Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Starting method, method and device for generating kernel image

A technology of a kernel image and a boot device, applied in the field of boot, can solve the problems of the kernel being vulnerable to attacks and the inability to effectively guarantee the security of the kernel, and achieve the effect of ensuring security

Active Publication Date: 2021-05-07
BANMA ZHIXING NETWORK HONGKONG CO LTD
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The embodiment of the present application provides a startup method and device to solve the problem that the existing kernel startup technology causes the kernel to be vulnerable to attacks and cannot effectively guarantee the security of the kernel

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Starting method, method and device for generating kernel image
  • Starting method, method and device for generating kernel image
  • Starting method, method and device for generating kernel image

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0188] In this embodiment, the size of each sub-area in the kernel loading space is dynamically adjusted during the process of copying kernel image fragments. Specifically include steps 301-1 to 301-7 as shown below, combined below Figure 5 for further clarification.

[0189] Step 301-1. Determine the number of kernel image segments and the start and end identifiers of each kernel image segment.

[0190] For the embodiment that obtains the kernel image fragmentation according to the static fragmentation only, this step can determine the kernel image fragmentation according to the static fragmentation, that is: the number of static fragmentation and the start and end fragmentation of each static fragmentation .

[0191] As mentioned earlier, there are different ways to add static fragments to the link script used to control the generation of kernel images. For example, you can add a pair for each static fragment to identify the start and end The static fragment of the addre...

Embodiment approach 2

[0212] In this embodiment, each kernel image segment corresponding to the kernel image segment is copied to different sub-areas that have been evenly divided in advance. The specific implementation can be as follows: determine the number of kernel image fragments and the start and end fragment symbols of each kernel image fragment; divide the kernel image loading space into a corresponding number of sub-regions according to the number of kernel image fragments ; Randomly copy the code and / or data contained in different kernel image fragments to different sub-regions of the division according to the corresponding start and end fragments. Wherein, when dividing a corresponding number of sub-regions, different strategies may be adopted, for example, uniform division may be used.

[0213] During specific implementation, the kernel image fragments can be selected sequentially according to the order in the kernel image, and the code and / or data contained in it can be copied to diffe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application discloses a starting method and device, a method and a device for starting a kernel, and a method and a device for generating a kernel image. The startup method includes: copying each kernel image fragment corresponding to the kernel image to different sub-areas of the kernel image loading space; and relocating the kernel image fragments to start the kernel. Using the above method, the code and data in the kernel are randomly distributed in the kernel image loading space in units of fragments, thereby realizing the fragmentation of the kernel address, even if an attacker obtains a kernel image through a kernel address leakage vulnerability The relative offset of the shards also cannot calculate the location of other shards, which greatly increases the difficulty for attackers to read and modify the kernel, thus ensuring the security of the kernel more effectively.

Description

technical field [0001] The present application relates to start-up technology, in particular to a start-up method and device. The present application also relates to a method and a device for starting a kernel, and a method and a device for generating a kernel image. Background technique [0002] Usually, the startup process of the kernel includes: 1) hardware startup and initialization; 2) copying the kernel image to a designated memory area (this process is also called loading the kernel image); 3) these three steps of kernel startup. The address where the kernel loads the kernel image into the memory during the startup process is usually fixed. It is easy for an attacker to obtain the absolute address of the specified code or data in the kernel by analyzing the kernel image, and then damage the system through kernel vulnerabilities. Safety. [0003] With the emergence of address space layout randomization (Address space layout randomization, referred to as ASLR) technol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/445
CPCG06F9/44505G06F9/44521
Inventor 裘绍翔李丹张智宇许来光
Owner BANMA ZHIXING NETWORK HONGKONG CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products