, when the application sends out a service request related to the isolated module, it will be hooked into the isolated module process for execution;

[0066] Step 2, when the isolated module needs to access the code and data of other modules of the kernel, it does not directly call the original interface fun...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Linux kernel page table isolation-oriented function calling reconstruction method. Through kernel page table isolation, codes and data of isolated modules are singly mapped into physical address spaces controlled by a specific page table, and an access interval of the page table is controlled to realize isolation among the modules. The method is mainly used for reconstructing function calling manners among modules of Linux systems, so as to ensure that the isolated modules can normally access the codes and data of other modules in kernels. The method comprises the following steps of: (1) compiling a clang compiler plugin to obtain a function calling relational graph of the isolated modules; (2) compiling a search algorithm to search interface function calling points; (3) respectively realizing stub sub-modules and callback sub-modules in the isolated modules and kernels; (4) replacing an original interface function by a stub function at each calling point; and (5) redirecting a process control block to ensure the data consistency.

Description

technical field [0001] The invention belongs to the field of computer operating system safety, that is, a research on protecting the safety of a kernel module based on kernel module isolation, and relates to a method for transforming function calls aimed at Linux kernel page table isolation. Background technique [0002] With the development of technology, the Linux system has been widely used in all walks of life, including finance, insurance, government agencies and other industries with high security requirements. However, the Linux kernel is the most important part of the system. , its security has been criticized by people. There are many reasons for the low security of Linux. The most fundamental reason is that the design mode of its macro kernel enables each module in the kernel to access the entire kernel address space with the highest authority, so that the vulnerabilities of any module may spread to the kernel. other modules, eventually leading to the collapse of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 陈溯黄皓
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com