Unlock instant, AI-driven research and patent intelligence for your innovation.

Processing system call method and apparatus

A processing system and processing unit technology, applied in the direction of electrical digital data processing, instrument, platform integrity maintenance, etc., to achieve the effect of improving safety and enhancing isolation

Active Publication Date: 2018-07-03
HUAWEI TECH CO LTD
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On the other hand, the number of lines of code of the operating system is usually on the order of tens of millions of lines, so the operating system usually inevitably contains some loopholes, making the operating system a possible target of attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Processing system call method and apparatus
  • Processing system call method and apparatus
  • Processing system call method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The technical solutions in the embodiments of the present application are described below with reference to the accompanying drawings.

[0026] First, several related concepts involved in the embodiments of the present application are briefly introduced.

[0027] user mode and kernel mode

[0028] Since the resources of the operating system are limited, if there are too many operations to access resources, too many resources will inevitably be consumed. However, if these operations are not distinguished, it is likely to cause resource access conflicts. In order to reduce the access and use conflicts of limited resources, the Unix / Linux operating system assigns different execution levels to different operations, that is, the concept of "privilege". Programs with different privilege levels have different access capabilities to resources. For example, some particularly critical operations related to the system must be performed by the highest privileged program.

[002...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention disclose a processing system call method and apparatus, which can improve the security of an operation system. The method comprises the steps that a host kernel performs interception on system call needed to be executed by an application, and the intercepted system call is executed by a target virtual machine, wherein the target virtual machine and a host share the host kernel; and the host kernel judges the legality of the system call according to an executive result of executing the system call by the target virtual machine and a preset first policy.

Description

technical field [0001] The embodiments of the present application relate to the technical field of software, and more specifically, relate to a method and device for processing system calls. Background technique [0002] The operating system plays a very critical role in the system security of the computer. On the one hand, the security features provided by the operating system can be used to strengthen application security, isolate malicious applications, and detect intentional or unintentional illegal access of applications. On the other hand, the number of lines of code of an operating system is usually on the order of tens of millions of lines. Therefore, the operating system usually inevitably contains some loopholes, making the operating system an object that may be attacked. A common attack method is that an application in the user mode uses a system call to exploit the loopholes of the operating system to obtain higher permissions and then control the entire operati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53G06F21/57
CPCG06F21/53G06F21/57G06F21/1064
Inventor 李志夏虞斌陈庆澍
Owner HUAWEI TECH CO LTD