Process address space isolation protection method and device in operating system, equipment

An address space and operating system technology, applied in the field of the Internet of Things, can solve problems such as process address space isolation protection

Active Publication Date: 2020-11-10
PEKING UNIV +1
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current IoT operating system does not use the memory protection function to isolate and protect the process address space.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Process address space isolation protection method and device in operating system, equipment
  • Process address space isolation protection method and device in operating system, equipment
  • Process address space isolation protection method and device in operating system, equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0077] This embodiment is implemented on Kanzhi K210, which is a chip based on RISC-V64-bit architecture, and implements a memory protection unit PMP for each CPU core.

[0078] image 3It is a schematic diagram of the device module of Embodiment 1 of the present application, wherein the SYSTEM_ADDR_Table table in the recording module 100 includes PROCESS_ID, PROCESS_ADDR_Count, PROCESS_ADDR_Cfg [N] and PROCESS_Address [N], PROCESS_ADDR_Cfg and PROCESS_Address form a protection entry corresponding to PMPentry one by one, For example, the protection entry composed of PROCESS_ADDR_Cfg[0] and PROCESS_Address[0] corresponds to MPUentry0, and so on. The length N of the configuration array and the address array is 16, each element of the configuration array is 8 bits, and each element of the address array is 64 bits. Among them, PROCESS_Address[0] ~ PROCESS_Address[15] are mapped one by one with the PMP address register pmpaddr[0]~pmpaddr[15]. And PROCESS_ADDR_Cfg[0]~ PROCESS_ADDR...

Embodiment 2

[0105] STM32F4Discovery is a development board based on ARM 32-bit architecture. The memory protection unit MPU (Memory Protection Unit) is implemented on STM32F4Discovery. Figure 5 It is a schematic diagram of the device module of Embodiment 2 of the present invention. Such as figure 2 As shown, the isolation protection device 10 provided by the present invention can be easily integrated into the embedded system of the STM32 series.

[0106] In the first module, the system address space protection table unit is included. The SYSTEM_ADDR_Table table in the recording module 100 includes the memory address space configuration array and address array of each process. The length N of the configuration array and address array is 8, corresponding to 8 MPUs. Region configuration information, each protection entry of the process corresponds to a region of the MPU, for example, the protection entry composed of PROCESS_ADDR_Cfg[0] and PROCESS_Address[0] corresponds to the MPUregion[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a process address space isolation protection method and device in an operating system and Internet of Things equipment. The device comprises a recording module used for constructing an address space protection table in advance, wherein accessible memory address spaces and access permissions of all processes in a current operating system are stored in the address space protection table; and a configuration module used for configuring a memory protection unit of the processor according to the address space protection table so as to carry out isolation protection on the process address spaces in the operating system. The device can be quickly added into an operation system oriented to the Internet of Things, memory address spaces allowed to be accessed by each user program is limited on the basis of not influencing operation of an application program, and isolation protection of the memory address spaces of each user process in the operation system of the Internet of Things is realized.

Description

technical field [0001] The present application relates to the technical field of the Internet of Things, in particular to a process address space isolation protection method and device in an operating system, and an Internet of Things device. Background technique [0002] With the increasing number of IoT devices and gradually penetrate into various fields, such as the Internet of Vehicles, smart home and industrial control and other fields. On-device security protection is particularly important, especially for operating systems running on IoT devices. How to ensure the security of the IoT operating system and the applications running on it is the basis of IoT security. [0003] The operating system is generally considered to be trusted, while most user programs are not. However, due to cost and performance reasons, most IoT devices currently run operating systems and user programs in privileged mode, and user programs in privileged mode can access the physical memory of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60H04L29/06G06F9/50
CPCG06F9/5016G06F21/604H04L63/02H04L63/105
Inventor 曹东刚薛栋梁李克勤黄宇晴麻志毅陈曦梅宏
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap