Design scheme of message service module supporting kernel module isolation

A message service and kernel module technology, applied in the direction of platform integrity maintenance, etc., can solve problems such as insufficient security and inability of different modules to interact directly.

Inactive Publication Date: 2018-11-23
NANJING UNIV
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Purpose of the invention: the technical problem to be solved by the present invention is a new kernel module isolation scheme based on the invisibility of the memory page table used for the insufficient security of the current Linux operating system, thus causing the problem that different modules cannot directly interact , a design scheme is proposed to allow the normal exchange of information between different isolated modules

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Design scheme of message service module supporting kernel module isolation
  • Design scheme of message service module supporting kernel module isolation
  • Design scheme of message service module supporting kernel module isolation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0054] The present invention proposes a design scheme of a message service module that supports kernel module isolation. After isolating the divisible modules in the kernel by using the invisible rows of the memory page table, a bridge between the isolated modules is established, so that different modules It is possible to interact with each other otherwise impossible.

[0055] Such as figure 1 As shown, the kernel of the current Linux operating system is designed to be composed of several logically different modules, but these modules all share the same address space of the kernel and have the same privileges. A general-purpose operating system will include the most basic modules of process management, memory management, and file system. It can be seen from the figure that the modules not only maintain their independence, but also interact with other...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a design scheme of a message service module supporting kernel module isolation. Kernel module isolation is used to isolate partitionable modules of a kernel by using the invisibility of a memory page table, so that different modules can not directly interact with one another, it is ensured that the impact of attacks on one module in the kernel can not spread to other modules. The invention mainly provides service for normal interaction among modules after isolation, two interaction points are included: firstly, different system calls are distributed to corresponding kernel modules through messages; secondly, the function calls among different modules must use message service to complete information exchange. The main innovations of the invention are as follows: 1) adecoupling kernel module provides a method for completing the interaction among the decoupling modules by means of a message service module; 2) a message management mechanism is designed; 3) an inter-process synchronization mechanism Msglock is designed for message management; and 4) a message notification mechanism is designed for a message receiver.

Description

technical field [0001] The invention belongs to the field of computer operating system safety, that is, a research on protecting the safety of a kernel module based on kernel module isolation, and relates to a design scheme of a message service module supporting kernel module isolation. Background technique [0002] Linux is considered to have better security and extended features compared to Windows. With the maturity of the Linux system, there are more and more applications running on Linux. It has been widely used in insurance, finance, securities, telecommunications and other industries. More and more people start to use the Linux system as their daily life. Use the system. With the increase in the amount of Linux applications, its security has gradually attracted the attention of some hackers, and there are more and more attacks on the Linux system kernel. [0003] A typical kernel attack method is to insert a Trojan horse into a kernel module and hide it. The attack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/57
Inventor 陈叶黄皓赵冠军
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap