Security isolation method for modules in ARM platform

A security isolation and platform technology, applied in the direction of platform integrity maintenance, internal/peripheral computer component protection, etc., can solve the problems of Linux system implementation differences and inapplicability, and achieve the effect of improving safety reliability and ensuring reliability and stability

Inactive Publication Date: 2017-09-22
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF1 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, unlike the traditional x86 architecture, the ARM architecture, especially the ARMv8 architecture, has different hardware characteristics, resulting in considerable differences in the implementation of architecture-specific Linux systems.
Most security isolation mechanisms based on the x86 architecture rely on x86 hardware attributes and are not suitable for security isolation of the ARM architecture

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security isolation method for modules in ARM platform
  • Security isolation method for modules in ARM platform
  • Security isolation method for modules in ARM platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

[0027] The present invention is a solution based on the Linux system. The names of the existing system calls, structures and functions involved are all customarily used in English in this field. Confused; and these names have specific meanings in the Linux system, and technicians can clarify the content represented by each name without misunderstanding. Therefore existing in the Linux system involved in the present invention, the name that does not have recognized Chinese translation all uses English expression.

[0028] The present invention provides a module safety isolation method on an ARM platform, the steps of which are:

[0029] 1) According to the virtual memory layout, the Linux kernel space is divided to isolate the virtual address space, and the L...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a security isolation method for modules in an ARM platform. The method comprises the steps of dividing a Linux kernel space into a trusted kernel space and a non-trusted space, wherein a Linux kernel runs in the trusted kernel space, and the isolated modules run in the non-trusted space; and switching the trusted kernel space to the non-trusted space through a Hypervisor Monitor of an EL2 privilege layer, and when the non-trusted space is switched to the trusted kernel space, switching the non-trusted space to the trusted kernel space by enabling a Trampoline to fall into the Hypervisor Monitor through the trampoline of an EL1 privilege layer. According to the method, by virtue of ARM hardware characteristics, the non-trusted modules are limited more securely and efficiently, thereby ensuring the reliability and stability of a Linux system.

Description

technical field [0001] The invention relates to the technical field of computer operating system memory security, in particular to a module security isolation method on an ARM platform. Background technique [0002] For a long time, computer memory security has been the foundation of computer operating system security. Data information stored in computer memory includes sensitive content, including code information and operating system data. Data information in the memory needs to be protected from malicious theft or tampering. [0003] For example, the driver module in the Linux system. A faulty Linux device driver may cause harm to the entire Linux system. The Linux device driver is the interface between the software system and the hardware device. It converts the software device request command into a specific device control command, so that the device in Linux can operate normally and be used by the Linux user program. On the other hand, the device driver notifies th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/80G06F21/57
CPCG06F21/80G06F21/57
Inventor 涂碧波魏炜
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap