Virtualized operating system kernel protection method
An operating system and virtualization technology, which is applied in the field of virtualized operating system kernel protection, can solve problems such as operating system kernel security issues, and achieve the effects of universality, high safety factor, and reduced overhead
Active Publication Date: 2020-07-10
SHANGHAI TRUSTKERNEL INFORMATION TECH CO LTD
View PDF11 Cites 8 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] The purpose of the present invention is to provide a virtualized operating system kernel protection method in ord
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0043] The present embodiment provides a virtualization-based operating system kernel protection method in an ARM platform, the method mainly comprising:
[0044] 1. Use virtualization technology to establish address space isolation between the operating system kernel and the virtual machine monitor running at privilege level 2 (ARM v8 corresponds to Execption Level 2, referred to as EL2 level, and ARM v7 corresponds to hyp mode), hereinafter referred to as running The hypervisor at the EL2 level is the Trusted Virtualized Execution Environment (THEE) and keeps the address space of THEE invisible to the operating system kernel.
[0045] 2. Make the operating system kernel unable to execute unauthorized code, and cannot access unauthorized data and registers, and protect sensitive memory segment permission configuration.
[0046] 3. Transparency of the operating system kernel's access to and execution of key kernel data to ensure the integrity of key data.
[0047] in particul...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a virtualization-based operating system kernel protection method, and the method comprises the following steps: isolating a virtual machine monitor from an operating system kernel address space by using a virtualization technology of a memory management unit, and keeping the address space of the virtual machine monitor invisible to an operating system kernel; enabling an operating system kernel not to execute unauthorized codes and not to access unauthorized data and registers, and protecting sensitive memory segment permission configuration; and enabling the access and executing operations of the kernel of the operating system on the kernel key data to be transparent, so the integrity of the kernel key data is ensured. Compared with the prior art, the method has the advantages that the kernel of the operating system safely depends on a safety environment such as a virtual machine monitor, the safety of the kernel of the operating system is effectively improved, the scheme is universal, and the influence on the performance of the system is small.
Description
technical field [0001] The invention relates to the technical field of mobile platform security, in particular to a virtualized operating system kernel protection method. Background technique [0002] The security of the Android system is very critical. The Android system using the Linux kernel has been deployed and used in billions of smart devices. It is applied in extremely rich scenarios and carries many digital assets. The security of the Android system has become extremely critical. [0003] The current operating system kernel inevitably has loopholes. The operating system has become a project of tens of millions of lines of code. The higher the complexity of a system, the larger the attack surface. As a trusted computing base (Trusted Computing Base, TCB) in the security model, if the operating system is compromised, it will threaten the security of the entire system. For example, since the operating system has the highest privilege, attackers can use the vulnerab...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): G06F21/53G06F21/12
CPCG06F21/53G06F21/126G06F2221/034Y02D10/00
Inventor 利文浩刘旭朋李子男梁凉
Owner SHANGHAI TRUSTKERNEL INFORMATION TECH CO LTD