Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and apparatus for processing system calls

A processing system and processing unit technology, applied in the direction of electrical digital data processing, instrument, platform integrity maintenance, etc., to achieve the effect of enhancing isolation and improving security

Active Publication Date: 2021-03-30
HUAWEI TECH CO LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

On the other hand, the number of lines of code of the operating system is usually on the order of tens of millions of lines, so the operating system usually inevitably contains some loopholes, making the operating system a possible target of attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for processing system calls
  • Method and apparatus for processing system calls
  • Method and apparatus for processing system calls

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The technical solutions in the embodiments of the present application are described below with reference to the accompanying drawings.

[0026] First, several related concepts involved in the embodiments of the present application are briefly introduced.

[0027] user mode and kernel mode

[0028] Since the resources of the operating system are limited, if there are too many operations to access resources, too many resources will inevitably be consumed. However, if these operations are not distinguished, it is likely to cause resource access conflicts. In order to reduce the access and use conflicts of limited resources, the Unix / Linux operating system assigns different execution levels to different operations, that is, the concept of "privilege". Programs with different privilege levels have different access capabilities to resources. For example, some particularly critical operations related to the system must be performed by the highest privileged program.

[002...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present application discloses a method and device for processing system calls, which can improve the security of the operating system. The method includes: the host kernel intercepts the system call that the application program needs to execute, and transfers the intercepted system call to the target virtual machine for execution, wherein the target virtual machine shares the host kernel with the host; the host kernel executes the system call according to the target virtual machine The execution result and the preset first strategy are used to judge the legitimacy of the system call.

Description

technical field [0001] The embodiments of the present application relate to the technical field of software, and more specifically, relate to a method and device for processing system calls. Background technique [0002] The operating system plays a very critical role in the system security of the computer. On the one hand, the security features provided by the operating system can be used to strengthen application security, isolate malicious applications, and detect intentional or unintentional illegal access of applications. On the other hand, the number of lines of code of an operating system is usually on the order of tens of millions of lines. Therefore, the operating system usually inevitably contains some loopholes, making the operating system an object that may be attacked. A common attack method is that an application in the user mode uses a system call to exploit the loopholes of the operating system to obtain higher permissions and then control the entire operati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F21/57
CPCG06F21/53G06F21/57G06F21/1064
Inventor 李志夏虞斌陈庆澍
Owner HUAWEI TECH CO LTD